npm - @l3dev/abac - Versions diffs - 0.1.0 - Mend

@l3dev/abac 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (39) hide show

package/LICENSE +21 -0
package/README.md +98 -0
package/build/abac.d.ts +72 -0
package/build/abac.js +65 -0
package/build/abac.js.map +1 -0
package/build/action.d.ts +61 -0
package/build/action.js +54 -0
package/build/action.js.map +1 -0
package/build/actionGroup.d.ts +44 -0
package/build/actionGroup.js +47 -0
package/build/actionGroup.js.map +1 -0
package/build/actionVisitor.d.ts +29 -0
package/build/actionVisitor.js +64 -0
package/build/actionVisitor.js.map +1 -0
package/build/index.d.ts +9 -0
package/build/index.js +3 -0
package/build/index.js.map +1 -0
package/build/internal/collections.d.ts +12 -0
package/build/internal/collections.js +2 -0
package/build/internal/collections.js.map +1 -0
package/build/internal/core.d.ts +19 -0
package/build/internal/core.js +2 -0
package/build/internal/core.js.map +1 -0
package/build/internal/paths.d.ts +45 -0
package/build/internal/paths.js +2 -0
package/build/internal/paths.js.map +1 -0
package/build/permission.d.ts +53 -0
package/build/permission.js +153 -0
package/build/permission.js.map +1 -0
package/build/policy.d.ts +49 -0
package/build/policy.js +72 -0
package/build/policy.js.map +1 -0
package/build/policyFilters.d.ts +9 -0
package/build/policyFilters.js +21 -0
package/build/policyFilters.js.map +1 -0
package/build/resource.d.ts +75 -0
package/build/resource.js +71 -0
package/build/resource.js.map +1 -0
package/package.json +28 -0

package/build/internal/collections.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import type { Action } from "../action.js";
+import type { ActionGroup } from "../actionGroup.js";
+import type { Resource } from "../resource.js";
+import type { UnionToIntersection } from "./core.js";
+export type ActionMap = Record<string, Action<any, any> | ActionGroup<any, any>>;
+export type ToActionMap<TActions extends Action<any, any> | ActionGroup<any, any>> = UnionToIntersection<TActions extends Action<infer TName, any> | ActionGroup<infer TName, any> ? {
+    [name in TName]: TActions;
+} : never, ActionMap>;
+export type ResourceMap = Record<string, Resource<any, any>>;
+export type UnionToResourceMap<TResources extends Resource<any, any>> = UnionToIntersection<TResources extends Resource<infer TName, any> ? {
+    [name in TName]: TResources;
+} : never, ResourceMap>;

package/build/internal/collections.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=collections.js.map

package/build/internal/collections.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"collections.js","sourceRoot":"","sources":["../../src/internal/collections.ts"],"names":[],"mappings":"","sourcesContent":["import type { Action } from \"../action.js\";\nimport type { ActionGroup } from \"../actionGroup.js\";\nimport type { Resource } from \"../resource.js\";\nimport type { UnionToIntersection } from \"./core.js\";\n\nexport type ActionMap = Record<string, Action<any, any> | ActionGroup<any, any>>;\n\nexport type ToActionMap<TActions extends Action<any, any> | ActionGroup<any, any>> =\n\tUnionToIntersection<\n\t\tTActions extends Action<infer TName, any> | ActionGroup<infer TName, any>\n\t\t\t? {\n\t\t\t\t\t[name in TName]: TActions;\n\t\t\t\t}\n\t\t\t: never,\n\t\tActionMap\n\t>;\n\nexport type ResourceMap = Record<string, Resource<any, any>>;\n\nexport type UnionToResourceMap<TResources extends Resource<any, any>> = UnionToIntersection<\n\tTResources extends Resource<infer TName, any>\n\t\t? {\n\t\t\t\t[name in TName]: TResources;\n\t\t\t}\n\t\t: never,\n\tResourceMap\n>;\n"]}

package/build/internal/core.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+export type UnsetMarker = "unset" & {
+    __brand: "unsetMarker";
+};
+export type OptionalMarker = "optional" & {
+    __brand: "optionalMarker";
+};
+export type MakeOptional<T> = T extends UnsetMarker ? OptionalMarker : T | undefined;
+export type Expand<T> = T extends Record<any, any> ? {
+    [K in keyof T]: T[K];
+} : never;
+export type KeysEqual<A, B> = A extends Record<keyof B, any> ? (B extends Record<keyof A, any> ? true : false) : false;
+export type UnionToIntersection<U, T> = (U extends any ? (k: U) => void : never) extends (k: infer I extends T) => void ? I : never;
+export type OptionalUndefinedFields<T> = Expand<Partial<T> & Pick<T, {
+    [K in keyof T]: T[K] extends Exclude<T[K], undefined> ? K : never;
+}[keyof T]>>;
+export type EmptyObject = {
+    object: void;
+};
+export type IsOnlyEmptyObject<T> = KeysEqual<EmptyObject, T> extends true ? (T extends EmptyObject ? true : false) : false;

package/build/internal/core.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=core.js.map

package/build/internal/core.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"core.js","sourceRoot":"","sources":["../../src/internal/core.ts"],"names":[],"mappings":"","sourcesContent":["export type UnsetMarker = \"unset\" & {\n\t__brand: \"unsetMarker\";\n};\n\nexport type OptionalMarker = \"optional\" & {\n\t__brand: \"optionalMarker\";\n};\n\nexport type MakeOptional<T> = T extends UnsetMarker ? OptionalMarker : T | undefined;\n\nexport type Expand<T> = T extends Record<any, any> ? { [K in keyof T]: T[K] } : never;\n\nexport type KeysEqual<A, B> =\n\tA extends Record<keyof B, any> ? (B extends Record<keyof A, any> ? true : false) : false;\n\nexport type UnionToIntersection<U, T> = (U extends any ? (k: U) => void : never) extends (\n\tk: infer I extends T\n) => void\n\t? I\n\t: never;\n\nexport type OptionalUndefinedFields<T> = Expand<\n\tPartial<T> &\n\t\tPick<\n\t\t\tT,\n\t\t\t{\n\t\t\t\t[K in keyof T]: T[K] extends Exclude<T[K], undefined> ? K : never;\n\t\t\t}[keyof T]\n\t\t>\n>;\n\nexport type EmptyObject = { object: void };\n\nexport type IsOnlyEmptyObject<T> =\n\tKeysEqual<EmptyObject, T> extends true ? (T extends EmptyObject ? true : false) : false;\n"]}

package/build/internal/paths.d.ts ADDED Viewed

@@ -0,0 +1,45 @@
+import type { Action, RuleCtx } from "../action.js";
+import type { ActionGroup } from "../actionGroup.js";
+import type { Resource } from "../resource.js";
+import type { ResourceMap } from "./collections.js";
+import type { EmptyObject, Expand, MakeOptional, OptionalMarker, UnsetMarker } from "./core.js";
+type ActionNames<TActionMap, TExcludeEmptyObjects extends boolean = false> = {
+    [actionName in keyof TActionMap]: TActionMap[actionName] extends Action<infer TActionName, infer TActionContext> ? TActionContext["ctx"] extends EmptyObject ? TExcludeEmptyObjects extends true ? never : `:${TActionName}` : `:${TActionName}` : TActionMap[actionName] extends ActionGroup<infer TGroupName, infer TGroupContext> ? `.${TGroupName}${ActionNames<TGroupContext["actions"], TExcludeEmptyObjects>}` : never;
+}[keyof TActionMap];
+export type OwnableActionPaths<TResources extends ResourceMap> = {
+    [resourceName in Extract<keyof TResources, string>]: (TResources[resourceName]["subResources"] extends UnsetMarker ? never : `${resourceName}.${OwnableActionPaths<TResources[resourceName]["subResources"]>}`) | (TResources[resourceName] extends Resource<any, infer TResourceContext> ? TResourceContext["ownable"] extends true ? TResources[resourceName]["actions"] extends UnsetMarker ? never : `${resourceName}${ActionNames<TResources[resourceName]["actions"], true>}` : never : never);
+}[Extract<keyof TResources, string>];
+export type ActionPaths<TResources extends ResourceMap> = {
+    [resourceName in Extract<keyof TResources, string>]: (TResources[resourceName]["subResources"] extends UnsetMarker ? never : `${resourceName}.${ActionPaths<TResources[resourceName]["subResources"]>}`) | (TResources[resourceName]["actions"] extends UnsetMarker ? never : `${resourceName}${ActionNames<TResources[resourceName]["actions"]>}`);
+}[Extract<keyof TResources, string>] | `${OwnableActionPaths<TResources>}.own`;
+type ActionNamesWithWildcards<TActionMap> = {
+    [actionName in keyof TActionMap]: TActionMap[actionName] extends ActionGroup<infer TGroupName, infer TGroupContext> ? `.${TGroupName}${ActionNamesWithWildcards<TGroupContext["actions"]>}` | `.${TGroupName}:*` : never;
+}[keyof TActionMap];
+export type OwnableWildcardActionPaths<TResources extends ResourceMap> = {
+    [resourceName in Extract<keyof TResources, string>]: TResources[resourceName] extends Resource<any, infer TResourceContext> ? TResourceContext["ownable"] extends true ? `${resourceName}:*` | (TResources[resourceName]["subResources"] extends UnsetMarker ? never : `${resourceName}.${OwnableWildcardActionPaths<TResources[resourceName]["subResources"]>}`) | (TResources[resourceName]["actions"] extends UnsetMarker ? never : `${resourceName}${ActionNamesWithWildcards<TResources[resourceName]["actions"]>}`) : never : never;
+}[Extract<keyof TResources, string>];
+export type WildcardActionPaths<TResources extends ResourceMap> = {
+    [resourceName in Extract<keyof TResources, string>]: (TResources[resourceName]["subResources"] extends UnsetMarker ? never : `${resourceName}.${WildcardActionPaths<TResources[resourceName]["subResources"]>}`) | (TResources[resourceName]["actions"] extends UnsetMarker ? never : `${resourceName}${ActionNamesWithWildcards<TResources[resourceName]["actions"]>}`) | `${resourceName}:*` | `${resourceName}.*`;
+}[Extract<keyof TResources, string>] | `${OwnableWildcardActionPaths<TResources>}.own`;
+type MergeRuleCtx<A extends RuleCtx, B extends RuleCtx> = {
+    subject: A["subject"] extends UnsetMarker ? B["subject"] : A["subject"];
+    object: A["object"] extends UnsetMarker ? B["object"] : A["object"] extends OptionalMarker ? MakeOptional<B["object"]> : A["object"];
+};
+type ResolveAction<TParentCtx extends RuleCtx, TAction extends Action<any, any>> = TAction extends Action<infer TName, infer TActionContext> ? Action<TName, Expand<{
+    ctx: Expand<MergeRuleCtx<TActionContext["ctx"], TParentCtx>>;
+    configurable: TActionContext["configurable"];
+}>> : never;
+type IndexActionGroupWithPath<TPath extends string, TActionGroup extends ActionGroup<any, any>, TParentCtx extends RuleCtx> = TPath extends keyof TActionGroup["actions"] ? ResolveAction<TParentCtx, TActionGroup["actions"][TPath]> : TPath extends `${infer ActionGroupName}.${infer Rest}` ? TActionGroup["actions"][ActionGroupName] extends ActionGroup<any, infer TActionGroupContext> ? IndexActionGroupWithPath<Rest, TActionGroup["actions"][ActionGroupName], MergeRuleCtx<TActionGroupContext["ctx"], TParentCtx>> : never : TPath extends `${infer ActionGroupName}:${infer ActionName}` ? TActionGroup["actions"][ActionGroupName] extends ActionGroup<any, any> ? ResolveAction<TParentCtx, TActionGroup["actions"][ActionGroupName]["actions"][ActionName]> : never : never;
+type IndexResourceWithPath<TPath extends string, TResource extends Resource<any, any>, TParentCtx extends RuleCtx> = TPath extends keyof TResource["actions"] ? TResource["actions"][TPath] extends Action<any, any> ? ResolveAction<TParentCtx, TResource["actions"][TPath]> : never : TPath extends `${infer ResourceOrGroupName}.${infer Rest}` ? ResourceOrGroupName extends keyof TResource["actions"] ? TResource["actions"][ResourceOrGroupName] extends ActionGroup<any, infer TActionGroupContext> ? IndexActionGroupWithPath<Rest, TResource["actions"][ResourceOrGroupName], MergeRuleCtx<TActionGroupContext["ctx"], TParentCtx>> : never : TResource["subResources"][ResourceOrGroupName] extends Resource<any, infer TResourceContext> ? IndexResourceWithPath<Rest, TResource["subResources"][ResourceOrGroupName], MergeRuleCtx<TResourceContext["ctx"], TParentCtx>> : never : TPath extends `${infer ResourceOrGroupName}:${infer ActionName}` ? TResource["actions"][ResourceOrGroupName] extends ActionGroup<any, infer TActionGroupContext> ? ResolveAction<MergeRuleCtx<TActionGroupContext["ctx"], TParentCtx>, TResource["actions"][ResourceOrGroupName]["actions"][ActionName]> : TResource["subResources"][ResourceOrGroupName] extends Resource<any, infer TResourceContext> ? ResolveAction<MergeRuleCtx<TResourceContext["ctx"], TParentCtx>, TResource["subResources"][ResourceOrGroupName]["actions"][ActionName]> : never : never;
+export type ActionFromPath<TResources extends ResourceMap, TPath extends string> = TPath extends `${infer TActualPath}.own` ? ActionFromPath<TResources, TActualPath> : TPath extends `${infer ResourceName extends Extract<keyof TResources, string>}.${infer Rest}` ? TResources[ResourceName] extends Resource<any, infer TResourceContext> ? IndexResourceWithPath<Rest, TResources[ResourceName], TResourceContext["ctx"]> : never : TPath extends `${infer ResourceName extends Extract<keyof TResources, string>}:${infer ActionName}` ? TResources[ResourceName] extends Resource<any, infer TResourceContext> ? ResolveAction<TResourceContext["ctx"], TResources[ResourceName]["actions"][ActionName]> : never : never;
+type ActionPathsWithAction<TResources extends ResourceMap, TPaths extends string> = {
+    [path in TPaths]: {
+        path: path;
+        action: ActionFromPath<TResources, path>;
+    };
+}[TPaths];
+export type FilterActionPaths<TResources extends ResourceMap, TCtxPattern, TConfigurable extends boolean = boolean, TPathsAndActions = ActionPathsWithAction<TResources, ActionPaths<TResources>>> = TPathsAndActions extends {
+    path: string;
+    action: Action<any, infer TActionContext>;
+} ? TActionContext["ctx"] extends TCtxPattern ? TActionContext["configurable"] extends TConfigurable ? TPathsAndActions["path"] : never : never : never;
+export {};

package/build/internal/paths.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=paths.js.map

package/build/internal/paths.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"paths.js","sourceRoot":"","sources":["../../src/internal/paths.ts"],"names":[],"mappings":"","sourcesContent":["import type { Action, RuleCtx } from \"../action.js\";\nimport type { ActionGroup } from \"../actionGroup.js\";\nimport type { Resource } from \"../resource.js\";\nimport type { ResourceMap } from \"./collections.js\";\nimport type { EmptyObject, Expand, MakeOptional, OptionalMarker, UnsetMarker } from \"./core.js\";\n\ntype ActionNames<TActionMap, TExcludeEmptyObjects extends boolean = false> = {\n\t[actionName in keyof TActionMap]: TActionMap[actionName] extends Action<\n\t\tinfer TActionName,\n\t\tinfer TActionContext\n\t>\n\t\t? TActionContext[\"ctx\"] extends EmptyObject\n\t\t\t? TExcludeEmptyObjects extends true\n\t\t\t\t? never\n\t\t\t\t: `:${TActionName}`\n\t\t\t: `:${TActionName}`\n\t\t: TActionMap[actionName] extends ActionGroup<infer TGroupName, infer TGroupContext>\n\t\t\t? `.${TGroupName}${ActionNames<TGroupContext[\"actions\"], TExcludeEmptyObjects>}`\n\t\t\t: never;\n}[keyof TActionMap];\n\nexport type OwnableActionPaths<TResources extends ResourceMap> = {\n\t[resourceName in Extract<keyof TResources, string>]:\n\t\t| (TResources[resourceName][\"subResources\"] extends UnsetMarker\n\t\t\t\t? never\n\t\t\t\t: `${resourceName}.${OwnableActionPaths<TResources[resourceName][\"subResources\"]>}`)\n\t\t| (TResources[resourceName] extends Resource<any, infer TResourceContext>\n\t\t\t\t? TResourceContext[\"ownable\"] extends true\n\t\t\t\t\t? TResources[resourceName][\"actions\"] extends UnsetMarker\n\t\t\t\t\t\t? never\n\t\t\t\t\t\t: `${resourceName}${ActionNames<TResources[resourceName][\"actions\"], true>}`\n\t\t\t\t\t: never\n\t\t\t\t: never);\n}[Extract<keyof TResources, string>];\n\nexport type ActionPaths<TResources extends ResourceMap> =\n\t| {\n\t\t\t[resourceName in Extract<keyof TResources, string>]:\n\t\t\t\t| (TResources[resourceName][\"subResources\"] extends UnsetMarker\n\t\t\t\t\t\t? never\n\t\t\t\t\t\t: `${resourceName}.${ActionPaths<TResources[resourceName][\"subResources\"]>}`)\n\t\t\t\t| (TResources[resourceName][\"actions\"] extends UnsetMarker\n\t\t\t\t\t\t? never\n\t\t\t\t\t\t: `${resourceName}${ActionNames<TResources[resourceName][\"actions\"]>}`);\n\t }[Extract<keyof TResources, string>]\n\t| `${OwnableActionPaths<TResources>}.own`;\n\ntype ActionNamesWithWildcards<TActionMap> = {\n\t[actionName in keyof TActionMap]: TActionMap[actionName] extends ActionGroup<\n\t\tinfer TGroupName,\n\t\tinfer TGroupContext\n\t>\n\t\t? `.${TGroupName}${ActionNamesWithWildcards<TGroupContext[\"actions\"]>}` | `.${TGroupName}:*`\n\t\t: never;\n}[keyof TActionMap];\n\nexport type OwnableWildcardActionPaths<TResources extends ResourceMap> = {\n\t[resourceName in Extract<keyof TResources, string>]: TResources[resourceName] extends Resource<\n\t\tany,\n\t\tinfer TResourceContext\n\t>\n\t\t? TResourceContext[\"ownable\"] extends true\n\t\t\t?\n\t\t\t\t\t| `${resourceName}:*`\n\t\t\t\t\t| (TResources[resourceName][\"subResources\"] extends UnsetMarker\n\t\t\t\t\t\t\t? never\n\t\t\t\t\t\t\t: `${resourceName}.${OwnableWildcardActionPaths<TResources[resourceName][\"subResources\"]>}`)\n\t\t\t\t\t| (TResources[resourceName][\"actions\"] extends UnsetMarker\n\t\t\t\t\t\t\t? never\n\t\t\t\t\t\t\t: `${resourceName}${ActionNamesWithWildcards<TResources[resourceName][\"actions\"]>}`)\n\t\t\t: never\n\t\t: never;\n}[Extract<keyof TResources, string>];\n\nexport type WildcardActionPaths<TResources extends ResourceMap> =\n\t| {\n\t\t\t[resourceName in Extract<keyof TResources, string>]:\n\t\t\t\t| (TResources[resourceName][\"subResources\"] extends UnsetMarker\n\t\t\t\t\t\t? never\n\t\t\t\t\t\t: `${resourceName}.${WildcardActionPaths<TResources[resourceName][\"subResources\"]>}`)\n\t\t\t\t| (TResources[resourceName][\"actions\"] extends UnsetMarker\n\t\t\t\t\t\t? never\n\t\t\t\t\t\t: `${resourceName}${ActionNamesWithWildcards<TResources[resourceName][\"actions\"]>}`)\n\t\t\t\t| `${resourceName}:*`\n\t\t\t\t| `${resourceName}.*`;\n\t }[Extract<keyof TResources, string>]\n\t| `${OwnableWildcardActionPaths<TResources>}.own`;\n\ntype MergeRuleCtx<A extends RuleCtx, B extends RuleCtx> = {\n\tsubject: A[\"subject\"] extends UnsetMarker ? B[\"subject\"] : A[\"subject\"];\n\tobject: A[\"object\"] extends UnsetMarker\n\t\t? B[\"object\"]\n\t\t: A[\"object\"] extends OptionalMarker\n\t\t\t? MakeOptional<B[\"object\"]>\n\t\t\t: A[\"object\"];\n};\n\ntype ResolveAction<TParentCtx extends RuleCtx, TAction extends Action<any, any>> =\n\tTAction extends Action<infer TName, infer TActionContext>\n\t\t? Action<\n\t\t\t\tTName,\n\t\t\t\tExpand<{\n\t\t\t\t\tctx: Expand<MergeRuleCtx<TActionContext[\"ctx\"], TParentCtx>>;\n\t\t\t\t\tconfigurable: TActionContext[\"configurable\"];\n\t\t\t\t}>\n\t\t\t>\n\t\t: never;\n\ntype IndexActionGroupWithPath<\n\tTPath extends string,\n\tTActionGroup extends ActionGroup<any, any>,\n\tTParentCtx extends RuleCtx\n> = TPath extends keyof TActionGroup[\"actions\"] // Check fast path first\n\t? ResolveAction<TParentCtx, TActionGroup[\"actions\"][TPath]>\n\t: TPath extends `${infer ActionGroupName}.${infer Rest}`\n\t\t? TActionGroup[\"actions\"][ActionGroupName] extends ActionGroup<any, infer TActionGroupContext>\n\t\t\t? IndexActionGroupWithPath<\n\t\t\t\t\tRest,\n\t\t\t\t\tTActionGroup[\"actions\"][ActionGroupName],\n\t\t\t\t\tMergeRuleCtx<TActionGroupContext[\"ctx\"], TParentCtx>\n\t\t\t\t>\n\t\t\t: never\n\t\t: TPath extends `${infer ActionGroupName}:${infer ActionName}`\n\t\t\t? TActionGroup[\"actions\"][ActionGroupName] extends ActionGroup<any, any>\n\t\t\t\t? ResolveAction<TParentCtx, TActionGroup[\"actions\"][ActionGroupName][\"actions\"][ActionName]>\n\t\t\t\t: never\n\t\t\t: never;\n\ntype IndexResourceWithPath<\n\tTPath extends string,\n\tTResource extends Resource<any, any>,\n\tTParentCtx extends RuleCtx\n> = TPath extends keyof TResource[\"actions\"] // Check fast path first\n\t? TResource[\"actions\"][TPath] extends Action<any, any>\n\t\t? ResolveAction<TParentCtx, TResource[\"actions\"][TPath]>\n\t\t: never\n\t: TPath extends `${infer ResourceOrGroupName}.${infer Rest}`\n\t\t? ResourceOrGroupName extends keyof TResource[\"actions\"]\n\t\t\t? TResource[\"actions\"][ResourceOrGroupName] extends ActionGroup<\n\t\t\t\t\tany,\n\t\t\t\t\tinfer TActionGroupContext\n\t\t\t\t>\n\t\t\t\t? IndexActionGroupWithPath<\n\t\t\t\t\t\tRest,\n\t\t\t\t\t\tTResource[\"actions\"][ResourceOrGroupName],\n\t\t\t\t\t\tMergeRuleCtx<TActionGroupContext[\"ctx\"], TParentCtx>\n\t\t\t\t\t>\n\t\t\t\t: never\n\t\t\t: TResource[\"subResources\"][ResourceOrGroupName] extends Resource<any, infer TResourceContext>\n\t\t\t\t? IndexResourceWithPath<\n\t\t\t\t\t\tRest,\n\t\t\t\t\t\tTResource[\"subResources\"][ResourceOrGroupName],\n\t\t\t\t\t\tMergeRuleCtx<TResourceContext[\"ctx\"], TParentCtx>\n\t\t\t\t\t>\n\t\t\t\t: never\n\t\t: TPath extends `${infer ResourceOrGroupName}:${infer ActionName}`\n\t\t\t? TResource[\"actions\"][ResourceOrGroupName] extends ActionGroup<\n\t\t\t\t\tany,\n\t\t\t\t\tinfer TActionGroupContext\n\t\t\t\t>\n\t\t\t\t? ResolveAction<\n\t\t\t\t\t\tMergeRuleCtx<TActionGroupContext[\"ctx\"], TParentCtx>,\n\t\t\t\t\t\tTResource[\"actions\"][ResourceOrGroupName][\"actions\"][ActionName]\n\t\t\t\t\t>\n\t\t\t\t: TResource[\"subResources\"][ResourceOrGroupName] extends Resource<\n\t\t\t\t\t\t\tany,\n\t\t\t\t\t\t\tinfer TResourceContext\n\t\t\t\t\t >\n\t\t\t\t\t? ResolveAction<\n\t\t\t\t\t\t\tMergeRuleCtx<TResourceContext[\"ctx\"], TParentCtx>,\n\t\t\t\t\t\t\tTResource[\"subResources\"][ResourceOrGroupName][\"actions\"][ActionName]\n\t\t\t\t\t\t>\n\t\t\t\t\t: never\n\t\t\t: never;\n\nexport type ActionFromPath<\n\tTResources extends ResourceMap,\n\tTPath extends string\n> = TPath extends `${infer TActualPath}.own`\n\t? ActionFromPath<TResources, TActualPath>\n\t: TPath extends `${infer ResourceName extends Extract<keyof TResources, string>}.${infer Rest}`\n\t\t? TResources[ResourceName] extends Resource<any, infer TResourceContext>\n\t\t\t? IndexResourceWithPath<Rest, TResources[ResourceName], TResourceContext[\"ctx\"]>\n\t\t\t: never\n\t\t: TPath extends `${infer ResourceName extends Extract<keyof TResources, string>}:${infer ActionName}`\n\t\t\t? TResources[ResourceName] extends Resource<any, infer TResourceContext>\n\t\t\t\t? ResolveAction<TResourceContext[\"ctx\"], TResources[ResourceName][\"actions\"][ActionName]>\n\t\t\t\t: never\n\t\t\t: never;\n\ntype ActionPathsWithAction<TResources extends ResourceMap, TPaths extends string> = {\n\t[path in TPaths]: {\n\t\tpath: path;\n\t\taction: ActionFromPath<TResources, path>;\n\t};\n}[TPaths];\n\nexport type FilterActionPaths<\n\tTResources extends ResourceMap,\n\tTCtxPattern,\n\tTConfigurable extends boolean = boolean,\n\tTPathsAndActions = ActionPathsWithAction<TResources, ActionPaths<TResources>>\n> = TPathsAndActions extends { path: string; action: Action<any, infer TActionContext> }\n\t? TActionContext[\"ctx\"] extends TCtxPattern\n\t\t? TActionContext[\"configurable\"] extends TConfigurable\n\t\t\t? TPathsAndActions[\"path\"]\n\t\t\t: never\n\t\t: never\n\t: never;\n"]}

package/build/permission.d.ts ADDED Viewed

@@ -0,0 +1,53 @@
+import type { Action, InferActionAdditionalContext, InferActionObject, InferActionRuleCtx, InferActionSubject, RuleCtx } from "./action.js";
+import type { ResourceMap } from "./internal/collections.js";
+import type { EmptyObject, Expand, IsOnlyEmptyObject, OptionalUndefinedFields } from "./internal/core.js";
+import type { ActionFromPath } from "./internal/paths.js";
+import { Specitivity, type Policy, type Rule } from "./policy.js";
+import type { Resource } from "./resource.js";
+type PermissionTestResult = {
+    granted: boolean;
+    specitivity: Specitivity;
+    policy: Policy<any> | null;
+    rule: Rule | null;
+};
+type Granted<TAction extends Action<any, any>, TCtx extends Omit<InferActionRuleCtx<TAction>, "subject"> = Omit<InferActionRuleCtx<TAction>, "subject">> = IsOnlyEmptyObject<TCtx> extends true ? {
+    granted(): boolean;
+    test(): PermissionTestResult;
+} : {
+    granted(ctx: OptionalUndefinedFields<TCtx extends EmptyObject ? Omit<TCtx, "object"> : TCtx>): boolean;
+    test(ctx: OptionalUndefinedFields<TCtx extends EmptyObject ? Omit<TCtx, "object"> : TCtx>): PermissionTestResult;
+};
+type Filter<TAction extends Action<any, any>, TObjects extends InferActionObject<TAction>[] = InferActionObject<TAction>[]> = InferActionRuleCtx<TAction> extends EmptyObject ? {} : InferActionAdditionalContext<TAction> extends {} ? {
+    filter(objects: TObjects): TObjects;
+} : {
+    filter(objects: TObjects, ctx: OptionalUndefinedFields<InferActionAdditionalContext<TAction>>): TObjects;
+};
+type ResolvedPermission<TActionPath extends string, TAction extends Action<any, any>> = Omit<Permission<TActionPath, TAction>, "granted" | "filter"> & Granted<TAction> & Filter<TAction>;
+export type PermissionCtx<TAction extends Action<any, any>, TCtx extends RuleCtx = InferActionRuleCtx<TAction>> = TCtx extends EmptyObject ? Expand<Omit<TCtx, "object">> : Expand<TCtx>;
+export type GrantedPermissionsResolver<TActionPath extends string, TAction extends Action<any, any>> = (object: InferActionObject<TAction>, permission: ResolvedPermission<TActionPath, TAction>) => string[] | Set<string>;
+export type PermissionOptions<TActionPath extends string, TAction extends Action<any, any>> = {
+    grantedPermissions?: "all" | string[] | Set<string> | GrantedPermissionsResolver<TActionPath, TAction>;
+    checkOwnership?: (ctx: InferActionRuleCtx<TAction>) => boolean;
+};
+export declare class Permission<TActionPath extends string, TAction extends Action<any, any>> {
+    private _subject;
+    private _path;
+    private _resource;
+    private _action;
+    private _policies;
+    private _options;
+    private _grantedPermissionsCache;
+    constructor(subject: InferActionSubject<TAction>, path: TActionPath, resource: Resource<any, any>, action: TAction, policies: Policy<any>[], options?: PermissionOptions<TActionPath, TAction>);
+    get path(): TActionPath;
+    get resource(): Resource<any, any>;
+    get action(): TAction;
+    get policies(): Policy<any>[];
+    test(ctx?: OptionalUndefinedFields<Omit<InferActionRuleCtx<TAction>, "subject">>): PermissionTestResult;
+    granted(ctx?: OptionalUndefinedFields<Omit<InferActionRuleCtx<TAction>, "subject">>): boolean;
+    filter(objects: InferActionObject<TAction>[], ctx?: InferActionAdditionalContext<TAction>): Exclude<InferActionRuleCtx<TAction>["object"], void | undefined>[];
+    private isGranted;
+    private checkOwnership;
+    private static matchPathPattern;
+    static create<TResources extends ResourceMap, TActionPath extends string, TAction extends Action<any, any> = ActionFromPath<TResources, TActionPath>>(subject: InferActionSubject<TAction>, path: TActionPath, resource: Resource<any, any>, action: TAction, policies: Policy<TResources>[], options?: PermissionOptions<TActionPath, TAction>): ResolvedPermission<TActionPath, TAction>;
+}
+export {};

package/build/permission.js ADDED Viewed

@@ -0,0 +1,153 @@
+import { Specitivity } from "./policy.js";
+const VoidObjectCacheKey = Symbol("void-object");
+export class Permission {
+    _subject;
+    _path;
+    _resource;
+    _action;
+    _policies;
+    _options;
+    _grantedPermissionsCache = new Map();
+    constructor(subject, path, resource, action, policies, options) {
+        this._subject = subject;
+        this._path = path;
+        this._resource = resource;
+        this._action = action;
+        this._policies = policies;
+        this._options = options ?? {};
+    }
+    get path() {
+        return this._path;
+    }
+    get resource() {
+        return this._resource;
+    }
+    get action() {
+        return this._action;
+    }
+    get policies() {
+        return this._policies;
+    }
+    test(ctx) {
+        const fullCtx = {
+            ...(ctx ?? {}),
+            subject: this._subject
+        };
+        let granted = false;
+        let specitivity = -1;
+        let grantPolicy = null;
+        let grantRule = null;
+        const ownsObject = this.checkOwnership(fullCtx);
+        const isGranted = !this._action.configurable ||
+            this.isGranted(this._path, fullCtx.object) ||
+            (ownsObject && this.isGranted(this._path + ".own", fullCtx.object));
+        for (const policy of this._policies) {
+            for (const rule of policy.rules) {
+                const match = Permission.matchPathPattern(this._path, rule.action);
+                if (!match.matches || specitivity > match.specitivity) {
+                    continue;
+                }
+                const result = rule.predicate(fullCtx, this._action);
+                granted = result === "ifgranted" ? isGranted : result;
+                specitivity = rule.specitivity ?? match.specitivity;
+                grantPolicy = policy;
+                grantRule = rule;
+                if (specitivity === Specitivity.Exact) {
+                    // This rule is an exact match, so we can stop and return early
+                    break;
+                }
+            }
+            if (specitivity === Specitivity.Exact)
+                break;
+        }
+        return {
+            granted,
+            specitivity,
+            policy: grantPolicy,
+            rule: grantRule
+        };
+    }
+    granted(ctx) {
+        const { granted } = this.test(ctx);
+        return granted;
+    }
+    filter(objects, ctx) {
+        return objects
+            .map((object) => ({
+            object,
+            granted: this.granted({
+                object,
+                ...(ctx ?? {})
+            })
+        }))
+            .filter(({ granted }) => granted)
+            .map(({ object }) => object);
+    }
+    isGranted(path, object) {
+        if (this._options.grantedPermissions === "all") {
+            return true;
+        }
+        const cacheKey = object ? object : VoidObjectCacheKey;
+        let grantedPermissions;
+        if (this._grantedPermissionsCache.has(cacheKey)) {
+            grantedPermissions = this._grantedPermissionsCache.get(cacheKey);
+        }
+        else {
+            if (typeof this._options.grantedPermissions === "function") {
+                grantedPermissions = new Set(this._options.grantedPermissions(object, this));
+            }
+            else {
+                grantedPermissions = new Set(this._options.grantedPermissions ?? []);
+            }
+            this._grantedPermissionsCache.set(cacheKey, grantedPermissions);
+        }
+        return grantedPermissions.has(path);
+    }
+    checkOwnership(ctx) {
+        if (!this._resource.ownable) {
+            return false;
+        }
+        if (typeof this._options.checkOwnership === "function") {
+            return this._options.checkOwnership(ctx);
+        }
+        return false;
+    }
+    static matchPathPattern(path, pattern) {
+        if (pattern === "*") {
+            // Any action
+            return {
+                matches: true,
+                specitivity: Specitivity.Any
+            };
+        }
+        if (pattern.endsWith(".*")) {
+            // Any action, sub-resource or action group on this resource
+            return {
+                matches: path.startsWith(pattern.slice(0, -2)),
+                specitivity: Specitivity.ActionsAndNested
+            };
+        }
+        if (pattern.endsWith(":*")) {
+            // Any action on this resource (excluding action groups)
+            return {
+                matches: path.startsWith(pattern.slice(0, -1)),
+                specitivity: Specitivity.ActionsOnly
+            };
+        }
+        if (pattern.endsWith(":*.own")) {
+            return {
+                matches: path.startsWith(pattern.slice(0, -6)) && path.endsWith(".own"),
+                specitivity: Specitivity.OwnedActionsOnly
+            };
+        }
+        // Specific action
+        return {
+            matches: path === pattern,
+            specitivity: Specitivity.Exact
+        };
+    }
+    static create(subject, path, resource, action, policies, options) {
+        return new Permission(subject, path, resource, action, policies, options);
+    }
+}
+//# sourceMappingURL=permission.js.map

package/build/permission.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"permission.js","sourceRoot":"","sources":["../src/permission.ts"],"names":[],"mappings":"AAiBA,OAAO,EAAE,WAAW,EAA0B,MAAM,aAAa,CAAC;AA6ElE,MAAM,kBAAkB,GAAG,MAAM,CAAC,aAAa,CAAC,CAAC;AAEjD,MAAM,OAAO,UAAU;IACd,QAAQ,CAA8B;IACtC,KAAK,CAAc;IACnB,SAAS,CAAqB;IAC9B,OAAO,CAAU;IACjB,SAAS,CAAgB;IACzB,QAAQ,CAA0C;IAElD,wBAAwB,GAA0B,IAAI,GAAG,EAAE,CAAC;IAEpE,YACC,OAAoC,EACpC,IAAiB,EACjB,QAA4B,EAC5B,MAAe,EACf,QAAuB,EACvB,OAAiD;QAEjD,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;QACxB,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QAClB,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;QAC1B,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QACtB,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;QAE1B,IAAI,CAAC,QAAQ,GAAG,OAAO,IAAI,EAAE,CAAC;IAC/B,CAAC;IAED,IAAW,IAAI;QACd,OAAO,IAAI,CAAC,KAAK,CAAC;IACnB,CAAC;IAED,IAAW,QAAQ;QAClB,OAAO,IAAI,CAAC,SAAS,CAAC;IACvB,CAAC;IAED,IAAW,MAAM;QAChB,OAAO,IAAI,CAAC,OAAO,CAAC;IACrB,CAAC;IAED,IAAW,QAAQ;QAClB,OAAO,IAAI,CAAC,SAAS,CAAC;IACvB,CAAC;IAEM,IAAI,CACV,GAA2E;QAE3E,MAAM,OAAO,GAAG;YACf,GAAG,CAAC,GAAG,IAAI,EAAE,CAAC;YACd,OAAO,EAAE,IAAI,CAAC,QAAQ;SACoB,CAAC;QAE5C,IAAI,OAAO,GAAG,KAAK,CAAC;QACpB,IAAI,WAAW,GAAG,CAAC,CAAC,CAAC;QACrB,IAAI,WAAW,GAAuB,IAAI,CAAC;QAC3C,IAAI,SAAS,GAAgB,IAAI,CAAC;QAElC,MAAM,UAAU,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;QAChD,MAAM,SAAS,GACd,CAAC,IAAI,CAAC,OAAO,CAAC,YAAY;YAC1B,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,CAAC,MAAM,CAAC;YAC1C,CAAC,UAAU,IAAI,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,GAAG,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;QAErE,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACrC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;gBACjC,MAAM,KAAK,GAAG,UAAU,CAAC,gBAAgB,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;gBACnE,IAAI,CAAC,KAAK,CAAC,OAAO,IAAI,WAAW,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;oBACvD,SAAS;gBACV,CAAC;gBAED,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;gBACrD,OAAO,GAAG,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC;gBACtD,WAAW,GAAG,IAAI,CAAC,WAAW,IAAI,KAAK,CAAC,WAAW,CAAC;gBACpD,WAAW,GAAG,MAAM,CAAC;gBACrB,SAAS,GAAG,IAAI,CAAC;gBAEjB,IAAI,WAAW,KAAK,WAAW,CAAC,KAAK,EAAE,CAAC;oBACvC,+DAA+D;oBAC/D,MAAM;gBACP,CAAC;YACF,CAAC;YAED,IAAI,WAAW,KAAK,WAAW,CAAC,KAAK;gBAAE,MAAM;QAC9C,CAAC;QAED,OAAO;YACN,OAAO;YACP,WAAW;YACX,MAAM,EAAE,WAAW;YACnB,IAAI,EAAE,SAAS;SACf,CAAC;IACH,CAAC;IAEM,OAAO,CAAC,GAA2E;QACzF,MAAM,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACnC,OAAO,OAAO,CAAC;IAChB,CAAC;IAEM,MAAM,CACZ,OAAqC,EACrC,GAA2C;QAE3C,OAAO,OAAO;aACZ,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;YACjB,MAAM;YACN,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC;gBACrB,MAAM;gBACN,GAAG,CAAC,GAAG,IAAI,EAAE,CAAC;aACP,CAAC;SACT,CAAC,CAAC;aACF,MAAM,CAAC,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,OAAO,CAAC;aAChC,GAAG,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC;IAC/B,CAAC;IAEO,SAAS,CAAC,IAAY,EAAE,MAAkC;QACjE,IAAI,IAAI,CAAC,QAAQ,CAAC,kBAAkB,KAAK,KAAK,EAAE,CAAC;YAChD,OAAO,IAAI,CAAC;QACb,CAAC;QAED,MAAM,QAAQ,GAAQ,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,kBAAkB,CAAC;QAC3D,IAAI,kBAA+B,CAAC;QACpC,IAAI,IAAI,CAAC,wBAAwB,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YACjD,kBAAkB,GAAG,IAAI,CAAC,wBAAwB,CAAC,GAAG,CAAC,QAAQ,CAAE,CAAC;QACnE,CAAC;aAAM,CAAC;YACP,IAAI,OAAO,IAAI,CAAC,QAAQ,CAAC,kBAAkB,KAAK,UAAU,EAAE,CAAC;gBAC5D,kBAAkB,GAAG,IAAI,GAAG,CAC3B,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAC/B,MAAM,EACN,IAA2D,CAC3D,CACD,CAAC;YACH,CAAC;iBAAM,CAAC;gBACP,kBAAkB,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,kBAAkB,IAAI,EAAE,CAAC,CAAC;YACtE,CAAC;YAED,IAAI,CAAC,wBAAwB,CAAC,GAAG,CAAC,QAAQ,EAAE,kBAAkB,CAAC,CAAC;QACjE,CAAC;QAED,OAAO,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACrC,CAAC;IAEO,cAAc,CAAC,GAAgC;QACtD,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;YAC7B,OAAO,KAAK,CAAC;QACd,CAAC;QAED,IAAI,OAAO,IAAI,CAAC,QAAQ,CAAC,cAAc,KAAK,UAAU,EAAE,CAAC;YACxD,OAAO,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;QAC1C,CAAC;QAED,OAAO,KAAK,CAAC;IACd,CAAC;IAEO,MAAM,CAAC,gBAAgB,CAAC,IAAY,EAAE,OAAe;QAC5D,IAAI,OAAO,KAAK,GAAG,EAAE,CAAC;YACrB,aAAa;YACb,OAAO;gBACN,OAAO,EAAE,IAAI;gBACb,WAAW,EAAE,WAAW,CAAC,GAAG;aAC5B,CAAC;QACH,CAAC;QAED,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5B,4DAA4D;YAC5D,OAAO;gBACN,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;gBAC9C,WAAW,EAAE,WAAW,CAAC,gBAAgB;aACzC,CAAC;QACH,CAAC;QAED,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5B,wDAAwD;YACxD,OAAO;gBACN,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;gBAC9C,WAAW,EAAE,WAAW,CAAC,WAAW;aACpC,CAAC;QACH,CAAC;QAED,IAAI,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAChC,OAAO;gBACN,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;gBACvE,WAAW,EAAE,WAAW,CAAC,gBAAgB;aACzC,CAAC;QACH,CAAC;QAED,kBAAkB;QAClB,OAAO;YACN,OAAO,EAAE,IAAI,KAAK,OAAO;YACzB,WAAW,EAAE,WAAW,CAAC,KAAK;SAC9B,CAAC;IACH,CAAC;IAEM,MAAM,CAAC,MAAM,CAKnB,OAAoC,EACpC,IAAiB,EACjB,QAA4B,EAC5B,MAAe,EACf,QAA8B,EAC9B,OAAiD;QAEjD,OAAO,IAAI,UAAU,CACpB,OAAO,EACP,IAAI,EACJ,QAAQ,EACR,MAAM,EACN,QAAQ,EACR,OAAO,CACgD,CAAC;IAC1D,CAAC;CACD","sourcesContent":["/* eslint-disable @typescript-eslint/no-empty-object-type */\nimport type {\n\tAction,\n\tInferActionAdditionalContext,\n\tInferActionObject,\n\tInferActionRuleCtx,\n\tInferActionSubject,\n\tRuleCtx\n} from \"./action.js\";\nimport type { ResourceMap } from \"./internal/collections.js\";\nimport type {\n\tEmptyObject,\n\tExpand,\n\tIsOnlyEmptyObject,\n\tOptionalUndefinedFields\n} from \"./internal/core.js\";\nimport type { ActionFromPath } from \"./internal/paths.js\";\nimport { Specitivity, type Policy, type Rule } from \"./policy.js\";\nimport type { Resource } from \"./resource.js\";\n\ntype PermissionTestResult = {\n\tgranted: boolean;\n\tspecitivity: Specitivity;\n\tpolicy: Policy<any> | null;\n\trule: Rule | null;\n};\n\ntype Granted<\n\tTAction extends Action<any, any>,\n\tTCtx extends Omit<InferActionRuleCtx<TAction>, \"subject\"> = Omit<\n\t\tInferActionRuleCtx<TAction>,\n\t\t\"subject\"\n\t>\n> =\n\tIsOnlyEmptyObject<TCtx> extends true\n\t\t? {\n\t\t\t\tgranted(): boolean;\n\t\t\t\ttest(): PermissionTestResult;\n\t\t\t}\n\t\t: {\n\t\t\t\tgranted(\n\t\t\t\t\tctx: OptionalUndefinedFields<TCtx extends EmptyObject ? Omit<TCtx, \"object\"> : TCtx>\n\t\t\t\t): boolean;\n\t\t\t\ttest(\n\t\t\t\t\tctx: OptionalUndefinedFields<TCtx extends EmptyObject ? Omit<TCtx, \"object\"> : TCtx>\n\t\t\t\t): PermissionTestResult;\n\t\t\t};\n\ntype Filter<\n\tTAction extends Action<any, any>,\n\tTObjects extends InferActionObject<TAction>[] = InferActionObject<TAction>[]\n> =\n\tInferActionRuleCtx<TAction> extends EmptyObject\n\t\t? {}\n\t\t: InferActionAdditionalContext<TAction> extends {}\n\t\t\t? {\n\t\t\t\t\tfilter(objects: TObjects): TObjects;\n\t\t\t\t}\n\t\t\t: {\n\t\t\t\t\tfilter(\n\t\t\t\t\t\tobjects: TObjects,\n\t\t\t\t\t\tctx: OptionalUndefinedFields<InferActionAdditionalContext<TAction>>\n\t\t\t\t\t): TObjects;\n\t\t\t\t};\n\ntype ResolvedPermission<TActionPath extends string, TAction extends Action<any, any>> = Omit<\n\tPermission<TActionPath, TAction>,\n\t\"granted\" | \"filter\"\n> &\n\tGranted<TAction> &\n\tFilter<TAction>;\n\nexport type PermissionCtx<\n\tTAction extends Action<any, any>,\n\tTCtx extends RuleCtx = InferActionRuleCtx<TAction>\n> = TCtx extends EmptyObject ? Expand<Omit<TCtx, \"object\">> : Expand<TCtx>;\n\nexport type GrantedPermissionsResolver<\n\tTActionPath extends string,\n\tTAction extends Action<any, any>\n> = (\n\tobject: InferActionObject<TAction>,\n\tpermission: ResolvedPermission<TActionPath, TAction>\n) => string[] | Set<string>;\n\nexport type PermissionOptions<TActionPath extends string, TAction extends Action<any, any>> = {\n\tgrantedPermissions?:\n\t\t| \"all\"\n\t\t| string[]\n\t\t| Set<string>\n\t\t| GrantedPermissionsResolver<TActionPath, TAction>;\n\tcheckOwnership?: (ctx: InferActionRuleCtx<TAction>) => boolean;\n};\n\nconst VoidObjectCacheKey = Symbol(\"void-object\");\n\nexport class Permission<TActionPath extends string, TAction extends Action<any, any>> {\n\tprivate _subject: InferActionSubject<TAction>;\n\tprivate _path: TActionPath;\n\tprivate _resource: Resource<any, any>;\n\tprivate _action: TAction;\n\tprivate _policies: Policy<any>[];\n\tprivate _options: PermissionOptions<TActionPath, TAction>;\n\n\tprivate _grantedPermissionsCache: Map<any, Set<string>> = new Map();\n\n\tconstructor(\n\t\tsubject: InferActionSubject<TAction>,\n\t\tpath: TActionPath,\n\t\tresource: Resource<any, any>,\n\t\taction: TAction,\n\t\tpolicies: Policy<any>[],\n\t\toptions?: PermissionOptions<TActionPath, TAction>\n\t) {\n\t\tthis._subject = subject;\n\t\tthis._path = path;\n\t\tthis._resource = resource;\n\t\tthis._action = action;\n\t\tthis._policies = policies;\n\n\t\tthis._options = options ?? {};\n\t}\n\n\tpublic get path() {\n\t\treturn this._path;\n\t}\n\n\tpublic get resource() {\n\t\treturn this._resource;\n\t}\n\n\tpublic get action() {\n\t\treturn this._action;\n\t}\n\n\tpublic get policies() {\n\t\treturn this._policies;\n\t}\n\n\tpublic test(\n\t\tctx?: OptionalUndefinedFields<Omit<InferActionRuleCtx<TAction>, \"subject\">>\n\t): PermissionTestResult {\n\t\tconst fullCtx = {\n\t\t\t...(ctx ?? {}),\n\t\t\tsubject: this._subject\n\t\t} as unknown as InferActionRuleCtx<TAction>;\n\n\t\tlet granted = false;\n\t\tlet specitivity = -1;\n\t\tlet grantPolicy: Policy<any> | null = null;\n\t\tlet grantRule: Rule | null = null;\n\n\t\tconst ownsObject = this.checkOwnership(fullCtx);\n\t\tconst isGranted =\n\t\t\t!this._action.configurable ||\n\t\t\tthis.isGranted(this._path, fullCtx.object) ||\n\t\t\t(ownsObject && this.isGranted(this._path + \".own\", fullCtx.object));\n\n\t\tfor (const policy of this._policies) {\n\t\t\tfor (const rule of policy.rules) {\n\t\t\t\tconst match = Permission.matchPathPattern(this._path, rule.action);\n\t\t\t\tif (!match.matches || specitivity > match.specitivity) {\n\t\t\t\t\tcontinue;\n\t\t\t\t}\n\n\t\t\t\tconst result = rule.predicate(fullCtx, this._action);\n\t\t\t\tgranted = result === \"ifgranted\" ? isGranted : result;\n\t\t\t\tspecitivity = rule.specitivity ?? match.specitivity;\n\t\t\t\tgrantPolicy = policy;\n\t\t\t\tgrantRule = rule;\n\n\t\t\t\tif (specitivity === Specitivity.Exact) {\n\t\t\t\t\t// This rule is an exact match, so we can stop and return early\n\t\t\t\t\tbreak;\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif (specitivity === Specitivity.Exact) break;\n\t\t}\n\n\t\treturn {\n\t\t\tgranted,\n\t\t\tspecitivity,\n\t\t\tpolicy: grantPolicy,\n\t\t\trule: grantRule\n\t\t};\n\t}\n\n\tpublic granted(ctx?: OptionalUndefinedFields<Omit<InferActionRuleCtx<TAction>, \"subject\">>) {\n\t\tconst { granted } = this.test(ctx);\n\t\treturn granted;\n\t}\n\n\tpublic filter(\n\t\tobjects: InferActionObject<TAction>[],\n\t\tctx?: InferActionAdditionalContext<TAction>\n\t) {\n\t\treturn objects\n\t\t\t.map((object) => ({\n\t\t\t\tobject,\n\t\t\t\tgranted: this.granted({\n\t\t\t\t\tobject,\n\t\t\t\t\t...(ctx ?? {})\n\t\t\t\t} as any)\n\t\t\t}))\n\t\t\t.filter(({ granted }) => granted)\n\t\t\t.map(({ object }) => object);\n\t}\n\n\tprivate isGranted(path: string, object: InferActionObject<TAction>) {\n\t\tif (this._options.grantedPermissions === \"all\") {\n\t\t\treturn true;\n\t\t}\n\n\t\tconst cacheKey: any = object ? object : VoidObjectCacheKey;\n\t\tlet grantedPermissions: Set<string>;\n\t\tif (this._grantedPermissionsCache.has(cacheKey)) {\n\t\t\tgrantedPermissions = this._grantedPermissionsCache.get(cacheKey)!;\n\t\t} else {\n\t\t\tif (typeof this._options.grantedPermissions === \"function\") {\n\t\t\t\tgrantedPermissions = new Set(\n\t\t\t\t\tthis._options.grantedPermissions(\n\t\t\t\t\t\tobject,\n\t\t\t\t\t\tthis as unknown as ResolvedPermission<TActionPath, TAction>\n\t\t\t\t\t)\n\t\t\t\t);\n\t\t\t} else {\n\t\t\t\tgrantedPermissions = new Set(this._options.grantedPermissions ?? []);\n\t\t\t}\n\n\t\t\tthis._grantedPermissionsCache.set(cacheKey, grantedPermissions);\n\t\t}\n\n\t\treturn grantedPermissions.has(path);\n\t}\n\n\tprivate checkOwnership(ctx: InferActionRuleCtx<TAction>) {\n\t\tif (!this._resource.ownable) {\n\t\t\treturn false;\n\t\t}\n\n\t\tif (typeof this._options.checkOwnership === \"function\") {\n\t\t\treturn this._options.checkOwnership(ctx);\n\t\t}\n\n\t\treturn false;\n\t}\n\n\tprivate static matchPathPattern(path: string, pattern: string) {\n\t\tif (pattern === \"*\") {\n\t\t\t// Any action\n\t\t\treturn {\n\t\t\t\tmatches: true,\n\t\t\t\tspecitivity: Specitivity.Any\n\t\t\t};\n\t\t}\n\n\t\tif (pattern.endsWith(\".*\")) {\n\t\t\t// Any action, sub-resource or action group on this resource\n\t\t\treturn {\n\t\t\t\tmatches: path.startsWith(pattern.slice(0, -2)),\n\t\t\t\tspecitivity: Specitivity.ActionsAndNested\n\t\t\t};\n\t\t}\n\n\t\tif (pattern.endsWith(\":*\")) {\n\t\t\t// Any action on this resource (excluding action groups)\n\t\t\treturn {\n\t\t\t\tmatches: path.startsWith(pattern.slice(0, -1)),\n\t\t\t\tspecitivity: Specitivity.ActionsOnly\n\t\t\t};\n\t\t}\n\n\t\tif (pattern.endsWith(\":*.own\")) {\n\t\t\treturn {\n\t\t\t\tmatches: path.startsWith(pattern.slice(0, -6)) && path.endsWith(\".own\"),\n\t\t\t\tspecitivity: Specitivity.OwnedActionsOnly\n\t\t\t};\n\t\t}\n\n\t\t// Specific action\n\t\treturn {\n\t\t\tmatches: path === pattern,\n\t\t\tspecitivity: Specitivity.Exact\n\t\t};\n\t}\n\n\tpublic static create<\n\t\tTResources extends ResourceMap,\n\t\tTActionPath extends string,\n\t\tTAction extends Action<any, any> = ActionFromPath<TResources, TActionPath>\n\t>(\n\t\tsubject: InferActionSubject<TAction>,\n\t\tpath: TActionPath,\n\t\tresource: Resource<any, any>,\n\t\taction: TAction,\n\t\tpolicies: Policy<TResources>[],\n\t\toptions?: PermissionOptions<TActionPath, TAction>\n\t) {\n\t\treturn new Permission(\n\t\t\tsubject,\n\t\t\tpath,\n\t\t\tresource,\n\t\t\taction,\n\t\t\tpolicies,\n\t\t\toptions\n\t\t) as unknown as ResolvedPermission<TActionPath, TAction>;\n\t}\n}\n"]}

package/build/policy.d.ts ADDED Viewed

@@ -0,0 +1,49 @@
+import type { Action, RuleCtx, InferActionRuleCtx, ActionContext } from "./action.js";
+import type { ResourceMap } from "./internal/collections.js";
+import type { ActionFromPath, ActionPaths, OwnableActionPaths, WildcardActionPaths } from "./internal/paths.js";
+export type MatchCtx = {
+    subject: any;
+};
+export type PolicyMatchPredicate = (ctx: MatchCtx) => boolean;
+type InferRulePredicateReturn<TAction> = TAction extends Action<any, infer TContext extends ActionContext> ? TContext["configurable"] extends true ? "ifgranted" | boolean : boolean : boolean;
+type SimplifyPredicate<T> = T extends (ctx: infer TCtx) => infer TReturn ? (ctx: TCtx) => TReturn : T;
+export type RulePredicate<TResources extends ResourceMap, TActionPath extends string> = (ctx: InferActionRuleCtx<ActionFromPath<TResources, TActionPath>>, action: ActionFromPath<TResources, TActionPath>) => InferRulePredicateReturn<ActionFromPath<TResources, TActionPath>>;
+type AnyRulePredicate = (ctx: RuleCtx, action: Action<any, any>) => boolean | "ifgranted";
+export type OwnershipPredicate<TResources extends ResourceMap, TActionPath extends string> = (ctx: InferActionRuleCtx<ActionFromPath<TResources, TActionPath>>) => boolean;
+export declare enum Specitivity {
+    Any = -1,
+    ActionsAndNested = 0,
+    ActionsOnly = 1,
+    OwnedActionsOnly = 2,
+    Exact = 3
+}
+export type Rule = {
+    action: string;
+    predicate: AnyRulePredicate;
+    specitivity?: Specitivity;
+};
+export declare class Policy<TResources extends ResourceMap> {
+    private _name;
+    private _match;
+    private _rules;
+    constructor();
+    get name(): string | null;
+    setName(name: string): this;
+    get match(): PolicyMatchPredicate;
+    setMatch(predicate: PolicyMatchPredicate): this;
+    get rules(): Rule[];
+    allowAll({ force }?: {
+        force?: boolean;
+    }): this;
+    denyAll({ force }?: {
+        force?: boolean;
+    }): this;
+    allow<TActionPath extends WildcardActionPaths<TResources>>(action: TActionPath, predicate?: AnyRulePredicate): this;
+    allow<TActionPath extends ActionPaths<TResources>>(action: TActionPath, predicate: SimplifyPredicate<RulePredicate<TResources, TActionPath>>): this;
+    allowOwn<TActionPath extends OwnableActionPaths<TResources>>(action: TActionPath, checkOwnership: SimplifyPredicate<OwnershipPredicate<TResources, TActionPath>>, predicate?: SimplifyPredicate<RulePredicate<TResources, TActionPath>>): this;
+    deny<TActionPath extends WildcardActionPaths<TResources>>(action: TActionPath): this;
+    deny<TActionPath extends ActionPaths<TResources>>(action: TActionPath): this;
+    denyOwn<TActionPath extends OwnableActionPaths<TResources>>(action: TActionPath, checkOwnership: SimplifyPredicate<OwnershipPredicate<TResources, TActionPath>>, otherPredicate?: SimplifyPredicate<RulePredicate<TResources, TActionPath>>): this;
+    private pushRule;
+}
+export {};

package/build/policy.js ADDED Viewed

@@ -0,0 +1,72 @@
+import { ABAC } from "./abac.js";
+export var Specitivity;
+(function (Specitivity) {
+    Specitivity[Specitivity["Any"] = -1] = "Any";
+    Specitivity[Specitivity["ActionsAndNested"] = 0] = "ActionsAndNested";
+    Specitivity[Specitivity["ActionsOnly"] = 1] = "ActionsOnly";
+    Specitivity[Specitivity["OwnedActionsOnly"] = 2] = "OwnedActionsOnly";
+    Specitivity[Specitivity["Exact"] = 3] = "Exact";
+})(Specitivity || (Specitivity = {}));
+export class Policy {
+    _name = null;
+    _match = ABAC.Filter.allow();
+    _rules = [];
+    constructor() { }
+    get name() {
+        return this._name;
+    }
+    setName(name) {
+        this._name = name;
+        return this;
+    }
+    get match() {
+        return this._match;
+    }
+    setMatch(predicate) {
+        this._match = predicate;
+        return this;
+    }
+    get rules() {
+        return this._rules;
+    }
+    allowAll({ force = false } = {}) {
+        this.pushRule("*", ABAC.Filter.allow(), force ? Specitivity.Exact : undefined);
+        return this;
+    }
+    denyAll({ force = false } = {}) {
+        this.pushRule("*", ABAC.Filter.deny(), force ? Specitivity.Exact : undefined);
+        return this;
+    }
+    allow(action, predicate) {
+        this.pushRule(action, predicate ?? ABAC.Filter.allow());
+        return this;
+    }
+    allowOwn(action, checkOwnership, predicate) {
+        this.pushRule(`${action}.own`, ABAC.Filter.allow());
+        this.pushRule(action, (ctx, action) => {
+            if (!checkOwnership(ctx)) {
+                return false;
+            }
+            return (predicate ?? ABAC.Filter.allow())(ctx, action);
+        });
+        return this;
+    }
+    deny(action) {
+        this.pushRule(action, ABAC.Filter.deny());
+        return this;
+    }
+    denyOwn(action, checkOwnership, otherPredicate) {
+        this.pushRule(`${action}.own`, ABAC.Filter.deny());
+        this.pushRule(action, (ctx, action) => {
+            if (checkOwnership(ctx)) {
+                return false;
+            }
+            return (otherPredicate ?? ABAC.Filter.allow())(ctx, action);
+        });
+        return this;
+    }
+    pushRule(action, predicate, specitivity) {
+        this._rules.push({ action, predicate, specitivity });
+    }
+}
+//# sourceMappingURL=policy.js.map

package/build/policy.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"policy.js","sourceRoot":"","sources":["../src/policy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAsCjC,MAAM,CAAN,IAAY,WAMX;AAND,WAAY,WAAW;IACtB,4CAAQ,CAAA;IACR,qEAAgB,CAAA;IAChB,2DAAW,CAAA;IACX,qEAAgB,CAAA;IAChB,+CAAK,CAAA;AACN,CAAC,EANW,WAAW,KAAX,WAAW,QAMtB;AAQD,MAAM,OAAO,MAAM;IACV,KAAK,GAAkB,IAAI,CAAC;IAC5B,MAAM,GAAyB,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;IACnD,MAAM,GAAW,EAAE,CAAC;IAE5B,gBAAe,CAAC;IAEhB,IAAW,IAAI;QACd,OAAO,IAAI,CAAC,KAAK,CAAC;IACnB,CAAC;IAEM,OAAO,CAAC,IAAY;QAC1B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QAClB,OAAO,IAAI,CAAC;IACb,CAAC;IAED,IAAW,KAAK;QACf,OAAO,IAAI,CAAC,MAAM,CAAC;IACpB,CAAC;IAEM,QAAQ,CAAC,SAA+B;QAC9C,IAAI,CAAC,MAAM,GAAG,SAAS,CAAC;QACxB,OAAO,IAAI,CAAC;IACb,CAAC;IAED,IAAW,KAAK;QACf,OAAO,IAAI,CAAC,MAAM,CAAC;IACpB,CAAC;IAEM,QAAQ,CAAC,EAAE,KAAK,GAAG,KAAK,KAA0B,EAAE;QAC1D,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QAC/E,OAAO,IAAI,CAAC;IACb,CAAC;IAEM,OAAO,CAAC,EAAE,KAAK,GAAG,KAAK,KAA0B,EAAE;QACzD,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QAC9E,OAAO,IAAI,CAAC;IACb,CAAC;IAUM,KAAK,CAAC,MAAc,EAAE,SAAe;QAC3C,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,SAAS,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;QACxD,OAAO,IAAI,CAAC;IACb,CAAC;IAEM,QAAQ,CACd,MAAmB,EACnB,cAA8E,EAC9E,SAAqE;QAErE,IAAI,CAAC,QAAQ,CAAC,GAAG,MAAM,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;QACpD,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,GAAQ,EAAE,MAAW,EAAE,EAAE;YAC/C,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1B,OAAO,KAAK,CAAC;YACd,CAAC;YAED,OAAO,CAAC,SAAS,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QACxD,CAAC,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACb,CAAC;IAIM,IAAI,CAAC,MAAc;QACzB,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QAC1C,OAAO,IAAI,CAAC;IACb,CAAC;IAEM,OAAO,CACb,MAAmB,EACnB,cAA8E,EAC9E,cAA0E;QAE1E,IAAI,CAAC,QAAQ,CAAC,GAAG,MAAM,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QACnD,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,GAAQ,EAAE,MAAW,EAAE,EAAE;YAC/C,IAAI,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;gBACzB,OAAO,KAAK,CAAC;YACd,CAAC;YAED,OAAO,CAAC,cAAc,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QAC7D,CAAC,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACb,CAAC;IAEO,QAAQ,CAAC,MAAc,EAAE,SAA2B,EAAE,WAAyB;QACtF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC,CAAC;IACtD,CAAC;CACD","sourcesContent":["import { ABAC } from \"./abac.js\";\nimport type { Action, RuleCtx, InferActionRuleCtx, ActionContext } from \"./action.js\";\nimport type { ResourceMap } from \"./internal/collections.js\";\nimport type {\n\tActionFromPath,\n\tActionPaths,\n\tOwnableActionPaths,\n\tWildcardActionPaths\n} from \"./internal/paths.js\";\n\nexport type MatchCtx = {\n\tsubject: any;\n};\n\nexport type PolicyMatchPredicate = (ctx: MatchCtx) => boolean;\n\ntype InferRulePredicateReturn<TAction> =\n\tTAction extends Action<any, infer TContext extends ActionContext>\n\t\t? TContext[\"configurable\"] extends true\n\t\t\t? \"ifgranted\" | boolean\n\t\t\t: boolean\n\t\t: boolean;\n\ntype SimplifyPredicate<T> = T extends (ctx: infer TCtx) => infer TReturn\n\t? (ctx: TCtx) => TReturn\n\t: T;\n\nexport type RulePredicate<TResources extends ResourceMap, TActionPath extends string> = (\n\tctx: InferActionRuleCtx<ActionFromPath<TResources, TActionPath>>,\n\taction: ActionFromPath<TResources, TActionPath>\n) => InferRulePredicateReturn<ActionFromPath<TResources, TActionPath>>;\n\ntype AnyRulePredicate = (ctx: RuleCtx, action: Action<any, any>) => boolean | \"ifgranted\";\n\nexport type OwnershipPredicate<TResources extends ResourceMap, TActionPath extends string> = (\n\tctx: InferActionRuleCtx<ActionFromPath<TResources, TActionPath>>\n) => boolean;\n\nexport enum Specitivity {\n\tAny = -1,\n\tActionsAndNested,\n\tActionsOnly,\n\tOwnedActionsOnly,\n\tExact\n}\n\nexport type Rule = {\n\taction: string;\n\tpredicate: AnyRulePredicate;\n\tspecitivity?: Specitivity;\n};\n\nexport class Policy<TResources extends ResourceMap> {\n\tprivate _name: string | null = null;\n\tprivate _match: PolicyMatchPredicate = ABAC.Filter.allow();\n\tprivate _rules: Rule[] = [];\n\n\tconstructor() {}\n\n\tpublic get name() {\n\t\treturn this._name;\n\t}\n\n\tpublic setName(name: string) {\n\t\tthis._name = name;\n\t\treturn this;\n\t}\n\n\tpublic get match() {\n\t\treturn this._match;\n\t}\n\n\tpublic setMatch(predicate: PolicyMatchPredicate) {\n\t\tthis._match = predicate;\n\t\treturn this;\n\t}\n\n\tpublic get rules() {\n\t\treturn this._rules;\n\t}\n\n\tpublic allowAll({ force = false }: { force?: boolean } = {}) {\n\t\tthis.pushRule(\"*\", ABAC.Filter.allow(), force ? Specitivity.Exact : undefined);\n\t\treturn this;\n\t}\n\n\tpublic denyAll({ force = false }: { force?: boolean } = {}) {\n\t\tthis.pushRule(\"*\", ABAC.Filter.deny(), force ? Specitivity.Exact : undefined);\n\t\treturn this;\n\t}\n\n\tpublic allow<TActionPath extends WildcardActionPaths<TResources>>(\n\t\taction: TActionPath,\n\t\tpredicate?: AnyRulePredicate\n\t): this;\n\tpublic allow<TActionPath extends ActionPaths<TResources>>(\n\t\taction: TActionPath,\n\t\tpredicate: SimplifyPredicate<RulePredicate<TResources, TActionPath>>\n\t): this;\n\tpublic allow(action: string, predicate?: any) {\n\t\tthis.pushRule(action, predicate ?? ABAC.Filter.allow());\n\t\treturn this;\n\t}\n\n\tpublic allowOwn<TActionPath extends OwnableActionPaths<TResources>>(\n\t\taction: TActionPath,\n\t\tcheckOwnership: SimplifyPredicate<OwnershipPredicate<TResources, TActionPath>>,\n\t\tpredicate?: SimplifyPredicate<RulePredicate<TResources, TActionPath>>\n\t) {\n\t\tthis.pushRule(`${action}.own`, ABAC.Filter.allow());\n\t\tthis.pushRule(action, (ctx: any, action: any) => {\n\t\t\tif (!checkOwnership(ctx)) {\n\t\t\t\treturn false;\n\t\t\t}\n\n\t\t\treturn (predicate ?? ABAC.Filter.allow())(ctx, action);\n\t\t});\n\t\treturn this;\n\t}\n\n\tpublic deny<TActionPath extends WildcardActionPaths<TResources>>(action: TActionPath): this;\n\tpublic deny<TActionPath extends ActionPaths<TResources>>(action: TActionPath): this;\n\tpublic deny(action: string) {\n\t\tthis.pushRule(action, ABAC.Filter.deny());\n\t\treturn this;\n\t}\n\n\tpublic denyOwn<TActionPath extends OwnableActionPaths<TResources>>(\n\t\taction: TActionPath,\n\t\tcheckOwnership: SimplifyPredicate<OwnershipPredicate<TResources, TActionPath>>,\n\t\totherPredicate?: SimplifyPredicate<RulePredicate<TResources, TActionPath>>\n\t) {\n\t\tthis.pushRule(`${action}.own`, ABAC.Filter.deny());\n\t\tthis.pushRule(action, (ctx: any, action: any) => {\n\t\t\tif (checkOwnership(ctx)) {\n\t\t\t\treturn false;\n\t\t\t}\n\n\t\t\treturn (otherPredicate ?? ABAC.Filter.allow())(ctx, action);\n\t\t});\n\t\treturn this;\n\t}\n\n\tprivate pushRule(action: string, predicate: AnyRulePredicate, specitivity?: Specitivity) {\n\t\tthis._rules.push({ action, predicate, specitivity });\n\t}\n}\n"]}

package/build/policyFilters.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+declare function allowPredicate(): boolean;
+declare function denyPredicate(): boolean;
+declare function ifgrantedPredicate(): "ifgranted";
+export declare abstract class PolicyFilters {
+    static allow(): typeof allowPredicate;
+    static deny(): typeof denyPredicate;
+    static ifgranted(): typeof ifgrantedPredicate;
+}
+export {};

package/build/policyFilters.js ADDED Viewed

@@ -0,0 +1,21 @@
+function allowPredicate() {
+    return true;
+}
+function denyPredicate() {
+    return false;
+}
+function ifgrantedPredicate() {
+    return "ifgranted";
+}
+export class PolicyFilters {
+    static allow() {
+        return allowPredicate;
+    }
+    static deny() {
+        return denyPredicate;
+    }
+    static ifgranted() {
+        return ifgrantedPredicate;
+    }
+}
+//# sourceMappingURL=policyFilters.js.map

package/build/policyFilters.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"policyFilters.js","sourceRoot":"","sources":["../src/policyFilters.ts"],"names":[],"mappings":"AAAA,SAAS,cAAc;IACtB,OAAO,IAAI,CAAC;AACb,CAAC;AAED,SAAS,aAAa;IACrB,OAAO,KAAK,CAAC;AACd,CAAC;AAED,SAAS,kBAAkB;IAC1B,OAAO,WAAoB,CAAC;AAC7B,CAAC;AAED,MAAM,OAAgB,aAAa;IAC3B,MAAM,CAAC,KAAK;QAClB,OAAO,cAAc,CAAC;IACvB,CAAC;IAEM,MAAM,CAAC,IAAI;QACjB,OAAO,aAAa,CAAC;IACtB,CAAC;IAEM,MAAM,CAAC,SAAS;QACtB,OAAO,kBAAkB,CAAC;IAC3B,CAAC;CACD","sourcesContent":["function allowPredicate() {\n\treturn true;\n}\n\nfunction denyPredicate() {\n\treturn false;\n}\n\nfunction ifgrantedPredicate() {\n\treturn \"ifgranted\" as const;\n}\n\nexport abstract class PolicyFilters {\n\tpublic static allow() {\n\t\treturn allowPredicate;\n\t}\n\n\tpublic static deny() {\n\t\treturn denyPredicate;\n\t}\n\n\tpublic static ifgranted() {\n\t\treturn ifgrantedPredicate;\n\t}\n}\n"]}

package/build/resource.d.ts ADDED Viewed

@@ -0,0 +1,75 @@
+import { type Action, type RuleCtx } from "./action.js";
+import type { ActionGroup } from "./actionGroup.js";
+import type { ActionMap, ResourceMap, ToActionMap, UnionToResourceMap } from "./internal/collections.js";
+import type { Expand, UnsetMarker } from "./internal/core.js";
+export type ResourceContext = {
+    ctx: RuleCtx;
+    actions: ActionMap | UnsetMarker;
+    subResources: ResourceMap | UnsetMarker;
+    ownable: boolean;
+};
+export type AnyResourceContext = {
+    ctx: RuleCtx;
+    actions: ActionMap;
+    subResources: ResourceMap;
+    ownable: boolean;
+};
+export declare class Resource<TName extends string, TContext extends ResourceContext = AnyResourceContext> {
+    private _name;
+    private _title;
+    private _description;
+    private _ownable;
+    private _ownConfigurable;
+    private _actions;
+    private _subResources;
+    constructor(name: TName);
+    get name(): TName;
+    get title(): string | null;
+    setTitle(title: string): this;
+    get description(): string | null;
+    setDescription(description: string): this;
+    get ownable(): boolean;
+    get ownConfigurable(): boolean;
+    setOwnable<TOwnable extends boolean>(ownable: TOwnable, configurable?: boolean): Resource<TName, {
+        ctx: TContext["ctx"];
+        actions: TContext["actions"];
+        subResources: TContext["subResources"];
+        ownable: TOwnable;
+    }>;
+    withSubject<TSubject>(): Resource<TName, {
+        ctx: Expand<Omit<TContext["ctx"], "subject"> & {
+            subject: TSubject;
+        }>;
+        actions: TContext["actions"];
+        subResources: TContext["subResources"];
+        ownable: TContext["ownable"];
+    }>;
+    withObject<TObject>(): Resource<TName, {
+        ctx: Expand<Omit<TContext["ctx"], "object"> & {
+            object: TObject;
+        }>;
+        actions: TContext["actions"];
+        subResources: TContext["subResources"];
+        ownable: TContext["ownable"];
+    }>;
+    withAdditionalContext<TAdditionalContext extends object>(): Resource<TName, {
+        ctx: TContext["ctx"] & TAdditionalContext;
+        actions: TContext["actions"];
+        subResources: TContext["subResources"];
+        ownable: TContext["ownable"];
+    }>;
+    get actions(): TContext["actions"];
+    setActions<TActions extends Action<any, any> | ActionGroup<any, any>>(actions: TActions[]): Resource<TName, {
+        ctx: TContext["ctx"];
+        actions: Expand<ToActionMap<TActions>>;
+        subResources: TContext["subResources"];
+        ownable: TContext["ownable"];
+    }>;
+    get subResources(): TContext["subResources"];
+    setSubResources<TResources extends Resource<any, any>>(resources: TResources[]): Resource<TName, {
+        ctx: TContext["ctx"];
+        actions: TContext["actions"];
+        subResources: Expand<UnionToResourceMap<TResources>>;
+        ownable: TContext["ownable"];
+    }>;
+}