@lenne.tech/nest-server 11.20.1 → 11.21.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/core/common/decorators/restricted.decorator.d.ts +1 -0
- package/dist/core/common/decorators/restricted.decorator.js +4 -1
- package/dist/core/common/decorators/restricted.decorator.js.map +1 -1
- package/dist/core/common/interceptors/check-security.interceptor.js +5 -1
- package/dist/core/common/interceptors/check-security.interceptor.js.map +1 -1
- package/dist/core/common/interfaces/server-options.interface.d.ts +4 -1
- package/dist/core/common/middleware/request-context.middleware.js +10 -6
- package/dist/core/common/middleware/request-context.middleware.js.map +1 -1
- package/dist/core/common/plugins/mongoose-tenant.plugin.js +40 -24
- package/dist/core/common/plugins/mongoose-tenant.plugin.js.map +1 -1
- package/dist/core/common/services/request-context.service.d.ts +3 -0
- package/dist/core/common/services/request-context.service.js.map +1 -1
- package/dist/core/modules/auth/guards/roles.guard.js +6 -10
- package/dist/core/modules/auth/guards/roles.guard.js.map +1 -1
- package/dist/core/modules/better-auth/better-auth-roles.guard.js +5 -6
- package/dist/core/modules/better-auth/better-auth-roles.guard.js.map +1 -1
- package/dist/core/modules/tenant/core-tenant-member.model.d.ts +11 -0
- package/dist/core/modules/tenant/core-tenant-member.model.js +106 -0
- package/dist/core/modules/tenant/core-tenant-member.model.js.map +1 -0
- package/dist/core/modules/tenant/core-tenant.decorators.d.ts +3 -0
- package/dist/core/modules/tenant/core-tenant.decorators.js +12 -0
- package/dist/core/modules/tenant/core-tenant.decorators.js.map +1 -0
- package/dist/core/modules/tenant/core-tenant.enums.d.ts +13 -0
- package/dist/core/modules/tenant/core-tenant.enums.js +25 -0
- package/dist/core/modules/tenant/core-tenant.enums.js.map +1 -0
- package/dist/core/modules/tenant/core-tenant.guard.d.ts +13 -0
- package/dist/core/modules/tenant/core-tenant.guard.js +162 -0
- package/dist/core/modules/tenant/core-tenant.guard.js.map +1 -0
- package/dist/core/modules/tenant/core-tenant.helpers.d.ts +7 -0
- package/dist/core/modules/tenant/core-tenant.helpers.js +60 -0
- package/dist/core/modules/tenant/core-tenant.helpers.js.map +1 -0
- package/dist/core/modules/tenant/core-tenant.module.d.ts +12 -0
- package/dist/core/modules/tenant/core-tenant.module.js +58 -0
- package/dist/core/modules/tenant/core-tenant.module.js.map +1 -0
- package/dist/core/modules/tenant/core-tenant.service.d.ts +17 -0
- package/dist/core/modules/tenant/core-tenant.service.js +160 -0
- package/dist/core/modules/tenant/core-tenant.service.js.map +1 -0
- package/dist/core.module.js +11 -0
- package/dist/core.module.js.map +1 -1
- package/dist/index.d.ts +7 -0
- package/dist/index.js +7 -0
- package/dist/index.js.map +1 -1
- package/dist/tsconfig.build.tsbuildinfo +1 -1
- package/package.json +12 -10
- package/src/core/common/decorators/restricted.decorator.ts +12 -2
- package/src/core/common/interceptors/check-security.interceptor.ts +9 -2
- package/src/core/common/interfaces/server-options.interface.ts +63 -30
- package/src/core/common/middleware/request-context.middleware.ts +12 -5
- package/src/core/common/plugins/mongoose-tenant.plugin.ts +78 -45
- package/src/core/common/services/request-context.service.ts +7 -1
- package/src/core/modules/auth/guards/roles.guard.ts +10 -10
- package/src/core/modules/better-auth/better-auth-roles.guard.ts +9 -6
- package/src/core/modules/tenant/INTEGRATION-CHECKLIST.md +165 -0
- package/src/core/modules/tenant/README.md +232 -0
- package/src/core/modules/tenant/core-tenant-member.model.ts +121 -0
- package/src/core/modules/tenant/core-tenant.decorators.ts +46 -0
- package/src/core/modules/tenant/core-tenant.enums.ts +77 -0
- package/src/core/modules/tenant/core-tenant.guard.ts +240 -0
- package/src/core/modules/tenant/core-tenant.helpers.ts +103 -0
- package/src/core/modules/tenant/core-tenant.module.ts +102 -0
- package/src/core/modules/tenant/core-tenant.service.ts +235 -0
- package/src/core.module.ts +15 -0
- package/src/index.ts +12 -0
|
@@ -6,6 +6,8 @@ require("reflect-metadata");
|
|
|
6
6
|
const _ = require("lodash");
|
|
7
7
|
const role_enum_1 = require("../enums/role.enum");
|
|
8
8
|
const db_helper_1 = require("../helpers/db.helper");
|
|
9
|
+
const request_context_service_1 = require("../services/request-context.service");
|
|
10
|
+
const core_tenant_helpers_1 = require("../../modules/tenant/core-tenant.helpers");
|
|
9
11
|
const restrictedMetaKey = Symbol('restricted');
|
|
10
12
|
const Restricted = (...rolesOrMember) => {
|
|
11
13
|
return Reflect.metadata(restrictedMetaKey, rolesOrMember);
|
|
@@ -85,7 +87,8 @@ const checkRestricted = (data, user, options = {}, processedObjects = []) => {
|
|
|
85
87
|
(roles.includes(role_enum_1.RoleEnum.S_CREATOR) &&
|
|
86
88
|
(('createdBy' in data && (0, db_helper_1.equalIds)(data.createdBy, user)) ||
|
|
87
89
|
(config.allowCreatorOfParent && !('createdBy' in data) && config.isCreatorOfParent))) ||
|
|
88
|
-
(roles.includes(role_enum_1.RoleEnum.S_VERIFIED) && (user?.verified || user?.verifiedAt || user?.emailVerified))
|
|
90
|
+
(roles.includes(role_enum_1.RoleEnum.S_VERIFIED) && (user?.verified || user?.verifiedAt || user?.emailVerified)) ||
|
|
91
|
+
(user?.id && (0, core_tenant_helpers_1.checkRoleAccess)(roles, user?.roles, request_context_service_1.RequestContext.get()?.tenantRole))) {
|
|
89
92
|
valid = true;
|
|
90
93
|
}
|
|
91
94
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"restricted.decorator.js","sourceRoot":"","sources":["../../../../src/core/common/decorators/restricted.decorator.ts"],"names":[],"mappings":";;;AAAA,2CAAuD;AACvD,4BAA0B;AAC1B,4BAA6B;AAG7B,kDAA8C;AAC9C,oDAAgE;
|
|
1
|
+
{"version":3,"file":"restricted.decorator.js","sourceRoot":"","sources":["../../../../src/core/common/decorators/restricted.decorator.ts"],"names":[],"mappings":";;;AAAA,2CAAuD;AACvD,4BAA0B;AAC1B,4BAA6B;AAG7B,kDAA8C;AAC9C,oDAAgE;AAChE,iFAAqE;AAErE,kFAA2E;AAK3E,MAAM,iBAAiB,GAAG,MAAM,CAAC,YAAY,CAAC,CAAC;AA4BxC,MAAM,UAAU,GAAG,CAAC,GAAG,aAA6B,EAAsC,EAAE;IACjG,OAAO,OAAO,CAAC,QAAQ,CAAC,iBAAiB,EAAE,aAAa,CAAC,CAAC;AAC5D,CAAC,CAAC;AAFW,QAAA,UAAU,cAErB;AAKK,MAAM,aAAa,GAAG,CAAC,MAAe,EAAE,WAAoB,EAAkB,EAAE;IACrF,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,OAAO,CAAC,WAAW,CAAC,iBAAiB,EAAE,MAAM,CAAC,CAAC;IACxD,CAAC;IACD,OAAO,OAAO,CAAC,WAAW,CAAC,iBAAiB,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;AACrE,CAAC,CAAC;AARW,QAAA,aAAa,iBAQxB;AAMK,MAAM,eAAe,GAAG,CAC7B,IAAS,EACT,IAOC,EACD,UAaI,EAAE,EACN,mBAA0B,EAAE,EAC5B,EAAE;IAIF,MAAM,MAAM,GAAG;QACb,oBAAoB,EAAE,IAAI;QAC1B,iBAAiB,EAAE,KAAK;QACxB,eAAe,EAAE,IAAI;QACrB,eAAe,EAAE,IAAI;QACrB,iBAAiB,EAAE,KAAK;QACxB,UAAU,EAAE,IAAI;QAChB,kBAAkB,EAAE,IAAI;QACxB,8BAA8B,EAAE,IAAI;QACpC,UAAU,EAAE,IAAI;QAChB,GAAG,OAAO;KACX,CAAC;IAGF,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,kBAAkB,IAAI,IAAI,CAAC,oCAAoC,CAAC,EAAE,CAAC;QAClH,OAAO,IAAI,CAAC;IACd,CAAC;IAGD,IAAI,gBAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACpC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAG5B,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAExB,IAAI,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAA,uBAAe,EAAC,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,gBAAgB,CAAC,CAAC,CAAC;QACvF,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,8BAA8B,EAAE,CAAC;YAChE,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC;QACvD,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAGD,MAAM,kBAAkB,GAAG,CAAC,UAAU,EAAE,EAAE;QACxC,IAAI,MAAM,CAAC,kBAAkB,IAAI,IAAI,EAAE,oCAAoC,EAAE,CAAC;YAC5E,OAAO,IAAI,CAAC;QACd,CAAC;QAGD,IAAI,CAAC,UAAU,EAAE,MAAM,EAAE,CAAC;YACxB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,KAAK,GAAG,KAAK,CAAC;QAGlB,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,UAAU,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;YAC1B,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC7B,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnB,CAAC;iBAAM,IACL,IAAI,EAAE,KAAK,EAAE,MAAM;gBACnB,CAAC,MAAM,CAAC,WAAW,IAAI,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,KAAK,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,EACzF,CAAC;gBACD,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;oBAC9B,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;gBAC5B,CAAC;qBAAM,CAAC;oBACN,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBACzB,CAAC;YACH,CAAC;iBAAM,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC/B,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;YACtB,CAAC;QACH,CAAC,CAAC,CAAC;QAGH,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;YAEjB,IAAI,KAAK,CAAC,QAAQ,CAAC,oBAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACtC,OAAO,KAAK,CAAC;YACf,CAAC;YAGD,IACE,KAAK,CAAC,QAAQ,CAAC,oBAAQ,CAAC,UAAU,CAAC;gBACnC,IAAI,EAAE,OAAO,EAAE,CAAC,KAAK,CAAC;gBACtB,CAAC,IAAI,EAAE,EAAE,IAAI,KAAK,CAAC,QAAQ,CAAC,oBAAQ,CAAC,MAAM,CAAC,CAAC;gBAC7C,CAAC,KAAK,CAAC,QAAQ,CAAC,oBAAQ,CAAC,MAAM,CAAC,IAAI,IAAA,oBAAQ,EAAC,IAAI,EAAE,IAAI,CAAC,CAAC;gBACzD,CAAC,KAAK,CAAC,QAAQ,CAAC,oBAAQ,CAAC,SAAS,CAAC;oBACjC,CAAC,CAAC,WAAW,IAAI,IAAI,IAAI,IAAA,oBAAQ,EAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;wBACtD,CAAC,MAAM,CAAC,oBAAoB,IAAI,CAAC,CAAC,WAAW,IAAI,IAAI,CAAC,IAAI,MAAM,CAAC,iBAAiB,CAAC,CAAC,CAAC;gBACzF,CAAC,KAAK,CAAC,QAAQ,CAAC,oBAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,IAAI,IAAI,EAAE,UAAU,IAAI,IAAI,EAAE,aAAa,CAAC,CAAC;gBACpG,CAAC,IAAI,EAAE,EAAE,IAAI,IAAA,qCAAe,EAAC,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,wCAAc,CAAC,GAAG,EAAE,EAAE,UAAU,CAAC,CAAC,EACnF,CAAC;gBACD,KAAK,GAAG,IAAI,CAAC;YACf,CAAC;QACH,CAAC;QAED,IAAI,CAAC,KAAK,EAAE,CAAC;YAEX,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE;gBACxC,OAAO,CACL,OAAO,IAAI,KAAK,QAAQ;oBAExB,IAAI,CAAC,QAAQ,EAAE,MAAM;oBAErB,CAAC,MAAM,CAAC,WAAW,IAAI,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,KAAK,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAC1F,CAAC;YACJ,CAAC,CAAsC,CAAC;YAGxC,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;gBAElB,MAAM,OAAO,GAAG,EAAE,CAAC;gBACnB,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;oBAC3B,IAAI,UAAU,GAAa,KAAK,CAAC,QAAoB,CAAC;oBACtD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC;wBACnC,UAAU,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;oBAChC,CAAC;oBACD,KAAK,MAAM,QAAQ,IAAI,UAAU,EAAE,CAAC;wBAClC,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,CAAC;wBAC1C,IAAI,KAAK,EAAE,CAAC;4BACV,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gCACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;4BACxB,CAAC;iCAAM,CAAC;gCACN,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;4BACtB,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;gBAGD,IAAI,IAAA,0BAAc,EAAC,OAAO,EAAE,IAAI,CAAC,EAAE,CAAC;oBAClC,KAAK,GAAG,IAAI,CAAC;gBACf,CAAC;YACH,CAAC;YAGD,IAAI,CAAC,KAAK,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;gBACpC,KAAK,GAAG,IAAI,CAAC;YACf,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;IAGF,MAAM,kBAAkB,GAAG,IAAA,qBAAa,EAAC,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;IACjE,IAAI,MAAM,CAAC,iBAAiB,EAAE,CAAC;QAC7B,MAAM,aAAa,GAAG,kBAAkB,CAAC,kBAAkB,CAAC,CAAC;QAC7D,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;gBACjB,OAAO,CAAC,KAAK,CAAC,6CAA6C,IAAI,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;YACvF,CAAC;YAED,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;gBACtB,MAAM,IAAI,8BAAqB,CAAC,6CAA6C,IAAI,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;YACzG,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAGD,KAAK,MAAM,WAAW,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAE5C,IAAI,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,UAAU,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;YACtE,SAAS;QACX,CAAC;QAGD,IAAI,IAAI,CAAC,WAAW,CAAC,KAAK,SAAS,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;YAC9D,SAAS;QACX,CAAC;QAGD,MAAM,UAAU,GAAG,IAAA,qBAAa,EAAC,IAAI,EAAE,WAAW,CAAC,IAAI,EAAE,CAAC;QAC1D,MAAM,wBAAwB,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC;QAChH,MAAM,KAAK,GAAG,kBAAkB,CAAC,wBAAwB,CAAC,CAAC;QAG3D,IAAI,KAAK,EAAE,CAAC;YAEV,MAAM,CAAC,iBAAiB;gBACtB,IAAA,oBAAQ,EAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,CAAC,CAAC,IAAA,oBAAQ,EAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;YAG5G,IAAI,CAAC,WAAW,CAAC,GAAG,IAAA,uBAAe,EAAC,IAAI,CAAC,WAAW,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,gBAAgB,CAAC,CAAC;QACzF,CAAC;aAAM,CAAC;YACN,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;gBACjB,OAAO,CAAC,KAAK,CACX,6CAA6C,WAAW,GAAG,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,CAAC,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAC1H,CAAC;YACJ,CAAC;YAED,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;gBACtB,MAAM,IAAI,8BAAqB,CAC7B,6CAA6C,WAAW,GAAG,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,CAAC,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAC1H,CAAC;YACJ,CAAC;YAGD,OAAO,IAAI,CAAC,WAAW,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IAGD,OAAO,IAAI,CAAC;AACd,CAAC,CAAC;AAnOW,QAAA,eAAe,mBAmO1B"}
|
|
@@ -92,8 +92,12 @@ let CheckSecurityInterceptor = class CheckSecurityInterceptor {
|
|
|
92
92
|
return false;
|
|
93
93
|
if (val instanceof Date || val instanceof RegExp)
|
|
94
94
|
return false;
|
|
95
|
+
if (val instanceof Map || val instanceof Set)
|
|
96
|
+
return false;
|
|
97
|
+
if (val.$__ !== undefined || val._bsontype !== undefined)
|
|
98
|
+
return false;
|
|
95
99
|
const proto = Object.getPrototypeOf(val);
|
|
96
|
-
return proto === null || proto === Object.prototype
|
|
100
|
+
return proto === null || proto === Object.prototype;
|
|
97
101
|
};
|
|
98
102
|
const visited = new WeakSet();
|
|
99
103
|
const removeSecrets = (data) => {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"check-security.interceptor.js","sourceRoot":"","sources":["../../../../src/core/common/interceptors/check-security.interceptor.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAA4F;AAE5F,8CAAqC;AAErC,8DAA2D;AAC3D,oDAAoD;AACpD,0DAAsD;AACtD,+DAA2D;AAMpD,IAAM,wBAAwB,GAA9B,MAAM,wBAAwB;IAQN;IAP7B,MAAM,GAAG;QACP,KAAK,EAAE,KAAK;QACZ,kBAAkB,EAAE,IAAI;QACxB,kBAAkB,EAAE,IAAI;QACxB,YAAY,EAAE,CAAC,UAAU,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,eAAe,EAAE,YAAY,CAAC;KACrG,CAAC;IAEF,YAA6B,aAA4B;QAA5B,kBAAa,GAAb,aAAa,CAAe;QACvD,MAAM,aAAa,GAAG,IAAI,CAAC,aAAa,CAAC,kBAAkB,CAAC,mCAAmC,CAAC,CAAC;QACjG,IAAI,OAAO,aAAa,KAAK,QAAQ,EAAE,CAAC;YACtC,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,aAAa,EAAE,CAAC;QACrD,CAAC;QAED,MAAM,kBAAkB,GAAG,IAAI,CAAC,aAAa,CAAC,kBAAkB,CAAC,uBAAuB,CAAC,CAAC;QAC1F,IAAI,KAAK,CAAC,OAAO,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACtC,IAAI,CAAC,MAAM,CAAC,YAAY,GAAG,kBAAkB,CAAC;QAChD,CAAC;IACH,CAAC;IAED,SAAS,CAAC,OAAyB,EAAE,IAAiB;QAEpD,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAGzB,MAAM,IAAI,GAAG,IAAA,+BAAc,EAAC,OAAO,CAAC,EAAE,WAAW,IAAI,IAAI,CAAC;QAG1D,IAAI,KAAK,GAAG,KAAK,CAAC;QAClB,IAAI,CAAC,IAAI,EAAE,CAAC;YAGV,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,EAAE,EAAE,IAAI,CAAC;YAC3C,IAAI,SAAS,KAAK,cAAc,IAAI,SAAS,KAAK,gBAAgB,EAAE,CAAC;gBACnE,KAAK,GAAG,IAAI,CAAC;YACf,CAAC;QACH,CAAC;QAGD,IAAI,UAAe,CAAC;QAEpB,MAAM,KAAK,GAAG,CAAC,IAAS,EAAE,EAAE;YAC1B,UAAU,GAAG,IAAI,CAAC;YAGlB,IAAI,IAAI,CAAC,MAAM,CAAC,kBAAkB,IAAI,IAAI,EAAE,oCAAoC,EAAE,CAAC;gBACjF,OAAO,IAAI,CAAC;YACd,CAAC;YAGD,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,OAAO,IAAI,CAAC,aAAa,KAAK,UAAU,EAAE,CAAC;gBACjF,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;gBACtC,MAAM,QAAQ,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;gBACjD,IAAI,OAAO,CAAC,GAAG,EAAE;oBACf,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,QAAQ,KAAK,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;wBAC/D,MAAM,EAAE,GAAG,IAAA,wBAAY,EAAC,IAAI,CAAC,CAAC;wBAC9B,OAAO,CAAC,KAAK,CACX,8DAA8D,EAC9D,IAAI,CAAC,WAAW,CAAC,IAAI,EACrB,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CACjD,CAAC;oBACJ,CAAC;gBACH,CAAC,CAAC,CAAC;gBACH,IAAI,QAAQ,IAAI,CAAC,IAAI,CAAC,uBAAuB,EAAE,CAAC;oBAC9C,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;wBACxC,QAAQ,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;oBACvC,CAAC;gBACH,CAAC;gBACD,OAAO,QAAQ,CAAC;YAClB,CAAC;YAGD,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACrC,MAAM,SAAS,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,wBAAwB,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC;gBACzG,IAAI,CAAC,SAAS,EAAE,CAAC;oBACf,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YAGD,OAAO,IAAA,0BAAW,EAChB,IAAI,EACJ,CAAC,IAAI,EAAE,EAAE;gBACP,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,OAAO,IAAI,CAAC,aAAa,KAAK,UAAU,EAAE,CAAC;oBAClF,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;wBACxB,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC;oBAC7C,CAAC;oBACD,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC;YACrB,CAAC,EACD,EAAE,gBAAgB,EAAE,CAAC,eAAe,CAAC,EAAE,CACxC,CAAC;QACJ,CAAC,CAAC;QAGF,MAAM,WAAW,GAAG,CAAC,GAAQ,EAAW,EAAE;YACxC,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;gBAAE,OAAO,KAAK,CAAC;YAExE,IAAI,OAAO,GAAG,CAAC,IAAI,KAAK,UAAU;gBAAE,OAAO,KAAK,CAAC;YACjD,IAAI,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC;gBAAE,OAAO,KAAK,CAAC;YACvC,IAAI,GAAG,YAAY,IAAI,IAAI,GAAG,YAAY,MAAM;gBAAE,OAAO,KAAK,CAAC;YAC/D,MAAM,KAAK,GAAG,MAAM,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"check-security.interceptor.js","sourceRoot":"","sources":["../../../../src/core/common/interceptors/check-security.interceptor.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAA4F;AAE5F,8CAAqC;AAErC,8DAA2D;AAC3D,oDAAoD;AACpD,0DAAsD;AACtD,+DAA2D;AAMpD,IAAM,wBAAwB,GAA9B,MAAM,wBAAwB;IAQN;IAP7B,MAAM,GAAG;QACP,KAAK,EAAE,KAAK;QACZ,kBAAkB,EAAE,IAAI;QACxB,kBAAkB,EAAE,IAAI;QACxB,YAAY,EAAE,CAAC,UAAU,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,eAAe,EAAE,YAAY,CAAC;KACrG,CAAC;IAEF,YAA6B,aAA4B;QAA5B,kBAAa,GAAb,aAAa,CAAe;QACvD,MAAM,aAAa,GAAG,IAAI,CAAC,aAAa,CAAC,kBAAkB,CAAC,mCAAmC,CAAC,CAAC;QACjG,IAAI,OAAO,aAAa,KAAK,QAAQ,EAAE,CAAC;YACtC,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,aAAa,EAAE,CAAC;QACrD,CAAC;QAED,MAAM,kBAAkB,GAAG,IAAI,CAAC,aAAa,CAAC,kBAAkB,CAAC,uBAAuB,CAAC,CAAC;QAC1F,IAAI,KAAK,CAAC,OAAO,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACtC,IAAI,CAAC,MAAM,CAAC,YAAY,GAAG,kBAAkB,CAAC;QAChD,CAAC;IACH,CAAC;IAED,SAAS,CAAC,OAAyB,EAAE,IAAiB;QAEpD,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAGzB,MAAM,IAAI,GAAG,IAAA,+BAAc,EAAC,OAAO,CAAC,EAAE,WAAW,IAAI,IAAI,CAAC;QAG1D,IAAI,KAAK,GAAG,KAAK,CAAC;QAClB,IAAI,CAAC,IAAI,EAAE,CAAC;YAGV,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,EAAE,EAAE,IAAI,CAAC;YAC3C,IAAI,SAAS,KAAK,cAAc,IAAI,SAAS,KAAK,gBAAgB,EAAE,CAAC;gBACnE,KAAK,GAAG,IAAI,CAAC;YACf,CAAC;QACH,CAAC;QAGD,IAAI,UAAe,CAAC;QAEpB,MAAM,KAAK,GAAG,CAAC,IAAS,EAAE,EAAE;YAC1B,UAAU,GAAG,IAAI,CAAC;YAGlB,IAAI,IAAI,CAAC,MAAM,CAAC,kBAAkB,IAAI,IAAI,EAAE,oCAAoC,EAAE,CAAC;gBACjF,OAAO,IAAI,CAAC;YACd,CAAC;YAGD,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,OAAO,IAAI,CAAC,aAAa,KAAK,UAAU,EAAE,CAAC;gBACjF,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;gBACtC,MAAM,QAAQ,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;gBACjD,IAAI,OAAO,CAAC,GAAG,EAAE;oBACf,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,QAAQ,KAAK,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;wBAC/D,MAAM,EAAE,GAAG,IAAA,wBAAY,EAAC,IAAI,CAAC,CAAC;wBAC9B,OAAO,CAAC,KAAK,CACX,8DAA8D,EAC9D,IAAI,CAAC,WAAW,CAAC,IAAI,EACrB,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CACjD,CAAC;oBACJ,CAAC;gBACH,CAAC,CAAC,CAAC;gBACH,IAAI,QAAQ,IAAI,CAAC,IAAI,CAAC,uBAAuB,EAAE,CAAC;oBAC9C,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;wBACxC,QAAQ,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;oBACvC,CAAC;gBACH,CAAC;gBACD,OAAO,QAAQ,CAAC;YAClB,CAAC;YAGD,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACrC,MAAM,SAAS,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,wBAAwB,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC;gBACzG,IAAI,CAAC,SAAS,EAAE,CAAC;oBACf,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YAGD,OAAO,IAAA,0BAAW,EAChB,IAAI,EACJ,CAAC,IAAI,EAAE,EAAE;gBACP,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,OAAO,IAAI,CAAC,aAAa,KAAK,UAAU,EAAE,CAAC;oBAClF,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;wBACxB,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC;oBAC7C,CAAC;oBACD,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC;YACrB,CAAC,EACD,EAAE,gBAAgB,EAAE,CAAC,eAAe,CAAC,EAAE,CACxC,CAAC;QACJ,CAAC,CAAC;QAGF,MAAM,WAAW,GAAG,CAAC,GAAQ,EAAW,EAAE;YACxC,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;gBAAE,OAAO,KAAK,CAAC;YAExE,IAAI,OAAO,GAAG,CAAC,IAAI,KAAK,UAAU;gBAAE,OAAO,KAAK,CAAC;YACjD,IAAI,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC;gBAAE,OAAO,KAAK,CAAC;YACvC,IAAI,GAAG,YAAY,IAAI,IAAI,GAAG,YAAY,MAAM;gBAAE,OAAO,KAAK,CAAC;YAC/D,IAAI,GAAG,YAAY,GAAG,IAAI,GAAG,YAAY,GAAG;gBAAE,OAAO,KAAK,CAAC;YAE3D,IAAI,GAAG,CAAC,GAAG,KAAK,SAAS,IAAI,GAAG,CAAC,SAAS,KAAK,SAAS;gBAAE,OAAO,KAAK,CAAC;YACvE,MAAM,KAAK,GAAG,MAAM,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;YAKzC,OAAO,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,MAAM,CAAC,SAAS,CAAC;QACtD,CAAC,CAAC;QACF,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;QAC9B,MAAM,aAAa,GAAG,CAAC,IAAS,EAAE,EAAE;YAClC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,kBAAkB,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACzE,OAAO,IAAI,CAAC;YACd,CAAC;YACD,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBACxB,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC;oBAAE,OAAO,IAAI,CAAC;gBACnC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;gBAClB,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;gBAC5B,OAAO,IAAI,CAAC;YACd,CAAC;YACD,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,OAAO,IAAI,CAAC;YACd,CAAC;YAED,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBACtB,OAAO,IAAI,CAAC;YACd,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAClB,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;gBAC7C,IAAI,KAAK,IAAI,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,KAAK,SAAS,EAAE,CAAC;oBAC/C,IAAI,CAAC,KAAK,CAAC,GAAG,SAAS,CAAC;gBAC1B,CAAC;YACH,CAAC;YAED,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACpC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;gBACxB,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;oBAClF,aAAa,CAAC,KAAK,CAAC,CAAC;gBACvB,CAAC;YACH,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC,CAAC;QAGF,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,IAAA,eAAG,EAAC,KAAK,CAAC,EAAE,IAAA,eAAG,EAAC,aAAa,CAAC,CAAC,CAAC;QAClE,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,IAAI,CAAC,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;YACjH,OAAO,CAAC,IAAI,CACV,sDAAsD,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,IAAI,EAC5E,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC;gBACvB,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,IAAI,OAAO,UAAU,CAAC,MAAM,EAAE;gBAC7D,CAAC,CAAC,UAAU,EAAE,WAAW,EAAE,IAAI,CAClC,CAAC;QACJ,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;CACF,CAAA;AA9JY,4DAAwB;mCAAxB,wBAAwB;IADpC,IAAA,mBAAU,GAAE;qCASiC,8BAAa;GAR9C,wBAAwB,CA8JpC"}
|
|
@@ -110,8 +110,11 @@ export interface IJwt {
|
|
|
110
110
|
}
|
|
111
111
|
export interface IMultiTenancy {
|
|
112
112
|
enabled?: boolean;
|
|
113
|
-
userField?: string;
|
|
114
113
|
excludeSchemas?: string[];
|
|
114
|
+
headerName?: string;
|
|
115
|
+
membershipModel?: string;
|
|
116
|
+
adminBypass?: boolean;
|
|
117
|
+
roleHierarchy?: Record<string, number>;
|
|
115
118
|
}
|
|
116
119
|
export interface IServerOptions {
|
|
117
120
|
appUrl?: string;
|
|
@@ -8,7 +8,6 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
|
|
|
8
8
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
9
9
|
exports.RequestContextMiddleware = void 0;
|
|
10
10
|
const common_1 = require("@nestjs/common");
|
|
11
|
-
const config_service_1 = require("../services/config.service");
|
|
12
11
|
const request_context_service_1 = require("../services/request-context.service");
|
|
13
12
|
let RequestContextMiddleware = class RequestContextMiddleware {
|
|
14
13
|
use(req, _res, next) {
|
|
@@ -20,11 +19,16 @@ let RequestContextMiddleware = class RequestContextMiddleware {
|
|
|
20
19
|
return req.headers?.['accept-language'] || undefined;
|
|
21
20
|
},
|
|
22
21
|
get tenantId() {
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
22
|
+
return req.tenantId ?? undefined;
|
|
23
|
+
},
|
|
24
|
+
get tenantIds() {
|
|
25
|
+
return req.tenantIds ?? undefined;
|
|
26
|
+
},
|
|
27
|
+
get tenantRole() {
|
|
28
|
+
return req.tenantRole ?? undefined;
|
|
29
|
+
},
|
|
30
|
+
get isAdminBypass() {
|
|
31
|
+
return req.isAdminBypass ?? false;
|
|
28
32
|
},
|
|
29
33
|
};
|
|
30
34
|
request_context_service_1.RequestContext.run(context, () => next());
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"request-context.middleware.js","sourceRoot":"","sources":["../../../../src/core/common/middleware/request-context.middleware.ts"],"names":[],"mappings":";;;;;;;;;AAAA,2CAA4D;AAG5D
|
|
1
|
+
{"version":3,"file":"request-context.middleware.js","sourceRoot":"","sources":["../../../../src/core/common/middleware/request-context.middleware.ts"],"names":[],"mappings":";;;;;;;;;AAAA,2CAA4D;AAG5D,iFAAsF;AAS/E,IAAM,wBAAwB,GAA9B,MAAM,wBAAwB;IACnC,GAAG,CAAC,GAAY,EAAE,IAAc,EAAE,IAAkB;QAClD,MAAM,OAAO,GAAoB;YAC/B,IAAI,WAAW;gBACb,OAAQ,GAAW,CAAC,IAAI,IAAI,SAAS,CAAC;YACxC,CAAC;YACD,IAAI,QAAQ;gBACV,OAAO,GAAG,CAAC,OAAO,EAAE,CAAC,iBAAiB,CAAC,IAAI,SAAS,CAAC;YACvD,CAAC;YACD,IAAI,QAAQ;gBAGV,OAAQ,GAAW,CAAC,QAAQ,IAAI,SAAS,CAAC;YAC5C,CAAC;YACD,IAAI,SAAS;gBACX,OAAQ,GAAW,CAAC,SAAS,IAAI,SAAS,CAAC;YAC7C,CAAC;YACD,IAAI,UAAU;gBACZ,OAAQ,GAAW,CAAC,UAAU,IAAI,SAAS,CAAC;YAC9C,CAAC;YACD,IAAI,aAAa;gBACf,OAAQ,GAAW,CAAC,aAAa,IAAI,KAAK,CAAC;YAC7C,CAAC;SACF,CAAC;QACF,wCAAc,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;IAC5C,CAAC;CACF,CAAA;AA1BY,4DAAwB;mCAAxB,wBAAwB;IADpC,IAAA,mBAAU,GAAE;GACA,wBAAwB,CA0BpC"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.mongooseTenantPlugin = mongooseTenantPlugin;
|
|
4
|
+
const common_1 = require("@nestjs/common");
|
|
4
5
|
const config_service_1 = require("../services/config.service");
|
|
5
6
|
const request_context_service_1 = require("../services/request-context.service");
|
|
6
7
|
function mongooseTenantPlugin(schema) {
|
|
@@ -25,16 +26,16 @@ function mongooseTenantPlugin(schema) {
|
|
|
25
26
|
for (const hookName of queryHooks) {
|
|
26
27
|
schema.pre(hookName, function () {
|
|
27
28
|
const modelName = this.model?.modelName;
|
|
28
|
-
const
|
|
29
|
-
if (
|
|
30
|
-
this.where(
|
|
29
|
+
const filter = resolveTenantFilter(modelName);
|
|
30
|
+
if (filter !== undefined) {
|
|
31
|
+
this.where(filter);
|
|
31
32
|
}
|
|
32
33
|
});
|
|
33
34
|
}
|
|
34
35
|
schema.pre('save', function () {
|
|
35
36
|
if (this.isNew && !this['tenantId']) {
|
|
36
37
|
const modelName = this.constructor.modelName;
|
|
37
|
-
const tenantId =
|
|
38
|
+
const tenantId = resolveSingleTenantId(modelName);
|
|
38
39
|
if (tenantId) {
|
|
39
40
|
this['tenantId'] = tenantId;
|
|
40
41
|
}
|
|
@@ -42,7 +43,7 @@ function mongooseTenantPlugin(schema) {
|
|
|
42
43
|
});
|
|
43
44
|
schema.pre('insertMany', function (docs) {
|
|
44
45
|
const modelName = this.modelName;
|
|
45
|
-
const tenantId =
|
|
46
|
+
const tenantId = resolveSingleTenantId(modelName);
|
|
46
47
|
if (tenantId && Array.isArray(docs)) {
|
|
47
48
|
for (const doc of docs) {
|
|
48
49
|
if (!doc.tenantId) {
|
|
@@ -53,9 +54,10 @@ function mongooseTenantPlugin(schema) {
|
|
|
53
54
|
});
|
|
54
55
|
schema.pre('bulkWrite', function (ops) {
|
|
55
56
|
const modelName = this.modelName;
|
|
56
|
-
const
|
|
57
|
-
if (
|
|
57
|
+
const filter = resolveTenantFilter(modelName);
|
|
58
|
+
if (filter === undefined)
|
|
58
59
|
return;
|
|
60
|
+
const tenantId = resolveSingleTenantId(modelName);
|
|
59
61
|
for (const op of ops) {
|
|
60
62
|
if ('insertOne' in op) {
|
|
61
63
|
if (tenantId && !op.insertOne.document.tenantId) {
|
|
@@ -63,46 +65,60 @@ function mongooseTenantPlugin(schema) {
|
|
|
63
65
|
}
|
|
64
66
|
}
|
|
65
67
|
else if ('updateOne' in op) {
|
|
66
|
-
op.updateOne.filter = { ...op.updateOne.filter,
|
|
68
|
+
op.updateOne.filter = { ...op.updateOne.filter, ...filter };
|
|
67
69
|
}
|
|
68
70
|
else if ('updateMany' in op) {
|
|
69
|
-
op.updateMany.filter = { ...op.updateMany.filter,
|
|
71
|
+
op.updateMany.filter = { ...op.updateMany.filter, ...filter };
|
|
70
72
|
}
|
|
71
73
|
else if ('replaceOne' in op) {
|
|
72
|
-
op.replaceOne.filter = { ...op.replaceOne.filter,
|
|
74
|
+
op.replaceOne.filter = { ...op.replaceOne.filter, ...filter };
|
|
73
75
|
}
|
|
74
76
|
else if ('deleteOne' in op) {
|
|
75
|
-
op.deleteOne.filter = { ...op.deleteOne.filter,
|
|
77
|
+
op.deleteOne.filter = { ...op.deleteOne.filter, ...filter };
|
|
76
78
|
}
|
|
77
79
|
else if ('deleteMany' in op) {
|
|
78
|
-
op.deleteMany.filter = { ...op.deleteMany.filter,
|
|
80
|
+
op.deleteMany.filter = { ...op.deleteMany.filter, ...filter };
|
|
79
81
|
}
|
|
80
82
|
}
|
|
81
83
|
});
|
|
82
84
|
schema.pre('aggregate', function () {
|
|
83
85
|
const modelName = this._model?.modelName;
|
|
84
|
-
const
|
|
85
|
-
if (
|
|
86
|
-
this.pipeline().unshift({ $match:
|
|
86
|
+
const filter = resolveTenantFilter(modelName);
|
|
87
|
+
if (filter !== undefined) {
|
|
88
|
+
this.pipeline().unshift({ $match: filter });
|
|
87
89
|
}
|
|
88
90
|
});
|
|
89
91
|
}
|
|
90
|
-
function
|
|
92
|
+
function shouldBypass(modelName) {
|
|
91
93
|
const mtConfig = config_service_1.ConfigService.configFastButReadOnly?.multiTenancy;
|
|
92
94
|
if (!mtConfig || mtConfig.enabled === false)
|
|
93
|
-
return
|
|
95
|
+
return true;
|
|
94
96
|
const context = request_context_service_1.RequestContext.get();
|
|
95
97
|
if (!context)
|
|
96
|
-
return
|
|
98
|
+
return true;
|
|
97
99
|
if (context.bypassTenantGuard)
|
|
98
|
-
return
|
|
100
|
+
return true;
|
|
99
101
|
if (modelName && mtConfig.excludeSchemas?.includes(modelName))
|
|
102
|
+
return true;
|
|
103
|
+
return false;
|
|
104
|
+
}
|
|
105
|
+
function resolveTenantFilter(modelName) {
|
|
106
|
+
if (shouldBypass(modelName))
|
|
100
107
|
return undefined;
|
|
101
|
-
const
|
|
108
|
+
const context = request_context_service_1.RequestContext.get();
|
|
109
|
+
const tenantId = context?.tenantId;
|
|
102
110
|
if (tenantId)
|
|
103
|
-
return tenantId;
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
111
|
+
return { tenantId };
|
|
112
|
+
const tenantIds = context?.tenantIds;
|
|
113
|
+
if (tenantIds)
|
|
114
|
+
return { tenantId: { $in: tenantIds } };
|
|
115
|
+
if (context?.isAdminBypass)
|
|
116
|
+
return {};
|
|
117
|
+
throw new common_1.ForbiddenException('Tenant context required: this data is tenant-scoped but no valid tenant context was provided');
|
|
118
|
+
}
|
|
119
|
+
function resolveSingleTenantId(modelName) {
|
|
120
|
+
if (shouldBypass(modelName))
|
|
121
|
+
return undefined;
|
|
122
|
+
return request_context_service_1.RequestContext.get()?.tenantId || undefined;
|
|
107
123
|
}
|
|
108
124
|
//# sourceMappingURL=mongoose-tenant.plugin.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mongoose-tenant.plugin.js","sourceRoot":"","sources":["../../../../src/core/common/plugins/mongoose-tenant.plugin.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"mongoose-tenant.plugin.js","sourceRoot":"","sources":["../../../../src/core/common/plugins/mongoose-tenant.plugin.ts"],"names":[],"mappings":";;AA6BA,oDAyGC;AAtID,2CAAoD;AAEpD,+DAA2D;AAC3D,iFAAqE;AA0BrE,SAAgB,oBAAoB,CAAC,MAAM;IAKzC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;QAC7B,OAAO;IACT,CAAC;IAGD,MAAM,CAAC,KAAK,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC,CAAC;IAG9B,MAAM,UAAU,GAAG;QACjB,MAAM;QACN,SAAS;QACT,kBAAkB;QAClB,kBAAkB;QAClB,mBAAmB;QACnB,gBAAgB;QAChB,UAAU;QACV,WAAW;QACX,YAAY;QACZ,WAAW;QACX,YAAY;QACZ,YAAY;KACb,CAAC;IAEF,KAAK,MAAM,QAAQ,IAAI,UAAU,EAAE,CAAC;QAClC,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE;YAEnB,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,EAAE,SAAS,CAAC;YACxC,MAAM,MAAM,GAAG,mBAAmB,CAAC,SAAS,CAAC,CAAC;YAC9C,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;gBACzB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YACrB,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAKD,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE;QACjB,IAAI,IAAI,CAAC,KAAK,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YAEpC,MAAM,SAAS,GAAI,IAAI,CAAC,WAAmB,CAAC,SAAS,CAAC;YACtD,MAAM,QAAQ,GAAG,qBAAqB,CAAC,SAAS,CAAC,CAAC;YAClD,IAAI,QAAQ,EAAE,CAAC;gBACb,IAAI,CAAC,UAAU,CAAC,GAAG,QAAQ,CAAC;YAC9B,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAGH,MAAM,CAAC,GAAG,CAAC,YAAY,EAAE,UAAU,IAAW;QAE5C,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;QACjC,MAAM,QAAQ,GAAG,qBAAqB,CAAC,SAAS,CAAC,CAAC;QAClD,IAAI,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YACpC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;gBACvB,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;oBAClB,GAAG,CAAC,QAAQ,GAAG,QAAQ,CAAC;gBAC1B,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAGH,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,UAAU,GAAU;QAE1C,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;QACjC,MAAM,MAAM,GAAG,mBAAmB,CAAC,SAAS,CAAC,CAAC;QAC9C,IAAI,MAAM,KAAK,SAAS;YAAE,OAAO;QAEjC,MAAM,QAAQ,GAAG,qBAAqB,CAAC,SAAS,CAAC,CAAC;QAElD,KAAK,MAAM,EAAE,IAAI,GAAG,EAAE,CAAC;YACrB,IAAI,WAAW,IAAI,EAAE,EAAE,CAAC;gBAEtB,IAAI,QAAQ,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;oBAChD,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC;gBAC5C,CAAC;YACH,CAAC;iBAAM,IAAI,WAAW,IAAI,EAAE,EAAE,CAAC;gBAC7B,EAAE,CAAC,SAAS,CAAC,MAAM,GAAG,EAAE,GAAG,EAAE,CAAC,SAAS,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;YAC9D,CAAC;iBAAM,IAAI,YAAY,IAAI,EAAE,EAAE,CAAC;gBAC9B,EAAE,CAAC,UAAU,CAAC,MAAM,GAAG,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;YAChE,CAAC;iBAAM,IAAI,YAAY,IAAI,EAAE,EAAE,CAAC;gBAC9B,EAAE,CAAC,UAAU,CAAC,MAAM,GAAG,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;YAChE,CAAC;iBAAM,IAAI,WAAW,IAAI,EAAE,EAAE,CAAC;gBAC7B,EAAE,CAAC,SAAS,CAAC,MAAM,GAAG,EAAE,GAAG,EAAE,CAAC,SAAS,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;YAC9D,CAAC;iBAAM,IAAI,YAAY,IAAI,EAAE,EAAE,CAAC;gBAC9B,EAAE,CAAC,UAAU,CAAC,MAAM,GAAG,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;YAChE,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAGH,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE;QAEtB,MAAM,SAAS,GAAI,IAAY,CAAC,MAAM,EAAE,SAAS,CAAC;QAClD,MAAM,MAAM,GAAG,mBAAmB,CAAC,SAAS,CAAC,CAAC;QAC9C,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,IAAI,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAOD,SAAS,YAAY,CAAC,SAAkB;IACtC,MAAM,QAAQ,GAAG,8BAAa,CAAC,qBAAqB,EAAE,YAAY,CAAC;IACnE,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,OAAO,KAAK,KAAK;QAAE,OAAO,IAAI,CAAC;IAEzD,MAAM,OAAO,GAAG,wCAAc,CAAC,GAAG,EAAE,CAAC;IACrC,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAC1B,IAAI,OAAO,CAAC,iBAAiB;QAAE,OAAO,IAAI,CAAC;IAC3C,IAAI,SAAS,IAAI,QAAQ,CAAC,cAAc,EAAE,QAAQ,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IAE3E,OAAO,KAAK,CAAC;AACf,CAAC;AAeD,SAAS,mBAAmB,CAAC,SAAkB;IAC7C,IAAI,YAAY,CAAC,SAAS,CAAC;QAAE,OAAO,SAAS,CAAC;IAE9C,MAAM,OAAO,GAAG,wCAAc,CAAC,GAAG,EAAE,CAAC;IAGrC,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,CAAC;IACnC,IAAI,QAAQ;QAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;IAGlC,MAAM,SAAS,GAAG,OAAO,EAAE,SAAS,CAAC;IACrC,IAAI,SAAS;QAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,GAAG,EAAE,SAAS,EAAE,EAAE,CAAC;IAGvD,IAAI,OAAO,EAAE,aAAa;QAAE,OAAO,EAAE,CAAC;IAItC,MAAM,IAAI,2BAAkB,CAC1B,8FAA8F,CAC/F,CAAC;AACJ,CAAC;AAMD,SAAS,qBAAqB,CAAC,SAAkB;IAC/C,IAAI,YAAY,CAAC,SAAS,CAAC;QAAE,OAAO,SAAS,CAAC;IAE9C,OAAO,wCAAc,CAAC,GAAG,EAAE,EAAE,QAAQ,IAAI,SAAS,CAAC;AACrD,CAAC"}
|
|
@@ -8,6 +8,9 @@ export interface IRequestContext {
|
|
|
8
8
|
bypassRoleGuard?: boolean;
|
|
9
9
|
bypassTenantGuard?: boolean;
|
|
10
10
|
tenantId?: string;
|
|
11
|
+
tenantIds?: string[];
|
|
12
|
+
tenantRole?: string;
|
|
13
|
+
isAdminBypass?: boolean;
|
|
11
14
|
}
|
|
12
15
|
export declare class RequestContext {
|
|
13
16
|
private static storage;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"request-context.service.js","sourceRoot":"","sources":["../../../../src/core/common/services/request-context.service.ts"],"names":[],"mappings":";;;AAAA,6CAAgD;
|
|
1
|
+
{"version":3,"file":"request-context.service.js","sourceRoot":"","sources":["../../../../src/core/common/services/request-context.service.ts"],"names":[],"mappings":";;;AAAA,6CAAgD;AA4BhD,MAAa,cAAc;IACjB,MAAM,CAAC,OAAO,GAAG,IAAI,+BAAiB,EAAmB,CAAC;IAElE,MAAM,CAAC,GAAG,CAAI,OAAwB,EAAE,EAAW;QACjD,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IACvC,CAAC;IAED,MAAM,CAAC,GAAG;QACR,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;IACjC,CAAC;IAED,MAAM,CAAC,cAAc;QACnB,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,WAAW,CAAC;IAC9C,CAAC;IAED,MAAM,CAAC,WAAW;QAChB,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,QAAQ,CAAC;IAC3C,CAAC;IAKD,MAAM,CAAC,iBAAiB;QACtB,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,eAAe,KAAK,IAAI,CAAC;IAC3D,CAAC;IAkBD,MAAM,CAAC,sBAAsB,CAAI,EAAW;QAC1C,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;QAC7C,MAAM,OAAO,GAAoB;YAC/B,GAAG,YAAY;YACf,eAAe,EAAE,IAAI;SACtB,CAAC;QACF,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IACvC,CAAC;IAED,MAAM,CAAC,WAAW;QAChB,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,QAAQ,CAAC;IAC3C,CAAC;IAED,MAAM,CAAC,mBAAmB;QACxB,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,iBAAiB,KAAK,IAAI,CAAC;IAC7D,CAAC;IAkBD,MAAM,CAAC,wBAAwB,CAAI,EAAW;QAC5C,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;QAC7C,MAAM,OAAO,GAAoB;YAC/B,GAAG,YAAY;YACf,iBAAiB,EAAE,IAAI;SACxB,CAAC;QACF,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IACvC,CAAC;;AAlFH,wCAmFC"}
|
|
@@ -22,6 +22,7 @@ const role_enum_1 = require("../../../common/enums/role.enum");
|
|
|
22
22
|
const better_auth_token_service_1 = require("../../better-auth/better-auth-token.service");
|
|
23
23
|
const core_better_auth_service_1 = require("../../better-auth/core-better-auth.service");
|
|
24
24
|
const error_code_1 = require("../../error-code");
|
|
25
|
+
const core_tenant_helpers_1 = require("../../tenant/core-tenant.helpers");
|
|
25
26
|
const auth_guard_strategy_enum_1 = require("../auth-guard-strategy.enum");
|
|
26
27
|
const expired_token_exception_1 = require("../exceptions/expired-token.exception");
|
|
27
28
|
const invalid_token_exception_1 = require("../exceptions/invalid-token.exception");
|
|
@@ -78,11 +79,7 @@ let RolesGuard = RolesGuard_1 = class RolesGuard extends (0, auth_guard_1.AuthGu
|
|
|
78
79
|
context.getHandler(),
|
|
79
80
|
context.getClass(),
|
|
80
81
|
]);
|
|
81
|
-
const roles = reflectorRoles
|
|
82
|
-
? reflectorRoles[1]
|
|
83
|
-
? [...reflectorRoles[0], ...reflectorRoles[1]]
|
|
84
|
-
: reflectorRoles[0]
|
|
85
|
-
: reflectorRoles[1];
|
|
82
|
+
const roles = (0, core_tenant_helpers_1.mergeRolesMetadata)(reflectorRoles);
|
|
86
83
|
if (roles && roles.includes(role_enum_1.RoleEnum.S_NO_ONE)) {
|
|
87
84
|
throw new common_1.UnauthorizedException(error_code_1.ErrorCode.UNAUTHORIZED);
|
|
88
85
|
}
|
|
@@ -174,11 +171,7 @@ let RolesGuard = RolesGuard_1 = class RolesGuard extends (0, auth_guard_1.AuthGu
|
|
|
174
171
|
context.getHandler(),
|
|
175
172
|
context.getClass(),
|
|
176
173
|
]);
|
|
177
|
-
const roles = reflectorRoles
|
|
178
|
-
? reflectorRoles[1]
|
|
179
|
-
? [...reflectorRoles[0], ...reflectorRoles[1]]
|
|
180
|
-
: reflectorRoles[0]
|
|
181
|
-
: reflectorRoles[1];
|
|
174
|
+
const roles = (0, core_tenant_helpers_1.mergeRolesMetadata)(reflectorRoles);
|
|
182
175
|
if (roles && roles.includes(role_enum_1.RoleEnum.S_NO_ONE)) {
|
|
183
176
|
throw new common_1.UnauthorizedException(error_code_1.ErrorCode.UNAUTHORIZED);
|
|
184
177
|
}
|
|
@@ -189,6 +182,9 @@ let RolesGuard = RolesGuard_1 = class RolesGuard extends (0, auth_guard_1.AuthGu
|
|
|
189
182
|
if ((user && roles.includes(role_enum_1.RoleEnum.S_USER)) || roles.includes(role_enum_1.RoleEnum.S_EVERYONE)) {
|
|
190
183
|
return user;
|
|
191
184
|
}
|
|
185
|
+
if (user && (0, core_tenant_helpers_1.isMultiTenancyActive)() && roles.some((r) => !(0, core_tenant_helpers_1.isSystemRole)(r))) {
|
|
186
|
+
return user;
|
|
187
|
+
}
|
|
192
188
|
if (!user) {
|
|
193
189
|
if (err) {
|
|
194
190
|
throw new invalid_token_exception_1.InvalidTokenException();
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"roles.guard.js","sourceRoot":"","sources":["../../../../../src/core/modules/auth/guards/roles.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAQwB;AACxB,uCAAoD;AACpD,6CAAsD;AACtD,+BAAoD;AAEpD,+DAA2D;AAC3D,2FAAqF;AAErF,yFAAmF;AACnF,iDAA6C;AAC7C,0EAAgE;AAChE,mFAA8E;AAC9E,mFAA8E;AAC9E,6CAAyC;AAuBlC,IAAM,UAAU,kBAAhB,MAAM,UAAW,SAAQ,IAAA,sBAAS,EAAC,4CAAiB,CAAC,GAAG,CAAC;IAmBtB;IACU;IAnBjC,MAAM,GAAG,IAAI,eAAM,CAAC,YAAU,CAAC,IAAI,CAAC,CAAC;IAC9C,iBAAiB,GAAiC,IAAI,CAAC;IACvD,YAAY,GAAkC,IAAI,CAAC;IACnD,gBAAgB,GAAG,KAAK,CAAC;IACzB,iBAAiB,GAAqB,IAAI,CAAC;IAanD,YACwC,SAAoB,EACV,SAAqB;QAErE,KAAK,EAAE,CAAC;QAH8B,cAAS,GAAT,SAAS,CAAW;QACV,cAAS,GAAT,SAAS,CAAY;IAGvE,CAAC;IAOO,eAAe;QACrB,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,OAAO,IAAI,CAAC,SAAS,CAAC;QACxB,CAAC;QAED,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC3B,OAAO,IAAI,CAAC,iBAAiB,CAAC;QAChC,CAAC;QAED,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,IAAI,CAAC;gBACH,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,gBAAS,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;gBAC1E,OAAO,IAAI,CAAC,iBAAiB,CAAC;YAChC,CAAC;YAAC,MAAM,CAAC;gBACP,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC;YAClE,CAAC;QACH,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAC;IACrF,CAAC;IAKO,eAAe;QACrB,IAAI,IAAI,CAAC,gBAAgB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YAC7C,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,gDAAqB,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QACxF,CAAC;QAAC,MAAM,CAAC;QAET,CAAC;QAED,IAAI,CAAC;YACH,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,kDAAsB,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QACpF,CAAC;QAAC,MAAM,CAAC;QAET,CAAC;QAED,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC;IAC/B,CAAC;IAcQ,KAAK,CAAC,WAAW,CAAC,OAAyB;QAElD,MAAM,cAAc,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC,MAAM,CAAa,OAAO,EAAE;YACxE,OAAO,CAAC,UAAU,EAAE;YACpB,OAAO,CAAC,QAAQ,EAAE;SACnB,CAAC,CAAC;QACH,MAAM,KAAK,
|
|
1
|
+
{"version":3,"file":"roles.guard.js","sourceRoot":"","sources":["../../../../../src/core/modules/auth/guards/roles.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAQwB;AACxB,uCAAoD;AACpD,6CAAsD;AACtD,+BAAoD;AAEpD,+DAA2D;AAC3D,2FAAqF;AAErF,yFAAmF;AACnF,iDAA6C;AAC7C,0EAA0G;AAC1G,0EAAgE;AAChE,mFAA8E;AAC9E,mFAA8E;AAC9E,6CAAyC;AAuBlC,IAAM,UAAU,kBAAhB,MAAM,UAAW,SAAQ,IAAA,sBAAS,EAAC,4CAAiB,CAAC,GAAG,CAAC;IAmBtB;IACU;IAnBjC,MAAM,GAAG,IAAI,eAAM,CAAC,YAAU,CAAC,IAAI,CAAC,CAAC;IAC9C,iBAAiB,GAAiC,IAAI,CAAC;IACvD,YAAY,GAAkC,IAAI,CAAC;IACnD,gBAAgB,GAAG,KAAK,CAAC;IACzB,iBAAiB,GAAqB,IAAI,CAAC;IAanD,YACwC,SAAoB,EACV,SAAqB;QAErE,KAAK,EAAE,CAAC;QAH8B,cAAS,GAAT,SAAS,CAAW;QACV,cAAS,GAAT,SAAS,CAAY;IAGvE,CAAC;IAOO,eAAe;QACrB,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,OAAO,IAAI,CAAC,SAAS,CAAC;QACxB,CAAC;QAED,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC3B,OAAO,IAAI,CAAC,iBAAiB,CAAC;QAChC,CAAC;QAED,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,IAAI,CAAC;gBACH,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,gBAAS,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;gBAC1E,OAAO,IAAI,CAAC,iBAAiB,CAAC;YAChC,CAAC;YAAC,MAAM,CAAC;gBACP,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC;YAClE,CAAC;QACH,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAC;IACrF,CAAC;IAKO,eAAe;QACrB,IAAI,IAAI,CAAC,gBAAgB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YAC7C,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,gDAAqB,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QACxF,CAAC;QAAC,MAAM,CAAC;QAET,CAAC;QAED,IAAI,CAAC;YACH,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,kDAAsB,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QACpF,CAAC;QAAC,MAAM,CAAC;QAET,CAAC;QAED,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC;IAC/B,CAAC;IAcQ,KAAK,CAAC,WAAW,CAAC,OAAyB;QAElD,MAAM,cAAc,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC,MAAM,CAAa,OAAO,EAAE;YACxE,OAAO,CAAC,UAAU,EAAE;YACpB,OAAO,CAAC,QAAQ,EAAE;SACnB,CAAC,CAAC;QACH,MAAM,KAAK,GAAG,IAAA,wCAAkB,EAAC,cAAc,CAAC,CAAC;QAGjD,IAAI,KAAK,IAAI,KAAK,CAAC,QAAQ,CAAC,oBAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC/C,MAAM,IAAI,8BAAqB,CAAC,sBAAS,CAAC,YAAY,CAAC,CAAC;QAC1D,CAAC;QAID,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,oBAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YACrF,OAAO,IAAI,CAAC;QACd,CAAC;QAGD,IAAI,CAAC,eAAe,EAAE,CAAC;QAGvB,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QACzC,MAAM,YAAY,GAAG,OAAO,EAAE,IAAI,CAAC;QAGnC,IAAI,YAAY,IAAI,YAAY,CAAC,2BAA2B,KAAK,IAAI,EAAE,CAAC;YACtE,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;YACtD,OAAO,IAAI,CAAC;QACd,CAAC;QAID,IAAI,IAAI,CAAC,iBAAiB,EAAE,SAAS,EAAE,EAAE,CAAC;YACxC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,gCAAgC,CAAC,OAAO,CAAC,CAAC;YAClE,IAAI,IAAI,EAAE,CAAC;gBAET,IAAI,OAAO,EAAE,CAAC;oBACZ,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;gBACtB,CAAC;gBAED,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;gBAC9C,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAGD,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YAC1C,OAAO,IAAA,mBAAY,EAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,MAAM,CAAC;QAC5E,CAAC;QAAC,OAAO,aAAa,EAAE,CAAC;YAGvB,MAAM,YAAY,GAAG,aAAa,YAAY,KAAK,CAAC,CAAC,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;YACpG,MAAM,eAAe,GAAG,YAAY,CAAC,QAAQ,CAAC,iCAAiC,CAAC,CAAC;YAGjF,IAAI,IAAI,CAAC,iBAAiB,EAAE,SAAS,EAAE,EAAE,CAAC;gBAGxC,IAAI,eAAe,EAAE,CAAC;oBACpB,MAAM,IAAI,+CAAqB,EAAE,CAAC;gBACpC,CAAC;gBAGD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,gCAAgC,CAAC,OAAO,CAAC,CAAC;gBAClE,IAAI,IAAI,EAAE,CAAC;oBACT,IAAI,OAAO,EAAE,CAAC;wBACZ,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;oBACtB,CAAC;oBACD,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;oBAC9C,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YAGD,MAAM,aAAa,CAAC;QACtB,CAAC;IACH,CAAC;IAWO,KAAK,CAAC,gCAAgC,CAAC,OAAyB;QACtE,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACvB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,CAAC;YAEH,MAAM,OAAO,GAAG,IAAI,CAAC,yBAAyB,CAAC,OAAO,CAAC,CAAC;YACxD,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,IAAI,CAAC;YACd,CAAC;YAGD,MAAM,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC,YAAY,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAC;YACrE,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,IAAI,CAAC;YACd,CAAC;YAGD,OAAO,MAAM,IAAI,CAAC,YAAY,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;QAC1D,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,yCAAyC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CACpG,CAAC;YACF,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IASO,yBAAyB,CAAC,OAAyB;QAKzD,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,6BAAmB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACvD,MAAM,GAAG,GAAG,UAAU,CAAC,UAAU,EAAE,CAAC;YACpC,IAAI,GAAG,EAAE,GAAG,EAAE,CAAC;gBACb,OAAO,GAAG,CAAC,GAAG,CAAC;YACjB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;QAET,CAAC;QAGD,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;YACxD,IAAI,WAAW,EAAE,CAAC;gBAChB,OAAO,WAAW,CAAC;YACrB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;QAET,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAKQ,aAAa,CAAC,GAAiB,EAAE,IAAS,EAAE,IAAS,EAAE,OAAyB;QAEvF,MAAM,cAAc,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC,MAAM,CAAa,OAAO,EAAE;YACxE,OAAO,CAAC,UAAU,EAAE;YACpB,OAAO,CAAC,QAAQ,EAAE;SACnB,CAAC,CAAC;QACH,MAAM,KAAK,GAAG,IAAA,wCAAkB,EAAC,cAAc,CAAC,CAAC;QAGjD,IAAI,KAAK,IAAI,KAAK,CAAC,QAAQ,CAAC,oBAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC/C,MAAM,IAAI,8BAAqB,CAAC,sBAAS,CAAC,YAAY,CAAC,CAAC;QAC1D,CAAC;QAGD,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;YAC9C,OAAO,IAAI,CAAC;QACd,CAAC;QAGD,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC;YAE5B,IAAI,CAAC,IAAI,IAAI,KAAK,CAAC,QAAQ,CAAC,oBAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,oBAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;gBACrF,OAAO,IAAI,CAAC;YACd,CAAC;YAKD,IAAI,IAAI,IAAI,IAAA,0CAAoB,GAAE,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAA,kCAAY,EAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC1E,OAAO,IAAI,CAAC;YACd,CAAC;YAGD,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,IAAI,GAAG,EAAE,CAAC;oBACR,MAAM,IAAI,+CAAqB,EAAE,CAAC;gBACpC,CAAC;gBACD,IAAI,IAAI,EAAE,IAAI,KAAK,mBAAmB,EAAE,CAAC;oBACvC,MAAM,IAAI,+CAAqB,EAAE,CAAC;gBACpC,CAAC;gBACD,MAAM,IAAI,8BAAqB,CAAC,sBAAS,CAAC,YAAY,CAAC,CAAC;YAC1D,CAAC;YAGD,MAAM,IAAI,2BAAkB,CAAC,sBAAS,CAAC,aAAa,CAAC,CAAC;QACxD,CAAC;QAGD,OAAO,IAAI,CAAC;IACd,CAAC;IAKD,UAAU,CAAC,OAAyB;QAClC,MAAM,GAAG,GAAG,6BAAmB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAIhD,OAAO,GAAG,CAAC,UAAU,EAAE,EAAE,GAAG,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;IACtE,CAAC;CACF,CAAA;AA/SY,gCAAU;qBAAV,UAAU;IADtB,IAAA,mBAAU,GAAE;IAoBR,WAAA,IAAA,eAAM,EAAC,gBAAS,CAAC,CAAA;IACjB,WAAA,IAAA,iBAAQ,GAAE,CAAA;IAAE,WAAA,IAAA,eAAM,EAAC,gBAAS,CAAC,CAAA;qCADmB,gBAAS;QACE,gBAAS;GApB5D,UAAU,CA+StB"}
|
|
@@ -12,6 +12,7 @@ const common_1 = require("@nestjs/common");
|
|
|
12
12
|
const graphql_1 = require("@nestjs/graphql");
|
|
13
13
|
const role_enum_1 = require("../../common/enums/role.enum");
|
|
14
14
|
const error_code_1 = require("../error-code");
|
|
15
|
+
const core_tenant_helpers_1 = require("../tenant/core-tenant.helpers");
|
|
15
16
|
const core_better_auth_module_1 = require("./core-better-auth.module");
|
|
16
17
|
let BetterAuthRolesGuard = BetterAuthRolesGuard_1 = class BetterAuthRolesGuard {
|
|
17
18
|
logger = new common_1.Logger(BetterAuthRolesGuard_1.name);
|
|
@@ -42,12 +43,7 @@ let BetterAuthRolesGuard = BetterAuthRolesGuard_1 = class BetterAuthRolesGuard {
|
|
|
42
43
|
async canActivate(context) {
|
|
43
44
|
const handlerRoles = Reflect.getMetadata('roles', context.getHandler());
|
|
44
45
|
const classRoles = Reflect.getMetadata('roles', context.getClass());
|
|
45
|
-
const
|
|
46
|
-
const roles = reflectorRoles[0]
|
|
47
|
-
? reflectorRoles[1]
|
|
48
|
-
? [...reflectorRoles[0], ...reflectorRoles[1]]
|
|
49
|
-
: reflectorRoles[0]
|
|
50
|
-
: reflectorRoles[1];
|
|
46
|
+
const roles = (0, core_tenant_helpers_1.mergeRolesMetadata)([handlerRoles, classRoles]);
|
|
51
47
|
if (roles && roles.includes(role_enum_1.RoleEnum.S_NO_ONE)) {
|
|
52
48
|
throw new common_1.UnauthorizedException(error_code_1.ErrorCode.UNAUTHORIZED);
|
|
53
49
|
}
|
|
@@ -68,6 +64,9 @@ let BetterAuthRolesGuard = BetterAuthRolesGuard_1 = class BetterAuthRolesGuard {
|
|
|
68
64
|
if (roles.includes(role_enum_1.RoleEnum.S_USER)) {
|
|
69
65
|
return true;
|
|
70
66
|
}
|
|
67
|
+
if ((0, core_tenant_helpers_1.isMultiTenancyActive)() && roles.some((r) => !(0, core_tenant_helpers_1.isSystemRole)(r))) {
|
|
68
|
+
return true;
|
|
69
|
+
}
|
|
71
70
|
if (roles.includes(role_enum_1.RoleEnum.S_SELF)) {
|
|
72
71
|
const targetId = this.getTargetId(context);
|
|
73
72
|
if (targetId && user.id === targetId) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"better-auth-roles.guard.js","sourceRoot":"","sources":["../../../../src/core/modules/better-auth/better-auth-roles.guard.ts"],"names":[],"mappings":";;;;;;;;;;AAAA,2CAOwB;AACxB,6CAAsD;AAEtD,4DAAwD;AACxD,8CAA0C;
|
|
1
|
+
{"version":3,"file":"better-auth-roles.guard.js","sourceRoot":"","sources":["../../../../src/core/modules/better-auth/better-auth-roles.guard.ts"],"names":[],"mappings":";;;;;;;;;;AAAA,2CAOwB;AACxB,6CAAsD;AAEtD,4DAAwD;AACxD,8CAA0C;AAC1C,uEAAuG;AAGvG,uEAAiE;AAuB1D,IAAM,oBAAoB,4BAA1B,MAAM,oBAAoB;IACd,MAAM,GAAG,IAAI,eAAM,CAAC,sBAAoB,CAAC,IAAI,CAAC,CAAC;IACxD,YAAY,GAAkC,IAAI,CAAC;IAMnD,eAAe;QACrB,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACvB,IAAI,CAAC,YAAY,GAAG,8CAAoB,CAAC,uBAAuB,EAAE,CAAC;QACrE,CAAC;QACD,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAMO,KAAK,CAAC,WAAW,CAAC,OAAY;QACpC,MAAM,YAAY,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;QAC5C,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,CAAC;YACH,MAAM,EAAE,KAAK,EAAE,GAAG,YAAY,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAC;YAChE,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,IAAI,CAAC;YACd,CAAC;YACD,OAAO,MAAM,YAAY,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;QACrD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,8BAA8B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC;YAC5G,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAyB;QAGzC,MAAM,YAAY,GAAG,OAAO,CAAC,WAAW,CAAC,OAAO,EAAE,OAAO,CAAC,UAAU,EAAE,CAAyB,CAAC;QAChG,MAAM,UAAU,GAAG,OAAO,CAAC,WAAW,CAAC,OAAO,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAyB,CAAC;QAG5F,MAAM,KAAK,GAAG,IAAA,wCAAkB,EAAC,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC,CAAC;QAG7D,IAAI,KAAK,IAAI,KAAK,CAAC,QAAQ,CAAC,oBAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC/C,MAAM,IAAI,8BAAqB,CAAC,sBAAS,CAAC,YAAY,CAAC,CAAC;QAC1D,CAAC;QAGD,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,oBAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YACrF,OAAO,IAAI,CAAC;QACd,CAAC;QAGD,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QACzC,IAAI,IAAI,GAAG,OAAO,EAAE,IAAI,CAAC;QAIzB,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YACvC,IAAI,IAAI,IAAI,OAAO,EAAE,CAAC;gBAEpB,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;YACtB,CAAC;QACH,CAAC;QAGD,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,8BAAqB,CAAC,sBAAS,CAAC,YAAY,CAAC,CAAC;QAC1D,CAAC;QAGD,IAAI,KAAK,CAAC,QAAQ,CAAC,oBAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACpC,OAAO,IAAI,CAAC;QACd,CAAC;QAKD,IAAI,IAAA,0CAAoB,GAAE,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAA,kCAAY,EAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAClE,OAAO,IAAI,CAAC;QACd,CAAC;QAGD,IAAI,KAAK,CAAC,QAAQ,CAAC,oBAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAEpC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YAC3C,IAAI,QAAQ,IAAI,IAAI,CAAC,EAAE,KAAK,QAAQ,EAAE,CAAC;gBACrC,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAGD,IAAI,KAAK,CAAC,QAAQ,CAAC,oBAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YAIvC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,2CAA2C,CAAC,CAAC;QACjE,CAAC;QAGD,IAAI,KAAK,CAAC,QAAQ,CAAC,oBAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YACxC,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;gBAC9D,MAAM,IAAI,2BAAkB,CAAC,sBAAS,CAAC,aAAa,CAAC,CAAC;YACxD,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAGD,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1B,OAAO,IAAI,CAAC;QACd,CAAC;QAGD,IAAI,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5C,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;YACxE,IAAI,eAAe,EAAE,CAAC;gBACpB,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAGD,MAAM,IAAI,2BAAkB,CAAC,sBAAS,CAAC,aAAa,CAAC,CAAC;IACxD,CAAC;IAMO,UAAU,CAAC,OAAyB;QAE1C,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,6BAAmB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACvD,MAAM,GAAG,GAAG,UAAU,CAAC,UAAU,EAAE,CAAC;YACpC,IAAI,GAAG,EAAE,GAAG,EAAE,CAAC;gBACb,OAAO,GAAG,CAAC,GAAG,CAAC;YACjB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;QAET,CAAC;QAGD,OAAO,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;IAC7C,CAAC;IAKO,WAAW,CAAC,OAAyB;QAE3C,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,6BAAmB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACvD,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,EAAE,CAAC;YAClC,IAAI,IAAI,EAAE,EAAE,EAAE,CAAC;gBACb,OAAO,IAAI,CAAC,EAAE,CAAC;YACjB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;QAET,CAAC;QAGD,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;YACpD,IAAI,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;gBACxB,OAAO,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAC3B,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;QAET,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;CACF,CAAA;AAhLY,oDAAoB;+BAApB,oBAAoB;IADhC,IAAA,mBAAU,GAAE;GACA,oBAAoB,CAgLhC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import { CorePersistenceModel } from '../../common/models/core-persistence.model';
|
|
2
|
+
import { TenantMemberStatus } from './core-tenant.enums';
|
|
3
|
+
export declare class CoreTenantMemberModel extends CorePersistenceModel {
|
|
4
|
+
invitedBy: string;
|
|
5
|
+
joinedAt: Date;
|
|
6
|
+
role: string;
|
|
7
|
+
status: TenantMemberStatus;
|
|
8
|
+
tenant: string;
|
|
9
|
+
user: string;
|
|
10
|
+
securityCheck(user: any, force?: boolean): this;
|
|
11
|
+
}
|
|
@@ -0,0 +1,106 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.CoreTenantMemberModel = void 0;
|
|
13
|
+
const common_1 = require("@nestjs/common");
|
|
14
|
+
const graphql_1 = require("@nestjs/graphql");
|
|
15
|
+
const mongoose_1 = require("@nestjs/mongoose");
|
|
16
|
+
const restricted_decorator_1 = require("../../common/decorators/restricted.decorator");
|
|
17
|
+
const unified_field_decorator_1 = require("../../common/decorators/unified-field.decorator");
|
|
18
|
+
const role_enum_1 = require("../../common/enums/role.enum");
|
|
19
|
+
const core_persistence_model_1 = require("../../common/models/core-persistence.model");
|
|
20
|
+
const request_context_service_1 = require("../../common/services/request-context.service");
|
|
21
|
+
const core_tenant_enums_1 = require("./core-tenant.enums");
|
|
22
|
+
const core_tenant_helpers_1 = require("./core-tenant.helpers");
|
|
23
|
+
let CoreTenantMemberModel = class CoreTenantMemberModel extends core_persistence_model_1.CorePersistenceModel {
|
|
24
|
+
invitedBy = undefined;
|
|
25
|
+
joinedAt = undefined;
|
|
26
|
+
role = undefined;
|
|
27
|
+
status = undefined;
|
|
28
|
+
tenant = undefined;
|
|
29
|
+
user = undefined;
|
|
30
|
+
securityCheck(user, force) {
|
|
31
|
+
if (force)
|
|
32
|
+
return this;
|
|
33
|
+
if (!user)
|
|
34
|
+
throw new common_1.UnauthorizedException('Access to tenant membership denied');
|
|
35
|
+
if (user.id === this.user || user.hasRole?.(role_enum_1.RoleEnum.ADMIN))
|
|
36
|
+
return this;
|
|
37
|
+
const context = request_context_service_1.RequestContext.get();
|
|
38
|
+
const tenantRole = context?.tenantRole;
|
|
39
|
+
if (tenantRole &&
|
|
40
|
+
(0, core_tenant_helpers_1.checkRoleAccess)([core_tenant_enums_1.DefaultHR.MANAGER], undefined, tenantRole) &&
|
|
41
|
+
context?.tenantId === this.tenant) {
|
|
42
|
+
return this;
|
|
43
|
+
}
|
|
44
|
+
throw new common_1.UnauthorizedException('Access to tenant membership denied');
|
|
45
|
+
}
|
|
46
|
+
};
|
|
47
|
+
exports.CoreTenantMemberModel = CoreTenantMemberModel;
|
|
48
|
+
__decorate([
|
|
49
|
+
(0, unified_field_decorator_1.UnifiedField)({
|
|
50
|
+
description: 'ID of the inviting user',
|
|
51
|
+
isOptional: true,
|
|
52
|
+
mongoose: { type: String },
|
|
53
|
+
roles: role_enum_1.RoleEnum.S_USER,
|
|
54
|
+
}),
|
|
55
|
+
__metadata("design:type", String)
|
|
56
|
+
], CoreTenantMemberModel.prototype, "invitedBy", void 0);
|
|
57
|
+
__decorate([
|
|
58
|
+
(0, unified_field_decorator_1.UnifiedField)({
|
|
59
|
+
description: 'Date when the user joined',
|
|
60
|
+
isOptional: true,
|
|
61
|
+
mongoose: { type: Date },
|
|
62
|
+
roles: role_enum_1.RoleEnum.S_USER,
|
|
63
|
+
type: Date,
|
|
64
|
+
}),
|
|
65
|
+
__metadata("design:type", Date)
|
|
66
|
+
], CoreTenantMemberModel.prototype, "joinedAt", void 0);
|
|
67
|
+
__decorate([
|
|
68
|
+
(0, unified_field_decorator_1.UnifiedField)({
|
|
69
|
+
description: 'Tenant role',
|
|
70
|
+
mongoose: { default: 'member', type: String },
|
|
71
|
+
roles: role_enum_1.RoleEnum.S_USER,
|
|
72
|
+
type: () => String,
|
|
73
|
+
}),
|
|
74
|
+
__metadata("design:type", String)
|
|
75
|
+
], CoreTenantMemberModel.prototype, "role", void 0);
|
|
76
|
+
__decorate([
|
|
77
|
+
(0, unified_field_decorator_1.UnifiedField)({
|
|
78
|
+
description: 'Membership status',
|
|
79
|
+
mongoose: { default: core_tenant_enums_1.TenantMemberStatus.ACTIVE, enum: Object.values(core_tenant_enums_1.TenantMemberStatus), type: String },
|
|
80
|
+
roles: role_enum_1.RoleEnum.S_USER,
|
|
81
|
+
type: () => String,
|
|
82
|
+
}),
|
|
83
|
+
__metadata("design:type", String)
|
|
84
|
+
], CoreTenantMemberModel.prototype, "status", void 0);
|
|
85
|
+
__decorate([
|
|
86
|
+
(0, unified_field_decorator_1.UnifiedField)({
|
|
87
|
+
description: 'Tenant ID',
|
|
88
|
+
mongoose: { index: true, type: String },
|
|
89
|
+
roles: role_enum_1.RoleEnum.S_USER,
|
|
90
|
+
}),
|
|
91
|
+
__metadata("design:type", String)
|
|
92
|
+
], CoreTenantMemberModel.prototype, "tenant", void 0);
|
|
93
|
+
__decorate([
|
|
94
|
+
(0, unified_field_decorator_1.UnifiedField)({
|
|
95
|
+
description: 'User ID',
|
|
96
|
+
mongoose: { index: true, type: String },
|
|
97
|
+
roles: role_enum_1.RoleEnum.S_USER,
|
|
98
|
+
}),
|
|
99
|
+
__metadata("design:type", String)
|
|
100
|
+
], CoreTenantMemberModel.prototype, "user", void 0);
|
|
101
|
+
exports.CoreTenantMemberModel = CoreTenantMemberModel = __decorate([
|
|
102
|
+
(0, graphql_1.ObjectType)({ description: 'Tenant membership', isAbstract: true }),
|
|
103
|
+
(0, restricted_decorator_1.Restricted)(role_enum_1.RoleEnum.S_USER),
|
|
104
|
+
(0, mongoose_1.Schema)({ timestamps: true })
|
|
105
|
+
], CoreTenantMemberModel);
|
|
106
|
+
//# sourceMappingURL=core-tenant-member.model.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"core-tenant-member.model.js","sourceRoot":"","sources":["../../../../src/core/modules/tenant/core-tenant-member.model.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAAuD;AACvD,6CAA6C;AAC7C,+CAA0C;AAE1C,uFAA0E;AAC1E,6FAA+E;AAC/E,4DAAwD;AACxD,uFAAkF;AAClF,2FAA+E;AAC/E,2DAAoE;AACpE,+DAAwD;AAajD,IAAM,qBAAqB,GAA3B,MAAM,qBAAsB,SAAQ,6CAAoB;IAU7D,SAAS,GAAW,SAAS,CAAC;IAY9B,QAAQ,GAAS,SAAS,CAAC;IAW3B,IAAI,GAAW,SAAS,CAAC;IAWzB,MAAM,GAAuB,SAAS,CAAC;IAUvC,MAAM,GAAW,SAAS,CAAC;IAU3B,IAAI,GAAW,SAAS,CAAC;IAWhB,aAAa,CAAC,IAAS,EAAE,KAAe;QAC/C,IAAI,KAAK;YAAE,OAAO,IAAI,CAAC;QACvB,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,8BAAqB,CAAC,oCAAoC,CAAC,CAAC;QAGjF,IAAI,IAAI,CAAC,EAAE,KAAK,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC,oBAAQ,CAAC,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QAKzE,MAAM,OAAO,GAAG,wCAAc,CAAC,GAAG,EAAE,CAAC;QACrC,MAAM,UAAU,GAAG,OAAO,EAAE,UAAU,CAAC;QACvC,IACE,UAAU;YACV,IAAA,qCAAe,EAAC,CAAC,6BAAS,CAAC,OAAO,CAAC,EAAE,SAAS,EAAE,UAAU,CAAC;YAC3D,OAAO,EAAE,QAAQ,KAAK,IAAI,CAAC,MAAM,EACjC,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,IAAI,8BAAqB,CAAC,oCAAoC,CAAC,CAAC;IACxE,CAAC;CACF,CAAA;AAjGY,sDAAqB;AAUhC;IANC,IAAA,sCAAY,EAAC;QACZ,WAAW,EAAE,yBAAyB;QACtC,UAAU,EAAE,IAAI;QAChB,QAAQ,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE;QAC1B,KAAK,EAAE,oBAAQ,CAAC,MAAM;KACvB,CAAC;;wDAC4B;AAY9B;IAPC,IAAA,sCAAY,EAAC;QACZ,WAAW,EAAE,2BAA2B;QACxC,UAAU,EAAE,IAAI;QAChB,QAAQ,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;QACxB,KAAK,EAAE,oBAAQ,CAAC,MAAM;QACtB,IAAI,EAAE,IAAI;KACX,CAAC;8BACQ,IAAI;uDAAa;AAW3B;IANC,IAAA,sCAAY,EAAC;QACZ,WAAW,EAAE,aAAa;QAC1B,QAAQ,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE;QAC7C,KAAK,EAAE,oBAAQ,CAAC,MAAM;QACtB,IAAI,EAAE,GAAG,EAAE,CAAC,MAAM;KACnB,CAAC;;mDACuB;AAWzB;IANC,IAAA,sCAAY,EAAC;QACZ,WAAW,EAAE,mBAAmB;QAChC,QAAQ,EAAE,EAAE,OAAO,EAAE,sCAAkB,CAAC,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,sCAAkB,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE;QACvG,KAAK,EAAE,oBAAQ,CAAC,MAAM;QACtB,IAAI,EAAE,GAAG,EAAE,CAAC,MAAM;KACnB,CAAC;;qDACqC;AAUvC;IALC,IAAA,sCAAY,EAAC;QACZ,WAAW,EAAE,WAAW;QACxB,QAAQ,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE;QACvC,KAAK,EAAE,oBAAQ,CAAC,MAAM;KACvB,CAAC;;qDACyB;AAU3B;IALC,IAAA,sCAAY,EAAC;QACZ,WAAW,EAAE,SAAS;QACtB,QAAQ,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE;QACvC,KAAK,EAAE,oBAAQ,CAAC,MAAM;KACvB,CAAC;;mDACuB;gCAhEd,qBAAqB;IAHjC,IAAA,oBAAU,EAAC,EAAE,WAAW,EAAE,mBAAmB,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;IAClE,IAAA,iCAAU,EAAC,oBAAQ,CAAC,MAAM,CAAC;IAC3B,IAAA,iBAAM,EAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;GAChB,qBAAqB,CAiGjC"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.CurrentTenant = exports.SkipTenantCheck = exports.SKIP_TENANT_CHECK_KEY = void 0;
|
|
4
|
+
const common_1 = require("@nestjs/common");
|
|
5
|
+
const request_context_service_1 = require("../../common/services/request-context.service");
|
|
6
|
+
exports.SKIP_TENANT_CHECK_KEY = 'skipTenantCheck';
|
|
7
|
+
const SkipTenantCheck = () => (0, common_1.SetMetadata)(exports.SKIP_TENANT_CHECK_KEY, true);
|
|
8
|
+
exports.SkipTenantCheck = SkipTenantCheck;
|
|
9
|
+
exports.CurrentTenant = (0, common_1.createParamDecorator)(() => {
|
|
10
|
+
return request_context_service_1.RequestContext.get()?.tenantId;
|
|
11
|
+
});
|
|
12
|
+
//# sourceMappingURL=core-tenant.decorators.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"core-tenant.decorators.js","sourceRoot":"","sources":["../../../../src/core/modules/tenant/core-tenant.decorators.ts"],"names":[],"mappings":";;;AAAA,2CAAmE;AAEnE,2FAA+E;AAKlE,QAAA,qBAAqB,GAAG,iBAAiB,CAAC;AAiBhD,MAAM,eAAe,GAAG,GAAG,EAAE,CAAC,IAAA,oBAAW,EAAC,6BAAqB,EAAE,IAAI,CAAC,CAAC;AAAjE,QAAA,eAAe,mBAAkD;AAmBjE,QAAA,aAAa,GAAG,IAAA,6BAAoB,EAAC,GAAuB,EAAE;IACzE,OAAO,wCAAc,CAAC,GAAG,EAAE,EAAE,QAAQ,CAAC;AACxC,CAAC,CAAC,CAAC"}
|