@lightdash/common 0.1947.0 → 0.1949.0

package/dist/cjs/authorization/roleToScopeParity.test.js

@@ -0,0 +1,195 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+/* eslint-disable no-console */
+const ability_1 = require("@casl/ability");
+const lodash_1 = require("lodash");
+const projectMemberRole_1 = require("../types/projectMemberRole");
+const projectMemberAbility_1 = require("./projectMemberAbility");
+const projectMemberAbility_mock_1 = require("./projectMemberAbility.mock");
+const roleToScopeMapping_1 = require("./roleToScopeMapping");
+const scopeAbilityBuilder_1 = require("./scopeAbilityBuilder");
+/**
+ * Normalize a CASL rule for comparison by sorting object keys and handling undefined values
+ */
+const normalizeRule = (rule) => ({
+    action: rule.action,
+    subject: rule.subject,
+});
+/**
+ * Compare two sets of CASL rules for functional equivalence
+ */
+const compareRuleSets = (roleBasedRules, scopeBasedRules, roleName) => {
+    const normalizedRoleRules = roleBasedRules.map(normalizeRule);
+    const normalizedScopeRules = scopeBasedRules.map(normalizeRule);
+    const mismatches = [];
+    // Check if rule counts match
+    if (normalizedRoleRules.length !== normalizedScopeRules.length) {
+        mismatches.push(`Rule count mismatch: role-based has ${normalizedRoleRules.length} rules, scope-based has ${normalizedScopeRules.length} rules`);
+    }
+    // Group rules by action+subject for easier comparison
+    const roleRulesGrouped = (0, lodash_1.groupBy)(normalizedRoleRules, (rule) => `${rule.action}:${rule.subject}`);
+    const scopeRulesGrouped = (0, lodash_1.groupBy)(normalizedScopeRules, (rule) => `${rule.action}:${rule.subject}`);
+    // Check for missing or extra rule types
+    const roleKeys = new Set(Object.keys(roleRulesGrouped));
+    const scopeKeys = new Set(Object.keys(scopeRulesGrouped));
+    const missingInScope = [...roleKeys].filter((key) => !scopeKeys.has(key));
+    const extraInScope = [...scopeKeys].filter((key) => !roleKeys.has(key));
+    missingInScope.forEach((key) => {
+        mismatches.push(`Missing in scope-based: ${key}`);
+    });
+    extraInScope.forEach((key) => {
+        mismatches.push(`Extra in scope-based: ${key}`);
+    });
+    // Compare matching rule groups
+    const commonKeys = [...roleKeys].filter((key) => scopeKeys.has(key));
+    commonKeys.forEach((key) => {
+        const roleRulesForKey = roleRulesGrouped[key];
+        const scopeRulesForKey = scopeRulesGrouped[key];
+        // For rules with the same action+subject, we need to check if the conditions are equivalent
+        // This is more complex because multiple rules might combine to create the same effective permissions
+        if (roleRulesForKey.length !== scopeRulesForKey.length) {
+            // Different number of rules for same action+subject - this might be OK if conditions are equivalent
+            // For now, we'll flag this as a potential issue but continue checking
+            mismatches.push(`Different rule count for ${key}: role-based has ${roleRulesForKey.length}, scope-based has ${scopeRulesForKey.length}`);
+        }
+        // Check if rule sets contain equivalent conditions
+        const roleConditions = roleRulesForKey
+            .map((r) => r.conditions)
+            .filter(Boolean);
+        const scopeConditions = scopeRulesForKey
+            .map((r) => r.conditions)
+            .filter(Boolean);
+        if (!(0, lodash_1.isEqual)(roleConditions, scopeConditions)) {
+            mismatches.push(`Condition mismatch on ${roleName} for ${key}:\nRole-based: ${JSON.stringify(roleConditions, null, 2)}\nScope-based: ${JSON.stringify(scopeConditions, null, 2)}`);
+        }
+    });
+    return {
+        isEqual: mismatches.length === 0,
+        mismatches,
+    };
+};
+/**
+ * List of enterprise-only subject names that should be filtered in non-enterprise mode
+ */
+const ENTERPRISE_SUBJECTS = new Set([
+    'MetricsTree',
+    'SpotlightTableConfig',
+    'AiAgent',
+    'AiAgentThread',
+    'ContentAsCode',
+]);
+/**
+ * Filter enterprise rules from role-based abilities when testing in non-enterprise mode
+ */
+const filterEnterpriseRules = (rules, isEnterprise) => {
+    if (isEnterprise) {
+        return rules;
+    }
+    return rules.filter((rule) => !ENTERPRISE_SUBJECTS.has(rule.subject));
+};
+/**
+ * Test role-to-scope parity for a specific role
+ */
+const testRoleScopeParity = (role, isEnterprise = false) => {
+    // Get the appropriate mock member profile
+    const memberProfiles = {
+        [projectMemberRole_1.ProjectMemberRole.VIEWER]: projectMemberAbility_mock_1.PROJECT_VIEWER,
+        [projectMemberRole_1.ProjectMemberRole.INTERACTIVE_VIEWER]: projectMemberAbility_mock_1.PROJECT_INTERACTIVE_VIEWER,
+        [projectMemberRole_1.ProjectMemberRole.EDITOR]: projectMemberAbility_mock_1.PROJECT_EDITOR,
+        [projectMemberRole_1.ProjectMemberRole.DEVELOPER]: projectMemberAbility_mock_1.PROJECT_DEVELOPER,
+        [projectMemberRole_1.ProjectMemberRole.ADMIN]: projectMemberAbility_mock_1.PROJECT_ADMIN,
+    };
+    const member = memberProfiles[role];
+    // Build abilities using role-based approach
+    const roleBuilder = new ability_1.AbilityBuilder(ability_1.Ability);
+    projectMemberAbility_1.projectMemberAbilities[role](member, roleBuilder);
+    const roleAbility = roleBuilder.build();
+    // Filter enterprise rules from role-based abilities if not enterprise
+    const filteredRoleRules = filterEnterpriseRules(roleAbility.rules, isEnterprise);
+    // Build abilities using scope-based approach
+    const scopeBuilder = new ability_1.AbilityBuilder(ability_1.Ability);
+    const scopes = (0, roleToScopeMapping_1.getAllScopesForRole)(role);
+    (0, scopeAbilityBuilder_1.buildAbilityFromScopes)({
+        userUuid: member.userUuid,
+        projectUuid: member.projectUuid,
+        scopes,
+        isEnterprise,
+    }, scopeBuilder);
+    const scopeAbility = scopeBuilder.build();
+    // Compare the filtered rule sets
+    const result = compareRuleSets(filteredRoleRules, scopeAbility.rules, role);
+    return result;
+};
+describe('Role to Scope Parity', () => {
+    const systemProjectRoles = [
+        projectMemberRole_1.ProjectMemberRole.VIEWER,
+        projectMemberRole_1.ProjectMemberRole.INTERACTIVE_VIEWER,
+        projectMemberRole_1.ProjectMemberRole.EDITOR,
+        projectMemberRole_1.ProjectMemberRole.DEVELOPER,
+        projectMemberRole_1.ProjectMemberRole.ADMIN,
+    ];
+    describe('Non-Enterprise Environment', () => {
+        it.each(systemProjectRoles)('should have equivalent permissions for %s role', (role) => {
+            const comparison = testRoleScopeParity(role, false);
+            if (!comparison.isEqual) {
+                console.error(`\n=== PARITY MISMATCH FOR ${role.toUpperCase()} ROLE ===`);
+                comparison.mismatches.forEach((mismatch) => {
+                    console.error(`❌ ${mismatch}`);
+                });
+                console.error('=== END MISMATCH REPORT ===\n');
+            }
+            expect(comparison.isEqual).toBe(true);
+        });
+    });
+    describe('Enterprise Environment', () => {
+        it.each(systemProjectRoles)('should have equivalent permissions for %s role in enterprise', (role) => {
+            const comparison = testRoleScopeParity(role, true);
+            if (!comparison.isEqual) {
+                console.error(`\n=== ENTERPRISE PARITY MISMATCH FOR ${role.toUpperCase()} ROLE ===`);
+                comparison.mismatches.forEach((mismatch) => {
+                    console.error(`❌ ${mismatch}`);
+                });
+                console.error('=== END MISMATCH REPORT ===\n');
+            }
+            expect(comparison.isEqual).toBe(true);
+        });
+    });
+    // This is helpful for debugging, but it's not a test
+    describe.skip('Rule Count Analysis', () => {
+        it('should report rule counts for documentation', () => {
+            console.log('\n=== ROLE PERMISSION RULE COUNTS ===');
+            systemProjectRoles.forEach((role) => {
+                const member = {
+                    [projectMemberRole_1.ProjectMemberRole.VIEWER]: projectMemberAbility_mock_1.PROJECT_VIEWER,
+                    [projectMemberRole_1.ProjectMemberRole.INTERACTIVE_VIEWER]: projectMemberAbility_mock_1.PROJECT_INTERACTIVE_VIEWER,
+                    [projectMemberRole_1.ProjectMemberRole.EDITOR]: projectMemberAbility_mock_1.PROJECT_EDITOR,
+                    [projectMemberRole_1.ProjectMemberRole.DEVELOPER]: projectMemberAbility_mock_1.PROJECT_DEVELOPER,
+                    [projectMemberRole_1.ProjectMemberRole.ADMIN]: projectMemberAbility_mock_1.PROJECT_ADMIN,
+                }[role];
+                // Count role-based rules
+                const roleBuilder = new ability_1.AbilityBuilder(ability_1.Ability);
+                projectMemberAbility_1.projectMemberAbilities[role](member, roleBuilder);
+                const roleRuleCount = roleBuilder.build().rules.length;
+                // Count scope-based rules
+                const scopeBuilder = new ability_1.AbilityBuilder(ability_1.Ability);
+                const scopes = (0, roleToScopeMapping_1.getAllScopesForRole)(role);
+                (0, scopeAbilityBuilder_1.buildAbilityFromScopes)({
+                    userUuid: member.userUuid,
+                    projectUuid: member.projectUuid,
+                    scopes,
+                    isEnterprise: false,
+                }, scopeBuilder);
+                const scopeRuleCount = scopeBuilder.build().rules.length;
+                console.log(`${role.padEnd(20)}: Role-based: ${roleRuleCount
+                    .toString()
+                    .padStart(3)}, Scope-based: ${scopeRuleCount
+                    .toString()
+                    .padStart(3)}, Scopes: ${scopes.length
+                    .toString()
+                    .padStart(3)}`);
+            });
+            console.log('=== END RULE COUNT ANALYSIS ===\n');
+        });
+    });
+});
+//# sourceMappingURL=roleToScopeParity.test.js.map

package/dist/cjs/authorization/roleToScopeParity.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"roleToScopeParity.test.js","sourceRoot":"","sources":["../../../src/authorization/roleToScopeParity.test.ts"],"names":[],"mappings":";;AAAA,+BAA+B;AAC/B,2CAAwD;AACxD,mCAA0C;AAC1C,kEAA+D;AAC/D,iEAAgE;AAChE,2EAMqC;AACrC,6DAA2D;AAC3D,+DAA+D;AAW/D;;GAEG;AACH,MAAM,aAAa,GAAG,CAAC,IAAc,EAAY,EAAE,CAAC,CAAC;IACjD,MAAM,EAAE,IAAI,CAAC,MAAM;IACnB,OAAO,EAAE,IAAI,CAAC,OAAO;CACxB,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,eAAe,GAAG,CACpB,cAA0B,EAC1B,eAA2B,EAC3B,QAAgB,EAC0B,EAAE;IAC5C,MAAM,mBAAmB,GAAG,cAAc,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IAC9D,MAAM,oBAAoB,GAAG,eAAe,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IAEhE,MAAM,UAAU,GAAa,EAAE,CAAC;IAEhC,6BAA6B;IAC7B,IAAI,mBAAmB,CAAC,MAAM,KAAK,oBAAoB,CAAC,MAAM,EAAE,CAAC;QAC7D,UAAU,CAAC,IAAI,CACX,uCAAuC,mBAAmB,CAAC,MAAM,2BAA2B,oBAAoB,CAAC,MAAM,QAAQ,CAClI,CAAC;IACN,CAAC;IAED,sDAAsD;IACtD,MAAM,gBAAgB,GAAG,IAAA,gBAAO,EAC5B,mBAAmB,EACnB,CAAC,IAAI,EAAE,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,OAAO,EAAE,CAC7C,CAAC;IACF,MAAM,iBAAiB,GAAG,IAAA,gBAAO,EAC7B,oBAAoB,EACpB,CAAC,IAAI,EAAE,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,OAAO,EAAE,CAC7C,CAAC;IAEF,wCAAwC;IACxC,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC;IACxD,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC;IAE1D,MAAM,cAAc,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1E,MAAM,YAAY,GAAG,CAAC,GAAG,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;IAExE,cAAc,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;QAC3B,UAAU,CAAC,IAAI,CAAC,2BAA2B,GAAG,EAAE,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,YAAY,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;QACzB,UAAU,CAAC,IAAI,CAAC,yBAAyB,GAAG,EAAE,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,+BAA+B;IAC/B,MAAM,UAAU,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;IAErE,UAAU,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;QACvB,MAAM,eAAe,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;QAC9C,MAAM,gBAAgB,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC;QAEhD,4FAA4F;QAC5F,qGAAqG;QACrG,IAAI,eAAe,CAAC,MAAM,KAAK,gBAAgB,CAAC,MAAM,EAAE,CAAC;YACrD,oGAAoG;YACpG,sEAAsE;YACtE,UAAU,CAAC,IAAI,CACX,4BAA4B,GAAG,oBAAoB,eAAe,CAAC,MAAM,qBAAqB,gBAAgB,CAAC,MAAM,EAAE,CAC1H,CAAC;QACN,CAAC;QAED,mDAAmD;QACnD,MAAM,cAAc,GAAG,eAAe;aACjC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC;aACxB,MAAM,CAAC,OAAO,CAAC,CAAC;QACrB,MAAM,eAAe,GAAG,gBAAgB;aACnC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC;aACxB,MAAM,CAAC,OAAO,CAAC,CAAC;QAErB,IAAI,CAAC,IAAA,gBAAO,EAAC,cAAc,EAAE,eAAe,CAAC,EAAE,CAAC;YAC5C,UAAU,CAAC,IAAI,CACX,yBAAyB,QAAQ,QAAQ,GAAG,kBAAkB,IAAI,CAAC,SAAS,CACxE,cAAc,EACd,IAAI,EACJ,CAAC,CACJ,kBAAkB,IAAI,CAAC,SAAS,CAAC,eAAe,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAChE,CAAC;QACN,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,OAAO;QACH,OAAO,EAAE,UAAU,CAAC,MAAM,KAAK,CAAC;QAChC,UAAU;KACb,CAAC;AACN,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC;IAChC,aAAa;IACb,sBAAsB;IACtB,SAAS;IACT,eAAe;IACf,eAAe;CAClB,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,qBAAqB,GAAG,CAC1B,KAAiB,EACjB,YAAqB,EACX,EAAE;IACZ,IAAI,YAAY,EAAE,CAAC;QACf,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;AAC1E,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,mBAAmB,GAAG,CACxB,IAAuB,EACvB,eAAwB,KAAK,EACa,EAAE;IAC5C,0CAA0C;IAC1C,MAAM,cAAc,GAAG;QACnB,CAAC,qCAAiB,CAAC,MAAM,CAAC,EAAE,0CAAc;QAC1C,CAAC,qCAAiB,CAAC,kBAAkB,CAAC,EAAE,sDAA0B;QAClE,CAAC,qCAAiB,CAAC,MAAM,CAAC,EAAE,0CAAc;QAC1C,CAAC,qCAAiB,CAAC,SAAS,CAAC,EAAE,6CAAiB;QAChD,CAAC,qCAAiB,CAAC,KAAK,CAAC,EAAE,yCAAa;KAC3C,CAAC;IAEF,MAAM,MAAM,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IAEpC,4CAA4C;IAC5C,MAAM,WAAW,GAAG,IAAI,wBAAc,CAAgB,iBAAO,CAAC,CAAC;IAC/D,6CAAsB,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAClD,MAAM,WAAW,GAAG,WAAW,CAAC,KAAK,EAAE,CAAC;IAExC,sEAAsE;IACtE,MAAM,iBAAiB,GAAG,qBAAqB,CAC3C,WAAW,CAAC,KAAmB,EAC/B,YAAY,CACf,CAAC;IAEF,6CAA6C;IAC7C,MAAM,YAAY,GAAG,IAAI,wBAAc,CAAgB,iBAAO,CAAC,CAAC;IAChE,MAAM,MAAM,GAAG,IAAA,wCAAmB,EAAC,IAAI,CAAC,CAAC;IAEzC,IAAA,4CAAsB,EAClB;QACI,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,MAAM;QACN,YAAY;KACf,EACD,YAAY,CACf,CAAC;IACF,MAAM,YAAY,GAAG,YAAY,CAAC,KAAK,EAAE,CAAC;IAE1C,iCAAiC;IACjC,MAAM,MAAM,GAAG,eAAe,CAC1B,iBAAiB,EACjB,YAAY,CAAC,KAAmB,EAChC,IAAI,CACP,CAAC;IAEF,OAAO,MAAM,CAAC;AAClB,CAAC,CAAC;AAEF,QAAQ,CAAC,sBAAsB,EAAE,GAAG,EAAE;IAClC,MAAM,kBAAkB,GAAG;QACvB,qCAAiB,CAAC,MAAM;QACxB,qCAAiB,CAAC,kBAAkB;QACpC,qCAAiB,CAAC,MAAM;QACxB,qCAAiB,CAAC,SAAS;QAC3B,qCAAiB,CAAC,KAAK;KAC1B,CAAC;IAEF,QAAQ,CAAC,4BAA4B,EAAE,GAAG,EAAE;QACxC,EAAE,CAAC,IAAI,CAAC,kBAAkB,CAAC,CACvB,gDAAgD,EAChD,CAAC,IAAI,EAAE,EAAE;YACL,MAAM,UAAU,GAAG,mBAAmB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YAEpD,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;gBACtB,OAAO,CAAC,KAAK,CACT,6BAA6B,IAAI,CAAC,WAAW,EAAE,WAAW,CAC7D,CAAC;gBACF,UAAU,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;oBACvC,OAAO,CAAC,KAAK,CAAC,KAAK,QAAQ,EAAE,CAAC,CAAC;gBACnC,CAAC,CAAC,CAAC;gBACH,OAAO,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;YACnD,CAAC;YAED,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1C,CAAC,CACJ,CAAC;IACN,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,wBAAwB,EAAE,GAAG,EAAE;QACpC,EAAE,CAAC,IAAI,CAAC,kBAAkB,CAAC,CACvB,8DAA8D,EAC9D,CAAC,IAAI,EAAE,EAAE;YACL,MAAM,UAAU,GAAG,mBAAmB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;YAEnD,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;gBACtB,OAAO,CAAC,KAAK,CACT,wCAAwC,IAAI,CAAC,WAAW,EAAE,WAAW,CACxE,CAAC;gBACF,UAAU,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;oBACvC,OAAO,CAAC,KAAK,CAAC,KAAK,QAAQ,EAAE,CAAC,CAAC;gBACnC,CAAC,CAAC,CAAC;gBACH,OAAO,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;YACnD,CAAC;YAED,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1C,CAAC,CACJ,CAAC;IACN,CAAC,CAAC,CAAC;IAEH,qDAAqD;IACrD,QAAQ,CAAC,IAAI,CAAC,qBAAqB,EAAE,GAAG,EAAE;QACtC,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;YACnD,OAAO,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC;YAErD,kBAAkB,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;gBAChC,MAAM,MAAM,GAAG;oBACX,CAAC,qCAAiB,CAAC,MAAM,CAAC,EAAE,0CAAc;oBAC1C,CAAC,qCAAiB,CAAC,kBAAkB,CAAC,EAClC,sDAA0B;oBAC9B,CAAC,qCAAiB,CAAC,MAAM,CAAC,EAAE,0CAAc;oBAC1C,CAAC,qCAAiB,CAAC,SAAS,CAAC,EAAE,6CAAiB;oBAChD,CAAC,qCAAiB,CAAC,KAAK,CAAC,EAAE,yCAAa;iBAC3C,CAAC,IAAI,CAAC,CAAC;gBAER,yBAAyB;gBACzB,MAAM,WAAW,GAAG,IAAI,wBAAc,CAAgB,iBAAO,CAAC,CAAC;gBAC/D,6CAAsB,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;gBAClD,MAAM,aAAa,GAAG,WAAW,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC;gBAEvD,0BAA0B;gBAC1B,MAAM,YAAY,GAAG,IAAI,wBAAc,CAAgB,iBAAO,CAAC,CAAC;gBAChE,MAAM,MAAM,GAAG,IAAA,wCAAmB,EAAC,IAAI,CAAC,CAAC;gBACzC,IAAA,4CAAsB,EAClB;oBACI,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,WAAW,EAAE,MAAM,CAAC,WAAW;oBAC/B,MAAM;oBACN,YAAY,EAAE,KAAK;iBACtB,EACD,YAAY,CACf,CAAC;gBACF,MAAM,cAAc,GAAG,YAAY,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC;gBAEzD,OAAO,CAAC,GAAG,CACP,GAAG,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,iBAAiB,aAAa;qBAC3C,QAAQ,EAAE;qBACV,QAAQ,CAAC,CAAC,CAAC,kBAAkB,cAAc;qBAC3C,QAAQ,EAAE;qBACV,QAAQ,CAAC,CAAC,CAAC,aAAa,MAAM,CAAC,MAAM;qBACrC,QAAQ,EAAE;qBACV,QAAQ,CAAC,CAAC,CAAC,EAAE,CACrB,CAAC;YACN,CAAC,CAAC,CAAC;YAEH,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;QACrD,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC"}

package/dist/cjs/authorization/scopeAbilityBuilder.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"scopeAbilityBuilder.d.ts","sourceRoot":"","sources":["../../../src/authorization/scopeAbilityBuilder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,cAAc,EAAE,MAAM,eAAe,CAAC;AAIpD,OAAO,EAAE,KAAK,aAAa,EAAE,MAAM,SAAS,CAAC;AAqD7C,KAAK,iBAAiB,GAChB;IACI,gBAAgB,EAAE,MAAM,CAAC;IACzB,WAAW,CAAC,EAAE,KAAK,CAAC;CACvB,GACD;IACI,WAAW,EAAE,MAAM,CAAC;IACpB,gBAAgB,CAAC,EAAE,KAAK,CAAC;CAC5B,CAAC;AAER,KAAK,cAAc,GAAG;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,YAAY,EAAE,OAAO,GAAG,SAAS,CAAC;IAClC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,iBAAiB,CAAC,EAAE;QAChB,GAAG,EAAE;YACD,OAAO,EAAE,OAAO,CAAC;YACjB,eAAe,EAAE,MAAM,EAAE,CAAC;SAC7B,CAAC;KACL,CAAC;CACL,GAAG,iBAAiB,CAAC;AAEtB;;;;GAIG;AACH,eAAO,MAAM,sBAAsB,YACtB,cAAc,WACd,cAAc,CAAC,aAAa,CAAC,KACvC,IAaF,CAAC"}
+{"version":3,"file":"scopeAbilityBuilder.d.ts","sourceRoot":"","sources":["../../../src/authorization/scopeAbilityBuilder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,cAAc,EAAE,MAAM,eAAe,CAAC;AAIpD,OAAO,EAAE,KAAK,aAAa,EAAE,MAAM,SAAS,CAAC;AAuD7C,KAAK,iBAAiB,GAChB;IACI,gBAAgB,EAAE,MAAM,CAAC;IACzB,WAAW,CAAC,EAAE,KAAK,CAAC;CACvB,GACD;IACI,WAAW,EAAE,MAAM,CAAC;IACpB,gBAAgB,CAAC,EAAE,KAAK,CAAC;CAC5B,CAAC;AAER,KAAK,cAAc,GAAG;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,YAAY,EAAE,OAAO,GAAG,SAAS,CAAC;IAClC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,iBAAiB,CAAC,EAAE;QAChB,GAAG,EAAE;YACD,OAAO,EAAE,OAAO,CAAC;YACjB,eAAe,EAAE,MAAM,EAAE,CAAC;SAC7B,CAAC;KACL,CAAC;CACL,GAAG,iBAAiB,CAAC;AAEtB;;;;GAIG;AACH,eAAO,MAAM,sBAAsB,YACtB,cAAc,WACd,cAAc,CAAC,aAAa,CAAC,KACvC,IAaF,CAAC"}

package/dist/cjs/authorization/scopeAbilityBuilder.js

@@ -26,13 +26,16 @@ const applyScopeAbilities = (context, builder) => {
         if (!scope)
             return;
         const [action, subject] = (0, parseScopes_1.parseScope)(scopeName);
-        const conditionsList = scope.getConditions
-            ? scope.getConditions(context)
-            : [];
-        // Apply each condition set
-        conditionsList.forEach((conditions) => {
-            builder.can(action, subject, conditions);
-        });
+        const conditionsList = scope.getConditions(context);
+        // Apply each condition set if there are any
+        if (conditionsList.length === 0) {
+            builder.can(action, subject);
+        }
+        else {
+            conditionsList.forEach((conditions) => {
+                builder.can(action, subject, conditions);
+            });
+        }
     });
     handlePatConfigApplication(context, builder);
 };

package/dist/cjs/authorization/scopeAbilityBuilder.js.map

@@ -1 +1 @@
-{"version":3,"file":"scopeAbilityBuilder.js","sourceRoot":"","sources":["../../../src/authorization/scopeAbilityBuilder.ts"],"names":[],"mappings":";;;AAEA,+CAAwD;AACxD,qCAA0C;AAG1C,MAAM,0BAA0B,GAAG,CAC/B,OAAqB,EACrB,OAAsC,EACxC,EAAE;IACA,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,EAAE,iBAAiB,IAAI,EAAE,CAAC;IACjD,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CACjC,CAAC,IAAI,EAAE,EAAE,CACL,IAAI,CAAC,MAAM,KAAK,QAAQ,IAAI,IAAI,CAAC,OAAO,KAAK,qBAAqB,CACzE,CAAC;IAEF,IACI,CAAC,UAAU;QACX,GAAG,EAAE,OAAO;QACZ,OAAO,CAAC,gBAAgB;QACxB,GAAG,EAAE,eAAe,EAAE,QAAQ,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAC1D,CAAC;QACC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,qBAAqB,CAAC,CAAC;IACjD,CAAC;AACL,CAAC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,mBAAmB,GAAG,CACxB,OAAqB,EACrB,OAAsC,EAClC,EAAE;IACN,MAAM,QAAQ,GAAG,IAAA,uBAAc,EAAC,EAAE,YAAY,EAAE,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;IAExE,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,EAAE;QACjC,MAAM,KAAK,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC;QAElC,IAAI,CAAC,KAAK;YAAE,OAAO;QAEnB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAA,wBAAU,EAAC,SAAS,CAAC,CAAC;QAChD,MAAM,cAAc,GAAG,KAAK,CAAC,aAAa;YACtC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,OAAO,CAAC;YAC9B,CAAC,CAAC,EAAE,CAAC;QAET,2BAA2B;QAC3B,cAAc,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;YAClC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,0BAA0B,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;AACjD,CAAC,CAAC;AAyBF;;;;GAIG;AACI,MAAM,sBAAsB,GAAG,CAClC,OAAuB,EACvB,OAAsC,EAClC,EAAE;IACN,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,IAAI,KAAK,CAAC;IACnD,MAAM,MAAM,GAAG,IAAA,yBAAW,EAAC;QACvB,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,YAAY;KACf,CAAC,CAAC;IACH,MAAM,aAAa,GAAG;QAClB,GAAG,OAAO;QACV,MAAM;QACN,YAAY;KACf,CAAC;IAEF,mBAAmB,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;AAChD,CAAC,CAAC;AAhBW,QAAA,sBAAsB,0BAgBjC"}
+{"version":3,"file":"scopeAbilityBuilder.js","sourceRoot":"","sources":["../../../src/authorization/scopeAbilityBuilder.ts"],"names":[],"mappings":";;;AAEA,+CAAwD;AACxD,qCAA0C;AAG1C,MAAM,0BAA0B,GAAG,CAC/B,OAAqB,EACrB,OAAsC,EACxC,EAAE;IACA,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,EAAE,iBAAiB,IAAI,EAAE,CAAC;IACjD,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CACjC,CAAC,IAAI,EAAE,EAAE,CACL,IAAI,CAAC,MAAM,KAAK,QAAQ,IAAI,IAAI,CAAC,OAAO,KAAK,qBAAqB,CACzE,CAAC;IAEF,IACI,CAAC,UAAU;QACX,GAAG,EAAE,OAAO;QACZ,OAAO,CAAC,gBAAgB;QACxB,GAAG,EAAE,eAAe,EAAE,QAAQ,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAC1D,CAAC;QACC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,qBAAqB,CAAC,CAAC;IACjD,CAAC;AACL,CAAC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,mBAAmB,GAAG,CACxB,OAAqB,EACrB,OAAsC,EAClC,EAAE;IACN,MAAM,QAAQ,GAAG,IAAA,uBAAc,EAAC,EAAE,YAAY,EAAE,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;IAExE,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,EAAE;QACjC,MAAM,KAAK,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC;QAElC,IAAI,CAAC,KAAK;YAAE,OAAO;QAEnB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAA,wBAAU,EAAC,SAAS,CAAC,CAAC;QAChD,MAAM,cAAc,GAAG,KAAK,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QAEpD,4CAA4C;QAC5C,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9B,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACjC,CAAC;aAAM,CAAC;YACJ,cAAc,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;gBAClC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;YAC7C,CAAC,CAAC,CAAC;QACP,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,0BAA0B,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;AACjD,CAAC,CAAC;AAyBF;;;;GAIG;AACI,MAAM,sBAAsB,GAAG,CAClC,OAAuB,EACvB,OAAsC,EAClC,EAAE;IACN,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,IAAI,KAAK,CAAC;IACnD,MAAM,MAAM,GAAG,IAAA,yBAAW,EAAC;QACvB,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,YAAY;KACf,CAAC,CAAC;IACH,MAAM,aAAa,GAAG;QAClB,GAAG,OAAO;QACV,MAAM;QACN,YAAY;KACf,CAAC;IAEF,mBAAmB,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;AAChD,CAAC,CAAC;AAhBW,QAAA,sBAAsB,0BAgBjC"}