@litusarchieve18/agricore-utils 1.0.21 → 1.0.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -183,7 +183,15 @@ Run the publish command:
183
183
  Bash
184
184
  npm publish --access public
185
185
  📝 Version History
186
- V1.0.20add finance access and some top menu section that were missing
186
+ V1.0.25
187
+
188
+ V1.0.24 —
189
+
190
+ V1.0.23 —
191
+
192
+ V1.0.22 — refactor session object to include multiple roles and privileges
193
+
194
+ V1.0.21 — add finance access and some top menu section that were missing
187
195
 
188
196
  V1.0.20 — add inventory access reconcile
189
197
 
@@ -84,6 +84,34 @@ var AccessLevel = {
84
84
  READ: "READ",
85
85
  WRITE: "WRITE"
86
86
  };
87
+ var SESSION_SCHEMA = [
88
+ { key: "u", path: "userId", type: "scalar" },
89
+ { key: "n", path: "userName", type: "scalar" },
90
+ { key: "e", path: "userEmail", type: "scalar" },
91
+ { key: "c", path: "companyId", type: "scalar" },
92
+ { key: "a", path: "activeScopeId", type: "scalar" },
93
+ {
94
+ key: "cc",
95
+ path: "companyConfig",
96
+ type: "object",
97
+ fields: [{ key: "me", path: "isMultiEntity", type: "scalar" }]
98
+ },
99
+ { key: "m", path: "enabledModules", type: "scalar" },
100
+ { key: "ra", path: "roleAssignments", type: "scalar" },
101
+ {
102
+ key: "as",
103
+ path: "availableScopes",
104
+ type: "recordArray",
105
+ fields: [
106
+ { key: "ai", path: "authScopeId", type: "scalar" },
107
+ { key: "bi", path: "base44Id", type: "scalar" },
108
+ { key: "t", path: "type", type: "scalar", enum: ["company", "legalEntity", "facility"] },
109
+ { key: "nm", path: "name", type: "scalar" },
110
+ { key: "pi", path: "parentId", type: "scalar" }
111
+ ]
112
+ },
113
+ { key: "ro", path: "resourceOverrides", type: "scalar" }
114
+ ];
87
115
  var EnabledModule = {
88
116
  FARM_MANAGEMENT: "farm_management",
89
117
  PACKHOUSE: "packhouse",
@@ -932,6 +960,7 @@ export {
932
960
  UserRole,
933
961
  UserPrivilege,
934
962
  AccessLevel,
963
+ SESSION_SCHEMA,
935
964
  EnabledModule,
936
965
  FacilityType,
937
966
  LinkedStatus,
@@ -7,6 +7,10 @@ interface AvailableScope {
7
7
  name: string;
8
8
  parentId: string | null;
9
9
  }
10
+ interface RoleAssignment {
11
+ role: string;
12
+ privileges: string[];
13
+ }
10
14
  interface CompanyConfig {
11
15
  isMultiEntity: boolean;
12
16
  }
@@ -28,15 +32,43 @@ interface AgriCoreSession {
28
32
  userName: string;
29
33
  userEmail: string;
30
34
  companyId: string;
31
- activeScopeId: string | null;
32
- companyConfig: CompanyConfig;
33
- role: string;
34
- privileges: string[];
35
+ activeScopeId: string;
36
+ companyConfig: {
37
+ isMultiEntity: boolean;
38
+ };
35
39
  enabledModules: string[];
36
- readScopes: string[];
37
- writeScopes: string[];
40
+ roleAssignments: Record<string, RoleAssignment>;
38
41
  availableScopes: AvailableScope[];
39
- resourceOverrides: ResourceOverrides;
42
+ resourceOverrides: Record<string, Record<string, PermissionLevel>>;
43
+ }
44
+ type WireAvailableScope = [
45
+ authScopeId: string,
46
+ base44Id: string,
47
+ typeCode: number,
48
+ name: string,
49
+ parentId: string | null
50
+ ];
51
+ interface WireSession {
52
+ u: string;
53
+ n: string;
54
+ e: string;
55
+ c: string;
56
+ a: string;
57
+ cc: {
58
+ me: boolean;
59
+ };
60
+ m: string[];
61
+ ra: Record<string, RoleAssignment>;
62
+ as: WireAvailableScope[];
63
+ ro: Record<string, Record<string, PermissionLevel>>;
64
+ }
65
+ type FieldType = "scalar" | "object" | "recordArray";
66
+ interface SchemaField {
67
+ key: string;
68
+ path: string;
69
+ type: FieldType;
70
+ fields?: SchemaField[];
71
+ enum?: readonly string[];
40
72
  }
41
73
  interface ResolvedError {
42
74
  title: string;
@@ -216,6 +248,7 @@ declare const AccessLevel: {
216
248
  readonly READ: "READ";
217
249
  readonly WRITE: "WRITE";
218
250
  };
251
+ declare const SESSION_SCHEMA: SchemaField[];
219
252
  declare const EnabledModule: {
220
253
  readonly FARM_MANAGEMENT: "farm_management";
221
254
  readonly PACKHOUSE: "packhouse";
@@ -634,4 +667,4 @@ declare const StockPolicyTier: {
634
667
  readonly BY_LOCATION: 3;
635
668
  };
636
669
 
637
- export { NettingType as $, ACCESS_RANK as A, BarcodeNamespace as B, CAR_SUPPORTED_EVIDENCE_MIME_TYPES as C, type CorrectiveActionCompileTaskMetadata as D, type CorrectiveActionGenerationSource as E, type CorrectiveActionStatus as F, CropCycleStatus as G, DOCUMENT_DISPLAY_INFO as H, DOCUMENT_MENU_MAP as I, DocumentCategory as J, DocumentType as K, ERROR_DICTIONARY as L, EVERYONE as M, EmitterType as N, EnabledModule as O, FORM_REGISTRY as P, FacilityType as Q, type FileUploadTaskType as R, type FormMeta as S, HarvestMethod as T, type InfrastructureFields as U, LinkedStatus as V, MOD as W, MODULE_LABELS as X, MicroclimateZone as Y, MimeType as Z, type ModCode as _, ACT as a, type NormalizedSignatureValue as a0, NotificationMode as a1, OrderStatus as a2, type PermissionLevel as a3, PhysicalState as a4, PlantingMethod as a5, ProductType as a6, type ProductTypeType as a7, ProductUnit as a8, type ProductUnitType as a9, type TemplateScopeLevel as aA, TransactionType as aB, TrellisType as aC, UserPrivilege as aD, UserRole as aE, type UserRoleType as aF, VigorRating as aG, WaterSource as aH, RESOURCE_MODULE_MAP as aa, RESOURCE_PATHS as ab, RESOURCE_REQUIREMENTS as ac, ROLE_SECTIONS_BY_KEY as ad, RelationshipType as ae, type ResolvedError as af, type ResourceOverrides as ag, type ResourceRequirement as ah, RowOrientation as ai, SENTINEL_UUID as aj, SIGNATURE_MODES as ak, type ScopeType as al, type SignatureInput as am, type SignatureMode as an, SoilTexture as ao, StockPolicyTier as ap, type StockPolicyTierType as aq, StoragePhases as ar, type StorageType as as, TASK_TYPE_REGISTRY as at, TEMPLATE_SCOPE_LEVELS as au, type TabConfig as av, TargetEntityType as aw, TaskStatus as ax, TaskType as ay, type TaskTypeConfig as az, AccessLevel as b, type AccessLevelType as c, type AgriCoreSession as d, ApprovalStatus as e, ApprovalType as f, AuditStatus as g, AuditType as h, type AuthScopeFields as i, type AvailableScope as j, type BarcodeNamespaceType as k, BarcodeType as l, type BarcodeTypeType as m, type Base44Id as n, CAR_SUPPORTED_SIGNATURE_MIME_TYPES as o, CAT as p, CATEGORY_TABS as q, CORRECTIVE_ACTION_GENERATION_SOURCES as r, CORRECTIVE_ACTION_STATUSES as s, type CanonicalId as t, type CarSupportedEvidenceMimeType as u, type CarSupportedSignatureMimeType as v, type CarTemplateFileMetadata as w, CatalogSyncStatus as x, type CatalogSyncStatusType as y, type CompanyConfig as z };
670
+ export { NettingType as $, ACCESS_RANK as A, BarcodeNamespace as B, CAR_SUPPORTED_EVIDENCE_MIME_TYPES as C, type CorrectiveActionCompileTaskMetadata as D, type CorrectiveActionGenerationSource as E, type CorrectiveActionStatus as F, CropCycleStatus as G, DOCUMENT_DISPLAY_INFO as H, DOCUMENT_MENU_MAP as I, DocumentCategory as J, DocumentType as K, ERROR_DICTIONARY as L, EVERYONE as M, EmitterType as N, EnabledModule as O, FORM_REGISTRY as P, FacilityType as Q, type FileUploadTaskType as R, type FormMeta as S, HarvestMethod as T, type InfrastructureFields as U, LinkedStatus as V, MOD as W, MODULE_LABELS as X, MicroclimateZone as Y, MimeType as Z, type ModCode as _, ACT as a, type NormalizedSignatureValue as a0, NotificationMode as a1, OrderStatus as a2, type PermissionLevel as a3, PhysicalState as a4, PlantingMethod as a5, ProductType as a6, type ProductTypeType as a7, ProductUnit as a8, type ProductUnitType as a9, TaskStatus as aA, TaskType as aB, type TaskTypeConfig as aC, type TemplateScopeLevel as aD, TransactionType as aE, TrellisType as aF, UserPrivilege as aG, UserRole as aH, type UserRoleType as aI, VigorRating as aJ, WaterSource as aK, type WireSession as aL, RESOURCE_MODULE_MAP as aa, RESOURCE_PATHS as ab, RESOURCE_REQUIREMENTS as ac, ROLE_SECTIONS_BY_KEY as ad, RelationshipType as ae, type ResolvedError as af, type ResourceOverrides as ag, type ResourceRequirement as ah, type RoleAssignment as ai, RowOrientation as aj, SENTINEL_UUID as ak, SESSION_SCHEMA as al, SIGNATURE_MODES as am, type SchemaField as an, type ScopeType as ao, type SignatureInput as ap, type SignatureMode as aq, SoilTexture as ar, StockPolicyTier as as, type StockPolicyTierType as at, StoragePhases as au, type StorageType as av, TASK_TYPE_REGISTRY as aw, TEMPLATE_SCOPE_LEVELS as ax, type TabConfig as ay, TargetEntityType as az, AccessLevel as b, type AccessLevelType as c, type AgriCoreSession as d, ApprovalStatus as e, ApprovalType as f, AuditStatus as g, AuditType as h, type AuthScopeFields as i, type AvailableScope as j, type BarcodeNamespaceType as k, BarcodeType as l, type BarcodeTypeType as m, type Base44Id as n, CAR_SUPPORTED_SIGNATURE_MIME_TYPES as o, CAT as p, CATEGORY_TABS as q, CORRECTIVE_ACTION_GENERATION_SOURCES as r, CORRECTIVE_ACTION_STATUSES as s, type CanonicalId as t, type CarSupportedEvidenceMimeType as u, type CarSupportedSignatureMimeType as v, type CarTemplateFileMetadata as w, CatalogSyncStatus as x, type CatalogSyncStatusType as y, type CompanyConfig as z };
@@ -7,6 +7,10 @@ interface AvailableScope {
7
7
  name: string;
8
8
  parentId: string | null;
9
9
  }
10
+ interface RoleAssignment {
11
+ role: string;
12
+ privileges: string[];
13
+ }
10
14
  interface CompanyConfig {
11
15
  isMultiEntity: boolean;
12
16
  }
@@ -28,15 +32,43 @@ interface AgriCoreSession {
28
32
  userName: string;
29
33
  userEmail: string;
30
34
  companyId: string;
31
- activeScopeId: string | null;
32
- companyConfig: CompanyConfig;
33
- role: string;
34
- privileges: string[];
35
+ activeScopeId: string;
36
+ companyConfig: {
37
+ isMultiEntity: boolean;
38
+ };
35
39
  enabledModules: string[];
36
- readScopes: string[];
37
- writeScopes: string[];
40
+ roleAssignments: Record<string, RoleAssignment>;
38
41
  availableScopes: AvailableScope[];
39
- resourceOverrides: ResourceOverrides;
42
+ resourceOverrides: Record<string, Record<string, PermissionLevel>>;
43
+ }
44
+ type WireAvailableScope = [
45
+ authScopeId: string,
46
+ base44Id: string,
47
+ typeCode: number,
48
+ name: string,
49
+ parentId: string | null
50
+ ];
51
+ interface WireSession {
52
+ u: string;
53
+ n: string;
54
+ e: string;
55
+ c: string;
56
+ a: string;
57
+ cc: {
58
+ me: boolean;
59
+ };
60
+ m: string[];
61
+ ra: Record<string, RoleAssignment>;
62
+ as: WireAvailableScope[];
63
+ ro: Record<string, Record<string, PermissionLevel>>;
64
+ }
65
+ type FieldType = "scalar" | "object" | "recordArray";
66
+ interface SchemaField {
67
+ key: string;
68
+ path: string;
69
+ type: FieldType;
70
+ fields?: SchemaField[];
71
+ enum?: readonly string[];
40
72
  }
41
73
  interface ResolvedError {
42
74
  title: string;
@@ -216,6 +248,7 @@ declare const AccessLevel: {
216
248
  readonly READ: "READ";
217
249
  readonly WRITE: "WRITE";
218
250
  };
251
+ declare const SESSION_SCHEMA: SchemaField[];
219
252
  declare const EnabledModule: {
220
253
  readonly FARM_MANAGEMENT: "farm_management";
221
254
  readonly PACKHOUSE: "packhouse";
@@ -634,4 +667,4 @@ declare const StockPolicyTier: {
634
667
  readonly BY_LOCATION: 3;
635
668
  };
636
669
 
637
- export { NettingType as $, ACCESS_RANK as A, BarcodeNamespace as B, CAR_SUPPORTED_EVIDENCE_MIME_TYPES as C, type CorrectiveActionCompileTaskMetadata as D, type CorrectiveActionGenerationSource as E, type CorrectiveActionStatus as F, CropCycleStatus as G, DOCUMENT_DISPLAY_INFO as H, DOCUMENT_MENU_MAP as I, DocumentCategory as J, DocumentType as K, ERROR_DICTIONARY as L, EVERYONE as M, EmitterType as N, EnabledModule as O, FORM_REGISTRY as P, FacilityType as Q, type FileUploadTaskType as R, type FormMeta as S, HarvestMethod as T, type InfrastructureFields as U, LinkedStatus as V, MOD as W, MODULE_LABELS as X, MicroclimateZone as Y, MimeType as Z, type ModCode as _, ACT as a, type NormalizedSignatureValue as a0, NotificationMode as a1, OrderStatus as a2, type PermissionLevel as a3, PhysicalState as a4, PlantingMethod as a5, ProductType as a6, type ProductTypeType as a7, ProductUnit as a8, type ProductUnitType as a9, type TemplateScopeLevel as aA, TransactionType as aB, TrellisType as aC, UserPrivilege as aD, UserRole as aE, type UserRoleType as aF, VigorRating as aG, WaterSource as aH, RESOURCE_MODULE_MAP as aa, RESOURCE_PATHS as ab, RESOURCE_REQUIREMENTS as ac, ROLE_SECTIONS_BY_KEY as ad, RelationshipType as ae, type ResolvedError as af, type ResourceOverrides as ag, type ResourceRequirement as ah, RowOrientation as ai, SENTINEL_UUID as aj, SIGNATURE_MODES as ak, type ScopeType as al, type SignatureInput as am, type SignatureMode as an, SoilTexture as ao, StockPolicyTier as ap, type StockPolicyTierType as aq, StoragePhases as ar, type StorageType as as, TASK_TYPE_REGISTRY as at, TEMPLATE_SCOPE_LEVELS as au, type TabConfig as av, TargetEntityType as aw, TaskStatus as ax, TaskType as ay, type TaskTypeConfig as az, AccessLevel as b, type AccessLevelType as c, type AgriCoreSession as d, ApprovalStatus as e, ApprovalType as f, AuditStatus as g, AuditType as h, type AuthScopeFields as i, type AvailableScope as j, type BarcodeNamespaceType as k, BarcodeType as l, type BarcodeTypeType as m, type Base44Id as n, CAR_SUPPORTED_SIGNATURE_MIME_TYPES as o, CAT as p, CATEGORY_TABS as q, CORRECTIVE_ACTION_GENERATION_SOURCES as r, CORRECTIVE_ACTION_STATUSES as s, type CanonicalId as t, type CarSupportedEvidenceMimeType as u, type CarSupportedSignatureMimeType as v, type CarTemplateFileMetadata as w, CatalogSyncStatus as x, type CatalogSyncStatusType as y, type CompanyConfig as z };
670
+ export { NettingType as $, ACCESS_RANK as A, BarcodeNamespace as B, CAR_SUPPORTED_EVIDENCE_MIME_TYPES as C, type CorrectiveActionCompileTaskMetadata as D, type CorrectiveActionGenerationSource as E, type CorrectiveActionStatus as F, CropCycleStatus as G, DOCUMENT_DISPLAY_INFO as H, DOCUMENT_MENU_MAP as I, DocumentCategory as J, DocumentType as K, ERROR_DICTIONARY as L, EVERYONE as M, EmitterType as N, EnabledModule as O, FORM_REGISTRY as P, FacilityType as Q, type FileUploadTaskType as R, type FormMeta as S, HarvestMethod as T, type InfrastructureFields as U, LinkedStatus as V, MOD as W, MODULE_LABELS as X, MicroclimateZone as Y, MimeType as Z, type ModCode as _, ACT as a, type NormalizedSignatureValue as a0, NotificationMode as a1, OrderStatus as a2, type PermissionLevel as a3, PhysicalState as a4, PlantingMethod as a5, ProductType as a6, type ProductTypeType as a7, ProductUnit as a8, type ProductUnitType as a9, TaskStatus as aA, TaskType as aB, type TaskTypeConfig as aC, type TemplateScopeLevel as aD, TransactionType as aE, TrellisType as aF, UserPrivilege as aG, UserRole as aH, type UserRoleType as aI, VigorRating as aJ, WaterSource as aK, type WireSession as aL, RESOURCE_MODULE_MAP as aa, RESOURCE_PATHS as ab, RESOURCE_REQUIREMENTS as ac, ROLE_SECTIONS_BY_KEY as ad, RelationshipType as ae, type ResolvedError as af, type ResourceOverrides as ag, type ResourceRequirement as ah, type RoleAssignment as ai, RowOrientation as aj, SENTINEL_UUID as ak, SESSION_SCHEMA as al, SIGNATURE_MODES as am, type SchemaField as an, type ScopeType as ao, type SignatureInput as ap, type SignatureMode as aq, SoilTexture as ar, StockPolicyTier as as, type StockPolicyTierType as at, StoragePhases as au, type StorageType as av, TASK_TYPE_REGISTRY as aw, TEMPLATE_SCOPE_LEVELS as ax, type TabConfig as ay, TargetEntityType as az, AccessLevel as b, type AccessLevelType as c, type AgriCoreSession as d, ApprovalStatus as e, ApprovalType as f, AuditStatus as g, AuditType as h, type AuthScopeFields as i, type AvailableScope as j, type BarcodeNamespaceType as k, BarcodeType as l, type BarcodeTypeType as m, type Base44Id as n, CAR_SUPPORTED_SIGNATURE_MIME_TYPES as o, CAT as p, CATEGORY_TABS as q, CORRECTIVE_ACTION_GENERATION_SOURCES as r, CORRECTIVE_ACTION_STATUSES as s, type CanonicalId as t, type CarSupportedEvidenceMimeType as u, type CarSupportedSignatureMimeType as v, type CarTemplateFileMetadata as w, CatalogSyncStatus as x, type CatalogSyncStatusType as y, type CompanyConfig as z };
@@ -1 +1 @@
1
- export { A as ACCESS_RANK, a as ACT, b as AccessLevel, e as ApprovalStatus, f as ApprovalType, g as AuditStatus, h as AuditType, B as BarcodeNamespace, l as BarcodeType, C as CAR_SUPPORTED_EVIDENCE_MIME_TYPES, o as CAR_SUPPORTED_SIGNATURE_MIME_TYPES, p as CAT, q as CATEGORY_TABS, r as CORRECTIVE_ACTION_GENERATION_SOURCES, s as CORRECTIVE_ACTION_STATUSES, x as CatalogSyncStatus, G as CropCycleStatus, H as DOCUMENT_DISPLAY_INFO, I as DOCUMENT_MENU_MAP, J as DocumentCategory, K as DocumentType, L as ERROR_DICTIONARY, M as EVERYONE, N as EmitterType, O as EnabledModule, P as FORM_REGISTRY, Q as FacilityType, T as HarvestMethod, V as LinkedStatus, W as MOD, X as MODULE_LABELS, Y as MicroclimateZone, Z as MimeType, _ as ModCode, $ as NettingType, a1 as NotificationMode, a2 as OrderStatus, a4 as PhysicalState, a5 as PlantingMethod, a6 as ProductType, a8 as ProductUnit, aa as RESOURCE_MODULE_MAP, ab as RESOURCE_PATHS, ac as RESOURCE_REQUIREMENTS, ad as ROLE_SECTIONS_BY_KEY, ae as RelationshipType, ah as ResourceRequirement, ai as RowOrientation, aj as SENTINEL_UUID, ak as SIGNATURE_MODES, ao as SoilTexture, ap as StockPolicyTier, ar as StoragePhases, at as TASK_TYPE_REGISTRY, au as TEMPLATE_SCOPE_LEVELS, aw as TargetEntityType, ax as TaskStatus, ay as TaskType, aB as TransactionType, aC as TrellisType, aD as UserPrivilege, aE as UserRole, aG as VigorRating, aH as WaterSource } from './constants-BQmsBTQ7.mjs';
1
+ export { A as ACCESS_RANK, a as ACT, b as AccessLevel, e as ApprovalStatus, f as ApprovalType, g as AuditStatus, h as AuditType, B as BarcodeNamespace, l as BarcodeType, C as CAR_SUPPORTED_EVIDENCE_MIME_TYPES, o as CAR_SUPPORTED_SIGNATURE_MIME_TYPES, p as CAT, q as CATEGORY_TABS, r as CORRECTIVE_ACTION_GENERATION_SOURCES, s as CORRECTIVE_ACTION_STATUSES, x as CatalogSyncStatus, G as CropCycleStatus, H as DOCUMENT_DISPLAY_INFO, I as DOCUMENT_MENU_MAP, J as DocumentCategory, K as DocumentType, L as ERROR_DICTIONARY, M as EVERYONE, N as EmitterType, O as EnabledModule, P as FORM_REGISTRY, Q as FacilityType, T as HarvestMethod, V as LinkedStatus, W as MOD, X as MODULE_LABELS, Y as MicroclimateZone, Z as MimeType, _ as ModCode, $ as NettingType, a1 as NotificationMode, a2 as OrderStatus, a4 as PhysicalState, a5 as PlantingMethod, a6 as ProductType, a8 as ProductUnit, aa as RESOURCE_MODULE_MAP, ab as RESOURCE_PATHS, ac as RESOURCE_REQUIREMENTS, ad as ROLE_SECTIONS_BY_KEY, ae as RelationshipType, ah as ResourceRequirement, aj as RowOrientation, ak as SENTINEL_UUID, al as SESSION_SCHEMA, am as SIGNATURE_MODES, ar as SoilTexture, as as StockPolicyTier, au as StoragePhases, aw as TASK_TYPE_REGISTRY, ax as TEMPLATE_SCOPE_LEVELS, az as TargetEntityType, aA as TaskStatus, aB as TaskType, aE as TransactionType, aF as TrellisType, aG as UserPrivilege, aH as UserRole, aJ as VigorRating, aK as WaterSource } from './constants-lhTP4wzB.mjs';
@@ -1 +1 @@
1
- export { A as ACCESS_RANK, a as ACT, b as AccessLevel, e as ApprovalStatus, f as ApprovalType, g as AuditStatus, h as AuditType, B as BarcodeNamespace, l as BarcodeType, C as CAR_SUPPORTED_EVIDENCE_MIME_TYPES, o as CAR_SUPPORTED_SIGNATURE_MIME_TYPES, p as CAT, q as CATEGORY_TABS, r as CORRECTIVE_ACTION_GENERATION_SOURCES, s as CORRECTIVE_ACTION_STATUSES, x as CatalogSyncStatus, G as CropCycleStatus, H as DOCUMENT_DISPLAY_INFO, I as DOCUMENT_MENU_MAP, J as DocumentCategory, K as DocumentType, L as ERROR_DICTIONARY, M as EVERYONE, N as EmitterType, O as EnabledModule, P as FORM_REGISTRY, Q as FacilityType, T as HarvestMethod, V as LinkedStatus, W as MOD, X as MODULE_LABELS, Y as MicroclimateZone, Z as MimeType, _ as ModCode, $ as NettingType, a1 as NotificationMode, a2 as OrderStatus, a4 as PhysicalState, a5 as PlantingMethod, a6 as ProductType, a8 as ProductUnit, aa as RESOURCE_MODULE_MAP, ab as RESOURCE_PATHS, ac as RESOURCE_REQUIREMENTS, ad as ROLE_SECTIONS_BY_KEY, ae as RelationshipType, ah as ResourceRequirement, ai as RowOrientation, aj as SENTINEL_UUID, ak as SIGNATURE_MODES, ao as SoilTexture, ap as StockPolicyTier, ar as StoragePhases, at as TASK_TYPE_REGISTRY, au as TEMPLATE_SCOPE_LEVELS, aw as TargetEntityType, ax as TaskStatus, ay as TaskType, aB as TransactionType, aC as TrellisType, aD as UserPrivilege, aE as UserRole, aG as VigorRating, aH as WaterSource } from './constants-BQmsBTQ7.js';
1
+ export { A as ACCESS_RANK, a as ACT, b as AccessLevel, e as ApprovalStatus, f as ApprovalType, g as AuditStatus, h as AuditType, B as BarcodeNamespace, l as BarcodeType, C as CAR_SUPPORTED_EVIDENCE_MIME_TYPES, o as CAR_SUPPORTED_SIGNATURE_MIME_TYPES, p as CAT, q as CATEGORY_TABS, r as CORRECTIVE_ACTION_GENERATION_SOURCES, s as CORRECTIVE_ACTION_STATUSES, x as CatalogSyncStatus, G as CropCycleStatus, H as DOCUMENT_DISPLAY_INFO, I as DOCUMENT_MENU_MAP, J as DocumentCategory, K as DocumentType, L as ERROR_DICTIONARY, M as EVERYONE, N as EmitterType, O as EnabledModule, P as FORM_REGISTRY, Q as FacilityType, T as HarvestMethod, V as LinkedStatus, W as MOD, X as MODULE_LABELS, Y as MicroclimateZone, Z as MimeType, _ as ModCode, $ as NettingType, a1 as NotificationMode, a2 as OrderStatus, a4 as PhysicalState, a5 as PlantingMethod, a6 as ProductType, a8 as ProductUnit, aa as RESOURCE_MODULE_MAP, ab as RESOURCE_PATHS, ac as RESOURCE_REQUIREMENTS, ad as ROLE_SECTIONS_BY_KEY, ae as RelationshipType, ah as ResourceRequirement, aj as RowOrientation, ak as SENTINEL_UUID, al as SESSION_SCHEMA, am as SIGNATURE_MODES, ar as SoilTexture, as as StockPolicyTier, au as StoragePhases, aw as TASK_TYPE_REGISTRY, ax as TEMPLATE_SCOPE_LEVELS, az as TargetEntityType, aA as TaskStatus, aB as TaskType, aE as TransactionType, aF as TrellisType, aG as UserPrivilege, aH as UserRole, aJ as VigorRating, aK as WaterSource } from './constants-lhTP4wzB.js';
package/dist/constants.js CHANGED
@@ -67,6 +67,7 @@ __export(constants_exports, {
67
67
  RelationshipType: () => RelationshipType,
68
68
  RowOrientation: () => RowOrientation,
69
69
  SENTINEL_UUID: () => SENTINEL_UUID,
70
+ SESSION_SCHEMA: () => SESSION_SCHEMA,
70
71
  SIGNATURE_MODES: () => SIGNATURE_MODES,
71
72
  SoilTexture: () => SoilTexture,
72
73
  StockPolicyTier: () => StockPolicyTier,
@@ -169,6 +170,34 @@ var AccessLevel = {
169
170
  READ: "READ",
170
171
  WRITE: "WRITE"
171
172
  };
173
+ var SESSION_SCHEMA = [
174
+ { key: "u", path: "userId", type: "scalar" },
175
+ { key: "n", path: "userName", type: "scalar" },
176
+ { key: "e", path: "userEmail", type: "scalar" },
177
+ { key: "c", path: "companyId", type: "scalar" },
178
+ { key: "a", path: "activeScopeId", type: "scalar" },
179
+ {
180
+ key: "cc",
181
+ path: "companyConfig",
182
+ type: "object",
183
+ fields: [{ key: "me", path: "isMultiEntity", type: "scalar" }]
184
+ },
185
+ { key: "m", path: "enabledModules", type: "scalar" },
186
+ { key: "ra", path: "roleAssignments", type: "scalar" },
187
+ {
188
+ key: "as",
189
+ path: "availableScopes",
190
+ type: "recordArray",
191
+ fields: [
192
+ { key: "ai", path: "authScopeId", type: "scalar" },
193
+ { key: "bi", path: "base44Id", type: "scalar" },
194
+ { key: "t", path: "type", type: "scalar", enum: ["company", "legalEntity", "facility"] },
195
+ { key: "nm", path: "name", type: "scalar" },
196
+ { key: "pi", path: "parentId", type: "scalar" }
197
+ ]
198
+ },
199
+ { key: "ro", path: "resourceOverrides", type: "scalar" }
200
+ ];
172
201
  var EnabledModule = {
173
202
  FARM_MANAGEMENT: "farm_management",
174
203
  PACKHOUSE: "packhouse",
@@ -1055,6 +1084,7 @@ var StockPolicyTier = {
1055
1084
  RelationshipType,
1056
1085
  RowOrientation,
1057
1086
  SENTINEL_UUID,
1087
+ SESSION_SCHEMA,
1058
1088
  SIGNATURE_MODES,
1059
1089
  SoilTexture,
1060
1090
  StockPolicyTier,
@@ -46,6 +46,7 @@ import {
46
46
  RelationshipType,
47
47
  RowOrientation,
48
48
  SENTINEL_UUID,
49
+ SESSION_SCHEMA,
49
50
  SIGNATURE_MODES,
50
51
  SoilTexture,
51
52
  StockPolicyTier,
@@ -61,7 +62,7 @@ import {
61
62
  UserRole,
62
63
  VigorRating,
63
64
  WaterSource
64
- } from "./chunk-DZW2VL6D.mjs";
65
+ } from "./chunk-V2DL7OTH.mjs";
65
66
  export {
66
67
  ACCESS_RANK,
67
68
  ACT,
@@ -110,6 +111,7 @@ export {
110
111
  RelationshipType,
111
112
  RowOrientation,
112
113
  SENTINEL_UUID,
114
+ SESSION_SCHEMA,
113
115
  SIGNATURE_MODES,
114
116
  SoilTexture,
115
117
  StockPolicyTier,
package/dist/index.d.mts CHANGED
@@ -1,5 +1,5 @@
1
- import { d as AgriCoreSession, aF as UserRoleType, ah as ResourceRequirement, c as AccessLevelType, j as AvailableScope, U as InfrastructureFields, S as FormMeta, av as TabConfig, af as ResolvedError } from './constants-BQmsBTQ7.mjs';
2
- export { A as ACCESS_RANK, a as ACT, b as AccessLevel, e as ApprovalStatus, f as ApprovalType, g as AuditStatus, h as AuditType, i as AuthScopeFields, B as BarcodeNamespace, k as BarcodeNamespaceType, l as BarcodeType, m as BarcodeTypeType, n as Base44Id, C as CAR_SUPPORTED_EVIDENCE_MIME_TYPES, o as CAR_SUPPORTED_SIGNATURE_MIME_TYPES, p as CAT, q as CATEGORY_TABS, r as CORRECTIVE_ACTION_GENERATION_SOURCES, s as CORRECTIVE_ACTION_STATUSES, t as CanonicalId, u as CarSupportedEvidenceMimeType, v as CarSupportedSignatureMimeType, w as CarTemplateFileMetadata, x as CatalogSyncStatus, y as CatalogSyncStatusType, z as CompanyConfig, D as CorrectiveActionCompileTaskMetadata, E as CorrectiveActionGenerationSource, F as CorrectiveActionStatus, G as CropCycleStatus, H as DOCUMENT_DISPLAY_INFO, I as DOCUMENT_MENU_MAP, J as DocumentCategory, K as DocumentType, L as ERROR_DICTIONARY, M as EVERYONE, N as EmitterType, O as EnabledModule, P as FORM_REGISTRY, Q as FacilityType, R as FileUploadTaskType, T as HarvestMethod, V as LinkedStatus, W as MOD, X as MODULE_LABELS, Y as MicroclimateZone, Z as MimeType, _ as ModCode, $ as NettingType, a0 as NormalizedSignatureValue, a1 as NotificationMode, a2 as OrderStatus, a3 as PermissionLevel, a4 as PhysicalState, a5 as PlantingMethod, a6 as ProductType, a7 as ProductTypeType, a8 as ProductUnit, a9 as ProductUnitType, aa as RESOURCE_MODULE_MAP, ab as RESOURCE_PATHS, ac as RESOURCE_REQUIREMENTS, ad as ROLE_SECTIONS_BY_KEY, ae as RelationshipType, ag as ResourceOverrides, ai as RowOrientation, aj as SENTINEL_UUID, ak as SIGNATURE_MODES, al as ScopeType, am as SignatureInput, an as SignatureMode, ao as SoilTexture, ap as StockPolicyTier, aq as StockPolicyTierType, ar as StoragePhases, as as StorageType, at as TASK_TYPE_REGISTRY, au as TEMPLATE_SCOPE_LEVELS, aw as TargetEntityType, ax as TaskStatus, ay as TaskType, az as TaskTypeConfig, aA as TemplateScopeLevel, aB as TransactionType, aC as TrellisType, aD as UserPrivilege, aE as UserRole, aG as VigorRating, aH as WaterSource } from './constants-BQmsBTQ7.mjs';
1
+ import { d as AgriCoreSession, ao as ScopeType, aL as WireSession, aI as UserRoleType, ah as ResourceRequirement, c as AccessLevelType, j as AvailableScope, U as InfrastructureFields, S as FormMeta, ay as TabConfig, af as ResolvedError } from './constants-lhTP4wzB.mjs';
2
+ export { A as ACCESS_RANK, a as ACT, b as AccessLevel, e as ApprovalStatus, f as ApprovalType, g as AuditStatus, h as AuditType, i as AuthScopeFields, B as BarcodeNamespace, k as BarcodeNamespaceType, l as BarcodeType, m as BarcodeTypeType, n as Base44Id, C as CAR_SUPPORTED_EVIDENCE_MIME_TYPES, o as CAR_SUPPORTED_SIGNATURE_MIME_TYPES, p as CAT, q as CATEGORY_TABS, r as CORRECTIVE_ACTION_GENERATION_SOURCES, s as CORRECTIVE_ACTION_STATUSES, t as CanonicalId, u as CarSupportedEvidenceMimeType, v as CarSupportedSignatureMimeType, w as CarTemplateFileMetadata, x as CatalogSyncStatus, y as CatalogSyncStatusType, z as CompanyConfig, D as CorrectiveActionCompileTaskMetadata, E as CorrectiveActionGenerationSource, F as CorrectiveActionStatus, G as CropCycleStatus, H as DOCUMENT_DISPLAY_INFO, I as DOCUMENT_MENU_MAP, J as DocumentCategory, K as DocumentType, L as ERROR_DICTIONARY, M as EVERYONE, N as EmitterType, O as EnabledModule, P as FORM_REGISTRY, Q as FacilityType, R as FileUploadTaskType, T as HarvestMethod, V as LinkedStatus, W as MOD, X as MODULE_LABELS, Y as MicroclimateZone, Z as MimeType, _ as ModCode, $ as NettingType, a0 as NormalizedSignatureValue, a1 as NotificationMode, a2 as OrderStatus, a3 as PermissionLevel, a4 as PhysicalState, a5 as PlantingMethod, a6 as ProductType, a7 as ProductTypeType, a8 as ProductUnit, a9 as ProductUnitType, aa as RESOURCE_MODULE_MAP, ab as RESOURCE_PATHS, ac as RESOURCE_REQUIREMENTS, ad as ROLE_SECTIONS_BY_KEY, ae as RelationshipType, ag as ResourceOverrides, ai as RoleAssignment, aj as RowOrientation, ak as SENTINEL_UUID, al as SESSION_SCHEMA, am as SIGNATURE_MODES, an as SchemaField, ap as SignatureInput, aq as SignatureMode, ar as SoilTexture, as as StockPolicyTier, at as StockPolicyTierType, au as StoragePhases, av as StorageType, aw as TASK_TYPE_REGISTRY, ax as TEMPLATE_SCOPE_LEVELS, az as TargetEntityType, aA as TaskStatus, aB as TaskType, aC as TaskTypeConfig, aD as TemplateScopeLevel, aE as TransactionType, aF as TrellisType, aG as UserPrivilege, aH as UserRole, aJ as VigorRating, aK as WaterSource } from './constants-lhTP4wzB.mjs';
3
3
 
4
4
  declare const AgriLogger: {
5
5
  log(level: "INFO" | "WARN" | "ERROR", message: string, meta: any): void;
@@ -104,10 +104,21 @@ declare function generateCanonicalId(): string;
104
104
  * Standardizes the creation of new entities by walking up the scope tree.
105
105
  */
106
106
  declare function generateInfrastructureFields(activeScope: AvailableScope, availableScopes: AvailableScope[]): InfrastructureFields;
107
+ declare function encodeSession(session: AgriCoreSession): WireSession;
108
+ declare function decodeSession(short: WireSession): AgriCoreSession;
109
+ declare function hasRoleAnywhere(session: AgriCoreSession, role: string): boolean;
110
+ declare function hasPrivilegeAnywhere(session: AgriCoreSession, privilege: string): boolean;
107
111
  /**
108
- * Hard-throws if the user cannot write.
109
- * Use this on the backend (inside Deno functions) to enforce server-side.
112
+ * "Does this user hold this role/privilege AT this specific scope?"
113
+ * This is the default choice for any authorization gate evaluating
114
+ * "can the user perform this action on the resource/scope they're
115
+ * currently acting on." No inheritance — only an explicit assignment
116
+ * at exactly this authScopeId counts, matching the no-inherit-write rule.
110
117
  */
118
+ declare function getRoleAt(session: AgriCoreSession, scopeId: string | undefined | null): string | null;
119
+ declare function hasRoleAt(session: AgriCoreSession, scopeId: string | undefined | null, allowedRoles: Set<string> | string[]): boolean;
120
+ declare function getPrivilegesAt(session: AgriCoreSession, scopeId: string | undefined | null): string[];
121
+ declare function hasPrivilegeAt(session: AgriCoreSession, scopeId: string | undefined | null, requiredPrivileges: string[]): boolean;
111
122
  /**
112
123
  * Full resolution: DB override → static config fallback → public default.
113
124
  * Returns 'NONE' | 'READ' | 'WRITE'.
@@ -129,7 +140,7 @@ declare function assertTenantBoundary(db: any, session: AgriCoreSession, // Pass
129
140
  targets: {
130
141
  targetUserId?: string;
131
142
  authScopeId?: string;
132
- expectedScopeType?: 'company' | 'legalEntity' | 'facility';
143
+ expectedScopeType?: ScopeType;
133
144
  }): Promise<boolean>;
134
145
  declare function verifyAndExtractSession(token: string, secret: string): Promise<AgriCoreSession>;
135
146
  declare function getFormMeta(componentId: string): FormMeta | null;
@@ -163,4 +174,4 @@ declare function calculateFileMetadataMatch(criteria: {
163
174
  contextMatch?: string[];
164
175
  }, fileMetadata: Record<string, any>, auditContext: Record<string, any>): number;
165
176
 
166
- export { AccessLevelType, AgriCoreSession, AgriLogger, AppError, AvailableScope, Converter, ErrorFactory, FormMeta, InfrastructureFields, ResolvedError, ResourceRequirement, TabConfig, UserRoleType, Validator, assertTenantBoundary, calculateFileMetadataMatch, evaluateBaseAccess, extractAppCode, findSpecificOverride, generateCanonicalId, generateDocumentPath, generateInfrastructureFields, getAcceptedMimeTypes, getApproveAction, getFormMeta, getFormsGroupedByModule, getTaskTypeOptions, handleAppErrorResponse, isTabVisible, isTabWritable, resolveAccess, resolveAppError, resolveEffectiveAccess, resolveError, verifyAndExtractSession, withAgriLogging };
177
+ export { AccessLevelType, AgriCoreSession, AgriLogger, AppError, AvailableScope, Converter, ErrorFactory, FormMeta, InfrastructureFields, ResolvedError, ResourceRequirement, ScopeType, TabConfig, UserRoleType, Validator, WireSession, assertTenantBoundary, calculateFileMetadataMatch, decodeSession, encodeSession, evaluateBaseAccess, extractAppCode, findSpecificOverride, generateCanonicalId, generateDocumentPath, generateInfrastructureFields, getAcceptedMimeTypes, getApproveAction, getFormMeta, getFormsGroupedByModule, getPrivilegesAt, getRoleAt, getTaskTypeOptions, handleAppErrorResponse, hasPrivilegeAnywhere, hasPrivilegeAt, hasRoleAnywhere, hasRoleAt, isTabVisible, isTabWritable, resolveAccess, resolveAppError, resolveEffectiveAccess, resolveError, verifyAndExtractSession, withAgriLogging };
package/dist/index.d.ts CHANGED
@@ -1,5 +1,5 @@
1
- import { d as AgriCoreSession, aF as UserRoleType, ah as ResourceRequirement, c as AccessLevelType, j as AvailableScope, U as InfrastructureFields, S as FormMeta, av as TabConfig, af as ResolvedError } from './constants-BQmsBTQ7.js';
2
- export { A as ACCESS_RANK, a as ACT, b as AccessLevel, e as ApprovalStatus, f as ApprovalType, g as AuditStatus, h as AuditType, i as AuthScopeFields, B as BarcodeNamespace, k as BarcodeNamespaceType, l as BarcodeType, m as BarcodeTypeType, n as Base44Id, C as CAR_SUPPORTED_EVIDENCE_MIME_TYPES, o as CAR_SUPPORTED_SIGNATURE_MIME_TYPES, p as CAT, q as CATEGORY_TABS, r as CORRECTIVE_ACTION_GENERATION_SOURCES, s as CORRECTIVE_ACTION_STATUSES, t as CanonicalId, u as CarSupportedEvidenceMimeType, v as CarSupportedSignatureMimeType, w as CarTemplateFileMetadata, x as CatalogSyncStatus, y as CatalogSyncStatusType, z as CompanyConfig, D as CorrectiveActionCompileTaskMetadata, E as CorrectiveActionGenerationSource, F as CorrectiveActionStatus, G as CropCycleStatus, H as DOCUMENT_DISPLAY_INFO, I as DOCUMENT_MENU_MAP, J as DocumentCategory, K as DocumentType, L as ERROR_DICTIONARY, M as EVERYONE, N as EmitterType, O as EnabledModule, P as FORM_REGISTRY, Q as FacilityType, R as FileUploadTaskType, T as HarvestMethod, V as LinkedStatus, W as MOD, X as MODULE_LABELS, Y as MicroclimateZone, Z as MimeType, _ as ModCode, $ as NettingType, a0 as NormalizedSignatureValue, a1 as NotificationMode, a2 as OrderStatus, a3 as PermissionLevel, a4 as PhysicalState, a5 as PlantingMethod, a6 as ProductType, a7 as ProductTypeType, a8 as ProductUnit, a9 as ProductUnitType, aa as RESOURCE_MODULE_MAP, ab as RESOURCE_PATHS, ac as RESOURCE_REQUIREMENTS, ad as ROLE_SECTIONS_BY_KEY, ae as RelationshipType, ag as ResourceOverrides, ai as RowOrientation, aj as SENTINEL_UUID, ak as SIGNATURE_MODES, al as ScopeType, am as SignatureInput, an as SignatureMode, ao as SoilTexture, ap as StockPolicyTier, aq as StockPolicyTierType, ar as StoragePhases, as as StorageType, at as TASK_TYPE_REGISTRY, au as TEMPLATE_SCOPE_LEVELS, aw as TargetEntityType, ax as TaskStatus, ay as TaskType, az as TaskTypeConfig, aA as TemplateScopeLevel, aB as TransactionType, aC as TrellisType, aD as UserPrivilege, aE as UserRole, aG as VigorRating, aH as WaterSource } from './constants-BQmsBTQ7.js';
1
+ import { d as AgriCoreSession, ao as ScopeType, aL as WireSession, aI as UserRoleType, ah as ResourceRequirement, c as AccessLevelType, j as AvailableScope, U as InfrastructureFields, S as FormMeta, ay as TabConfig, af as ResolvedError } from './constants-lhTP4wzB.js';
2
+ export { A as ACCESS_RANK, a as ACT, b as AccessLevel, e as ApprovalStatus, f as ApprovalType, g as AuditStatus, h as AuditType, i as AuthScopeFields, B as BarcodeNamespace, k as BarcodeNamespaceType, l as BarcodeType, m as BarcodeTypeType, n as Base44Id, C as CAR_SUPPORTED_EVIDENCE_MIME_TYPES, o as CAR_SUPPORTED_SIGNATURE_MIME_TYPES, p as CAT, q as CATEGORY_TABS, r as CORRECTIVE_ACTION_GENERATION_SOURCES, s as CORRECTIVE_ACTION_STATUSES, t as CanonicalId, u as CarSupportedEvidenceMimeType, v as CarSupportedSignatureMimeType, w as CarTemplateFileMetadata, x as CatalogSyncStatus, y as CatalogSyncStatusType, z as CompanyConfig, D as CorrectiveActionCompileTaskMetadata, E as CorrectiveActionGenerationSource, F as CorrectiveActionStatus, G as CropCycleStatus, H as DOCUMENT_DISPLAY_INFO, I as DOCUMENT_MENU_MAP, J as DocumentCategory, K as DocumentType, L as ERROR_DICTIONARY, M as EVERYONE, N as EmitterType, O as EnabledModule, P as FORM_REGISTRY, Q as FacilityType, R as FileUploadTaskType, T as HarvestMethod, V as LinkedStatus, W as MOD, X as MODULE_LABELS, Y as MicroclimateZone, Z as MimeType, _ as ModCode, $ as NettingType, a0 as NormalizedSignatureValue, a1 as NotificationMode, a2 as OrderStatus, a3 as PermissionLevel, a4 as PhysicalState, a5 as PlantingMethod, a6 as ProductType, a7 as ProductTypeType, a8 as ProductUnit, a9 as ProductUnitType, aa as RESOURCE_MODULE_MAP, ab as RESOURCE_PATHS, ac as RESOURCE_REQUIREMENTS, ad as ROLE_SECTIONS_BY_KEY, ae as RelationshipType, ag as ResourceOverrides, ai as RoleAssignment, aj as RowOrientation, ak as SENTINEL_UUID, al as SESSION_SCHEMA, am as SIGNATURE_MODES, an as SchemaField, ap as SignatureInput, aq as SignatureMode, ar as SoilTexture, as as StockPolicyTier, at as StockPolicyTierType, au as StoragePhases, av as StorageType, aw as TASK_TYPE_REGISTRY, ax as TEMPLATE_SCOPE_LEVELS, az as TargetEntityType, aA as TaskStatus, aB as TaskType, aC as TaskTypeConfig, aD as TemplateScopeLevel, aE as TransactionType, aF as TrellisType, aG as UserPrivilege, aH as UserRole, aJ as VigorRating, aK as WaterSource } from './constants-lhTP4wzB.js';
3
3
 
4
4
  declare const AgriLogger: {
5
5
  log(level: "INFO" | "WARN" | "ERROR", message: string, meta: any): void;
@@ -104,10 +104,21 @@ declare function generateCanonicalId(): string;
104
104
  * Standardizes the creation of new entities by walking up the scope tree.
105
105
  */
106
106
  declare function generateInfrastructureFields(activeScope: AvailableScope, availableScopes: AvailableScope[]): InfrastructureFields;
107
+ declare function encodeSession(session: AgriCoreSession): WireSession;
108
+ declare function decodeSession(short: WireSession): AgriCoreSession;
109
+ declare function hasRoleAnywhere(session: AgriCoreSession, role: string): boolean;
110
+ declare function hasPrivilegeAnywhere(session: AgriCoreSession, privilege: string): boolean;
107
111
  /**
108
- * Hard-throws if the user cannot write.
109
- * Use this on the backend (inside Deno functions) to enforce server-side.
112
+ * "Does this user hold this role/privilege AT this specific scope?"
113
+ * This is the default choice for any authorization gate evaluating
114
+ * "can the user perform this action on the resource/scope they're
115
+ * currently acting on." No inheritance — only an explicit assignment
116
+ * at exactly this authScopeId counts, matching the no-inherit-write rule.
110
117
  */
118
+ declare function getRoleAt(session: AgriCoreSession, scopeId: string | undefined | null): string | null;
119
+ declare function hasRoleAt(session: AgriCoreSession, scopeId: string | undefined | null, allowedRoles: Set<string> | string[]): boolean;
120
+ declare function getPrivilegesAt(session: AgriCoreSession, scopeId: string | undefined | null): string[];
121
+ declare function hasPrivilegeAt(session: AgriCoreSession, scopeId: string | undefined | null, requiredPrivileges: string[]): boolean;
111
122
  /**
112
123
  * Full resolution: DB override → static config fallback → public default.
113
124
  * Returns 'NONE' | 'READ' | 'WRITE'.
@@ -129,7 +140,7 @@ declare function assertTenantBoundary(db: any, session: AgriCoreSession, // Pass
129
140
  targets: {
130
141
  targetUserId?: string;
131
142
  authScopeId?: string;
132
- expectedScopeType?: 'company' | 'legalEntity' | 'facility';
143
+ expectedScopeType?: ScopeType;
133
144
  }): Promise<boolean>;
134
145
  declare function verifyAndExtractSession(token: string, secret: string): Promise<AgriCoreSession>;
135
146
  declare function getFormMeta(componentId: string): FormMeta | null;
@@ -163,4 +174,4 @@ declare function calculateFileMetadataMatch(criteria: {
163
174
  contextMatch?: string[];
164
175
  }, fileMetadata: Record<string, any>, auditContext: Record<string, any>): number;
165
176
 
166
- export { AccessLevelType, AgriCoreSession, AgriLogger, AppError, AvailableScope, Converter, ErrorFactory, FormMeta, InfrastructureFields, ResolvedError, ResourceRequirement, TabConfig, UserRoleType, Validator, assertTenantBoundary, calculateFileMetadataMatch, evaluateBaseAccess, extractAppCode, findSpecificOverride, generateCanonicalId, generateDocumentPath, generateInfrastructureFields, getAcceptedMimeTypes, getApproveAction, getFormMeta, getFormsGroupedByModule, getTaskTypeOptions, handleAppErrorResponse, isTabVisible, isTabWritable, resolveAccess, resolveAppError, resolveEffectiveAccess, resolveError, verifyAndExtractSession, withAgriLogging };
177
+ export { AccessLevelType, AgriCoreSession, AgriLogger, AppError, AvailableScope, Converter, ErrorFactory, FormMeta, InfrastructureFields, ResolvedError, ResourceRequirement, ScopeType, TabConfig, UserRoleType, Validator, WireSession, assertTenantBoundary, calculateFileMetadataMatch, decodeSession, encodeSession, evaluateBaseAccess, extractAppCode, findSpecificOverride, generateCanonicalId, generateDocumentPath, generateInfrastructureFields, getAcceptedMimeTypes, getApproveAction, getFormMeta, getFormsGroupedByModule, getPrivilegesAt, getRoleAt, getTaskTypeOptions, handleAppErrorResponse, hasPrivilegeAnywhere, hasPrivilegeAt, hasRoleAnywhere, hasRoleAt, isTabVisible, isTabWritable, resolveAccess, resolveAppError, resolveEffectiveAccess, resolveError, verifyAndExtractSession, withAgriLogging };
package/dist/index.js CHANGED
@@ -71,6 +71,7 @@ __export(index_exports, {
71
71
  RelationshipType: () => RelationshipType,
72
72
  RowOrientation: () => RowOrientation,
73
73
  SENTINEL_UUID: () => SENTINEL_UUID,
74
+ SESSION_SCHEMA: () => SESSION_SCHEMA,
74
75
  SIGNATURE_MODES: () => SIGNATURE_MODES,
75
76
  SoilTexture: () => SoilTexture,
76
77
  StockPolicyTier: () => StockPolicyTier,
@@ -89,6 +90,8 @@ __export(index_exports, {
89
90
  WaterSource: () => WaterSource,
90
91
  assertTenantBoundary: () => assertTenantBoundary,
91
92
  calculateFileMetadataMatch: () => calculateFileMetadataMatch,
93
+ decodeSession: () => decodeSession,
94
+ encodeSession: () => encodeSession,
92
95
  evaluateBaseAccess: () => evaluateBaseAccess,
93
96
  extractAppCode: () => extractAppCode,
94
97
  findSpecificOverride: () => findSpecificOverride,
@@ -99,8 +102,14 @@ __export(index_exports, {
99
102
  getApproveAction: () => getApproveAction,
100
103
  getFormMeta: () => getFormMeta,
101
104
  getFormsGroupedByModule: () => getFormsGroupedByModule,
105
+ getPrivilegesAt: () => getPrivilegesAt,
106
+ getRoleAt: () => getRoleAt,
102
107
  getTaskTypeOptions: () => getTaskTypeOptions,
103
108
  handleAppErrorResponse: () => handleAppErrorResponse,
109
+ hasPrivilegeAnywhere: () => hasPrivilegeAnywhere,
110
+ hasPrivilegeAt: () => hasPrivilegeAt,
111
+ hasRoleAnywhere: () => hasRoleAnywhere,
112
+ hasRoleAt: () => hasRoleAt,
104
113
  isTabVisible: () => isTabVisible,
105
114
  isTabWritable: () => isTabWritable,
106
115
  resolveAccess: () => resolveAccess,
@@ -385,6 +394,34 @@ var AccessLevel = {
385
394
  READ: "READ",
386
395
  WRITE: "WRITE"
387
396
  };
397
+ var SESSION_SCHEMA = [
398
+ { key: "u", path: "userId", type: "scalar" },
399
+ { key: "n", path: "userName", type: "scalar" },
400
+ { key: "e", path: "userEmail", type: "scalar" },
401
+ { key: "c", path: "companyId", type: "scalar" },
402
+ { key: "a", path: "activeScopeId", type: "scalar" },
403
+ {
404
+ key: "cc",
405
+ path: "companyConfig",
406
+ type: "object",
407
+ fields: [{ key: "me", path: "isMultiEntity", type: "scalar" }]
408
+ },
409
+ { key: "m", path: "enabledModules", type: "scalar" },
410
+ { key: "ra", path: "roleAssignments", type: "scalar" },
411
+ {
412
+ key: "as",
413
+ path: "availableScopes",
414
+ type: "recordArray",
415
+ fields: [
416
+ { key: "ai", path: "authScopeId", type: "scalar" },
417
+ { key: "bi", path: "base44Id", type: "scalar" },
418
+ { key: "t", path: "type", type: "scalar", enum: ["company", "legalEntity", "facility"] },
419
+ { key: "nm", path: "name", type: "scalar" },
420
+ { key: "pi", path: "parentId", type: "scalar" }
421
+ ]
422
+ },
423
+ { key: "ro", path: "resourceOverrides", type: "scalar" }
424
+ ];
388
425
  var EnabledModule = {
389
426
  FARM_MANAGEMENT: "farm_management",
390
427
  PACKHOUSE: "packhouse",
@@ -1331,6 +1368,117 @@ function generateInfrastructureFields(activeScope, availableScopes) {
1331
1368
  authScopeId: activeScope.authScopeId
1332
1369
  };
1333
1370
  }
1371
+ function encodeField(field, value) {
1372
+ if (value === void 0) return void 0;
1373
+ switch (field.type) {
1374
+ case "object": {
1375
+ const out = {};
1376
+ for (const sub of field.fields ?? []) {
1377
+ out[sub.key] = encodeField(sub, value[sub.path]);
1378
+ }
1379
+ return out;
1380
+ }
1381
+ case "recordArray": {
1382
+ return value.map(
1383
+ (record) => (field.fields ?? []).map((sub) => {
1384
+ const raw = record[sub.path];
1385
+ if (sub.enum) {
1386
+ const code = sub.enum.indexOf(raw);
1387
+ if (code === -1) {
1388
+ throw new Error(
1389
+ `sessionSchema: value "${raw}" for "${sub.path}" not in enum [${sub.enum.join(", ")}]. Add it to the enum in SESSION_SCHEMA before encoding.`
1390
+ );
1391
+ }
1392
+ return code;
1393
+ }
1394
+ return raw;
1395
+ })
1396
+ );
1397
+ }
1398
+ default:
1399
+ return value;
1400
+ }
1401
+ }
1402
+ function decodeField(field, value) {
1403
+ if (value === void 0) return void 0;
1404
+ switch (field.type) {
1405
+ case "object": {
1406
+ const out = {};
1407
+ for (const sub of field.fields ?? []) {
1408
+ out[sub.path] = decodeField(sub, value[sub.key]);
1409
+ }
1410
+ return out;
1411
+ }
1412
+ case "recordArray": {
1413
+ return value.map((tuple) => {
1414
+ const out = {};
1415
+ (field.fields ?? []).forEach((sub, i) => {
1416
+ const raw = tuple[i];
1417
+ out[sub.path] = sub.enum ? sub.enum[raw] : raw;
1418
+ });
1419
+ return out;
1420
+ });
1421
+ }
1422
+ default:
1423
+ return value;
1424
+ }
1425
+ }
1426
+ function encodeSession(session) {
1427
+ const out = {};
1428
+ const sessionRecord = session;
1429
+ for (const field of SESSION_SCHEMA) {
1430
+ const encoded = encodeField(field, sessionRecord[field.path]);
1431
+ if (encoded !== void 0) out[field.key] = encoded;
1432
+ }
1433
+ return out;
1434
+ }
1435
+ function decodeSession(short) {
1436
+ const out = {};
1437
+ const shortRecord = short;
1438
+ for (const field of SESSION_SCHEMA) {
1439
+ const decoded = decodeField(field, shortRecord[field.key]);
1440
+ if (decoded !== void 0) out[field.path] = decoded;
1441
+ }
1442
+ return out;
1443
+ }
1444
+ (function validateSchema(fields = SESSION_SCHEMA, seen = /* @__PURE__ */ new Set(), pathPrefix = "") {
1445
+ for (const f of fields) {
1446
+ if (seen.has(f.key)) {
1447
+ throw new Error(
1448
+ `sessionSchema: duplicate short key "${f.key}" detected near "${pathPrefix}${f.path}". Every key must be unique within its object level.`
1449
+ );
1450
+ }
1451
+ seen.add(f.key);
1452
+ if (f.fields && f.type === "object") {
1453
+ validateSchema(f.fields, /* @__PURE__ */ new Set(), `${pathPrefix}${f.path}.`);
1454
+ }
1455
+ }
1456
+ })();
1457
+ function hasRoleAnywhere(session, role) {
1458
+ return Object.values(session.roleAssignments ?? {}).some((a) => a.role === role);
1459
+ }
1460
+ function hasPrivilegeAnywhere(session, privilege) {
1461
+ return Object.values(session.roleAssignments ?? {}).some(
1462
+ (a) => a.privileges?.includes(privilege)
1463
+ );
1464
+ }
1465
+ function getRoleAt(session, scopeId) {
1466
+ if (!scopeId) return null;
1467
+ return session.roleAssignments?.[scopeId]?.role ?? null;
1468
+ }
1469
+ function hasRoleAt(session, scopeId, allowedRoles) {
1470
+ const role = getRoleAt(session, scopeId);
1471
+ if (!role) return false;
1472
+ return allowedRoles instanceof Set ? allowedRoles.has(role) : allowedRoles.includes(role);
1473
+ }
1474
+ function getPrivilegesAt(session, scopeId) {
1475
+ if (!scopeId) return [];
1476
+ return session.roleAssignments?.[scopeId]?.privileges ?? [];
1477
+ }
1478
+ function hasPrivilegeAt(session, scopeId, requiredPrivileges) {
1479
+ const privileges = getPrivilegesAt(session, scopeId);
1480
+ return requiredPrivileges.some((p) => privileges.includes(p));
1481
+ }
1334
1482
  function resolveAccess(session, activeScopeId, tabConfig) {
1335
1483
  const resourcePath = tabConfig?.resourceId;
1336
1484
  const overrides = session.resourceOverrides?.[activeScopeId] ?? {};
@@ -1346,13 +1494,14 @@ function resolveAccess(session, activeScopeId, tabConfig) {
1346
1494
  const requiredPrivileges = tabConfig?.requiredPrivileges ?? [];
1347
1495
  const hasRestrictions = allowedRoles.length > 0 || requiredPrivileges.length > 0;
1348
1496
  if (hasRestrictions) {
1349
- const role = session?.role ?? "";
1350
- const privileges = session?.privileges ?? [];
1497
+ const assignment = session?.roleAssignments?.[activeScopeId];
1498
+ const role = assignment?.role ?? "";
1499
+ const privileges = assignment?.privileges ?? [];
1351
1500
  const passesRole = allowedRoles.length > 0 && allowedRoles.includes(role);
1352
1501
  const passesPrivilege = requiredPrivileges.length > 0 && requiredPrivileges.some((p) => privileges.includes(p));
1353
1502
  return passesRole || passesPrivilege ? "WRITE" : "NONE";
1354
1503
  }
1355
- return "READ";
1504
+ return "NONE";
1356
1505
  }
1357
1506
  function isTabVisible(session, activeScopeId, tabConfig) {
1358
1507
  return resolveAccess(session, activeScopeId, tabConfig) !== "NONE";
@@ -1551,6 +1700,7 @@ function calculateFileMetadataMatch(criteria, fileMetadata, auditContext) {
1551
1700
  RelationshipType,
1552
1701
  RowOrientation,
1553
1702
  SENTINEL_UUID,
1703
+ SESSION_SCHEMA,
1554
1704
  SIGNATURE_MODES,
1555
1705
  SoilTexture,
1556
1706
  StockPolicyTier,
@@ -1569,6 +1719,8 @@ function calculateFileMetadataMatch(criteria, fileMetadata, auditContext) {
1569
1719
  WaterSource,
1570
1720
  assertTenantBoundary,
1571
1721
  calculateFileMetadataMatch,
1722
+ decodeSession,
1723
+ encodeSession,
1572
1724
  evaluateBaseAccess,
1573
1725
  extractAppCode,
1574
1726
  findSpecificOverride,
@@ -1579,8 +1731,14 @@ function calculateFileMetadataMatch(criteria, fileMetadata, auditContext) {
1579
1731
  getApproveAction,
1580
1732
  getFormMeta,
1581
1733
  getFormsGroupedByModule,
1734
+ getPrivilegesAt,
1735
+ getRoleAt,
1582
1736
  getTaskTypeOptions,
1583
1737
  handleAppErrorResponse,
1738
+ hasPrivilegeAnywhere,
1739
+ hasPrivilegeAt,
1740
+ hasRoleAnywhere,
1741
+ hasRoleAt,
1584
1742
  isTabVisible,
1585
1743
  isTabWritable,
1586
1744
  resolveAccess,
package/dist/index.mjs CHANGED
@@ -46,6 +46,7 @@ import {
46
46
  RelationshipType,
47
47
  RowOrientation,
48
48
  SENTINEL_UUID,
49
+ SESSION_SCHEMA,
49
50
  SIGNATURE_MODES,
50
51
  SoilTexture,
51
52
  StockPolicyTier,
@@ -61,7 +62,7 @@ import {
61
62
  UserRole,
62
63
  VigorRating,
63
64
  WaterSource
64
- } from "./chunk-DZW2VL6D.mjs";
65
+ } from "./chunk-V2DL7OTH.mjs";
65
66
 
66
67
  // src/index.ts
67
68
  import { jwtVerify } from "jose";
@@ -360,6 +361,117 @@ function generateInfrastructureFields(activeScope, availableScopes) {
360
361
  authScopeId: activeScope.authScopeId
361
362
  };
362
363
  }
364
+ function encodeField(field, value) {
365
+ if (value === void 0) return void 0;
366
+ switch (field.type) {
367
+ case "object": {
368
+ const out = {};
369
+ for (const sub of field.fields ?? []) {
370
+ out[sub.key] = encodeField(sub, value[sub.path]);
371
+ }
372
+ return out;
373
+ }
374
+ case "recordArray": {
375
+ return value.map(
376
+ (record) => (field.fields ?? []).map((sub) => {
377
+ const raw = record[sub.path];
378
+ if (sub.enum) {
379
+ const code = sub.enum.indexOf(raw);
380
+ if (code === -1) {
381
+ throw new Error(
382
+ `sessionSchema: value "${raw}" for "${sub.path}" not in enum [${sub.enum.join(", ")}]. Add it to the enum in SESSION_SCHEMA before encoding.`
383
+ );
384
+ }
385
+ return code;
386
+ }
387
+ return raw;
388
+ })
389
+ );
390
+ }
391
+ default:
392
+ return value;
393
+ }
394
+ }
395
+ function decodeField(field, value) {
396
+ if (value === void 0) return void 0;
397
+ switch (field.type) {
398
+ case "object": {
399
+ const out = {};
400
+ for (const sub of field.fields ?? []) {
401
+ out[sub.path] = decodeField(sub, value[sub.key]);
402
+ }
403
+ return out;
404
+ }
405
+ case "recordArray": {
406
+ return value.map((tuple) => {
407
+ const out = {};
408
+ (field.fields ?? []).forEach((sub, i) => {
409
+ const raw = tuple[i];
410
+ out[sub.path] = sub.enum ? sub.enum[raw] : raw;
411
+ });
412
+ return out;
413
+ });
414
+ }
415
+ default:
416
+ return value;
417
+ }
418
+ }
419
+ function encodeSession(session) {
420
+ const out = {};
421
+ const sessionRecord = session;
422
+ for (const field of SESSION_SCHEMA) {
423
+ const encoded = encodeField(field, sessionRecord[field.path]);
424
+ if (encoded !== void 0) out[field.key] = encoded;
425
+ }
426
+ return out;
427
+ }
428
+ function decodeSession(short) {
429
+ const out = {};
430
+ const shortRecord = short;
431
+ for (const field of SESSION_SCHEMA) {
432
+ const decoded = decodeField(field, shortRecord[field.key]);
433
+ if (decoded !== void 0) out[field.path] = decoded;
434
+ }
435
+ return out;
436
+ }
437
+ (function validateSchema(fields = SESSION_SCHEMA, seen = /* @__PURE__ */ new Set(), pathPrefix = "") {
438
+ for (const f of fields) {
439
+ if (seen.has(f.key)) {
440
+ throw new Error(
441
+ `sessionSchema: duplicate short key "${f.key}" detected near "${pathPrefix}${f.path}". Every key must be unique within its object level.`
442
+ );
443
+ }
444
+ seen.add(f.key);
445
+ if (f.fields && f.type === "object") {
446
+ validateSchema(f.fields, /* @__PURE__ */ new Set(), `${pathPrefix}${f.path}.`);
447
+ }
448
+ }
449
+ })();
450
+ function hasRoleAnywhere(session, role) {
451
+ return Object.values(session.roleAssignments ?? {}).some((a) => a.role === role);
452
+ }
453
+ function hasPrivilegeAnywhere(session, privilege) {
454
+ return Object.values(session.roleAssignments ?? {}).some(
455
+ (a) => a.privileges?.includes(privilege)
456
+ );
457
+ }
458
+ function getRoleAt(session, scopeId) {
459
+ if (!scopeId) return null;
460
+ return session.roleAssignments?.[scopeId]?.role ?? null;
461
+ }
462
+ function hasRoleAt(session, scopeId, allowedRoles) {
463
+ const role = getRoleAt(session, scopeId);
464
+ if (!role) return false;
465
+ return allowedRoles instanceof Set ? allowedRoles.has(role) : allowedRoles.includes(role);
466
+ }
467
+ function getPrivilegesAt(session, scopeId) {
468
+ if (!scopeId) return [];
469
+ return session.roleAssignments?.[scopeId]?.privileges ?? [];
470
+ }
471
+ function hasPrivilegeAt(session, scopeId, requiredPrivileges) {
472
+ const privileges = getPrivilegesAt(session, scopeId);
473
+ return requiredPrivileges.some((p) => privileges.includes(p));
474
+ }
363
475
  function resolveAccess(session, activeScopeId, tabConfig) {
364
476
  const resourcePath = tabConfig?.resourceId;
365
477
  const overrides = session.resourceOverrides?.[activeScopeId] ?? {};
@@ -375,13 +487,14 @@ function resolveAccess(session, activeScopeId, tabConfig) {
375
487
  const requiredPrivileges = tabConfig?.requiredPrivileges ?? [];
376
488
  const hasRestrictions = allowedRoles.length > 0 || requiredPrivileges.length > 0;
377
489
  if (hasRestrictions) {
378
- const role = session?.role ?? "";
379
- const privileges = session?.privileges ?? [];
490
+ const assignment = session?.roleAssignments?.[activeScopeId];
491
+ const role = assignment?.role ?? "";
492
+ const privileges = assignment?.privileges ?? [];
380
493
  const passesRole = allowedRoles.length > 0 && allowedRoles.includes(role);
381
494
  const passesPrivilege = requiredPrivileges.length > 0 && requiredPrivileges.some((p) => privileges.includes(p));
382
495
  return passesRole || passesPrivilege ? "WRITE" : "NONE";
383
496
  }
384
- return "READ";
497
+ return "NONE";
385
498
  }
386
499
  function isTabVisible(session, activeScopeId, tabConfig) {
387
500
  return resolveAccess(session, activeScopeId, tabConfig) !== "NONE";
@@ -579,6 +692,7 @@ export {
579
692
  RelationshipType,
580
693
  RowOrientation,
581
694
  SENTINEL_UUID,
695
+ SESSION_SCHEMA,
582
696
  SIGNATURE_MODES,
583
697
  SoilTexture,
584
698
  StockPolicyTier,
@@ -597,6 +711,8 @@ export {
597
711
  WaterSource,
598
712
  assertTenantBoundary,
599
713
  calculateFileMetadataMatch,
714
+ decodeSession,
715
+ encodeSession,
600
716
  evaluateBaseAccess,
601
717
  extractAppCode,
602
718
  findSpecificOverride,
@@ -607,8 +723,14 @@ export {
607
723
  getApproveAction,
608
724
  getFormMeta,
609
725
  getFormsGroupedByModule,
726
+ getPrivilegesAt,
727
+ getRoleAt,
610
728
  getTaskTypeOptions,
611
729
  handleAppErrorResponse,
730
+ hasPrivilegeAnywhere,
731
+ hasPrivilegeAt,
732
+ hasRoleAnywhere,
733
+ hasRoleAt,
612
734
  isTabVisible,
613
735
  isTabWritable,
614
736
  resolveAccess,
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@litusarchieve18/agricore-utils",
3
- "version": "1.0.21",
3
+ "version": "1.0.22",
4
4
  "description": "Canonical Backend Utility Library for AgriCore",
5
5
  "main": "./dist/index.js",
6
6
  "module": "./dist/index.mjs",