@litusarchieve18/agricore-utils 1.0.28 → 1.0.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -183,7 +183,9 @@ Run the publish command:
183
183
  Bash
184
184
  npm publish --access public
185
185
  📝 Version History
186
- V1.0.29
186
+ V1.0.30altered authscoped Id to receive a list of string not a single string
187
+
188
+ V1.0.29 — altered filtering logic from validFrom_lte: targetIso to validFrom: { $lte: targetIso }
187
189
 
188
190
  V1.0.28 — altered the logic and added scope aware filtering and write-time validation in priceHelpers.ts
189
191
 
package/dist/index.d.mts CHANGED
@@ -177,10 +177,10 @@ declare function evaluateBaseAccess(resourcePath: string, session: AgriCoreSessi
177
177
  */
178
178
  declare function resolveEffectiveAccess(base: AccessLevelType, override?: AccessLevelType | null): AccessLevelType;
179
179
  declare function findSpecificOverride(session: AgriCoreSession, activeScopeId: string, resourcePath: string): AccessLevelType | null;
180
- declare function assertTenantBoundary(db: any, session: AgriCoreSession, // Pass the JWT session instead of just requesterCompanyId
181
- targets: {
180
+ declare function assertTenantBoundary(db: any, session: AgriCoreSession, targets: {
182
181
  targetUserId?: string;
183
182
  authScopeId?: string;
183
+ authScopeIds?: string[];
184
184
  expectedScopeType?: ScopeType;
185
185
  }): Promise<boolean>;
186
186
  declare function verifyAndExtractSession(token: string, secret: string): Promise<AgriCoreSession>;
package/dist/index.d.ts CHANGED
@@ -177,10 +177,10 @@ declare function evaluateBaseAccess(resourcePath: string, session: AgriCoreSessi
177
177
  */
178
178
  declare function resolveEffectiveAccess(base: AccessLevelType, override?: AccessLevelType | null): AccessLevelType;
179
179
  declare function findSpecificOverride(session: AgriCoreSession, activeScopeId: string, resourcePath: string): AccessLevelType | null;
180
- declare function assertTenantBoundary(db: any, session: AgriCoreSession, // Pass the JWT session instead of just requesterCompanyId
181
- targets: {
180
+ declare function assertTenantBoundary(db: any, session: AgriCoreSession, targets: {
182
181
  targetUserId?: string;
183
182
  authScopeId?: string;
183
+ authScopeIds?: string[];
184
184
  expectedScopeType?: ScopeType;
185
185
  }): Promise<boolean>;
186
186
  declare function verifyAndExtractSession(token: string, secret: string): Promise<AgriCoreSession>;
package/dist/index.js CHANGED
@@ -400,7 +400,7 @@ function createBase44PricingAdapter(db, scope) {
400
400
  productId,
401
401
  contractReferenceNumber,
402
402
  matrixType: "procurement_buy",
403
- validFrom_lte: targetIso
403
+ validFrom: { $lte: targetIso }
404
404
  },
405
405
  SORT_MOST_RECENT_FIRST,
406
406
  ACTIVE_ROW_LOOKBACK
@@ -412,7 +412,7 @@ function createBase44PricingAdapter(db, scope) {
412
412
  async findAccountPrice({ productId, accountCode, targetDate }) {
413
413
  const targetIso = targetDate.toISOString();
414
414
  const rows = await db.ProductPriceMatrix.filter(
415
- { ...scopeFilter, productId, accountCode, validFrom_lte: targetIso },
415
+ { ...scopeFilter, productId, accountCode, validFrom: { $lte: targetIso } },
416
416
  SORT_MOST_RECENT_FIRST,
417
417
  ACTIVE_ROW_LOOKBACK
418
418
  );
@@ -421,7 +421,7 @@ function createBase44PricingAdapter(db, scope) {
421
421
  async findDefaultPrice({ productId, targetDate }) {
422
422
  const targetIso = targetDate.toISOString();
423
423
  const rows = await db.ProductPriceMatrix.filter(
424
- { ...scopeFilter, productId, accountCode: "INTERNAL_DEFAULT", validFrom_lte: targetIso },
424
+ { ...scopeFilter, productId, accountCode: "INTERNAL_DEFAULT", validFrom: { $lte: targetIso } },
425
425
  SORT_MOST_RECENT_FIRST,
426
426
  ACTIVE_ROW_LOOKBACK
427
427
  );
@@ -1870,6 +1870,19 @@ async function assertTenantBoundary(db, session, targets) {
1870
1870
  throw ErrorFactory.forbidden(MOD.ADMIN, ACT.EDIT, "Invalid authorization scope level.");
1871
1871
  }
1872
1872
  }
1873
+ if (targets.authScopeIds?.length) {
1874
+ const matchedScope = session.availableScopes?.find(
1875
+ (scope) => targets.authScopeIds.includes(scope.authScopeId)
1876
+ );
1877
+ if (!matchedScope) {
1878
+ console.error(`[SECURITY BREACH] None of scopes [${targets.authScopeIds.join(", ")}] found in user's permitted list.`);
1879
+ throw ErrorFactory.forbidden(MOD.ADMIN, ACT.EDIT, "Tenant boundary violation.");
1880
+ }
1881
+ if (targets.expectedScopeType && matchedScope.type !== targets.expectedScopeType) {
1882
+ console.error(`[VALIDATION ERROR] Expected type ${targets.expectedScopeType} but got ${matchedScope.type}`);
1883
+ throw ErrorFactory.forbidden(MOD.ADMIN, ACT.EDIT, "Invalid authorization scope level.");
1884
+ }
1885
+ }
1873
1886
  return true;
1874
1887
  }
1875
1888
  async function verifyAndExtractSession(token, secret) {
package/dist/index.mjs CHANGED
@@ -340,7 +340,7 @@ function createBase44PricingAdapter(db, scope) {
340
340
  productId,
341
341
  contractReferenceNumber,
342
342
  matrixType: "procurement_buy",
343
- validFrom_lte: targetIso
343
+ validFrom: { $lte: targetIso }
344
344
  },
345
345
  SORT_MOST_RECENT_FIRST,
346
346
  ACTIVE_ROW_LOOKBACK
@@ -352,7 +352,7 @@ function createBase44PricingAdapter(db, scope) {
352
352
  async findAccountPrice({ productId, accountCode, targetDate }) {
353
353
  const targetIso = targetDate.toISOString();
354
354
  const rows = await db.ProductPriceMatrix.filter(
355
- { ...scopeFilter, productId, accountCode, validFrom_lte: targetIso },
355
+ { ...scopeFilter, productId, accountCode, validFrom: { $lte: targetIso } },
356
356
  SORT_MOST_RECENT_FIRST,
357
357
  ACTIVE_ROW_LOOKBACK
358
358
  );
@@ -361,7 +361,7 @@ function createBase44PricingAdapter(db, scope) {
361
361
  async findDefaultPrice({ productId, targetDate }) {
362
362
  const targetIso = targetDate.toISOString();
363
363
  const rows = await db.ProductPriceMatrix.filter(
364
- { ...scopeFilter, productId, accountCode: "INTERNAL_DEFAULT", validFrom_lte: targetIso },
364
+ { ...scopeFilter, productId, accountCode: "INTERNAL_DEFAULT", validFrom: { $lte: targetIso } },
365
365
  SORT_MOST_RECENT_FIRST,
366
366
  ACTIVE_ROW_LOOKBACK
367
367
  );
@@ -851,6 +851,19 @@ async function assertTenantBoundary(db, session, targets) {
851
851
  throw ErrorFactory.forbidden(MOD.ADMIN, ACT.EDIT, "Invalid authorization scope level.");
852
852
  }
853
853
  }
854
+ if (targets.authScopeIds?.length) {
855
+ const matchedScope = session.availableScopes?.find(
856
+ (scope) => targets.authScopeIds.includes(scope.authScopeId)
857
+ );
858
+ if (!matchedScope) {
859
+ console.error(`[SECURITY BREACH] None of scopes [${targets.authScopeIds.join(", ")}] found in user's permitted list.`);
860
+ throw ErrorFactory.forbidden(MOD.ADMIN, ACT.EDIT, "Tenant boundary violation.");
861
+ }
862
+ if (targets.expectedScopeType && matchedScope.type !== targets.expectedScopeType) {
863
+ console.error(`[VALIDATION ERROR] Expected type ${targets.expectedScopeType} but got ${matchedScope.type}`);
864
+ throw ErrorFactory.forbidden(MOD.ADMIN, ACT.EDIT, "Invalid authorization scope level.");
865
+ }
866
+ }
854
867
  return true;
855
868
  }
856
869
  async function verifyAndExtractSession(token, secret) {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@litusarchieve18/agricore-utils",
3
- "version": "1.0.28",
3
+ "version": "1.0.30",
4
4
  "description": "Canonical Backend Utility Library for AgriCore",
5
5
  "main": "./dist/index.js",
6
6
  "module": "./dist/index.mjs",