@litusarchieve18/agricore-utils 1.0.5 → 1.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.mts +2 -1
- package/dist/index.d.ts +2 -1
- package/dist/index.js +18 -12
- package/dist/index.mjs +18 -12
- package/package.json +1 -1
package/dist/index.d.mts
CHANGED
|
@@ -506,7 +506,8 @@ declare function evaluateBaseAccess(resourcePath: string, session: {
|
|
|
506
506
|
declare function assertTenantBoundary(db: any, requesterCompanyId: string, targets: {
|
|
507
507
|
targetUserId?: string;
|
|
508
508
|
authScopeId?: string;
|
|
509
|
+
expectedScopeType?: 'company' | 'legalEntity' | 'facility';
|
|
509
510
|
}): Promise<boolean>;
|
|
510
|
-
declare function resolveEffectiveAccess(base: AccessLevelType, override?: AccessLevelType): AccessLevelType;
|
|
511
|
+
declare function resolveEffectiveAccess(base: AccessLevelType, override?: AccessLevelType | null): AccessLevelType;
|
|
511
512
|
|
|
512
513
|
export { ACCESS_RANK, ACT, AccessLevel, type AccessLevelType, type AgriCoreSession, AgriLogger, AppError, ApprovalStatus, ApprovalType, AuditStatus, AuditType, type AuthScopeFields, type AvailableScope, CAT, type CompanyConfig, Converter, CropCycleStatus, ERROR_DICTIONARY, EmitterType, EnabledModule, ErrorFactory, FORM_REGISTRY, FacilityType, type FormMeta, HarvestMethod, type InfrastructureFields, LinkedStatus, MOD, MODULE_LABELS, MicroclimateZone, MimeType, type ModCode, NettingType, NotificationMode, OrderStatus, type PermissionLevel, PhysicalState, PlantingMethod, RESOURCE_PATHS, ROLE_SECTIONS_BY_KEY, RelationshipType, type ResolvedError, type ResourceOverrides, RowOrientation, SENTINEL_UUID, type ScopeType, SoilTexture, TASK_TYPE_REGISTRY, type TabConfig, TargetEntityType, TaskStatus, TaskType, type TaskTypeConfig, TransactionType, TrellisType, UserPrivilege, UserRole, type UserRoleType, Validator, VigorRating, WaterSource, assertCanWrite, assertTenantBoundary, buildRlsFilter, canRead, canWrite, evaluateBaseAccess, extractAppCode, generateCanonicalId, generateInfrastructureFields, getAcceptedMimeTypes, getApproveAction, getFormMeta, getFormsGroupedByModule, getTaskTypeOptions, handleAppErrorResponse, isTabVisible, isTabWritable, resolveAccess, resolveAppError, resolveEffectiveAccess, resolveError, resolveMenuVisibility, withAgriLogging };
|
package/dist/index.d.ts
CHANGED
|
@@ -506,7 +506,8 @@ declare function evaluateBaseAccess(resourcePath: string, session: {
|
|
|
506
506
|
declare function assertTenantBoundary(db: any, requesterCompanyId: string, targets: {
|
|
507
507
|
targetUserId?: string;
|
|
508
508
|
authScopeId?: string;
|
|
509
|
+
expectedScopeType?: 'company' | 'legalEntity' | 'facility';
|
|
509
510
|
}): Promise<boolean>;
|
|
510
|
-
declare function resolveEffectiveAccess(base: AccessLevelType, override?: AccessLevelType): AccessLevelType;
|
|
511
|
+
declare function resolveEffectiveAccess(base: AccessLevelType, override?: AccessLevelType | null): AccessLevelType;
|
|
511
512
|
|
|
512
513
|
export { ACCESS_RANK, ACT, AccessLevel, type AccessLevelType, type AgriCoreSession, AgriLogger, AppError, ApprovalStatus, ApprovalType, AuditStatus, AuditType, type AuthScopeFields, type AvailableScope, CAT, type CompanyConfig, Converter, CropCycleStatus, ERROR_DICTIONARY, EmitterType, EnabledModule, ErrorFactory, FORM_REGISTRY, FacilityType, type FormMeta, HarvestMethod, type InfrastructureFields, LinkedStatus, MOD, MODULE_LABELS, MicroclimateZone, MimeType, type ModCode, NettingType, NotificationMode, OrderStatus, type PermissionLevel, PhysicalState, PlantingMethod, RESOURCE_PATHS, ROLE_SECTIONS_BY_KEY, RelationshipType, type ResolvedError, type ResourceOverrides, RowOrientation, SENTINEL_UUID, type ScopeType, SoilTexture, TASK_TYPE_REGISTRY, type TabConfig, TargetEntityType, TaskStatus, TaskType, type TaskTypeConfig, TransactionType, TrellisType, UserPrivilege, UserRole, type UserRoleType, Validator, VigorRating, WaterSource, assertCanWrite, assertTenantBoundary, buildRlsFilter, canRead, canWrite, evaluateBaseAccess, extractAppCode, generateCanonicalId, generateInfrastructureFields, getAcceptedMimeTypes, getApproveAction, getFormMeta, getFormsGroupedByModule, getTaskTypeOptions, handleAppErrorResponse, isTabVisible, isTabWritable, resolveAccess, resolveAppError, resolveEffectiveAccess, resolveError, resolveMenuVisibility, withAgriLogging };
|
package/dist/index.js
CHANGED
|
@@ -887,23 +887,29 @@ async function assertTenantBoundary(db, requesterCompanyId, targets) {
|
|
|
887
887
|
}
|
|
888
888
|
}
|
|
889
889
|
if (targets.authScopeId) {
|
|
890
|
-
|
|
891
|
-
|
|
892
|
-
|
|
893
|
-
|
|
894
|
-
|
|
895
|
-
|
|
896
|
-
|
|
897
|
-
|
|
898
|
-
|
|
899
|
-
|
|
890
|
+
let matchFound = false;
|
|
891
|
+
if (targets.expectedScopeType === "company" || !targets.expectedScopeType) {
|
|
892
|
+
const c = await db.Company.filter({ canonicalId: targets.authScopeId, id: requesterCompanyId });
|
|
893
|
+
if (c.length > 0) matchFound = true;
|
|
894
|
+
}
|
|
895
|
+
if (!matchFound && (targets.expectedScopeType === "legalEntity" || !targets.expectedScopeType)) {
|
|
896
|
+
const le = await db.LegalEntity.filter({ canonicalId: targets.authScopeId, companyId: requesterCompanyId });
|
|
897
|
+
if (le.length > 0) matchFound = true;
|
|
898
|
+
}
|
|
899
|
+
if (!matchFound && (targets.expectedScopeType === "facility" || !targets.expectedScopeType)) {
|
|
900
|
+
const fac = await db.Facility.filter({ canonicalId: targets.authScopeId, companyId: requesterCompanyId });
|
|
901
|
+
if (fac.length > 0) matchFound = true;
|
|
902
|
+
}
|
|
903
|
+
if (!matchFound) {
|
|
904
|
+
console.error(`[SECURITY BREACH/VALIDATION ERROR] Scope ${targets.authScopeId} not found for type ${targets.expectedScopeType} in company ${requesterCompanyId}`);
|
|
905
|
+
throw ErrorFactory.forbidden(MOD.ADMIN, ACT.EDIT, "Invalid authorization scope level or tenant boundary violation.");
|
|
900
906
|
}
|
|
901
907
|
}
|
|
902
908
|
return true;
|
|
903
909
|
}
|
|
904
910
|
function resolveEffectiveAccess(base, override) {
|
|
905
|
-
if (
|
|
906
|
-
return
|
|
911
|
+
if (override === void 0 || override === null) return base;
|
|
912
|
+
return override;
|
|
907
913
|
}
|
|
908
914
|
// Annotate the CommonJS export names for ESM import in node:
|
|
909
915
|
0 && (module.exports = {
|
package/dist/index.mjs
CHANGED
|
@@ -793,23 +793,29 @@ async function assertTenantBoundary(db, requesterCompanyId, targets) {
|
|
|
793
793
|
}
|
|
794
794
|
}
|
|
795
795
|
if (targets.authScopeId) {
|
|
796
|
-
|
|
797
|
-
|
|
798
|
-
|
|
799
|
-
|
|
800
|
-
|
|
801
|
-
|
|
802
|
-
|
|
803
|
-
|
|
804
|
-
|
|
805
|
-
|
|
796
|
+
let matchFound = false;
|
|
797
|
+
if (targets.expectedScopeType === "company" || !targets.expectedScopeType) {
|
|
798
|
+
const c = await db.Company.filter({ canonicalId: targets.authScopeId, id: requesterCompanyId });
|
|
799
|
+
if (c.length > 0) matchFound = true;
|
|
800
|
+
}
|
|
801
|
+
if (!matchFound && (targets.expectedScopeType === "legalEntity" || !targets.expectedScopeType)) {
|
|
802
|
+
const le = await db.LegalEntity.filter({ canonicalId: targets.authScopeId, companyId: requesterCompanyId });
|
|
803
|
+
if (le.length > 0) matchFound = true;
|
|
804
|
+
}
|
|
805
|
+
if (!matchFound && (targets.expectedScopeType === "facility" || !targets.expectedScopeType)) {
|
|
806
|
+
const fac = await db.Facility.filter({ canonicalId: targets.authScopeId, companyId: requesterCompanyId });
|
|
807
|
+
if (fac.length > 0) matchFound = true;
|
|
808
|
+
}
|
|
809
|
+
if (!matchFound) {
|
|
810
|
+
console.error(`[SECURITY BREACH/VALIDATION ERROR] Scope ${targets.authScopeId} not found for type ${targets.expectedScopeType} in company ${requesterCompanyId}`);
|
|
811
|
+
throw ErrorFactory.forbidden(MOD.ADMIN, ACT.EDIT, "Invalid authorization scope level or tenant boundary violation.");
|
|
806
812
|
}
|
|
807
813
|
}
|
|
808
814
|
return true;
|
|
809
815
|
}
|
|
810
816
|
function resolveEffectiveAccess(base, override) {
|
|
811
|
-
if (
|
|
812
|
-
return
|
|
817
|
+
if (override === void 0 || override === null) return base;
|
|
818
|
+
return override;
|
|
813
819
|
}
|
|
814
820
|
export {
|
|
815
821
|
ACCESS_RANK,
|