@litusarchieve18/agricore-utils 1.0.6 → 1.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -117,7 +117,11 @@ Run the publish command:
117
117
  Bash
118
118
  npm publish --access public
119
119
  📝 Version History
120
- v1.0.4refactor the code and edit readme
120
+ v1.0.5add RESOURCE_MODULE_MAP
121
+
122
+ v1.0.6 — adding more logic
123
+
124
+ v1.0.5 — refactor the code and edit readme
121
125
 
122
126
  v1.0.4 — add generateInfrastructureFields, security access control and multi tenant boundary
123
127
 
package/dist/index.d.mts CHANGED
@@ -487,17 +487,24 @@ declare const RESOURCE_PATHS: {
487
487
  teamStaff: string;
488
488
  teamTraining: string;
489
489
  };
490
+ declare const RESOURCE_MODULE_MAP: Record<string, string[]>;
490
491
  declare const ACCESS_RANK: Record<AccessLevelType, number>;
491
492
  declare const ROLE_SECTIONS_BY_KEY: Record<string, UserRoleType[]>;
493
+ interface ResourceRequirement {
494
+ allowedRoles?: UserRoleType[];
495
+ requiredPrivileges?: string[];
496
+ }
497
+ declare const EVERYONE: ("owner" | "manager" | "supervisor" | "leadingHand" | "worker")[];
498
+ declare const RESOURCE_REQUIREMENTS: Record<string, ResourceRequirement>;
492
499
  declare function evaluateBaseAccess(resourcePath: string, session: {
493
500
  role?: UserRoleType;
494
501
  privileges?: string[];
495
502
  enabledModules?: string[];
496
- }, requirements?: {
497
- module?: string;
498
- allowedRoles?: UserRoleType[];
499
- requiredPrivileges?: string[];
500
- }): AccessLevelType;
503
+ }, requirements?: ResourceRequirement): AccessLevelType;
504
+ /**
505
+ * The Judge: Overrides win over base access (Specificity principle).
506
+ */
507
+ declare function resolveEffectiveAccess(base: AccessLevelType, override?: AccessLevelType | null): AccessLevelType;
501
508
  /**
502
509
  * Tenant Boundary Guard (Backend Only)
503
510
  * Note: db is typed as 'any' here because Base44 SDK types vary,
@@ -508,6 +515,5 @@ declare function assertTenantBoundary(db: any, requesterCompanyId: string, targe
508
515
  authScopeId?: string;
509
516
  expectedScopeType?: 'company' | 'legalEntity' | 'facility';
510
517
  }): Promise<boolean>;
511
- declare function resolveEffectiveAccess(base: AccessLevelType, override?: AccessLevelType | null): AccessLevelType;
512
518
 
513
- export { ACCESS_RANK, ACT, AccessLevel, type AccessLevelType, type AgriCoreSession, AgriLogger, AppError, ApprovalStatus, ApprovalType, AuditStatus, AuditType, type AuthScopeFields, type AvailableScope, CAT, type CompanyConfig, Converter, CropCycleStatus, ERROR_DICTIONARY, EmitterType, EnabledModule, ErrorFactory, FORM_REGISTRY, FacilityType, type FormMeta, HarvestMethod, type InfrastructureFields, LinkedStatus, MOD, MODULE_LABELS, MicroclimateZone, MimeType, type ModCode, NettingType, NotificationMode, OrderStatus, type PermissionLevel, PhysicalState, PlantingMethod, RESOURCE_PATHS, ROLE_SECTIONS_BY_KEY, RelationshipType, type ResolvedError, type ResourceOverrides, RowOrientation, SENTINEL_UUID, type ScopeType, SoilTexture, TASK_TYPE_REGISTRY, type TabConfig, TargetEntityType, TaskStatus, TaskType, type TaskTypeConfig, TransactionType, TrellisType, UserPrivilege, UserRole, type UserRoleType, Validator, VigorRating, WaterSource, assertCanWrite, assertTenantBoundary, buildRlsFilter, canRead, canWrite, evaluateBaseAccess, extractAppCode, generateCanonicalId, generateInfrastructureFields, getAcceptedMimeTypes, getApproveAction, getFormMeta, getFormsGroupedByModule, getTaskTypeOptions, handleAppErrorResponse, isTabVisible, isTabWritable, resolveAccess, resolveAppError, resolveEffectiveAccess, resolveError, resolveMenuVisibility, withAgriLogging };
519
+ export { ACCESS_RANK, ACT, AccessLevel, type AccessLevelType, type AgriCoreSession, AgriLogger, AppError, ApprovalStatus, ApprovalType, AuditStatus, AuditType, type AuthScopeFields, type AvailableScope, CAT, type CompanyConfig, Converter, CropCycleStatus, ERROR_DICTIONARY, EVERYONE, EmitterType, EnabledModule, ErrorFactory, FORM_REGISTRY, FacilityType, type FormMeta, HarvestMethod, type InfrastructureFields, LinkedStatus, MOD, MODULE_LABELS, MicroclimateZone, MimeType, type ModCode, NettingType, NotificationMode, OrderStatus, type PermissionLevel, PhysicalState, PlantingMethod, RESOURCE_MODULE_MAP, RESOURCE_PATHS, RESOURCE_REQUIREMENTS, ROLE_SECTIONS_BY_KEY, RelationshipType, type ResolvedError, type ResourceOverrides, type ResourceRequirement, RowOrientation, SENTINEL_UUID, type ScopeType, SoilTexture, TASK_TYPE_REGISTRY, type TabConfig, TargetEntityType, TaskStatus, TaskType, type TaskTypeConfig, TransactionType, TrellisType, UserPrivilege, UserRole, type UserRoleType, Validator, VigorRating, WaterSource, assertCanWrite, assertTenantBoundary, buildRlsFilter, canRead, canWrite, evaluateBaseAccess, extractAppCode, generateCanonicalId, generateInfrastructureFields, getAcceptedMimeTypes, getApproveAction, getFormMeta, getFormsGroupedByModule, getTaskTypeOptions, handleAppErrorResponse, isTabVisible, isTabWritable, resolveAccess, resolveAppError, resolveEffectiveAccess, resolveError, resolveMenuVisibility, withAgriLogging };
package/dist/index.d.ts CHANGED
@@ -487,17 +487,24 @@ declare const RESOURCE_PATHS: {
487
487
  teamStaff: string;
488
488
  teamTraining: string;
489
489
  };
490
+ declare const RESOURCE_MODULE_MAP: Record<string, string[]>;
490
491
  declare const ACCESS_RANK: Record<AccessLevelType, number>;
491
492
  declare const ROLE_SECTIONS_BY_KEY: Record<string, UserRoleType[]>;
493
+ interface ResourceRequirement {
494
+ allowedRoles?: UserRoleType[];
495
+ requiredPrivileges?: string[];
496
+ }
497
+ declare const EVERYONE: ("owner" | "manager" | "supervisor" | "leadingHand" | "worker")[];
498
+ declare const RESOURCE_REQUIREMENTS: Record<string, ResourceRequirement>;
492
499
  declare function evaluateBaseAccess(resourcePath: string, session: {
493
500
  role?: UserRoleType;
494
501
  privileges?: string[];
495
502
  enabledModules?: string[];
496
- }, requirements?: {
497
- module?: string;
498
- allowedRoles?: UserRoleType[];
499
- requiredPrivileges?: string[];
500
- }): AccessLevelType;
503
+ }, requirements?: ResourceRequirement): AccessLevelType;
504
+ /**
505
+ * The Judge: Overrides win over base access (Specificity principle).
506
+ */
507
+ declare function resolveEffectiveAccess(base: AccessLevelType, override?: AccessLevelType | null): AccessLevelType;
501
508
  /**
502
509
  * Tenant Boundary Guard (Backend Only)
503
510
  * Note: db is typed as 'any' here because Base44 SDK types vary,
@@ -508,6 +515,5 @@ declare function assertTenantBoundary(db: any, requesterCompanyId: string, targe
508
515
  authScopeId?: string;
509
516
  expectedScopeType?: 'company' | 'legalEntity' | 'facility';
510
517
  }): Promise<boolean>;
511
- declare function resolveEffectiveAccess(base: AccessLevelType, override?: AccessLevelType | null): AccessLevelType;
512
518
 
513
- export { ACCESS_RANK, ACT, AccessLevel, type AccessLevelType, type AgriCoreSession, AgriLogger, AppError, ApprovalStatus, ApprovalType, AuditStatus, AuditType, type AuthScopeFields, type AvailableScope, CAT, type CompanyConfig, Converter, CropCycleStatus, ERROR_DICTIONARY, EmitterType, EnabledModule, ErrorFactory, FORM_REGISTRY, FacilityType, type FormMeta, HarvestMethod, type InfrastructureFields, LinkedStatus, MOD, MODULE_LABELS, MicroclimateZone, MimeType, type ModCode, NettingType, NotificationMode, OrderStatus, type PermissionLevel, PhysicalState, PlantingMethod, RESOURCE_PATHS, ROLE_SECTIONS_BY_KEY, RelationshipType, type ResolvedError, type ResourceOverrides, RowOrientation, SENTINEL_UUID, type ScopeType, SoilTexture, TASK_TYPE_REGISTRY, type TabConfig, TargetEntityType, TaskStatus, TaskType, type TaskTypeConfig, TransactionType, TrellisType, UserPrivilege, UserRole, type UserRoleType, Validator, VigorRating, WaterSource, assertCanWrite, assertTenantBoundary, buildRlsFilter, canRead, canWrite, evaluateBaseAccess, extractAppCode, generateCanonicalId, generateInfrastructureFields, getAcceptedMimeTypes, getApproveAction, getFormMeta, getFormsGroupedByModule, getTaskTypeOptions, handleAppErrorResponse, isTabVisible, isTabWritable, resolveAccess, resolveAppError, resolveEffectiveAccess, resolveError, resolveMenuVisibility, withAgriLogging };
519
+ export { ACCESS_RANK, ACT, AccessLevel, type AccessLevelType, type AgriCoreSession, AgriLogger, AppError, ApprovalStatus, ApprovalType, AuditStatus, AuditType, type AuthScopeFields, type AvailableScope, CAT, type CompanyConfig, Converter, CropCycleStatus, ERROR_DICTIONARY, EVERYONE, EmitterType, EnabledModule, ErrorFactory, FORM_REGISTRY, FacilityType, type FormMeta, HarvestMethod, type InfrastructureFields, LinkedStatus, MOD, MODULE_LABELS, MicroclimateZone, MimeType, type ModCode, NettingType, NotificationMode, OrderStatus, type PermissionLevel, PhysicalState, PlantingMethod, RESOURCE_MODULE_MAP, RESOURCE_PATHS, RESOURCE_REQUIREMENTS, ROLE_SECTIONS_BY_KEY, RelationshipType, type ResolvedError, type ResourceOverrides, type ResourceRequirement, RowOrientation, SENTINEL_UUID, type ScopeType, SoilTexture, TASK_TYPE_REGISTRY, type TabConfig, TargetEntityType, TaskStatus, TaskType, type TaskTypeConfig, TransactionType, TrellisType, UserPrivilege, UserRole, type UserRoleType, Validator, VigorRating, WaterSource, assertCanWrite, assertTenantBoundary, buildRlsFilter, canRead, canWrite, evaluateBaseAccess, extractAppCode, generateCanonicalId, generateInfrastructureFields, getAcceptedMimeTypes, getApproveAction, getFormMeta, getFormsGroupedByModule, getTaskTypeOptions, handleAppErrorResponse, isTabVisible, isTabWritable, resolveAccess, resolveAppError, resolveEffectiveAccess, resolveError, resolveMenuVisibility, withAgriLogging };
package/dist/index.js CHANGED
@@ -33,6 +33,7 @@ __export(index_exports, {
33
33
  Converter: () => Converter,
34
34
  CropCycleStatus: () => CropCycleStatus,
35
35
  ERROR_DICTIONARY: () => ERROR_DICTIONARY,
36
+ EVERYONE: () => EVERYONE,
36
37
  EmitterType: () => EmitterType,
37
38
  EnabledModule: () => EnabledModule,
38
39
  ErrorFactory: () => ErrorFactory,
@@ -49,7 +50,9 @@ __export(index_exports, {
49
50
  OrderStatus: () => OrderStatus,
50
51
  PhysicalState: () => PhysicalState,
51
52
  PlantingMethod: () => PlantingMethod,
53
+ RESOURCE_MODULE_MAP: () => RESOURCE_MODULE_MAP,
52
54
  RESOURCE_PATHS: () => RESOURCE_PATHS,
55
+ RESOURCE_REQUIREMENTS: () => RESOURCE_REQUIREMENTS,
53
56
  ROLE_SECTIONS_BY_KEY: () => ROLE_SECTIONS_BY_KEY,
54
57
  RelationshipType: () => RelationshipType,
55
58
  RowOrientation: () => RowOrientation,
@@ -842,6 +845,56 @@ var RESOURCE_PATHS = {
842
845
  teamStaff: "team.staff",
843
846
  teamTraining: "team.training"
844
847
  };
848
+ var ALL_OPERATIONS = [
849
+ EnabledModule.FARM_MANAGEMENT,
850
+ EnabledModule.PACKHOUSE,
851
+ EnabledModule.ACCOMMODATION
852
+ ];
853
+ var AGRI_ONLY = [
854
+ EnabledModule.FARM_MANAGEMENT,
855
+ EnabledModule.PACKHOUSE
856
+ ];
857
+ var RESOURCE_MODULE_MAP = {
858
+ // ── Top-level menu sections ────────────────────────────────────────────────
859
+ // CORE features (accessible to everyone with an account)
860
+ [RESOURCE_PATHS.dashboard]: [],
861
+ [RESOURCE_PATHS.operations]: ALL_OPERATIONS,
862
+ [RESOURCE_PATHS.equipment]: ALL_OPERATIONS,
863
+ [RESOURCE_PATHS.safety]: ALL_OPERATIONS,
864
+ [RESOURCE_PATHS.team]: ALL_OPERATIONS,
865
+ [RESOURCE_PATHS.records]: ALL_OPERATIONS,
866
+ [RESOURCE_PATHS.adminSettings]: ALL_OPERATIONS,
867
+ // ── Records & Reports ──────────────────────────────────────────────────────
868
+ [RESOURCE_PATHS.documentHub]: ALL_OPERATIONS,
869
+ [RESOURCE_PATHS.documentHubTemplates]: ALL_OPERATIONS,
870
+ [RESOURCE_PATHS.documentHubFolder]: ALL_OPERATIONS,
871
+ [RESOURCE_PATHS.documentHubExtraction]: ALL_OPERATIONS,
872
+ [RESOURCE_PATHS.documentHubQueue]: ALL_OPERATIONS,
873
+ [RESOURCE_PATHS.analytics]: ALL_OPERATIONS,
874
+ // ── Admin Settings ─────────────────────────────────────────────────────────
875
+ [RESOURCE_PATHS.adminUserRoster]: ALL_OPERATIONS,
876
+ [RESOURCE_PATHS.adminBlueprintsSites]: ALL_OPERATIONS,
877
+ [RESOURCE_PATHS.adminRolesPermissions]: ALL_OPERATIONS,
878
+ [RESOURCE_PATHS.adminCompanySettings]: ALL_OPERATIONS,
879
+ // ── Operations ────────────────────────────────────────────────────────────
880
+ [RESOURCE_PATHS.farmManagement]: [EnabledModule.FARM_MANAGEMENT],
881
+ [RESOURCE_PATHS.packhouse]: [EnabledModule.PACKHOUSE],
882
+ [RESOURCE_PATHS.accommodation]: [EnabledModule.ACCOMMODATION],
883
+ // ── Equipment & Fleet ──────────────────────────────────────────────────────
884
+ [RESOURCE_PATHS.equipPreStart]: ALL_OPERATIONS,
885
+ [RESOURCE_PATHS.equipMaintenance]: ALL_OPERATIONS,
886
+ [RESOURCE_PATHS.equipFuelRegister]: ALL_OPERATIONS,
887
+ [RESOURCE_PATHS.equipCalibration]: AGRI_ONLY,
888
+ [RESOURCE_PATHS.equipFleet]: ALL_OPERATIONS,
889
+ // ── Safety, Quality & Compliance ──────────────────────────────────────────
890
+ [RESOURCE_PATHS.safetyAuditing]: ALL_OPERATIONS,
891
+ [RESOURCE_PATHS.safetyFood]: AGRI_ONLY,
892
+ [RESOURCE_PATHS.safetyWhs]: ALL_OPERATIONS,
893
+ [RESOURCE_PATHS.safetyCleaning]: ALL_OPERATIONS,
894
+ // ── Team & HR ──────────────────────────────────────────────────────────────
895
+ [RESOURCE_PATHS.teamStaff]: ALL_OPERATIONS,
896
+ [RESOURCE_PATHS.teamTraining]: ALL_OPERATIONS
897
+ };
845
898
  var ACCESS_RANK = {
846
899
  NONE: 0,
847
900
  READ: 1,
@@ -856,21 +909,96 @@ var ROLE_SECTIONS_BY_KEY = {
856
909
  records: [UserRole.OWNER, UserRole.MANAGER],
857
910
  adminSettings: []
858
911
  };
912
+ var EVERYONE = Object.values(UserRole);
913
+ var RESOURCE_REQUIREMENTS = {
914
+ [RESOURCE_PATHS.dashboard]: {
915
+ allowedRoles: EVERYONE
916
+ },
917
+ [RESOURCE_PATHS.operations]: {
918
+ allowedRoles: EVERYONE
919
+ },
920
+ // [RESOURCE_PATHS.equipment]: EVERYONE,
921
+ // [RESOURCE_PATHS.safety]: ALL_OPERATIONS,
922
+ // [RESOURCE_PATHS.team]: ALL_OPERATIONS,
923
+ // [RESOURCE_PATHS.records]: ALL_OPERATIONS,
924
+ // [RESOURCE_PATHS.adminSettings]: ALL_OPERATIONS,
925
+ // ── Records & Reports ──────────────────────────────────────────────────────
926
+ [RESOURCE_PATHS.documentHub]: {
927
+ allowedRoles: [UserRole.OWNER, UserRole.MANAGER, UserRole.SUPERVISOR],
928
+ requiredPrivileges: [UserPrivilege.ADMIN, UserPrivilege.AUDIT_COMPLIANCE, UserPrivilege.FINANCE, UserPrivilege.HR]
929
+ },
930
+ [RESOURCE_PATHS.documentHubTemplates]: {
931
+ allowedRoles: [UserRole.OWNER, UserRole.MANAGER, UserRole.SUPERVISOR],
932
+ requiredPrivileges: [UserPrivilege.ADMIN, UserPrivilege.AUDIT_COMPLIANCE, UserPrivilege.FINANCE, UserPrivilege.HR]
933
+ },
934
+ [RESOURCE_PATHS.documentHubFolder]: {
935
+ allowedRoles: [UserRole.OWNER, UserRole.MANAGER, UserRole.SUPERVISOR],
936
+ requiredPrivileges: [UserPrivilege.ADMIN, UserPrivilege.AUDIT_COMPLIANCE, UserPrivilege.FINANCE, UserPrivilege.HR]
937
+ },
938
+ [RESOURCE_PATHS.documentHubExtraction]: {
939
+ allowedRoles: [UserRole.OWNER, UserRole.MANAGER, UserRole.SUPERVISOR],
940
+ requiredPrivileges: [UserPrivilege.ADMIN, UserPrivilege.AUDIT_COMPLIANCE, UserPrivilege.FINANCE, UserPrivilege.HR]
941
+ },
942
+ [RESOURCE_PATHS.documentHubQueue]: {
943
+ allowedRoles: [UserRole.OWNER, UserRole.MANAGER, UserRole.SUPERVISOR],
944
+ requiredPrivileges: [UserPrivilege.ADMIN, UserPrivilege.AUDIT_COMPLIANCE, UserPrivilege.FINANCE, UserPrivilege.HR]
945
+ },
946
+ // [RESOURCE_PATHS.analytics]: ALL_OPERATIONS,
947
+ // ── Admin Settings ─────────────────────────────────────────────────────────
948
+ [RESOURCE_PATHS.adminUserRoster]: {
949
+ allowedRoles: [UserRole.OWNER],
950
+ requiredPrivileges: [UserPrivilege.ADMIN]
951
+ },
952
+ [RESOURCE_PATHS.adminBlueprintsSites]: {
953
+ allowedRoles: [UserRole.OWNER],
954
+ requiredPrivileges: [UserPrivilege.ADMIN]
955
+ },
956
+ [RESOURCE_PATHS.adminRolesPermissions]: {
957
+ allowedRoles: [UserRole.OWNER],
958
+ requiredPrivileges: [UserPrivilege.ADMIN]
959
+ },
960
+ [RESOURCE_PATHS.adminCompanySettings]: {
961
+ allowedRoles: [UserRole.OWNER]
962
+ }
963
+ // // ── Operations ────────────────────────────────────────────────────────────
964
+ // [RESOURCE_PATHS.farmManagement]: [EnabledModule.FARM_MANAGEMENT],
965
+ // [RESOURCE_PATHS.packhouse]: [EnabledModule.PACKHOUSE],
966
+ // [RESOURCE_PATHS.accommodation]: [EnabledModule.ACCOMMODATION],
967
+ // // ── Equipment & Fleet ──────────────────────────────────────────────────────
968
+ // [RESOURCE_PATHS.equipPreStart]: ALL_OPERATIONS,
969
+ // [RESOURCE_PATHS.equipMaintenance]: ALL_OPERATIONS,
970
+ // [RESOURCE_PATHS.equipFuelRegister]: ALL_OPERATIONS,
971
+ // [RESOURCE_PATHS.equipCalibration]: AGRI_ONLY,
972
+ // [RESOURCE_PATHS.equipFleet]: ALL_OPERATIONS,
973
+ // // ── Safety, Quality & Compliance ──────────────────────────────────────────
974
+ // [RESOURCE_PATHS.safetyAuditing]: ALL_OPERATIONS,
975
+ // [RESOURCE_PATHS.safetyFood]: AGRI_ONLY,
976
+ // [RESOURCE_PATHS.safetyWhs]: ALL_OPERATIONS,
977
+ // [RESOURCE_PATHS.safetyCleaning]: ALL_OPERATIONS,
978
+ // // ── Team & HR ──────────────────────────────────────────────────────────────
979
+ // [RESOURCE_PATHS.teamStaff]: ALL_OPERATIONS,
980
+ // [RESOURCE_PATHS.teamTraining]: ALL_OPERATIONS,
981
+ };
859
982
  function evaluateBaseAccess(resourcePath, session, requirements = {}) {
860
983
  if (!session?.role) return "NONE";
861
984
  if (session.role === UserRole.OWNER) return "WRITE";
985
+ const requiredModules = RESOURCE_MODULE_MAP[resourcePath] || [];
986
+ if (requiredModules.length > 0) {
987
+ const hasModule = requiredModules.some((m) => session.enabledModules?.includes(m));
988
+ if (!hasModule) return "NONE";
989
+ }
862
990
  const topLevel = resourcePath.split(".")[0];
863
991
  const defaultRoles = ROLE_SECTIONS_BY_KEY[topLevel] || [];
864
- if (requirements.module && !session.enabledModules?.includes(requirements.module)) return "NONE";
865
992
  const allowedRoles = requirements.allowedRoles?.length ? requirements.allowedRoles : defaultRoles;
866
993
  if (!allowedRoles.includes(session.role)) return "NONE";
867
994
  if (requirements.requiredPrivileges?.length) {
868
995
  const hasPrivilege = requirements.requiredPrivileges.some((p) => session.privileges?.includes(p));
869
996
  if (!hasPrivilege) return "NONE";
870
997
  }
871
- const highRoles = [UserRole.OWNER, UserRole.MANAGER];
872
- const isHighRole = highRoles.includes(session.role);
873
- return isHighRole ? "WRITE" : "READ";
998
+ return session.role === UserRole.MANAGER ? "WRITE" : "READ";
999
+ }
1000
+ function resolveEffectiveAccess(base, override) {
1001
+ return override === void 0 || override === null ? base : override;
874
1002
  }
875
1003
  async function assertTenantBoundary(db, requesterCompanyId, targets) {
876
1004
  if (!requesterCompanyId) {
@@ -907,10 +1035,6 @@ async function assertTenantBoundary(db, requesterCompanyId, targets) {
907
1035
  }
908
1036
  return true;
909
1037
  }
910
- function resolveEffectiveAccess(base, override) {
911
- if (override === void 0 || override === null) return base;
912
- return override;
913
- }
914
1038
  // Annotate the CommonJS export names for ESM import in node:
915
1039
  0 && (module.exports = {
916
1040
  ACCESS_RANK,
@@ -926,6 +1050,7 @@ function resolveEffectiveAccess(base, override) {
926
1050
  Converter,
927
1051
  CropCycleStatus,
928
1052
  ERROR_DICTIONARY,
1053
+ EVERYONE,
929
1054
  EmitterType,
930
1055
  EnabledModule,
931
1056
  ErrorFactory,
@@ -942,7 +1067,9 @@ function resolveEffectiveAccess(base, override) {
942
1067
  OrderStatus,
943
1068
  PhysicalState,
944
1069
  PlantingMethod,
1070
+ RESOURCE_MODULE_MAP,
945
1071
  RESOURCE_PATHS,
1072
+ RESOURCE_REQUIREMENTS,
946
1073
  ROLE_SECTIONS_BY_KEY,
947
1074
  RelationshipType,
948
1075
  RowOrientation,
package/dist/index.mjs CHANGED
@@ -748,6 +748,56 @@ var RESOURCE_PATHS = {
748
748
  teamStaff: "team.staff",
749
749
  teamTraining: "team.training"
750
750
  };
751
+ var ALL_OPERATIONS = [
752
+ EnabledModule.FARM_MANAGEMENT,
753
+ EnabledModule.PACKHOUSE,
754
+ EnabledModule.ACCOMMODATION
755
+ ];
756
+ var AGRI_ONLY = [
757
+ EnabledModule.FARM_MANAGEMENT,
758
+ EnabledModule.PACKHOUSE
759
+ ];
760
+ var RESOURCE_MODULE_MAP = {
761
+ // ── Top-level menu sections ────────────────────────────────────────────────
762
+ // CORE features (accessible to everyone with an account)
763
+ [RESOURCE_PATHS.dashboard]: [],
764
+ [RESOURCE_PATHS.operations]: ALL_OPERATIONS,
765
+ [RESOURCE_PATHS.equipment]: ALL_OPERATIONS,
766
+ [RESOURCE_PATHS.safety]: ALL_OPERATIONS,
767
+ [RESOURCE_PATHS.team]: ALL_OPERATIONS,
768
+ [RESOURCE_PATHS.records]: ALL_OPERATIONS,
769
+ [RESOURCE_PATHS.adminSettings]: ALL_OPERATIONS,
770
+ // ── Records & Reports ──────────────────────────────────────────────────────
771
+ [RESOURCE_PATHS.documentHub]: ALL_OPERATIONS,
772
+ [RESOURCE_PATHS.documentHubTemplates]: ALL_OPERATIONS,
773
+ [RESOURCE_PATHS.documentHubFolder]: ALL_OPERATIONS,
774
+ [RESOURCE_PATHS.documentHubExtraction]: ALL_OPERATIONS,
775
+ [RESOURCE_PATHS.documentHubQueue]: ALL_OPERATIONS,
776
+ [RESOURCE_PATHS.analytics]: ALL_OPERATIONS,
777
+ // ── Admin Settings ─────────────────────────────────────────────────────────
778
+ [RESOURCE_PATHS.adminUserRoster]: ALL_OPERATIONS,
779
+ [RESOURCE_PATHS.adminBlueprintsSites]: ALL_OPERATIONS,
780
+ [RESOURCE_PATHS.adminRolesPermissions]: ALL_OPERATIONS,
781
+ [RESOURCE_PATHS.adminCompanySettings]: ALL_OPERATIONS,
782
+ // ── Operations ────────────────────────────────────────────────────────────
783
+ [RESOURCE_PATHS.farmManagement]: [EnabledModule.FARM_MANAGEMENT],
784
+ [RESOURCE_PATHS.packhouse]: [EnabledModule.PACKHOUSE],
785
+ [RESOURCE_PATHS.accommodation]: [EnabledModule.ACCOMMODATION],
786
+ // ── Equipment & Fleet ──────────────────────────────────────────────────────
787
+ [RESOURCE_PATHS.equipPreStart]: ALL_OPERATIONS,
788
+ [RESOURCE_PATHS.equipMaintenance]: ALL_OPERATIONS,
789
+ [RESOURCE_PATHS.equipFuelRegister]: ALL_OPERATIONS,
790
+ [RESOURCE_PATHS.equipCalibration]: AGRI_ONLY,
791
+ [RESOURCE_PATHS.equipFleet]: ALL_OPERATIONS,
792
+ // ── Safety, Quality & Compliance ──────────────────────────────────────────
793
+ [RESOURCE_PATHS.safetyAuditing]: ALL_OPERATIONS,
794
+ [RESOURCE_PATHS.safetyFood]: AGRI_ONLY,
795
+ [RESOURCE_PATHS.safetyWhs]: ALL_OPERATIONS,
796
+ [RESOURCE_PATHS.safetyCleaning]: ALL_OPERATIONS,
797
+ // ── Team & HR ──────────────────────────────────────────────────────────────
798
+ [RESOURCE_PATHS.teamStaff]: ALL_OPERATIONS,
799
+ [RESOURCE_PATHS.teamTraining]: ALL_OPERATIONS
800
+ };
751
801
  var ACCESS_RANK = {
752
802
  NONE: 0,
753
803
  READ: 1,
@@ -762,21 +812,96 @@ var ROLE_SECTIONS_BY_KEY = {
762
812
  records: [UserRole.OWNER, UserRole.MANAGER],
763
813
  adminSettings: []
764
814
  };
815
+ var EVERYONE = Object.values(UserRole);
816
+ var RESOURCE_REQUIREMENTS = {
817
+ [RESOURCE_PATHS.dashboard]: {
818
+ allowedRoles: EVERYONE
819
+ },
820
+ [RESOURCE_PATHS.operations]: {
821
+ allowedRoles: EVERYONE
822
+ },
823
+ // [RESOURCE_PATHS.equipment]: EVERYONE,
824
+ // [RESOURCE_PATHS.safety]: ALL_OPERATIONS,
825
+ // [RESOURCE_PATHS.team]: ALL_OPERATIONS,
826
+ // [RESOURCE_PATHS.records]: ALL_OPERATIONS,
827
+ // [RESOURCE_PATHS.adminSettings]: ALL_OPERATIONS,
828
+ // ── Records & Reports ──────────────────────────────────────────────────────
829
+ [RESOURCE_PATHS.documentHub]: {
830
+ allowedRoles: [UserRole.OWNER, UserRole.MANAGER, UserRole.SUPERVISOR],
831
+ requiredPrivileges: [UserPrivilege.ADMIN, UserPrivilege.AUDIT_COMPLIANCE, UserPrivilege.FINANCE, UserPrivilege.HR]
832
+ },
833
+ [RESOURCE_PATHS.documentHubTemplates]: {
834
+ allowedRoles: [UserRole.OWNER, UserRole.MANAGER, UserRole.SUPERVISOR],
835
+ requiredPrivileges: [UserPrivilege.ADMIN, UserPrivilege.AUDIT_COMPLIANCE, UserPrivilege.FINANCE, UserPrivilege.HR]
836
+ },
837
+ [RESOURCE_PATHS.documentHubFolder]: {
838
+ allowedRoles: [UserRole.OWNER, UserRole.MANAGER, UserRole.SUPERVISOR],
839
+ requiredPrivileges: [UserPrivilege.ADMIN, UserPrivilege.AUDIT_COMPLIANCE, UserPrivilege.FINANCE, UserPrivilege.HR]
840
+ },
841
+ [RESOURCE_PATHS.documentHubExtraction]: {
842
+ allowedRoles: [UserRole.OWNER, UserRole.MANAGER, UserRole.SUPERVISOR],
843
+ requiredPrivileges: [UserPrivilege.ADMIN, UserPrivilege.AUDIT_COMPLIANCE, UserPrivilege.FINANCE, UserPrivilege.HR]
844
+ },
845
+ [RESOURCE_PATHS.documentHubQueue]: {
846
+ allowedRoles: [UserRole.OWNER, UserRole.MANAGER, UserRole.SUPERVISOR],
847
+ requiredPrivileges: [UserPrivilege.ADMIN, UserPrivilege.AUDIT_COMPLIANCE, UserPrivilege.FINANCE, UserPrivilege.HR]
848
+ },
849
+ // [RESOURCE_PATHS.analytics]: ALL_OPERATIONS,
850
+ // ── Admin Settings ─────────────────────────────────────────────────────────
851
+ [RESOURCE_PATHS.adminUserRoster]: {
852
+ allowedRoles: [UserRole.OWNER],
853
+ requiredPrivileges: [UserPrivilege.ADMIN]
854
+ },
855
+ [RESOURCE_PATHS.adminBlueprintsSites]: {
856
+ allowedRoles: [UserRole.OWNER],
857
+ requiredPrivileges: [UserPrivilege.ADMIN]
858
+ },
859
+ [RESOURCE_PATHS.adminRolesPermissions]: {
860
+ allowedRoles: [UserRole.OWNER],
861
+ requiredPrivileges: [UserPrivilege.ADMIN]
862
+ },
863
+ [RESOURCE_PATHS.adminCompanySettings]: {
864
+ allowedRoles: [UserRole.OWNER]
865
+ }
866
+ // // ── Operations ────────────────────────────────────────────────────────────
867
+ // [RESOURCE_PATHS.farmManagement]: [EnabledModule.FARM_MANAGEMENT],
868
+ // [RESOURCE_PATHS.packhouse]: [EnabledModule.PACKHOUSE],
869
+ // [RESOURCE_PATHS.accommodation]: [EnabledModule.ACCOMMODATION],
870
+ // // ── Equipment & Fleet ──────────────────────────────────────────────────────
871
+ // [RESOURCE_PATHS.equipPreStart]: ALL_OPERATIONS,
872
+ // [RESOURCE_PATHS.equipMaintenance]: ALL_OPERATIONS,
873
+ // [RESOURCE_PATHS.equipFuelRegister]: ALL_OPERATIONS,
874
+ // [RESOURCE_PATHS.equipCalibration]: AGRI_ONLY,
875
+ // [RESOURCE_PATHS.equipFleet]: ALL_OPERATIONS,
876
+ // // ── Safety, Quality & Compliance ──────────────────────────────────────────
877
+ // [RESOURCE_PATHS.safetyAuditing]: ALL_OPERATIONS,
878
+ // [RESOURCE_PATHS.safetyFood]: AGRI_ONLY,
879
+ // [RESOURCE_PATHS.safetyWhs]: ALL_OPERATIONS,
880
+ // [RESOURCE_PATHS.safetyCleaning]: ALL_OPERATIONS,
881
+ // // ── Team & HR ──────────────────────────────────────────────────────────────
882
+ // [RESOURCE_PATHS.teamStaff]: ALL_OPERATIONS,
883
+ // [RESOURCE_PATHS.teamTraining]: ALL_OPERATIONS,
884
+ };
765
885
  function evaluateBaseAccess(resourcePath, session, requirements = {}) {
766
886
  if (!session?.role) return "NONE";
767
887
  if (session.role === UserRole.OWNER) return "WRITE";
888
+ const requiredModules = RESOURCE_MODULE_MAP[resourcePath] || [];
889
+ if (requiredModules.length > 0) {
890
+ const hasModule = requiredModules.some((m) => session.enabledModules?.includes(m));
891
+ if (!hasModule) return "NONE";
892
+ }
768
893
  const topLevel = resourcePath.split(".")[0];
769
894
  const defaultRoles = ROLE_SECTIONS_BY_KEY[topLevel] || [];
770
- if (requirements.module && !session.enabledModules?.includes(requirements.module)) return "NONE";
771
895
  const allowedRoles = requirements.allowedRoles?.length ? requirements.allowedRoles : defaultRoles;
772
896
  if (!allowedRoles.includes(session.role)) return "NONE";
773
897
  if (requirements.requiredPrivileges?.length) {
774
898
  const hasPrivilege = requirements.requiredPrivileges.some((p) => session.privileges?.includes(p));
775
899
  if (!hasPrivilege) return "NONE";
776
900
  }
777
- const highRoles = [UserRole.OWNER, UserRole.MANAGER];
778
- const isHighRole = highRoles.includes(session.role);
779
- return isHighRole ? "WRITE" : "READ";
901
+ return session.role === UserRole.MANAGER ? "WRITE" : "READ";
902
+ }
903
+ function resolveEffectiveAccess(base, override) {
904
+ return override === void 0 || override === null ? base : override;
780
905
  }
781
906
  async function assertTenantBoundary(db, requesterCompanyId, targets) {
782
907
  if (!requesterCompanyId) {
@@ -813,10 +938,6 @@ async function assertTenantBoundary(db, requesterCompanyId, targets) {
813
938
  }
814
939
  return true;
815
940
  }
816
- function resolveEffectiveAccess(base, override) {
817
- if (override === void 0 || override === null) return base;
818
- return override;
819
- }
820
941
  export {
821
942
  ACCESS_RANK,
822
943
  ACT,
@@ -831,6 +952,7 @@ export {
831
952
  Converter,
832
953
  CropCycleStatus,
833
954
  ERROR_DICTIONARY,
955
+ EVERYONE,
834
956
  EmitterType,
835
957
  EnabledModule,
836
958
  ErrorFactory,
@@ -847,7 +969,9 @@ export {
847
969
  OrderStatus,
848
970
  PhysicalState,
849
971
  PlantingMethod,
972
+ RESOURCE_MODULE_MAP,
850
973
  RESOURCE_PATHS,
974
+ RESOURCE_REQUIREMENTS,
851
975
  ROLE_SECTIONS_BY_KEY,
852
976
  RelationshipType,
853
977
  RowOrientation,
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@litusarchieve18/agricore-utils",
3
- "version": "1.0.6",
3
+ "version": "1.0.8",
4
4
  "description": "Canonical Backend Utility Library for AgriCore",
5
5
  "main": "./dist/index.js",
6
6
  "module": "./dist/index.mjs",