@litusarchieve18/agricore-utils 1.0.7 → 1.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.d.mts CHANGED
@@ -490,14 +490,21 @@ declare const RESOURCE_PATHS: {
490
490
  declare const RESOURCE_MODULE_MAP: Record<string, string[]>;
491
491
  declare const ACCESS_RANK: Record<AccessLevelType, number>;
492
492
  declare const ROLE_SECTIONS_BY_KEY: Record<string, UserRoleType[]>;
493
+ interface ResourceRequirement {
494
+ allowedRoles?: UserRoleType[];
495
+ requiredPrivileges?: string[];
496
+ }
497
+ declare const EVERYONE: ("owner" | "manager" | "supervisor" | "leadingHand" | "worker")[];
498
+ declare const RESOURCE_REQUIREMENTS: Record<string, ResourceRequirement>;
493
499
  declare function evaluateBaseAccess(resourcePath: string, session: {
494
500
  role?: UserRoleType;
495
501
  privileges?: string[];
496
502
  enabledModules?: string[];
497
- }, requirements?: {
498
- allowedRoles?: UserRoleType[];
499
- requiredPrivileges?: string[];
500
- }): AccessLevelType;
503
+ }, requirements?: ResourceRequirement): AccessLevelType;
504
+ /**
505
+ * The Judge: Overrides win over base access (Specificity principle).
506
+ */
507
+ declare function resolveEffectiveAccess(base: AccessLevelType, override?: AccessLevelType | null): AccessLevelType;
501
508
  /**
502
509
  * Tenant Boundary Guard (Backend Only)
503
510
  * Note: db is typed as 'any' here because Base44 SDK types vary,
@@ -508,6 +515,5 @@ declare function assertTenantBoundary(db: any, requesterCompanyId: string, targe
508
515
  authScopeId?: string;
509
516
  expectedScopeType?: 'company' | 'legalEntity' | 'facility';
510
517
  }): Promise<boolean>;
511
- declare function resolveEffectiveAccess(base: AccessLevelType, override?: AccessLevelType | null): AccessLevelType;
512
518
 
513
- export { ACCESS_RANK, ACT, AccessLevel, type AccessLevelType, type AgriCoreSession, AgriLogger, AppError, ApprovalStatus, ApprovalType, AuditStatus, AuditType, type AuthScopeFields, type AvailableScope, CAT, type CompanyConfig, Converter, CropCycleStatus, ERROR_DICTIONARY, EmitterType, EnabledModule, ErrorFactory, FORM_REGISTRY, FacilityType, type FormMeta, HarvestMethod, type InfrastructureFields, LinkedStatus, MOD, MODULE_LABELS, MicroclimateZone, MimeType, type ModCode, NettingType, NotificationMode, OrderStatus, type PermissionLevel, PhysicalState, PlantingMethod, RESOURCE_MODULE_MAP, RESOURCE_PATHS, ROLE_SECTIONS_BY_KEY, RelationshipType, type ResolvedError, type ResourceOverrides, RowOrientation, SENTINEL_UUID, type ScopeType, SoilTexture, TASK_TYPE_REGISTRY, type TabConfig, TargetEntityType, TaskStatus, TaskType, type TaskTypeConfig, TransactionType, TrellisType, UserPrivilege, UserRole, type UserRoleType, Validator, VigorRating, WaterSource, assertCanWrite, assertTenantBoundary, buildRlsFilter, canRead, canWrite, evaluateBaseAccess, extractAppCode, generateCanonicalId, generateInfrastructureFields, getAcceptedMimeTypes, getApproveAction, getFormMeta, getFormsGroupedByModule, getTaskTypeOptions, handleAppErrorResponse, isTabVisible, isTabWritable, resolveAccess, resolveAppError, resolveEffectiveAccess, resolveError, resolveMenuVisibility, withAgriLogging };
519
+ export { ACCESS_RANK, ACT, AccessLevel, type AccessLevelType, type AgriCoreSession, AgriLogger, AppError, ApprovalStatus, ApprovalType, AuditStatus, AuditType, type AuthScopeFields, type AvailableScope, CAT, type CompanyConfig, Converter, CropCycleStatus, ERROR_DICTIONARY, EVERYONE, EmitterType, EnabledModule, ErrorFactory, FORM_REGISTRY, FacilityType, type FormMeta, HarvestMethod, type InfrastructureFields, LinkedStatus, MOD, MODULE_LABELS, MicroclimateZone, MimeType, type ModCode, NettingType, NotificationMode, OrderStatus, type PermissionLevel, PhysicalState, PlantingMethod, RESOURCE_MODULE_MAP, RESOURCE_PATHS, RESOURCE_REQUIREMENTS, ROLE_SECTIONS_BY_KEY, RelationshipType, type ResolvedError, type ResourceOverrides, type ResourceRequirement, RowOrientation, SENTINEL_UUID, type ScopeType, SoilTexture, TASK_TYPE_REGISTRY, type TabConfig, TargetEntityType, TaskStatus, TaskType, type TaskTypeConfig, TransactionType, TrellisType, UserPrivilege, UserRole, type UserRoleType, Validator, VigorRating, WaterSource, assertCanWrite, assertTenantBoundary, buildRlsFilter, canRead, canWrite, evaluateBaseAccess, extractAppCode, generateCanonicalId, generateInfrastructureFields, getAcceptedMimeTypes, getApproveAction, getFormMeta, getFormsGroupedByModule, getTaskTypeOptions, handleAppErrorResponse, isTabVisible, isTabWritable, resolveAccess, resolveAppError, resolveEffectiveAccess, resolveError, resolveMenuVisibility, withAgriLogging };
package/dist/index.d.ts CHANGED
@@ -490,14 +490,21 @@ declare const RESOURCE_PATHS: {
490
490
  declare const RESOURCE_MODULE_MAP: Record<string, string[]>;
491
491
  declare const ACCESS_RANK: Record<AccessLevelType, number>;
492
492
  declare const ROLE_SECTIONS_BY_KEY: Record<string, UserRoleType[]>;
493
+ interface ResourceRequirement {
494
+ allowedRoles?: UserRoleType[];
495
+ requiredPrivileges?: string[];
496
+ }
497
+ declare const EVERYONE: ("owner" | "manager" | "supervisor" | "leadingHand" | "worker")[];
498
+ declare const RESOURCE_REQUIREMENTS: Record<string, ResourceRequirement>;
493
499
  declare function evaluateBaseAccess(resourcePath: string, session: {
494
500
  role?: UserRoleType;
495
501
  privileges?: string[];
496
502
  enabledModules?: string[];
497
- }, requirements?: {
498
- allowedRoles?: UserRoleType[];
499
- requiredPrivileges?: string[];
500
- }): AccessLevelType;
503
+ }, requirements?: ResourceRequirement): AccessLevelType;
504
+ /**
505
+ * The Judge: Overrides win over base access (Specificity principle).
506
+ */
507
+ declare function resolveEffectiveAccess(base: AccessLevelType, override?: AccessLevelType | null): AccessLevelType;
501
508
  /**
502
509
  * Tenant Boundary Guard (Backend Only)
503
510
  * Note: db is typed as 'any' here because Base44 SDK types vary,
@@ -508,6 +515,5 @@ declare function assertTenantBoundary(db: any, requesterCompanyId: string, targe
508
515
  authScopeId?: string;
509
516
  expectedScopeType?: 'company' | 'legalEntity' | 'facility';
510
517
  }): Promise<boolean>;
511
- declare function resolveEffectiveAccess(base: AccessLevelType, override?: AccessLevelType | null): AccessLevelType;
512
518
 
513
- export { ACCESS_RANK, ACT, AccessLevel, type AccessLevelType, type AgriCoreSession, AgriLogger, AppError, ApprovalStatus, ApprovalType, AuditStatus, AuditType, type AuthScopeFields, type AvailableScope, CAT, type CompanyConfig, Converter, CropCycleStatus, ERROR_DICTIONARY, EmitterType, EnabledModule, ErrorFactory, FORM_REGISTRY, FacilityType, type FormMeta, HarvestMethod, type InfrastructureFields, LinkedStatus, MOD, MODULE_LABELS, MicroclimateZone, MimeType, type ModCode, NettingType, NotificationMode, OrderStatus, type PermissionLevel, PhysicalState, PlantingMethod, RESOURCE_MODULE_MAP, RESOURCE_PATHS, ROLE_SECTIONS_BY_KEY, RelationshipType, type ResolvedError, type ResourceOverrides, RowOrientation, SENTINEL_UUID, type ScopeType, SoilTexture, TASK_TYPE_REGISTRY, type TabConfig, TargetEntityType, TaskStatus, TaskType, type TaskTypeConfig, TransactionType, TrellisType, UserPrivilege, UserRole, type UserRoleType, Validator, VigorRating, WaterSource, assertCanWrite, assertTenantBoundary, buildRlsFilter, canRead, canWrite, evaluateBaseAccess, extractAppCode, generateCanonicalId, generateInfrastructureFields, getAcceptedMimeTypes, getApproveAction, getFormMeta, getFormsGroupedByModule, getTaskTypeOptions, handleAppErrorResponse, isTabVisible, isTabWritable, resolveAccess, resolveAppError, resolveEffectiveAccess, resolveError, resolveMenuVisibility, withAgriLogging };
519
+ export { ACCESS_RANK, ACT, AccessLevel, type AccessLevelType, type AgriCoreSession, AgriLogger, AppError, ApprovalStatus, ApprovalType, AuditStatus, AuditType, type AuthScopeFields, type AvailableScope, CAT, type CompanyConfig, Converter, CropCycleStatus, ERROR_DICTIONARY, EVERYONE, EmitterType, EnabledModule, ErrorFactory, FORM_REGISTRY, FacilityType, type FormMeta, HarvestMethod, type InfrastructureFields, LinkedStatus, MOD, MODULE_LABELS, MicroclimateZone, MimeType, type ModCode, NettingType, NotificationMode, OrderStatus, type PermissionLevel, PhysicalState, PlantingMethod, RESOURCE_MODULE_MAP, RESOURCE_PATHS, RESOURCE_REQUIREMENTS, ROLE_SECTIONS_BY_KEY, RelationshipType, type ResolvedError, type ResourceOverrides, type ResourceRequirement, RowOrientation, SENTINEL_UUID, type ScopeType, SoilTexture, TASK_TYPE_REGISTRY, type TabConfig, TargetEntityType, TaskStatus, TaskType, type TaskTypeConfig, TransactionType, TrellisType, UserPrivilege, UserRole, type UserRoleType, Validator, VigorRating, WaterSource, assertCanWrite, assertTenantBoundary, buildRlsFilter, canRead, canWrite, evaluateBaseAccess, extractAppCode, generateCanonicalId, generateInfrastructureFields, getAcceptedMimeTypes, getApproveAction, getFormMeta, getFormsGroupedByModule, getTaskTypeOptions, handleAppErrorResponse, isTabVisible, isTabWritable, resolveAccess, resolveAppError, resolveEffectiveAccess, resolveError, resolveMenuVisibility, withAgriLogging };
package/dist/index.js CHANGED
@@ -33,6 +33,7 @@ __export(index_exports, {
33
33
  Converter: () => Converter,
34
34
  CropCycleStatus: () => CropCycleStatus,
35
35
  ERROR_DICTIONARY: () => ERROR_DICTIONARY,
36
+ EVERYONE: () => EVERYONE,
36
37
  EmitterType: () => EmitterType,
37
38
  EnabledModule: () => EnabledModule,
38
39
  ErrorFactory: () => ErrorFactory,
@@ -51,6 +52,7 @@ __export(index_exports, {
51
52
  PlantingMethod: () => PlantingMethod,
52
53
  RESOURCE_MODULE_MAP: () => RESOURCE_MODULE_MAP,
53
54
  RESOURCE_PATHS: () => RESOURCE_PATHS,
55
+ RESOURCE_REQUIREMENTS: () => RESOURCE_REQUIREMENTS,
54
56
  ROLE_SECTIONS_BY_KEY: () => ROLE_SECTIONS_BY_KEY,
55
57
  RelationshipType: () => RelationshipType,
56
58
  RowOrientation: () => RowOrientation,
@@ -907,6 +909,76 @@ var ROLE_SECTIONS_BY_KEY = {
907
909
  records: [UserRole.OWNER, UserRole.MANAGER],
908
910
  adminSettings: []
909
911
  };
912
+ var EVERYONE = Object.values(UserRole);
913
+ var RESOURCE_REQUIREMENTS = {
914
+ [RESOURCE_PATHS.dashboard]: {
915
+ allowedRoles: EVERYONE
916
+ },
917
+ [RESOURCE_PATHS.operations]: {
918
+ allowedRoles: EVERYONE
919
+ },
920
+ // [RESOURCE_PATHS.equipment]: EVERYONE,
921
+ // [RESOURCE_PATHS.safety]: ALL_OPERATIONS,
922
+ // [RESOURCE_PATHS.team]: ALL_OPERATIONS,
923
+ // [RESOURCE_PATHS.records]: ALL_OPERATIONS,
924
+ // [RESOURCE_PATHS.adminSettings]: ALL_OPERATIONS,
925
+ // ── Records & Reports ──────────────────────────────────────────────────────
926
+ [RESOURCE_PATHS.documentHub]: {
927
+ allowedRoles: [UserRole.OWNER, UserRole.MANAGER, UserRole.SUPERVISOR],
928
+ requiredPrivileges: [UserPrivilege.ADMIN, UserPrivilege.AUDIT_COMPLIANCE, UserPrivilege.FINANCE, UserPrivilege.HR]
929
+ },
930
+ [RESOURCE_PATHS.documentHubTemplates]: {
931
+ allowedRoles: [UserRole.OWNER, UserRole.MANAGER, UserRole.SUPERVISOR],
932
+ requiredPrivileges: [UserPrivilege.ADMIN, UserPrivilege.AUDIT_COMPLIANCE, UserPrivilege.FINANCE, UserPrivilege.HR]
933
+ },
934
+ [RESOURCE_PATHS.documentHubFolder]: {
935
+ allowedRoles: [UserRole.OWNER, UserRole.MANAGER, UserRole.SUPERVISOR],
936
+ requiredPrivileges: [UserPrivilege.ADMIN, UserPrivilege.AUDIT_COMPLIANCE, UserPrivilege.FINANCE, UserPrivilege.HR]
937
+ },
938
+ [RESOURCE_PATHS.documentHubExtraction]: {
939
+ allowedRoles: [UserRole.OWNER, UserRole.MANAGER, UserRole.SUPERVISOR],
940
+ requiredPrivileges: [UserPrivilege.ADMIN, UserPrivilege.AUDIT_COMPLIANCE, UserPrivilege.FINANCE, UserPrivilege.HR]
941
+ },
942
+ [RESOURCE_PATHS.documentHubQueue]: {
943
+ allowedRoles: [UserRole.OWNER, UserRole.MANAGER, UserRole.SUPERVISOR],
944
+ requiredPrivileges: [UserPrivilege.ADMIN, UserPrivilege.AUDIT_COMPLIANCE, UserPrivilege.FINANCE, UserPrivilege.HR]
945
+ },
946
+ // [RESOURCE_PATHS.analytics]: ALL_OPERATIONS,
947
+ // ── Admin Settings ─────────────────────────────────────────────────────────
948
+ [RESOURCE_PATHS.adminUserRoster]: {
949
+ allowedRoles: [UserRole.OWNER],
950
+ requiredPrivileges: [UserPrivilege.ADMIN]
951
+ },
952
+ [RESOURCE_PATHS.adminBlueprintsSites]: {
953
+ allowedRoles: [UserRole.OWNER],
954
+ requiredPrivileges: [UserPrivilege.ADMIN]
955
+ },
956
+ [RESOURCE_PATHS.adminRolesPermissions]: {
957
+ allowedRoles: [UserRole.OWNER],
958
+ requiredPrivileges: [UserPrivilege.ADMIN]
959
+ },
960
+ [RESOURCE_PATHS.adminCompanySettings]: {
961
+ allowedRoles: [UserRole.OWNER]
962
+ }
963
+ // // ── Operations ────────────────────────────────────────────────────────────
964
+ // [RESOURCE_PATHS.farmManagement]: [EnabledModule.FARM_MANAGEMENT],
965
+ // [RESOURCE_PATHS.packhouse]: [EnabledModule.PACKHOUSE],
966
+ // [RESOURCE_PATHS.accommodation]: [EnabledModule.ACCOMMODATION],
967
+ // // ── Equipment & Fleet ──────────────────────────────────────────────────────
968
+ // [RESOURCE_PATHS.equipPreStart]: ALL_OPERATIONS,
969
+ // [RESOURCE_PATHS.equipMaintenance]: ALL_OPERATIONS,
970
+ // [RESOURCE_PATHS.equipFuelRegister]: ALL_OPERATIONS,
971
+ // [RESOURCE_PATHS.equipCalibration]: AGRI_ONLY,
972
+ // [RESOURCE_PATHS.equipFleet]: ALL_OPERATIONS,
973
+ // // ── Safety, Quality & Compliance ──────────────────────────────────────────
974
+ // [RESOURCE_PATHS.safetyAuditing]: ALL_OPERATIONS,
975
+ // [RESOURCE_PATHS.safetyFood]: AGRI_ONLY,
976
+ // [RESOURCE_PATHS.safetyWhs]: ALL_OPERATIONS,
977
+ // [RESOURCE_PATHS.safetyCleaning]: ALL_OPERATIONS,
978
+ // // ── Team & HR ──────────────────────────────────────────────────────────────
979
+ // [RESOURCE_PATHS.teamStaff]: ALL_OPERATIONS,
980
+ // [RESOURCE_PATHS.teamTraining]: ALL_OPERATIONS,
981
+ };
910
982
  function evaluateBaseAccess(resourcePath, session, requirements = {}) {
911
983
  if (!session?.role) return "NONE";
912
984
  if (session.role === UserRole.OWNER) return "WRITE";
@@ -925,6 +997,9 @@ function evaluateBaseAccess(resourcePath, session, requirements = {}) {
925
997
  }
926
998
  return session.role === UserRole.MANAGER ? "WRITE" : "READ";
927
999
  }
1000
+ function resolveEffectiveAccess(base, override) {
1001
+ return override === void 0 || override === null ? base : override;
1002
+ }
928
1003
  async function assertTenantBoundary(db, requesterCompanyId, targets) {
929
1004
  if (!requesterCompanyId) {
930
1005
  throw ErrorFactory.internal(MOD.ADMIN, "Missing requester company context for boundary check.");
@@ -960,10 +1035,6 @@ async function assertTenantBoundary(db, requesterCompanyId, targets) {
960
1035
  }
961
1036
  return true;
962
1037
  }
963
- function resolveEffectiveAccess(base, override) {
964
- if (override === void 0 || override === null) return base;
965
- return override;
966
- }
967
1038
  // Annotate the CommonJS export names for ESM import in node:
968
1039
  0 && (module.exports = {
969
1040
  ACCESS_RANK,
@@ -979,6 +1050,7 @@ function resolveEffectiveAccess(base, override) {
979
1050
  Converter,
980
1051
  CropCycleStatus,
981
1052
  ERROR_DICTIONARY,
1053
+ EVERYONE,
982
1054
  EmitterType,
983
1055
  EnabledModule,
984
1056
  ErrorFactory,
@@ -997,6 +1069,7 @@ function resolveEffectiveAccess(base, override) {
997
1069
  PlantingMethod,
998
1070
  RESOURCE_MODULE_MAP,
999
1071
  RESOURCE_PATHS,
1072
+ RESOURCE_REQUIREMENTS,
1000
1073
  ROLE_SECTIONS_BY_KEY,
1001
1074
  RelationshipType,
1002
1075
  RowOrientation,
package/dist/index.mjs CHANGED
@@ -812,6 +812,76 @@ var ROLE_SECTIONS_BY_KEY = {
812
812
  records: [UserRole.OWNER, UserRole.MANAGER],
813
813
  adminSettings: []
814
814
  };
815
+ var EVERYONE = Object.values(UserRole);
816
+ var RESOURCE_REQUIREMENTS = {
817
+ [RESOURCE_PATHS.dashboard]: {
818
+ allowedRoles: EVERYONE
819
+ },
820
+ [RESOURCE_PATHS.operations]: {
821
+ allowedRoles: EVERYONE
822
+ },
823
+ // [RESOURCE_PATHS.equipment]: EVERYONE,
824
+ // [RESOURCE_PATHS.safety]: ALL_OPERATIONS,
825
+ // [RESOURCE_PATHS.team]: ALL_OPERATIONS,
826
+ // [RESOURCE_PATHS.records]: ALL_OPERATIONS,
827
+ // [RESOURCE_PATHS.adminSettings]: ALL_OPERATIONS,
828
+ // ── Records & Reports ──────────────────────────────────────────────────────
829
+ [RESOURCE_PATHS.documentHub]: {
830
+ allowedRoles: [UserRole.OWNER, UserRole.MANAGER, UserRole.SUPERVISOR],
831
+ requiredPrivileges: [UserPrivilege.ADMIN, UserPrivilege.AUDIT_COMPLIANCE, UserPrivilege.FINANCE, UserPrivilege.HR]
832
+ },
833
+ [RESOURCE_PATHS.documentHubTemplates]: {
834
+ allowedRoles: [UserRole.OWNER, UserRole.MANAGER, UserRole.SUPERVISOR],
835
+ requiredPrivileges: [UserPrivilege.ADMIN, UserPrivilege.AUDIT_COMPLIANCE, UserPrivilege.FINANCE, UserPrivilege.HR]
836
+ },
837
+ [RESOURCE_PATHS.documentHubFolder]: {
838
+ allowedRoles: [UserRole.OWNER, UserRole.MANAGER, UserRole.SUPERVISOR],
839
+ requiredPrivileges: [UserPrivilege.ADMIN, UserPrivilege.AUDIT_COMPLIANCE, UserPrivilege.FINANCE, UserPrivilege.HR]
840
+ },
841
+ [RESOURCE_PATHS.documentHubExtraction]: {
842
+ allowedRoles: [UserRole.OWNER, UserRole.MANAGER, UserRole.SUPERVISOR],
843
+ requiredPrivileges: [UserPrivilege.ADMIN, UserPrivilege.AUDIT_COMPLIANCE, UserPrivilege.FINANCE, UserPrivilege.HR]
844
+ },
845
+ [RESOURCE_PATHS.documentHubQueue]: {
846
+ allowedRoles: [UserRole.OWNER, UserRole.MANAGER, UserRole.SUPERVISOR],
847
+ requiredPrivileges: [UserPrivilege.ADMIN, UserPrivilege.AUDIT_COMPLIANCE, UserPrivilege.FINANCE, UserPrivilege.HR]
848
+ },
849
+ // [RESOURCE_PATHS.analytics]: ALL_OPERATIONS,
850
+ // ── Admin Settings ─────────────────────────────────────────────────────────
851
+ [RESOURCE_PATHS.adminUserRoster]: {
852
+ allowedRoles: [UserRole.OWNER],
853
+ requiredPrivileges: [UserPrivilege.ADMIN]
854
+ },
855
+ [RESOURCE_PATHS.adminBlueprintsSites]: {
856
+ allowedRoles: [UserRole.OWNER],
857
+ requiredPrivileges: [UserPrivilege.ADMIN]
858
+ },
859
+ [RESOURCE_PATHS.adminRolesPermissions]: {
860
+ allowedRoles: [UserRole.OWNER],
861
+ requiredPrivileges: [UserPrivilege.ADMIN]
862
+ },
863
+ [RESOURCE_PATHS.adminCompanySettings]: {
864
+ allowedRoles: [UserRole.OWNER]
865
+ }
866
+ // // ── Operations ────────────────────────────────────────────────────────────
867
+ // [RESOURCE_PATHS.farmManagement]: [EnabledModule.FARM_MANAGEMENT],
868
+ // [RESOURCE_PATHS.packhouse]: [EnabledModule.PACKHOUSE],
869
+ // [RESOURCE_PATHS.accommodation]: [EnabledModule.ACCOMMODATION],
870
+ // // ── Equipment & Fleet ──────────────────────────────────────────────────────
871
+ // [RESOURCE_PATHS.equipPreStart]: ALL_OPERATIONS,
872
+ // [RESOURCE_PATHS.equipMaintenance]: ALL_OPERATIONS,
873
+ // [RESOURCE_PATHS.equipFuelRegister]: ALL_OPERATIONS,
874
+ // [RESOURCE_PATHS.equipCalibration]: AGRI_ONLY,
875
+ // [RESOURCE_PATHS.equipFleet]: ALL_OPERATIONS,
876
+ // // ── Safety, Quality & Compliance ──────────────────────────────────────────
877
+ // [RESOURCE_PATHS.safetyAuditing]: ALL_OPERATIONS,
878
+ // [RESOURCE_PATHS.safetyFood]: AGRI_ONLY,
879
+ // [RESOURCE_PATHS.safetyWhs]: ALL_OPERATIONS,
880
+ // [RESOURCE_PATHS.safetyCleaning]: ALL_OPERATIONS,
881
+ // // ── Team & HR ──────────────────────────────────────────────────────────────
882
+ // [RESOURCE_PATHS.teamStaff]: ALL_OPERATIONS,
883
+ // [RESOURCE_PATHS.teamTraining]: ALL_OPERATIONS,
884
+ };
815
885
  function evaluateBaseAccess(resourcePath, session, requirements = {}) {
816
886
  if (!session?.role) return "NONE";
817
887
  if (session.role === UserRole.OWNER) return "WRITE";
@@ -830,6 +900,9 @@ function evaluateBaseAccess(resourcePath, session, requirements = {}) {
830
900
  }
831
901
  return session.role === UserRole.MANAGER ? "WRITE" : "READ";
832
902
  }
903
+ function resolveEffectiveAccess(base, override) {
904
+ return override === void 0 || override === null ? base : override;
905
+ }
833
906
  async function assertTenantBoundary(db, requesterCompanyId, targets) {
834
907
  if (!requesterCompanyId) {
835
908
  throw ErrorFactory.internal(MOD.ADMIN, "Missing requester company context for boundary check.");
@@ -865,10 +938,6 @@ async function assertTenantBoundary(db, requesterCompanyId, targets) {
865
938
  }
866
939
  return true;
867
940
  }
868
- function resolveEffectiveAccess(base, override) {
869
- if (override === void 0 || override === null) return base;
870
- return override;
871
- }
872
941
  export {
873
942
  ACCESS_RANK,
874
943
  ACT,
@@ -883,6 +952,7 @@ export {
883
952
  Converter,
884
953
  CropCycleStatus,
885
954
  ERROR_DICTIONARY,
955
+ EVERYONE,
886
956
  EmitterType,
887
957
  EnabledModule,
888
958
  ErrorFactory,
@@ -901,6 +971,7 @@ export {
901
971
  PlantingMethod,
902
972
  RESOURCE_MODULE_MAP,
903
973
  RESOURCE_PATHS,
974
+ RESOURCE_REQUIREMENTS,
904
975
  ROLE_SECTIONS_BY_KEY,
905
976
  RelationshipType,
906
977
  RowOrientation,
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@litusarchieve18/agricore-utils",
3
- "version": "1.0.7",
3
+ "version": "1.0.8",
4
4
  "description": "Canonical Backend Utility Library for AgriCore",
5
5
  "main": "./dist/index.js",
6
6
  "module": "./dist/index.mjs",