@litusarchieve18/agricore-utils 1.0.7 → 1.0.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.mts +12 -6
- package/dist/index.d.ts +12 -6
- package/dist/index.js +77 -4
- package/dist/index.mjs +75 -4
- package/package.json +1 -1
package/dist/index.d.mts
CHANGED
|
@@ -490,14 +490,21 @@ declare const RESOURCE_PATHS: {
|
|
|
490
490
|
declare const RESOURCE_MODULE_MAP: Record<string, string[]>;
|
|
491
491
|
declare const ACCESS_RANK: Record<AccessLevelType, number>;
|
|
492
492
|
declare const ROLE_SECTIONS_BY_KEY: Record<string, UserRoleType[]>;
|
|
493
|
+
interface ResourceRequirement {
|
|
494
|
+
allowedRoles?: UserRoleType[];
|
|
495
|
+
requiredPrivileges?: string[];
|
|
496
|
+
}
|
|
497
|
+
declare const EVERYONE: ("owner" | "manager" | "supervisor" | "leadingHand" | "worker")[];
|
|
498
|
+
declare const RESOURCE_REQUIREMENTS: Record<string, ResourceRequirement>;
|
|
493
499
|
declare function evaluateBaseAccess(resourcePath: string, session: {
|
|
494
500
|
role?: UserRoleType;
|
|
495
501
|
privileges?: string[];
|
|
496
502
|
enabledModules?: string[];
|
|
497
|
-
}, requirements?:
|
|
498
|
-
|
|
499
|
-
|
|
500
|
-
|
|
503
|
+
}, requirements?: ResourceRequirement): AccessLevelType;
|
|
504
|
+
/**
|
|
505
|
+
* The Judge: Overrides win over base access (Specificity principle).
|
|
506
|
+
*/
|
|
507
|
+
declare function resolveEffectiveAccess(base: AccessLevelType, override?: AccessLevelType | null): AccessLevelType;
|
|
501
508
|
/**
|
|
502
509
|
* Tenant Boundary Guard (Backend Only)
|
|
503
510
|
* Note: db is typed as 'any' here because Base44 SDK types vary,
|
|
@@ -508,6 +515,5 @@ declare function assertTenantBoundary(db: any, requesterCompanyId: string, targe
|
|
|
508
515
|
authScopeId?: string;
|
|
509
516
|
expectedScopeType?: 'company' | 'legalEntity' | 'facility';
|
|
510
517
|
}): Promise<boolean>;
|
|
511
|
-
declare function resolveEffectiveAccess(base: AccessLevelType, override?: AccessLevelType | null): AccessLevelType;
|
|
512
518
|
|
|
513
|
-
export { ACCESS_RANK, ACT, AccessLevel, type AccessLevelType, type AgriCoreSession, AgriLogger, AppError, ApprovalStatus, ApprovalType, AuditStatus, AuditType, type AuthScopeFields, type AvailableScope, CAT, type CompanyConfig, Converter, CropCycleStatus, ERROR_DICTIONARY, EmitterType, EnabledModule, ErrorFactory, FORM_REGISTRY, FacilityType, type FormMeta, HarvestMethod, type InfrastructureFields, LinkedStatus, MOD, MODULE_LABELS, MicroclimateZone, MimeType, type ModCode, NettingType, NotificationMode, OrderStatus, type PermissionLevel, PhysicalState, PlantingMethod, RESOURCE_MODULE_MAP, RESOURCE_PATHS, ROLE_SECTIONS_BY_KEY, RelationshipType, type ResolvedError, type ResourceOverrides, RowOrientation, SENTINEL_UUID, type ScopeType, SoilTexture, TASK_TYPE_REGISTRY, type TabConfig, TargetEntityType, TaskStatus, TaskType, type TaskTypeConfig, TransactionType, TrellisType, UserPrivilege, UserRole, type UserRoleType, Validator, VigorRating, WaterSource, assertCanWrite, assertTenantBoundary, buildRlsFilter, canRead, canWrite, evaluateBaseAccess, extractAppCode, generateCanonicalId, generateInfrastructureFields, getAcceptedMimeTypes, getApproveAction, getFormMeta, getFormsGroupedByModule, getTaskTypeOptions, handleAppErrorResponse, isTabVisible, isTabWritable, resolveAccess, resolveAppError, resolveEffectiveAccess, resolveError, resolveMenuVisibility, withAgriLogging };
|
|
519
|
+
export { ACCESS_RANK, ACT, AccessLevel, type AccessLevelType, type AgriCoreSession, AgriLogger, AppError, ApprovalStatus, ApprovalType, AuditStatus, AuditType, type AuthScopeFields, type AvailableScope, CAT, type CompanyConfig, Converter, CropCycleStatus, ERROR_DICTIONARY, EVERYONE, EmitterType, EnabledModule, ErrorFactory, FORM_REGISTRY, FacilityType, type FormMeta, HarvestMethod, type InfrastructureFields, LinkedStatus, MOD, MODULE_LABELS, MicroclimateZone, MimeType, type ModCode, NettingType, NotificationMode, OrderStatus, type PermissionLevel, PhysicalState, PlantingMethod, RESOURCE_MODULE_MAP, RESOURCE_PATHS, RESOURCE_REQUIREMENTS, ROLE_SECTIONS_BY_KEY, RelationshipType, type ResolvedError, type ResourceOverrides, type ResourceRequirement, RowOrientation, SENTINEL_UUID, type ScopeType, SoilTexture, TASK_TYPE_REGISTRY, type TabConfig, TargetEntityType, TaskStatus, TaskType, type TaskTypeConfig, TransactionType, TrellisType, UserPrivilege, UserRole, type UserRoleType, Validator, VigorRating, WaterSource, assertCanWrite, assertTenantBoundary, buildRlsFilter, canRead, canWrite, evaluateBaseAccess, extractAppCode, generateCanonicalId, generateInfrastructureFields, getAcceptedMimeTypes, getApproveAction, getFormMeta, getFormsGroupedByModule, getTaskTypeOptions, handleAppErrorResponse, isTabVisible, isTabWritable, resolveAccess, resolveAppError, resolveEffectiveAccess, resolveError, resolveMenuVisibility, withAgriLogging };
|
package/dist/index.d.ts
CHANGED
|
@@ -490,14 +490,21 @@ declare const RESOURCE_PATHS: {
|
|
|
490
490
|
declare const RESOURCE_MODULE_MAP: Record<string, string[]>;
|
|
491
491
|
declare const ACCESS_RANK: Record<AccessLevelType, number>;
|
|
492
492
|
declare const ROLE_SECTIONS_BY_KEY: Record<string, UserRoleType[]>;
|
|
493
|
+
interface ResourceRequirement {
|
|
494
|
+
allowedRoles?: UserRoleType[];
|
|
495
|
+
requiredPrivileges?: string[];
|
|
496
|
+
}
|
|
497
|
+
declare const EVERYONE: ("owner" | "manager" | "supervisor" | "leadingHand" | "worker")[];
|
|
498
|
+
declare const RESOURCE_REQUIREMENTS: Record<string, ResourceRequirement>;
|
|
493
499
|
declare function evaluateBaseAccess(resourcePath: string, session: {
|
|
494
500
|
role?: UserRoleType;
|
|
495
501
|
privileges?: string[];
|
|
496
502
|
enabledModules?: string[];
|
|
497
|
-
}, requirements?:
|
|
498
|
-
|
|
499
|
-
|
|
500
|
-
|
|
503
|
+
}, requirements?: ResourceRequirement): AccessLevelType;
|
|
504
|
+
/**
|
|
505
|
+
* The Judge: Overrides win over base access (Specificity principle).
|
|
506
|
+
*/
|
|
507
|
+
declare function resolveEffectiveAccess(base: AccessLevelType, override?: AccessLevelType | null): AccessLevelType;
|
|
501
508
|
/**
|
|
502
509
|
* Tenant Boundary Guard (Backend Only)
|
|
503
510
|
* Note: db is typed as 'any' here because Base44 SDK types vary,
|
|
@@ -508,6 +515,5 @@ declare function assertTenantBoundary(db: any, requesterCompanyId: string, targe
|
|
|
508
515
|
authScopeId?: string;
|
|
509
516
|
expectedScopeType?: 'company' | 'legalEntity' | 'facility';
|
|
510
517
|
}): Promise<boolean>;
|
|
511
|
-
declare function resolveEffectiveAccess(base: AccessLevelType, override?: AccessLevelType | null): AccessLevelType;
|
|
512
518
|
|
|
513
|
-
export { ACCESS_RANK, ACT, AccessLevel, type AccessLevelType, type AgriCoreSession, AgriLogger, AppError, ApprovalStatus, ApprovalType, AuditStatus, AuditType, type AuthScopeFields, type AvailableScope, CAT, type CompanyConfig, Converter, CropCycleStatus, ERROR_DICTIONARY, EmitterType, EnabledModule, ErrorFactory, FORM_REGISTRY, FacilityType, type FormMeta, HarvestMethod, type InfrastructureFields, LinkedStatus, MOD, MODULE_LABELS, MicroclimateZone, MimeType, type ModCode, NettingType, NotificationMode, OrderStatus, type PermissionLevel, PhysicalState, PlantingMethod, RESOURCE_MODULE_MAP, RESOURCE_PATHS, ROLE_SECTIONS_BY_KEY, RelationshipType, type ResolvedError, type ResourceOverrides, RowOrientation, SENTINEL_UUID, type ScopeType, SoilTexture, TASK_TYPE_REGISTRY, type TabConfig, TargetEntityType, TaskStatus, TaskType, type TaskTypeConfig, TransactionType, TrellisType, UserPrivilege, UserRole, type UserRoleType, Validator, VigorRating, WaterSource, assertCanWrite, assertTenantBoundary, buildRlsFilter, canRead, canWrite, evaluateBaseAccess, extractAppCode, generateCanonicalId, generateInfrastructureFields, getAcceptedMimeTypes, getApproveAction, getFormMeta, getFormsGroupedByModule, getTaskTypeOptions, handleAppErrorResponse, isTabVisible, isTabWritable, resolveAccess, resolveAppError, resolveEffectiveAccess, resolveError, resolveMenuVisibility, withAgriLogging };
|
|
519
|
+
export { ACCESS_RANK, ACT, AccessLevel, type AccessLevelType, type AgriCoreSession, AgriLogger, AppError, ApprovalStatus, ApprovalType, AuditStatus, AuditType, type AuthScopeFields, type AvailableScope, CAT, type CompanyConfig, Converter, CropCycleStatus, ERROR_DICTIONARY, EVERYONE, EmitterType, EnabledModule, ErrorFactory, FORM_REGISTRY, FacilityType, type FormMeta, HarvestMethod, type InfrastructureFields, LinkedStatus, MOD, MODULE_LABELS, MicroclimateZone, MimeType, type ModCode, NettingType, NotificationMode, OrderStatus, type PermissionLevel, PhysicalState, PlantingMethod, RESOURCE_MODULE_MAP, RESOURCE_PATHS, RESOURCE_REQUIREMENTS, ROLE_SECTIONS_BY_KEY, RelationshipType, type ResolvedError, type ResourceOverrides, type ResourceRequirement, RowOrientation, SENTINEL_UUID, type ScopeType, SoilTexture, TASK_TYPE_REGISTRY, type TabConfig, TargetEntityType, TaskStatus, TaskType, type TaskTypeConfig, TransactionType, TrellisType, UserPrivilege, UserRole, type UserRoleType, Validator, VigorRating, WaterSource, assertCanWrite, assertTenantBoundary, buildRlsFilter, canRead, canWrite, evaluateBaseAccess, extractAppCode, generateCanonicalId, generateInfrastructureFields, getAcceptedMimeTypes, getApproveAction, getFormMeta, getFormsGroupedByModule, getTaskTypeOptions, handleAppErrorResponse, isTabVisible, isTabWritable, resolveAccess, resolveAppError, resolveEffectiveAccess, resolveError, resolveMenuVisibility, withAgriLogging };
|
package/dist/index.js
CHANGED
|
@@ -33,6 +33,7 @@ __export(index_exports, {
|
|
|
33
33
|
Converter: () => Converter,
|
|
34
34
|
CropCycleStatus: () => CropCycleStatus,
|
|
35
35
|
ERROR_DICTIONARY: () => ERROR_DICTIONARY,
|
|
36
|
+
EVERYONE: () => EVERYONE,
|
|
36
37
|
EmitterType: () => EmitterType,
|
|
37
38
|
EnabledModule: () => EnabledModule,
|
|
38
39
|
ErrorFactory: () => ErrorFactory,
|
|
@@ -51,6 +52,7 @@ __export(index_exports, {
|
|
|
51
52
|
PlantingMethod: () => PlantingMethod,
|
|
52
53
|
RESOURCE_MODULE_MAP: () => RESOURCE_MODULE_MAP,
|
|
53
54
|
RESOURCE_PATHS: () => RESOURCE_PATHS,
|
|
55
|
+
RESOURCE_REQUIREMENTS: () => RESOURCE_REQUIREMENTS,
|
|
54
56
|
ROLE_SECTIONS_BY_KEY: () => ROLE_SECTIONS_BY_KEY,
|
|
55
57
|
RelationshipType: () => RelationshipType,
|
|
56
58
|
RowOrientation: () => RowOrientation,
|
|
@@ -907,6 +909,76 @@ var ROLE_SECTIONS_BY_KEY = {
|
|
|
907
909
|
records: [UserRole.OWNER, UserRole.MANAGER],
|
|
908
910
|
adminSettings: []
|
|
909
911
|
};
|
|
912
|
+
var EVERYONE = Object.values(UserRole);
|
|
913
|
+
var RESOURCE_REQUIREMENTS = {
|
|
914
|
+
[RESOURCE_PATHS.dashboard]: {
|
|
915
|
+
allowedRoles: EVERYONE
|
|
916
|
+
},
|
|
917
|
+
[RESOURCE_PATHS.operations]: {
|
|
918
|
+
allowedRoles: EVERYONE
|
|
919
|
+
},
|
|
920
|
+
// [RESOURCE_PATHS.equipment]: EVERYONE,
|
|
921
|
+
// [RESOURCE_PATHS.safety]: ALL_OPERATIONS,
|
|
922
|
+
// [RESOURCE_PATHS.team]: ALL_OPERATIONS,
|
|
923
|
+
// [RESOURCE_PATHS.records]: ALL_OPERATIONS,
|
|
924
|
+
// [RESOURCE_PATHS.adminSettings]: ALL_OPERATIONS,
|
|
925
|
+
// ── Records & Reports ──────────────────────────────────────────────────────
|
|
926
|
+
[RESOURCE_PATHS.documentHub]: {
|
|
927
|
+
allowedRoles: [UserRole.OWNER, UserRole.MANAGER, UserRole.SUPERVISOR],
|
|
928
|
+
requiredPrivileges: [UserPrivilege.ADMIN, UserPrivilege.AUDIT_COMPLIANCE, UserPrivilege.FINANCE, UserPrivilege.HR]
|
|
929
|
+
},
|
|
930
|
+
[RESOURCE_PATHS.documentHubTemplates]: {
|
|
931
|
+
allowedRoles: [UserRole.OWNER, UserRole.MANAGER, UserRole.SUPERVISOR],
|
|
932
|
+
requiredPrivileges: [UserPrivilege.ADMIN, UserPrivilege.AUDIT_COMPLIANCE, UserPrivilege.FINANCE, UserPrivilege.HR]
|
|
933
|
+
},
|
|
934
|
+
[RESOURCE_PATHS.documentHubFolder]: {
|
|
935
|
+
allowedRoles: [UserRole.OWNER, UserRole.MANAGER, UserRole.SUPERVISOR],
|
|
936
|
+
requiredPrivileges: [UserPrivilege.ADMIN, UserPrivilege.AUDIT_COMPLIANCE, UserPrivilege.FINANCE, UserPrivilege.HR]
|
|
937
|
+
},
|
|
938
|
+
[RESOURCE_PATHS.documentHubExtraction]: {
|
|
939
|
+
allowedRoles: [UserRole.OWNER, UserRole.MANAGER, UserRole.SUPERVISOR],
|
|
940
|
+
requiredPrivileges: [UserPrivilege.ADMIN, UserPrivilege.AUDIT_COMPLIANCE, UserPrivilege.FINANCE, UserPrivilege.HR]
|
|
941
|
+
},
|
|
942
|
+
[RESOURCE_PATHS.documentHubQueue]: {
|
|
943
|
+
allowedRoles: [UserRole.OWNER, UserRole.MANAGER, UserRole.SUPERVISOR],
|
|
944
|
+
requiredPrivileges: [UserPrivilege.ADMIN, UserPrivilege.AUDIT_COMPLIANCE, UserPrivilege.FINANCE, UserPrivilege.HR]
|
|
945
|
+
},
|
|
946
|
+
// [RESOURCE_PATHS.analytics]: ALL_OPERATIONS,
|
|
947
|
+
// ── Admin Settings ─────────────────────────────────────────────────────────
|
|
948
|
+
[RESOURCE_PATHS.adminUserRoster]: {
|
|
949
|
+
allowedRoles: [UserRole.OWNER],
|
|
950
|
+
requiredPrivileges: [UserPrivilege.ADMIN]
|
|
951
|
+
},
|
|
952
|
+
[RESOURCE_PATHS.adminBlueprintsSites]: {
|
|
953
|
+
allowedRoles: [UserRole.OWNER],
|
|
954
|
+
requiredPrivileges: [UserPrivilege.ADMIN]
|
|
955
|
+
},
|
|
956
|
+
[RESOURCE_PATHS.adminRolesPermissions]: {
|
|
957
|
+
allowedRoles: [UserRole.OWNER],
|
|
958
|
+
requiredPrivileges: [UserPrivilege.ADMIN]
|
|
959
|
+
},
|
|
960
|
+
[RESOURCE_PATHS.adminCompanySettings]: {
|
|
961
|
+
allowedRoles: [UserRole.OWNER]
|
|
962
|
+
}
|
|
963
|
+
// // ── Operations ────────────────────────────────────────────────────────────
|
|
964
|
+
// [RESOURCE_PATHS.farmManagement]: [EnabledModule.FARM_MANAGEMENT],
|
|
965
|
+
// [RESOURCE_PATHS.packhouse]: [EnabledModule.PACKHOUSE],
|
|
966
|
+
// [RESOURCE_PATHS.accommodation]: [EnabledModule.ACCOMMODATION],
|
|
967
|
+
// // ── Equipment & Fleet ──────────────────────────────────────────────────────
|
|
968
|
+
// [RESOURCE_PATHS.equipPreStart]: ALL_OPERATIONS,
|
|
969
|
+
// [RESOURCE_PATHS.equipMaintenance]: ALL_OPERATIONS,
|
|
970
|
+
// [RESOURCE_PATHS.equipFuelRegister]: ALL_OPERATIONS,
|
|
971
|
+
// [RESOURCE_PATHS.equipCalibration]: AGRI_ONLY,
|
|
972
|
+
// [RESOURCE_PATHS.equipFleet]: ALL_OPERATIONS,
|
|
973
|
+
// // ── Safety, Quality & Compliance ──────────────────────────────────────────
|
|
974
|
+
// [RESOURCE_PATHS.safetyAuditing]: ALL_OPERATIONS,
|
|
975
|
+
// [RESOURCE_PATHS.safetyFood]: AGRI_ONLY,
|
|
976
|
+
// [RESOURCE_PATHS.safetyWhs]: ALL_OPERATIONS,
|
|
977
|
+
// [RESOURCE_PATHS.safetyCleaning]: ALL_OPERATIONS,
|
|
978
|
+
// // ── Team & HR ──────────────────────────────────────────────────────────────
|
|
979
|
+
// [RESOURCE_PATHS.teamStaff]: ALL_OPERATIONS,
|
|
980
|
+
// [RESOURCE_PATHS.teamTraining]: ALL_OPERATIONS,
|
|
981
|
+
};
|
|
910
982
|
function evaluateBaseAccess(resourcePath, session, requirements = {}) {
|
|
911
983
|
if (!session?.role) return "NONE";
|
|
912
984
|
if (session.role === UserRole.OWNER) return "WRITE";
|
|
@@ -925,6 +997,9 @@ function evaluateBaseAccess(resourcePath, session, requirements = {}) {
|
|
|
925
997
|
}
|
|
926
998
|
return session.role === UserRole.MANAGER ? "WRITE" : "READ";
|
|
927
999
|
}
|
|
1000
|
+
function resolveEffectiveAccess(base, override) {
|
|
1001
|
+
return override === void 0 || override === null ? base : override;
|
|
1002
|
+
}
|
|
928
1003
|
async function assertTenantBoundary(db, requesterCompanyId, targets) {
|
|
929
1004
|
if (!requesterCompanyId) {
|
|
930
1005
|
throw ErrorFactory.internal(MOD.ADMIN, "Missing requester company context for boundary check.");
|
|
@@ -960,10 +1035,6 @@ async function assertTenantBoundary(db, requesterCompanyId, targets) {
|
|
|
960
1035
|
}
|
|
961
1036
|
return true;
|
|
962
1037
|
}
|
|
963
|
-
function resolveEffectiveAccess(base, override) {
|
|
964
|
-
if (override === void 0 || override === null) return base;
|
|
965
|
-
return override;
|
|
966
|
-
}
|
|
967
1038
|
// Annotate the CommonJS export names for ESM import in node:
|
|
968
1039
|
0 && (module.exports = {
|
|
969
1040
|
ACCESS_RANK,
|
|
@@ -979,6 +1050,7 @@ function resolveEffectiveAccess(base, override) {
|
|
|
979
1050
|
Converter,
|
|
980
1051
|
CropCycleStatus,
|
|
981
1052
|
ERROR_DICTIONARY,
|
|
1053
|
+
EVERYONE,
|
|
982
1054
|
EmitterType,
|
|
983
1055
|
EnabledModule,
|
|
984
1056
|
ErrorFactory,
|
|
@@ -997,6 +1069,7 @@ function resolveEffectiveAccess(base, override) {
|
|
|
997
1069
|
PlantingMethod,
|
|
998
1070
|
RESOURCE_MODULE_MAP,
|
|
999
1071
|
RESOURCE_PATHS,
|
|
1072
|
+
RESOURCE_REQUIREMENTS,
|
|
1000
1073
|
ROLE_SECTIONS_BY_KEY,
|
|
1001
1074
|
RelationshipType,
|
|
1002
1075
|
RowOrientation,
|
package/dist/index.mjs
CHANGED
|
@@ -812,6 +812,76 @@ var ROLE_SECTIONS_BY_KEY = {
|
|
|
812
812
|
records: [UserRole.OWNER, UserRole.MANAGER],
|
|
813
813
|
adminSettings: []
|
|
814
814
|
};
|
|
815
|
+
var EVERYONE = Object.values(UserRole);
|
|
816
|
+
var RESOURCE_REQUIREMENTS = {
|
|
817
|
+
[RESOURCE_PATHS.dashboard]: {
|
|
818
|
+
allowedRoles: EVERYONE
|
|
819
|
+
},
|
|
820
|
+
[RESOURCE_PATHS.operations]: {
|
|
821
|
+
allowedRoles: EVERYONE
|
|
822
|
+
},
|
|
823
|
+
// [RESOURCE_PATHS.equipment]: EVERYONE,
|
|
824
|
+
// [RESOURCE_PATHS.safety]: ALL_OPERATIONS,
|
|
825
|
+
// [RESOURCE_PATHS.team]: ALL_OPERATIONS,
|
|
826
|
+
// [RESOURCE_PATHS.records]: ALL_OPERATIONS,
|
|
827
|
+
// [RESOURCE_PATHS.adminSettings]: ALL_OPERATIONS,
|
|
828
|
+
// ── Records & Reports ──────────────────────────────────────────────────────
|
|
829
|
+
[RESOURCE_PATHS.documentHub]: {
|
|
830
|
+
allowedRoles: [UserRole.OWNER, UserRole.MANAGER, UserRole.SUPERVISOR],
|
|
831
|
+
requiredPrivileges: [UserPrivilege.ADMIN, UserPrivilege.AUDIT_COMPLIANCE, UserPrivilege.FINANCE, UserPrivilege.HR]
|
|
832
|
+
},
|
|
833
|
+
[RESOURCE_PATHS.documentHubTemplates]: {
|
|
834
|
+
allowedRoles: [UserRole.OWNER, UserRole.MANAGER, UserRole.SUPERVISOR],
|
|
835
|
+
requiredPrivileges: [UserPrivilege.ADMIN, UserPrivilege.AUDIT_COMPLIANCE, UserPrivilege.FINANCE, UserPrivilege.HR]
|
|
836
|
+
},
|
|
837
|
+
[RESOURCE_PATHS.documentHubFolder]: {
|
|
838
|
+
allowedRoles: [UserRole.OWNER, UserRole.MANAGER, UserRole.SUPERVISOR],
|
|
839
|
+
requiredPrivileges: [UserPrivilege.ADMIN, UserPrivilege.AUDIT_COMPLIANCE, UserPrivilege.FINANCE, UserPrivilege.HR]
|
|
840
|
+
},
|
|
841
|
+
[RESOURCE_PATHS.documentHubExtraction]: {
|
|
842
|
+
allowedRoles: [UserRole.OWNER, UserRole.MANAGER, UserRole.SUPERVISOR],
|
|
843
|
+
requiredPrivileges: [UserPrivilege.ADMIN, UserPrivilege.AUDIT_COMPLIANCE, UserPrivilege.FINANCE, UserPrivilege.HR]
|
|
844
|
+
},
|
|
845
|
+
[RESOURCE_PATHS.documentHubQueue]: {
|
|
846
|
+
allowedRoles: [UserRole.OWNER, UserRole.MANAGER, UserRole.SUPERVISOR],
|
|
847
|
+
requiredPrivileges: [UserPrivilege.ADMIN, UserPrivilege.AUDIT_COMPLIANCE, UserPrivilege.FINANCE, UserPrivilege.HR]
|
|
848
|
+
},
|
|
849
|
+
// [RESOURCE_PATHS.analytics]: ALL_OPERATIONS,
|
|
850
|
+
// ── Admin Settings ─────────────────────────────────────────────────────────
|
|
851
|
+
[RESOURCE_PATHS.adminUserRoster]: {
|
|
852
|
+
allowedRoles: [UserRole.OWNER],
|
|
853
|
+
requiredPrivileges: [UserPrivilege.ADMIN]
|
|
854
|
+
},
|
|
855
|
+
[RESOURCE_PATHS.adminBlueprintsSites]: {
|
|
856
|
+
allowedRoles: [UserRole.OWNER],
|
|
857
|
+
requiredPrivileges: [UserPrivilege.ADMIN]
|
|
858
|
+
},
|
|
859
|
+
[RESOURCE_PATHS.adminRolesPermissions]: {
|
|
860
|
+
allowedRoles: [UserRole.OWNER],
|
|
861
|
+
requiredPrivileges: [UserPrivilege.ADMIN]
|
|
862
|
+
},
|
|
863
|
+
[RESOURCE_PATHS.adminCompanySettings]: {
|
|
864
|
+
allowedRoles: [UserRole.OWNER]
|
|
865
|
+
}
|
|
866
|
+
// // ── Operations ────────────────────────────────────────────────────────────
|
|
867
|
+
// [RESOURCE_PATHS.farmManagement]: [EnabledModule.FARM_MANAGEMENT],
|
|
868
|
+
// [RESOURCE_PATHS.packhouse]: [EnabledModule.PACKHOUSE],
|
|
869
|
+
// [RESOURCE_PATHS.accommodation]: [EnabledModule.ACCOMMODATION],
|
|
870
|
+
// // ── Equipment & Fleet ──────────────────────────────────────────────────────
|
|
871
|
+
// [RESOURCE_PATHS.equipPreStart]: ALL_OPERATIONS,
|
|
872
|
+
// [RESOURCE_PATHS.equipMaintenance]: ALL_OPERATIONS,
|
|
873
|
+
// [RESOURCE_PATHS.equipFuelRegister]: ALL_OPERATIONS,
|
|
874
|
+
// [RESOURCE_PATHS.equipCalibration]: AGRI_ONLY,
|
|
875
|
+
// [RESOURCE_PATHS.equipFleet]: ALL_OPERATIONS,
|
|
876
|
+
// // ── Safety, Quality & Compliance ──────────────────────────────────────────
|
|
877
|
+
// [RESOURCE_PATHS.safetyAuditing]: ALL_OPERATIONS,
|
|
878
|
+
// [RESOURCE_PATHS.safetyFood]: AGRI_ONLY,
|
|
879
|
+
// [RESOURCE_PATHS.safetyWhs]: ALL_OPERATIONS,
|
|
880
|
+
// [RESOURCE_PATHS.safetyCleaning]: ALL_OPERATIONS,
|
|
881
|
+
// // ── Team & HR ──────────────────────────────────────────────────────────────
|
|
882
|
+
// [RESOURCE_PATHS.teamStaff]: ALL_OPERATIONS,
|
|
883
|
+
// [RESOURCE_PATHS.teamTraining]: ALL_OPERATIONS,
|
|
884
|
+
};
|
|
815
885
|
function evaluateBaseAccess(resourcePath, session, requirements = {}) {
|
|
816
886
|
if (!session?.role) return "NONE";
|
|
817
887
|
if (session.role === UserRole.OWNER) return "WRITE";
|
|
@@ -830,6 +900,9 @@ function evaluateBaseAccess(resourcePath, session, requirements = {}) {
|
|
|
830
900
|
}
|
|
831
901
|
return session.role === UserRole.MANAGER ? "WRITE" : "READ";
|
|
832
902
|
}
|
|
903
|
+
function resolveEffectiveAccess(base, override) {
|
|
904
|
+
return override === void 0 || override === null ? base : override;
|
|
905
|
+
}
|
|
833
906
|
async function assertTenantBoundary(db, requesterCompanyId, targets) {
|
|
834
907
|
if (!requesterCompanyId) {
|
|
835
908
|
throw ErrorFactory.internal(MOD.ADMIN, "Missing requester company context for boundary check.");
|
|
@@ -865,10 +938,6 @@ async function assertTenantBoundary(db, requesterCompanyId, targets) {
|
|
|
865
938
|
}
|
|
866
939
|
return true;
|
|
867
940
|
}
|
|
868
|
-
function resolveEffectiveAccess(base, override) {
|
|
869
|
-
if (override === void 0 || override === null) return base;
|
|
870
|
-
return override;
|
|
871
|
-
}
|
|
872
941
|
export {
|
|
873
942
|
ACCESS_RANK,
|
|
874
943
|
ACT,
|
|
@@ -883,6 +952,7 @@ export {
|
|
|
883
952
|
Converter,
|
|
884
953
|
CropCycleStatus,
|
|
885
954
|
ERROR_DICTIONARY,
|
|
955
|
+
EVERYONE,
|
|
886
956
|
EmitterType,
|
|
887
957
|
EnabledModule,
|
|
888
958
|
ErrorFactory,
|
|
@@ -901,6 +971,7 @@ export {
|
|
|
901
971
|
PlantingMethod,
|
|
902
972
|
RESOURCE_MODULE_MAP,
|
|
903
973
|
RESOURCE_PATHS,
|
|
974
|
+
RESOURCE_REQUIREMENTS,
|
|
904
975
|
ROLE_SECTIONS_BY_KEY,
|
|
905
976
|
RelationshipType,
|
|
906
977
|
RowOrientation,
|