@m5kdev/backend 0.1.1 → 0.1.3

package/dist/src/modules/base/base.dto.js

@@ -0,0 +1,112 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.deleteManyOutput = exports.deleteOutput = exports.scheduleManyOutput = exports.scheduleOutput = exports.uuidManyOutput = exports.uuidOutput = exports.getTableColumns = exports.createTableSelectSchema = void 0;
+exports.toZodFilter = toZodFilter;
+exports.pickSchema = pickSchema;
+exports.pickTableSchema = pickTableSchema;
+exports.omitSchema = omitSchema;
+exports.omitTableSchema = omitTableSchema;
+exports.pickColumns = pickColumns;
+exports.pickTableColumns = pickTableColumns;
+exports.omitTableColumns = omitTableColumns;
+exports.createSelectDTO = createSelectDTO;
+exports.createSelectUtils = createSelectUtils;
+const drizzle_orm_1 = require("drizzle-orm");
+Object.defineProperty(exports, "getTableColumns", { enumerable: true, get: function () { return drizzle_orm_1.getTableColumns; } });
+const drizzle_zod_1 = require("drizzle-zod");
+const zod_1 = require("zod");
+// Wrapper to force the drizzle-zod overload to the Table version
+const createTableSelectSchema = (table) => (0, drizzle_zod_1.createSelectSchema)(table);
+exports.createTableSelectSchema = createTableSelectSchema;
+function toZodFilter(array) {
+    return array.reduce((acc, column) => {
+        acc[column] = true;
+        return acc;
+    }, {});
+}
+function pickSchema(schema, keys) {
+    const mask = {};
+    for (const k of keys) {
+        mask[k] = true;
+    }
+    return schema.pick(mask);
+}
+function pickTableSchema(table, columns) {
+    return pickSchema((0, drizzle_zod_1.createSelectSchema)(table), columns);
+}
+function omitSchema(schema, keys) {
+    const mask = {};
+    for (const k of keys) {
+        mask[k] = true;
+    }
+    return schema.omit(mask);
+}
+function omitTableSchema(table, columns) {
+    return omitSchema((0, drizzle_zod_1.createSelectSchema)(table), columns);
+}
+function pickColumns(table, schema) {
+    const allColumns = (0, drizzle_orm_1.getTableColumns)(table);
+    const schemaKeys = Object.keys(schema.shape);
+    const result = {};
+    for (const key of schemaKeys) {
+        if (key in allColumns) {
+            result[key] = allColumns[key];
+        }
+    }
+    return result;
+}
+function pickTableColumns(table, columns) {
+    const allColumns = (0, drizzle_orm_1.getTableColumns)(table);
+    const result = {};
+    for (const key of columns) {
+        if (key in allColumns) {
+            result[key] = allColumns[key];
+        }
+    }
+    return result;
+}
+function omitTableColumns(table, columns) {
+    const allColumns = (0, drizzle_orm_1.getTableColumns)(table);
+    const columnsToOmit = new Set(columns);
+    const filteredEntries = Object.entries(allColumns).filter(([key]) => !columnsToOmit.has(key));
+    return Object.fromEntries(filteredEntries);
+}
+// Implementation
+function createSelectDTO(table, partial) {
+    if (partial) {
+        if ("omit" in partial && partial.omit) {
+            return {
+                columns: omitTableColumns(table, partial.omit),
+                schema: omitTableSchema(table, partial.omit),
+            };
+        }
+        if ("pick" in partial && partial.pick) {
+            return {
+                columns: pickTableColumns(table, partial.pick),
+                schema: pickTableSchema(table, partial.pick),
+            };
+        }
+    }
+    return { columns: (0, drizzle_orm_1.getTableColumns)(table), schema: (0, exports.createTableSelectSchema)(table) };
+}
+function createSelectUtils(dtos, output, transformer) {
+    return {
+        select: Object.fromEntries(Object.entries(dtos).map(([key, dto]) => [key, dto.columns])),
+        output,
+        transformer,
+    };
+}
+exports.uuidOutput = zod_1.z.object({
+    id: zod_1.z.uuid(),
+});
+exports.uuidManyOutput = zod_1.z.object({
+    ids: zod_1.z.array(zod_1.z.uuid()),
+});
+exports.scheduleOutput = zod_1.z.object({
+    jobId: zod_1.z.string(),
+});
+exports.scheduleManyOutput = zod_1.z.object({
+    jobIds: zod_1.z.array(zod_1.z.string()),
+});
+exports.deleteOutput = exports.uuidOutput;
+exports.deleteManyOutput = exports.uuidManyOutput;

package/dist/src/modules/base/base.grants.js

@@ -0,0 +1,123 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.flattenNestedGrants = flattenNestedGrants;
+exports.checkPermissionSync = checkPermissionSync;
+exports.checkPermissionAsync = checkPermissionAsync;
+const neverthrow_1 = require("neverthrow");
+function flattenNestedGrants(nestedGrants) {
+    return Object.entries(nestedGrants).flatMap(([resource, levels]) => {
+        return Object.entries(levels).flatMap(([level, roles]) => {
+            return Object.entries(roles).flatMap(([role, actions]) => {
+                return Object.entries(actions).map(([action, access]) => {
+                    return {
+                        resource,
+                        level: level,
+                        role,
+                        action,
+                        access,
+                    };
+                });
+            });
+        });
+    });
+}
+function checkOwnership(entityField, contextValue, entities) {
+    if (!contextValue)
+        return false;
+    if (!entities)
+        return false;
+    return Array.isArray(entities)
+        ? entities.every((e) => e[entityField] === contextValue)
+        : entities[entityField] === contextValue;
+}
+// Level priority: user -> team -> organization (bottom-up)
+const LEVEL_PRIORITY = ["user", "team", "organization"];
+function getRoleForLevel(level, ctx) {
+    switch (level) {
+        case "user":
+            return ctx.userRole;
+        case "team":
+            return ctx.teamRole;
+        case "organization":
+            return ctx.organizationRole;
+    }
+}
+function getContextValueForLevel(level, ctx) {
+    switch (level) {
+        case "user":
+            return ctx.userId;
+        case "team":
+            return ctx.teamId;
+        case "organization":
+            return ctx.organizationId;
+    }
+}
+function getOwnershipFieldForLevel(level) {
+    switch (level) {
+        case "user":
+            return "userId";
+        case "team":
+            return "teamId";
+        case "organization":
+            return "organizationId";
+    }
+}
+function hasAllAccess(grants, roles) {
+    for (const level of LEVEL_PRIORITY) {
+        for (const grant of grants) {
+            if (grant.level !== level)
+                continue;
+            if (grant.access !== "all")
+                continue;
+            if (grant.role === getRoleForLevel(level, roles))
+                return true;
+        }
+    }
+    return false;
+}
+function checkOwnAccess(grants, roles, contextValues, entities) {
+    for (const level of LEVEL_PRIORITY) {
+        for (const grant of grants) {
+            if (grant.level !== level)
+                continue;
+            if (grant.access !== "own")
+                continue;
+            if (grant.role !== getRoleForLevel(level, roles))
+                continue;
+            const ownershipField = getOwnershipFieldForLevel(level);
+            const contextValue = getContextValueForLevel(level, contextValues);
+            if (checkOwnership(ownershipField, contextValue, entities))
+                return true;
+        }
+    }
+    return false;
+}
+function checkPermissionSync(ctx, grants, entities) {
+    if (!grants || grants.length === 0)
+        return false;
+    const { id: userId, role: userRole } = ctx.user;
+    const { activeOrganizationRole: organizationRole, activeTeamRole: teamRole, activeOrganizationId: organizationId, activeTeamId: teamId, } = ctx.session;
+    const roles = { userRole, teamRole, organizationRole };
+    const contextValues = { userId, teamId, organizationId };
+    // Pass 1: Check for "all" access first (no ownership check needed)
+    if (hasAllAccess(grants, roles))
+        return true;
+    // Pass 2: Check "own" access with ownership validation
+    return checkOwnAccess(grants, roles, contextValues, entities);
+}
+async function checkPermissionAsync(ctx, grants, getEntities) {
+    if (!grants || grants.length === 0)
+        return (0, neverthrow_1.ok)(false);
+    const { id: userId, role: userRole } = ctx.user;
+    const { activeOrganizationRole: organizationRole, activeTeamRole: teamRole, activeOrganizationId: organizationId, activeTeamId: teamId, } = ctx.session;
+    const roles = { userRole, teamRole, organizationRole };
+    const contextValues = { userId, teamId, organizationId };
+    // Pass 1: Check for "all" access first (no entity fetch needed)
+    if (hasAllAccess(grants, roles))
+        return (0, neverthrow_1.ok)(true);
+    // Pass 2: Only fetch entities if we need to check ownership
+    const entities = await getEntities();
+    if (entities.isErr())
+        return (0, neverthrow_1.err)(entities.error);
+    return (0, neverthrow_1.ok)(checkOwnAccess(grants, roles, contextValues, entities.value));
+}