@medusajs/rbac 2.12.5-preview-20260108144952

package/dist/repositories/rbac.d.ts

@@ -0,0 +1,9 @@
+import { Context } from "@medusajs/framework/types";
+import { MikroOrmBase } from "@medusajs/framework/utils";
+export declare class RbacRepository extends MikroOrmBase {
+    constructor();
+    listPoliciesForRole(roleId: string, sharedContext?: Context): Promise<any[]>;
+    listPoliciesForRoles(roleIds: string[], sharedContext?: Context): Promise<Map<string, any[]>>;
+    checkForCycle(roleId: string, parentId: string, sharedContext?: Context): Promise<boolean>;
+}
+//# sourceMappingURL=rbac.d.ts.map

package/dist/repositories/rbac.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rbac.d.ts","sourceRoot":"","sources":["../../src/repositories/rbac.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAE,MAAM,2BAA2B,CAAA;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAA;AAExD,qBAAa,cAAe,SAAQ,YAAY;;IAOxC,mBAAmB,CACvB,MAAM,EAAE,MAAM,EACd,aAAa,GAAE,OAAY,GAC1B,OAAO,CAAC,GAAG,EAAE,CAAC;IAQX,oBAAoB,CACxB,OAAO,EAAE,MAAM,EAAE,EACjB,aAAa,GAAE,OAAY,GAC1B,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;IAiExB,aAAa,CACjB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,aAAa,GAAE,OAAY,GAC1B,OAAO,CAAC,OAAO,CAAC;CA+BpB"}

package/dist/repositories/rbac.js

@@ -0,0 +1,101 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RbacRepository = void 0;
+const utils_1 = require("@medusajs/framework/utils");
+class RbacRepository extends utils_1.MikroOrmBase {
+    constructor() {
+        // @ts-ignore
+        // eslint-disable-next-line prefer-rest-params
+        super(...arguments);
+    }
+    async listPoliciesForRole(roleId, sharedContext = {}) {
+        const policiesByRole = await this.listPoliciesForRoles([roleId], sharedContext);
+        return policiesByRole.get(roleId) || [];
+    }
+    async listPoliciesForRoles(roleIds, sharedContext = {}) {
+        const manager = this.getActiveManager(sharedContext);
+        const knex = manager.getKnex();
+        if (!roleIds?.length) {
+            return new Map();
+        }
+        const placeholders = roleIds.map(() => "?").join(",");
+        const query = `
+      WITH RECURSIVE role_hierarchy AS (
+        SELECT id, name, id as original_role_id, ARRAY[id] as path
+        FROM rbac_role
+        WHERE id IN (${placeholders}) AND deleted_at IS NULL
+        
+        UNION ALL
+        
+        SELECT r.id, r.name, rh.original_role_id, rh.path || r.id
+        FROM rbac_role r
+        INNER JOIN rbac_role_parent ri ON ri.parent_id = r.id
+        INNER JOIN role_hierarchy rh ON rh.id = ri.role_id
+        WHERE r.deleted_at IS NULL 
+          AND ri.deleted_at IS NULL
+          AND NOT (r.id = ANY(rh.path))
+      )
+      SELECT DISTINCT
+        rh.original_role_id,
+        p.id,
+        p.key,
+        p.resource,
+        p.operation,
+        p.name,
+        p.description,
+        p.metadata,
+        p.created_at,
+        p.updated_at,
+        CASE WHEN rp.role_id = rh.original_role_id THEN NULL ELSE rp.role_id END as inherited_from_role_id
+      FROM rbac_policy p
+      INNER JOIN rbac_role_policy rp ON rp.policy_id = p.id
+      INNER JOIN role_hierarchy rh ON rh.id = rp.role_id
+      WHERE p.deleted_at IS NULL AND rp.deleted_at IS NULL
+      ORDER BY rh.original_role_id, p.resource, p.operation, p.key
+    `;
+        const result = await knex.raw(query, roleIds);
+        const rows = result.rows || [];
+        // Group policies by role_id
+        const policiesByRole = new Map();
+        for (const row of rows) {
+            const roleId = row.original_role_id;
+            delete row.original_role_id;
+            if (!policiesByRole.has(roleId)) {
+                policiesByRole.set(roleId, []);
+            }
+            policiesByRole.get(roleId).push(row);
+        }
+        return policiesByRole;
+    }
+    async checkForCycle(roleId, parentId, sharedContext = {}) {
+        const manager = this.getActiveManager(sharedContext);
+        const knex = manager.getKnex();
+        // Check if adding this parent would create a circular dependency
+        // A cycle exists if role_id is already an ancestor of parent_id
+        // (i.e., if we traverse up from parent_id, we reach role_id)
+        const query = `
+      WITH RECURSIVE role_hierarchy AS (
+        SELECT id, ARRAY[id] as path
+        FROM rbac_role
+        WHERE id = ? AND deleted_at IS NULL
+        
+        UNION ALL
+        
+        SELECT r.id, rh.path || r.id
+        FROM role_hierarchy rh
+        INNER JOIN rbac_role_parent ri ON ri.role_id = rh.id
+        INNER JOIN rbac_role r ON r.id = ri.parent_id
+        WHERE r.deleted_at IS NULL 
+          AND ri.deleted_at IS NULL
+          AND NOT (r.id = ANY(rh.path))
+      )
+      SELECT EXISTS(
+        SELECT 1 FROM role_hierarchy WHERE id = ?
+      ) as has_cycle
+    `;
+        const result = await knex.raw(query, [parentId, roleId]);
+        return result.rows[0]?.has_cycle || false;
+    }
+}
+exports.RbacRepository = RbacRepository;
+//# sourceMappingURL=rbac.js.map

package/dist/repositories/rbac.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rbac.js","sourceRoot":"","sources":["../../src/repositories/rbac.ts"],"names":[],"mappings":";;;AAEA,qDAAwD;AAExD,MAAa,cAAe,SAAQ,oBAAY;IAC9C;QACE,aAAa;QACb,8CAA8C;QAC9C,KAAK,CAAC,GAAG,SAAS,CAAC,CAAA;IACrB,CAAC;IAED,KAAK,CAAC,mBAAmB,CACvB,MAAc,EACd,gBAAyB,EAAE;QAE3B,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,oBAAoB,CACpD,CAAC,MAAM,CAAC,EACR,aAAa,CACd,CAAA;QACD,OAAO,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAA;IACzC,CAAC;IAED,KAAK,CAAC,oBAAoB,CACxB,OAAiB,EACjB,gBAAyB,EAAE;QAE3B,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAmB,aAAa,CAAC,CAAA;QACtE,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,EAAE,CAAA;QAE9B,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,CAAC;YACrB,OAAO,IAAI,GAAG,EAAE,CAAA;QAClB,CAAC;QAED,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAErD,MAAM,KAAK,GAAG;;;;uBAIK,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KA6B9B,CAAA;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,OAAO,CAAC,CAAA;QAC7C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,EAAE,CAAA;QAE9B,4BAA4B;QAC5B,MAAM,cAAc,GAAG,IAAI,GAAG,EAAiB,CAAA;QAE/C,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,MAAM,MAAM,GAAG,GAAG,CAAC,gBAAgB,CAAA;YACnC,OAAO,GAAG,CAAC,gBAAgB,CAAA;YAE3B,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBAChC,cAAc,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAA;YAChC,CAAC;YAED,cAAc,CAAC,GAAG,CAAC,MAAM,CAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QACvC,CAAC;QAED,OAAO,cAAc,CAAA;IACvB,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,MAAc,EACd,QAAgB,EAChB,gBAAyB,EAAE;QAE3B,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAmB,aAAa,CAAC,CAAA;QACtE,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,EAAE,CAAA;QAE9B,iEAAiE;QACjE,gEAAgE;QAChE,6DAA6D;QAC7D,MAAM,KAAK,GAAG;;;;;;;;;;;;;;;;;;;KAmBb,CAAA;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAA;QACxD,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,SAAS,IAAI,KAAK,CAAA;IAC3C,CAAC;CACF;AAzHD,wCAyHC"}

package/dist/services/index.d.ts

@@ -0,0 +1,2 @@
+export { default as RbacModuleService } from "./rbac-module-service";
+//# sourceMappingURL=index.d.ts.map

package/dist/services/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/services/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,IAAI,iBAAiB,EAAE,MAAM,uBAAuB,CAAA"}

package/dist/services/index.js

@@ -0,0 +1,9 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RbacModuleService = void 0;
+var rbac_module_service_1 = require("./rbac-module-service");
+Object.defineProperty(exports, "RbacModuleService", { enumerable: true, get: function () { return __importDefault(rbac_module_service_1).default; } });
+//# sourceMappingURL=index.js.map

package/dist/services/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/services/index.ts"],"names":[],"mappings":";;;;;;AAAA,6DAAoE;AAA3D,yIAAA,OAAO,OAAqB"}

package/dist/services/rbac-module-service.d.ts

@@ -0,0 +1,131 @@
+import { Context, FilterableRbacRoleProps, FindConfig, RbacRoleDTO } from "@medusajs/framework/types";
+import { CreateRbacRoleParentDTO, IRbacModuleService, RbacRoleParentDTO, UpdateRbacRoleParentDTO } from "@medusajs/types";
+import { RbacRepository } from "../repositories";
+type InjectedDependencies = {
+    rbacRepository: RbacRepository;
+};
+declare const RbacModuleService_base: import("@medusajs/framework/utils").MedusaServiceReturnType<import("@medusajs/framework/utils").ModelConfigurationsToConfigTemplate<{
+    readonly RbacRole: import("@medusajs/framework/utils").DmlEntity<import("@medusajs/framework/utils").DMLEntitySchemaBuilder<{
+        id: import("@medusajs/framework/utils").PrimaryKeyModifier<string, import("@medusajs/framework/utils").IdProperty>;
+        name: import("@medusajs/framework/utils").TextProperty;
+        description: import("@medusajs/framework/utils").NullableModifier<string, import("@medusajs/framework/utils").TextProperty>;
+        metadata: import("@medusajs/framework/utils").NullableModifier<Record<string, unknown>, import("@medusajs/framework/utils").JSONProperty>;
+        policies: import("@medusajs/framework/utils").HasMany<() => import("@medusajs/framework/utils").DmlEntity<import("@medusajs/framework/utils").DMLEntitySchemaBuilder<{
+            id: import("@medusajs/framework/utils").PrimaryKeyModifier<string, import("@medusajs/framework/utils").IdProperty>;
+            role: import("@medusajs/framework/utils").BelongsTo<() => import("@medusajs/framework/utils").DmlEntity<import("@medusajs/framework/utils").DMLEntitySchemaBuilder</*elided*/ any>, "rbac_role">, undefined>;
+            policy: import("@medusajs/framework/utils").BelongsTo<() => import("@medusajs/framework/utils").DmlEntity<import("@medusajs/framework/utils").DMLEntitySchemaBuilder<{
+                id: import("@medusajs/framework/utils").PrimaryKeyModifier<string, import("@medusajs/framework/utils").IdProperty>;
+                key: import("@medusajs/framework/utils").TextProperty;
+                resource: import("@medusajs/framework/utils").TextProperty;
+                operation: import("@medusajs/framework/utils").TextProperty;
+                name: import("@medusajs/framework/utils").NullableModifier<string, import("@medusajs/framework/utils").TextProperty>;
+                description: import("@medusajs/framework/utils").NullableModifier<string, import("@medusajs/framework/utils").TextProperty>;
+                metadata: import("@medusajs/framework/utils").NullableModifier<Record<string, unknown>, import("@medusajs/framework/utils").JSONProperty>;
+            }>, "rbac_policy">, undefined>;
+            metadata: import("@medusajs/framework/utils").NullableModifier<Record<string, unknown>, import("@medusajs/framework/utils").JSONProperty>;
+        }>, "rbac_role_policy">>;
+        parents: import("@medusajs/framework/utils").HasMany<() => import("@medusajs/framework/utils").DmlEntity<import("@medusajs/framework/utils").DMLEntitySchemaBuilder<{
+            id: import("@medusajs/framework/utils").PrimaryKeyModifier<string, import("@medusajs/framework/utils").IdProperty>;
+            role: import("@medusajs/framework/utils").BelongsTo<() => import("@medusajs/framework/utils").DmlEntity<import("@medusajs/framework/utils").DMLEntitySchemaBuilder</*elided*/ any>, "rbac_role">, undefined>;
+            parent: import("@medusajs/framework/utils").BelongsTo<() => import("@medusajs/framework/utils").DmlEntity<import("@medusajs/framework/utils").DMLEntitySchemaBuilder</*elided*/ any>, "rbac_role">, undefined>;
+            metadata: import("@medusajs/framework/utils").NullableModifier<Record<string, unknown>, import("@medusajs/framework/utils").JSONProperty>;
+        }>, "rbac_role_parent">>;
+    }>, "rbac_role">;
+    readonly RbacPolicy: import("@medusajs/framework/utils").DmlEntity<import("@medusajs/framework/utils").DMLEntitySchemaBuilder<{
+        id: import("@medusajs/framework/utils").PrimaryKeyModifier<string, import("@medusajs/framework/utils").IdProperty>;
+        key: import("@medusajs/framework/utils").TextProperty;
+        resource: import("@medusajs/framework/utils").TextProperty;
+        operation: import("@medusajs/framework/utils").TextProperty;
+        name: import("@medusajs/framework/utils").NullableModifier<string, import("@medusajs/framework/utils").TextProperty>;
+        description: import("@medusajs/framework/utils").NullableModifier<string, import("@medusajs/framework/utils").TextProperty>;
+        metadata: import("@medusajs/framework/utils").NullableModifier<Record<string, unknown>, import("@medusajs/framework/utils").JSONProperty>;
+    }>, "rbac_policy">;
+    readonly RbacRoleParent: import("@medusajs/framework/utils").DmlEntity<import("@medusajs/framework/utils").DMLEntitySchemaBuilder<{
+        id: import("@medusajs/framework/utils").PrimaryKeyModifier<string, import("@medusajs/framework/utils").IdProperty>;
+        role: import("@medusajs/framework/utils").BelongsTo<() => import("@medusajs/framework/utils").DmlEntity<import("@medusajs/framework/utils").DMLEntitySchemaBuilder<{
+            id: import("@medusajs/framework/utils").PrimaryKeyModifier<string, import("@medusajs/framework/utils").IdProperty>;
+            name: import("@medusajs/framework/utils").TextProperty;
+            description: import("@medusajs/framework/utils").NullableModifier<string, import("@medusajs/framework/utils").TextProperty>;
+            metadata: import("@medusajs/framework/utils").NullableModifier<Record<string, unknown>, import("@medusajs/framework/utils").JSONProperty>;
+            policies: import("@medusajs/framework/utils").HasMany<() => import("@medusajs/framework/utils").DmlEntity<import("@medusajs/framework/utils").DMLEntitySchemaBuilder<{
+                id: import("@medusajs/framework/utils").PrimaryKeyModifier<string, import("@medusajs/framework/utils").IdProperty>;
+                role: import("@medusajs/framework/utils").BelongsTo<() => import("@medusajs/framework/utils").DmlEntity<import("@medusajs/framework/utils").DMLEntitySchemaBuilder</*elided*/ any>, "rbac_role">, undefined>;
+                policy: import("@medusajs/framework/utils").BelongsTo<() => import("@medusajs/framework/utils").DmlEntity<import("@medusajs/framework/utils").DMLEntitySchemaBuilder<{
+                    id: import("@medusajs/framework/utils").PrimaryKeyModifier<string, import("@medusajs/framework/utils").IdProperty>;
+                    key: import("@medusajs/framework/utils").TextProperty;
+                    resource: import("@medusajs/framework/utils").TextProperty;
+                    operation: import("@medusajs/framework/utils").TextProperty;
+                    name: import("@medusajs/framework/utils").NullableModifier<string, import("@medusajs/framework/utils").TextProperty>;
+                    description: import("@medusajs/framework/utils").NullableModifier<string, import("@medusajs/framework/utils").TextProperty>;
+                    metadata: import("@medusajs/framework/utils").NullableModifier<Record<string, unknown>, import("@medusajs/framework/utils").JSONProperty>;
+                }>, "rbac_policy">, undefined>;
+                metadata: import("@medusajs/framework/utils").NullableModifier<Record<string, unknown>, import("@medusajs/framework/utils").JSONProperty>;
+            }>, "rbac_role_policy">>;
+            parents: import("@medusajs/framework/utils").HasMany<() => import("@medusajs/framework/utils").DmlEntity<import("@medusajs/framework/utils").DMLEntitySchemaBuilder</*elided*/ any>, "rbac_role_parent">>;
+        }>, "rbac_role">, undefined>;
+        parent: import("@medusajs/framework/utils").BelongsTo<() => import("@medusajs/framework/utils").DmlEntity<import("@medusajs/framework/utils").DMLEntitySchemaBuilder<{
+            id: import("@medusajs/framework/utils").PrimaryKeyModifier<string, import("@medusajs/framework/utils").IdProperty>;
+            name: import("@medusajs/framework/utils").TextProperty;
+            description: import("@medusajs/framework/utils").NullableModifier<string, import("@medusajs/framework/utils").TextProperty>;
+            metadata: import("@medusajs/framework/utils").NullableModifier<Record<string, unknown>, import("@medusajs/framework/utils").JSONProperty>;
+            policies: import("@medusajs/framework/utils").HasMany<() => import("@medusajs/framework/utils").DmlEntity<import("@medusajs/framework/utils").DMLEntitySchemaBuilder<{
+                id: import("@medusajs/framework/utils").PrimaryKeyModifier<string, import("@medusajs/framework/utils").IdProperty>;
+                role: import("@medusajs/framework/utils").BelongsTo<() => import("@medusajs/framework/utils").DmlEntity<import("@medusajs/framework/utils").DMLEntitySchemaBuilder</*elided*/ any>, "rbac_role">, undefined>;
+                policy: import("@medusajs/framework/utils").BelongsTo<() => import("@medusajs/framework/utils").DmlEntity<import("@medusajs/framework/utils").DMLEntitySchemaBuilder<{
+                    id: import("@medusajs/framework/utils").PrimaryKeyModifier<string, import("@medusajs/framework/utils").IdProperty>;
+                    key: import("@medusajs/framework/utils").TextProperty;
+                    resource: import("@medusajs/framework/utils").TextProperty;
+                    operation: import("@medusajs/framework/utils").TextProperty;
+                    name: import("@medusajs/framework/utils").NullableModifier<string, import("@medusajs/framework/utils").TextProperty>;
+                    description: import("@medusajs/framework/utils").NullableModifier<string, import("@medusajs/framework/utils").TextProperty>;
+                    metadata: import("@medusajs/framework/utils").NullableModifier<Record<string, unknown>, import("@medusajs/framework/utils").JSONProperty>;
+                }>, "rbac_policy">, undefined>;
+                metadata: import("@medusajs/framework/utils").NullableModifier<Record<string, unknown>, import("@medusajs/framework/utils").JSONProperty>;
+            }>, "rbac_role_policy">>;
+            parents: import("@medusajs/framework/utils").HasMany<() => import("@medusajs/framework/utils").DmlEntity<import("@medusajs/framework/utils").DMLEntitySchemaBuilder</*elided*/ any>, "rbac_role_parent">>;
+        }>, "rbac_role">, undefined>;
+        metadata: import("@medusajs/framework/utils").NullableModifier<Record<string, unknown>, import("@medusajs/framework/utils").JSONProperty>;
+    }>, "rbac_role_parent">;
+    readonly RbacRolePolicy: import("@medusajs/framework/utils").DmlEntity<import("@medusajs/framework/utils").DMLEntitySchemaBuilder<{
+        id: import("@medusajs/framework/utils").PrimaryKeyModifier<string, import("@medusajs/framework/utils").IdProperty>;
+        role: import("@medusajs/framework/utils").BelongsTo<() => import("@medusajs/framework/utils").DmlEntity<import("@medusajs/framework/utils").DMLEntitySchemaBuilder<{
+            id: import("@medusajs/framework/utils").PrimaryKeyModifier<string, import("@medusajs/framework/utils").IdProperty>;
+            name: import("@medusajs/framework/utils").TextProperty;
+            description: import("@medusajs/framework/utils").NullableModifier<string, import("@medusajs/framework/utils").TextProperty>;
+            metadata: import("@medusajs/framework/utils").NullableModifier<Record<string, unknown>, import("@medusajs/framework/utils").JSONProperty>;
+            policies: import("@medusajs/framework/utils").HasMany<() => import("@medusajs/framework/utils").DmlEntity<import("@medusajs/framework/utils").DMLEntitySchemaBuilder</*elided*/ any>, "rbac_role_policy">>;
+            parents: import("@medusajs/framework/utils").HasMany<() => import("@medusajs/framework/utils").DmlEntity<import("@medusajs/framework/utils").DMLEntitySchemaBuilder<{
+                id: import("@medusajs/framework/utils").PrimaryKeyModifier<string, import("@medusajs/framework/utils").IdProperty>;
+                role: import("@medusajs/framework/utils").BelongsTo<() => import("@medusajs/framework/utils").DmlEntity<import("@medusajs/framework/utils").DMLEntitySchemaBuilder</*elided*/ any>, "rbac_role">, undefined>;
+                parent: import("@medusajs/framework/utils").BelongsTo<() => import("@medusajs/framework/utils").DmlEntity<import("@medusajs/framework/utils").DMLEntitySchemaBuilder</*elided*/ any>, "rbac_role">, undefined>;
+                metadata: import("@medusajs/framework/utils").NullableModifier<Record<string, unknown>, import("@medusajs/framework/utils").JSONProperty>;
+            }>, "rbac_role_parent">>;
+        }>, "rbac_role">, undefined>;
+        policy: import("@medusajs/framework/utils").BelongsTo<() => import("@medusajs/framework/utils").DmlEntity<import("@medusajs/framework/utils").DMLEntitySchemaBuilder<{
+            id: import("@medusajs/framework/utils").PrimaryKeyModifier<string, import("@medusajs/framework/utils").IdProperty>;
+            key: import("@medusajs/framework/utils").TextProperty;
+            resource: import("@medusajs/framework/utils").TextProperty;
+            operation: import("@medusajs/framework/utils").TextProperty;
+            name: import("@medusajs/framework/utils").NullableModifier<string, import("@medusajs/framework/utils").TextProperty>;
+            description: import("@medusajs/framework/utils").NullableModifier<string, import("@medusajs/framework/utils").TextProperty>;
+            metadata: import("@medusajs/framework/utils").NullableModifier<Record<string, unknown>, import("@medusajs/framework/utils").JSONProperty>;
+        }>, "rbac_policy">, undefined>;
+        metadata: import("@medusajs/framework/utils").NullableModifier<Record<string, unknown>, import("@medusajs/framework/utils").JSONProperty>;
+    }>, "rbac_role_policy">;
+}>>;
+export default class RbacModuleService extends RbacModuleService_base implements IRbacModuleService {
+    protected readonly rbacRepository_: RbacRepository;
+    constructor({ rbacRepository }: InjectedDependencies);
+    __hooks: {
+        onApplicationStart: () => Promise<void>;
+    };
+    onApplicationStart(): Promise<void>;
+    private syncRegisteredPolicies;
+    listPoliciesForRole(roleId: string, sharedContext?: Context): Promise<any[]>;
+    listRbacRoles(filters?: FilterableRbacRoleProps, config?: FindConfig<RbacRoleDTO>, sharedContext?: Context): Promise<RbacRoleDTO[]>;
+    listAndCountRbacRoles(filters?: FilterableRbacRoleProps, config?: FindConfig<RbacRoleDTO>, sharedContext?: Context): Promise<[RbacRoleDTO[], number]>;
+    createRbacRoleParents(data: CreateRbacRoleParentDTO[], sharedContext?: Context): Promise<RbacRoleParentDTO[]>;
+    updateRbacRoleParents(data: UpdateRbacRoleParentDTO[], sharedContext?: Context): Promise<RbacRoleParentDTO[]>;
+}
+export {};
+//# sourceMappingURL=rbac-module-service.d.ts.map

package/dist/services/rbac-module-service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rbac-module-service.d.ts","sourceRoot":"","sources":["../../src/services/rbac-module-service.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,OAAO,EACP,uBAAuB,EACvB,UAAU,EACV,WAAW,EACZ,MAAM,2BAA2B,CAAA;AAQlC,OAAO,EACL,uBAAuB,EACvB,kBAAkB,EAClB,iBAAiB,EACjB,uBAAuB,EACxB,MAAM,iBAAiB,CAAA;AAExB,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAA;AAEhD,KAAK,oBAAoB,GAAG;IAC1B,cAAc,EAAE,cAAc,CAAA;CAC/B,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAED,MAAM,CAAC,OAAO,OAAO,iBACnB,SAAQ,sBAMR,YAAW,kBAAkB;IAE7B,SAAS,CAAC,QAAQ,CAAC,eAAe,EAAE,cAAc,CAAA;gBAEtC,EAAE,cAAc,EAAE,EAAE,oBAAoB;IAMpD,OAAO;;MAIN;IAEK,kBAAkB,IAAI,OAAO,CAAC,IAAI,CAAC;YAK3B,sBAAsB;IA6E9B,mBAAmB,CACvB,MAAM,EAAE,MAAM,EACG,aAAa,GAAE,OAAY,GAC3C,OAAO,CAAC,GAAG,EAAE,CAAC;IAMX,aAAa,CACjB,OAAO,GAAE,uBAA4B,EACrC,MAAM,GAAE,UAAU,CAAC,WAAW,CAAM,EACnB,aAAa,GAAE,OAAY,GAC3C,OAAO,CAAC,WAAW,EAAE,CAAC;IA4BnB,qBAAqB,CACzB,OAAO,GAAE,uBAA4B,EACrC,MAAM,GAAE,UAAU,CAAC,WAAW,CAAM,EACnB,aAAa,GAAE,OAAY,GAC3C,OAAO,CAAC,CAAC,WAAW,EAAE,EAAE,MAAM,CAAC,CAAC;IA4B7B,qBAAqB,CACzB,IAAI,EAAE,uBAAuB,EAAE,EACd,aAAa,GAAE,OAAY,GAC3C,OAAO,CAAC,iBAAiB,EAAE,CAAC;IA4BzB,qBAAqB,CACzB,IAAI,EAAE,uBAAuB,EAAE,EACd,aAAa,GAAE,OAAY,GAC3C,OAAO,CAAC,iBAAiB,EAAE,CAAC;CA2BhC"}

package/dist/services/rbac-module-service.js

@@ -0,0 +1,207 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const utils_1 = require("@medusajs/framework/utils");
+const _models_1 = require("../models");
+class RbacModuleService extends (0, utils_1.MedusaService)({
+    RbacRole: _models_1.RbacRole,
+    RbacPolicy: _models_1.RbacPolicy,
+    RbacRoleParent: _models_1.RbacRoleParent,
+    RbacRolePolicy: _models_1.RbacRolePolicy,
+}) {
+    constructor({ rbacRepository }) {
+        // @ts-ignore
+        super(...arguments);
+        this.__hooks = {
+            onApplicationStart: async () => {
+                this.onApplicationStart();
+            },
+        };
+        this.rbacRepository_ = rbacRepository;
+    }
+    async onApplicationStart() {
+        await this.syncRegisteredPolicies();
+    }
+    async syncRegisteredPolicies(sharedContext = {}) {
+        const registeredPolicies = Object.entries(utils_1.Policy).map(([name, { resource, operation, description }]) => ({
+            key: `${resource}:${operation}`,
+            name,
+            resource,
+            operation,
+            description,
+        }));
+        const registeredKeys = registeredPolicies.map((p) => p.key);
+        // Fetch all existing policies (including soft-deleted ones)
+        const existingPolicies = await this.listRbacPolicies({}, { withDeleted: true }, sharedContext);
+        const existingPoliciesMap = new Map(existingPolicies.map((p) => [p.key, p]));
+        const policiesToCreate = [];
+        const policiesToUpdate = [];
+        const policiesToRestore = [];
+        // Process registered policies
+        for (const registeredPolicy of registeredPolicies) {
+            const existing = existingPoliciesMap.get(registeredPolicy.key);
+            const hasChanges = existing &&
+                (existing.name !== registeredPolicy.name ||
+                    existing.description !== registeredPolicy.description);
+            if (!existing) {
+                policiesToCreate.push(registeredPolicy);
+            }
+            else if (existing.deleted_at) {
+                policiesToRestore.push(existing.id);
+                if (hasChanges) {
+                    policiesToUpdate.push({
+                        id: existing.id,
+                        name: registeredPolicy.name,
+                        description: registeredPolicy.description,
+                    });
+                }
+            }
+            else if (hasChanges) {
+                policiesToUpdate.push({
+                    id: existing.id,
+                    name: registeredPolicy.name,
+                    description: registeredPolicy.description,
+                });
+            }
+        }
+        const policiesToSoftDelete = existingPolicies
+            .filter((p) => !p.deleted_at && !registeredKeys.includes(p.key))
+            .map((p) => p.id);
+        // First restore any soft-deleted policies
+        if (policiesToRestore.length > 0) {
+            await this.restoreRbacPolicies(policiesToRestore, {}, sharedContext);
+        }
+        await (0, utils_1.promiseAll)([
+            policiesToCreate.length > 0 &&
+                this.createRbacPolicies(policiesToCreate, sharedContext),
+            policiesToUpdate.length > 0 &&
+                this.updateRbacPolicies(policiesToUpdate, sharedContext),
+            policiesToSoftDelete.length > 0 &&
+                this.softDeleteRbacPolicies(policiesToSoftDelete, {}, sharedContext),
+        ]);
+    }
+    async listPoliciesForRole(roleId, sharedContext = {}) {
+        return await this.rbacRepository_.listPoliciesForRole(roleId, sharedContext);
+    }
+    // @ts-expect-error
+    async listRbacRoles(filters = {}, config = {}, sharedContext = {}) {
+        const roles = await super.listRbacRoles(filters, config, sharedContext);
+        const shouldIncludePolicies = config.relations?.includes("policies") ||
+            config.select?.includes("policies");
+        if (shouldIncludePolicies && roles.length > 0) {
+            const roleIds = roles.map((role) => role.id);
+            const policiesByRole = await this.rbacRepository_.listPoliciesForRoles(roleIds, sharedContext);
+            for (const role of roles) {
+                role.policies = policiesByRole.get(role.id) || [];
+            }
+        }
+        return roles;
+    }
+    // @ts-expect-error
+    async listAndCountRbacRoles(filters = {}, config = {}, sharedContext = {}) {
+        const [roles, count] = await super.listAndCountRbacRoles(filters, config, sharedContext);
+        const shouldIncludePolicies = config.relations?.includes("policies") ||
+            config.select?.includes("policies");
+        if (shouldIncludePolicies && roles.length > 0) {
+            const roleIds = roles.map((role) => role.id);
+            const policiesByRole = await this.rbacRepository_.listPoliciesForRoles(roleIds, sharedContext);
+            for (const role of roles) {
+                role.policies = policiesByRole.get(role.id) || [];
+            }
+        }
+        return [roles, count];
+    }
+    // @ts-expect-error
+    async createRbacRoleParents(data, sharedContext = {}) {
+        for (const parent of data) {
+            const { role_id, parent_id } = parent;
+            if (role_id === parent_id) {
+                throw new Error(`Cannot create role parent relationship: a role cannot be its own parent (role_id: ${role_id})`);
+            }
+            const wouldCreateCycle = await this.rbacRepository_.checkForCycle(role_id, parent_id, sharedContext);
+            if (wouldCreateCycle) {
+                throw new Error(`Cannot create role parent relationship: this would create a circular dependency (role_id: ${role_id}, parent_id: ${parent_id})`);
+            }
+        }
+        return await super.createRbacRoleParents(data, sharedContext);
+    }
+    // @ts-expect-error
+    async updateRbacRoleParents(data, sharedContext = {}) {
+        for (const parent of data) {
+            const { role_id, parent_id } = parent;
+            if (parent_id) {
+                if (role_id === parent_id) {
+                    throw new Error(`Cannot update role parent relationship: a role cannot be its own parent (role_id: ${role_id})`);
+                }
+                const wouldCreateCycle = await this.rbacRepository_.checkForCycle(role_id, parent_id, sharedContext);
+                if (wouldCreateCycle) {
+                    throw new Error(`Cannot update role parent relationship: this would create a circular dependency (role_id: ${role_id}, parent_id: ${parent_id})`);
+                }
+            }
+        }
+        return await super.updateRbacRoleParents(data, sharedContext);
+    }
+}
+exports.default = RbacModuleService;
+__decorate([
+    (0, utils_1.InjectManager)(),
+    __param(0, (0, utils_1.MedusaContext)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], RbacModuleService.prototype, "syncRegisteredPolicies", null);
+__decorate([
+    (0, utils_1.InjectManager)(),
+    __param(1, (0, utils_1.MedusaContext)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String, Object]),
+    __metadata("design:returntype", Promise)
+], RbacModuleService.prototype, "listPoliciesForRole", null);
+__decorate([
+    (0, utils_1.InjectManager)()
+    // @ts-expect-error
+    ,
+    __param(2, (0, utils_1.MedusaContext)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object, Object]),
+    __metadata("design:returntype", Promise)
+], RbacModuleService.prototype, "listRbacRoles", null);
+__decorate([
+    (0, utils_1.InjectManager)()
+    // @ts-expect-error
+    ,
+    __param(2, (0, utils_1.MedusaContext)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object, Object]),
+    __metadata("design:returntype", Promise)
+], RbacModuleService.prototype, "listAndCountRbacRoles", null);
+__decorate([
+    (0, utils_1.InjectManager)()
+    // @ts-expect-error
+    ,
+    __param(1, (0, utils_1.MedusaContext)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Array, Object]),
+    __metadata("design:returntype", Promise)
+], RbacModuleService.prototype, "createRbacRoleParents", null);
+__decorate([
+    (0, utils_1.InjectManager)()
+    // @ts-expect-error
+    ,
+    __param(1, (0, utils_1.MedusaContext)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Array, Object]),
+    __metadata("design:returntype", Promise)
+], RbacModuleService.prototype, "updateRbacRoleParents", null);
+//# sourceMappingURL=rbac-module-service.js.map

package/dist/services/rbac-module-service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rbac-module-service.js","sourceRoot":"","sources":["../../src/services/rbac-module-service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;AAMA,qDAMkC;AAOlC,qCAA8E;AAO9E,MAAqB,iBACnB,SAAQ,IAAA,qBAAa,EAAC;IACpB,QAAQ,EAAR,kBAAQ;IACR,UAAU,EAAV,oBAAU;IACV,cAAc,EAAd,wBAAc;IACd,cAAc,EAAd,wBAAc;CACf,CAAC;IAKF,YAAY,EAAE,cAAc,EAAwB;QAClD,aAAa;QACb,KAAK,CAAC,GAAG,SAAS,CAAC,CAAA;QAIrB,YAAO,GAAG;YACR,kBAAkB,EAAE,KAAK,IAAI,EAAE;gBAC7B,IAAI,CAAC,kBAAkB,EAAE,CAAA;YAC3B,CAAC;SACF,CAAA;QAPC,IAAI,CAAC,eAAe,GAAG,cAAc,CAAA;IACvC,CAAC;IAQD,KAAK,CAAC,kBAAkB;QACtB,MAAM,IAAI,CAAC,sBAAsB,EAAE,CAAA;IACrC,CAAC;IAGa,AAAN,KAAK,CAAC,sBAAsB,CACjB,gBAAyB,EAAE;QAE5C,MAAM,kBAAkB,GAAG,MAAM,CAAC,OAAO,CAAC,cAAM,CAAC,CAAC,GAAG,CACnD,CAAC,CAAC,IAAI,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;YACjD,GAAG,EAAE,GAAG,QAAQ,IAAI,SAAS,EAAE;YAC/B,IAAI;YACJ,QAAQ;YACR,SAAS;YACT,WAAW;SACZ,CAAC,CACH,CAAA;QAED,MAAM,cAAc,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;QAE3D,4DAA4D;QAC5D,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAClD,EAAE,EACF,EAAE,WAAW,EAAE,IAAI,EAAE,EACrB,aAAa,CACd,CAAA;QAED,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAA;QAE5E,MAAM,gBAAgB,GAAU,EAAE,CAAA;QAClC,MAAM,gBAAgB,GAAU,EAAE,CAAA;QAClC,MAAM,iBAAiB,GAAa,EAAE,CAAA;QAEtC,8BAA8B;QAC9B,KAAK,MAAM,gBAAgB,IAAI,kBAAkB,EAAE,CAAC;YAClD,MAAM,QAAQ,GAAG,mBAAmB,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAA;YAE9D,MAAM,UAAU,GACd,QAAQ;gBACR,CAAC,QAAQ,CAAC,IAAI,KAAK,gBAAgB,CAAC,IAAI;oBACtC,QAAQ,CAAC,WAAW,KAAK,gBAAgB,CAAC,WAAW,CAAC,CAAA;YAE1D,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,gBAAgB,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAA;YACzC,CAAC;iBAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;gBAC/B,iBAAiB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;gBACnC,IAAI,UAAU,EAAE,CAAC;oBACf,gBAAgB,CAAC,IAAI,CAAC;wBACpB,EAAE,EAAE,QAAQ,CAAC,EAAE;wBACf,IAAI,EAAE,gBAAgB,CAAC,IAAI;wBAC3B,WAAW,EAAE,gBAAgB,CAAC,WAAW;qBAC1C,CAAC,CAAA;gBACJ,CAAC;YACH,CAAC;iBAAM,IAAI,UAAU,EAAE,CAAC;gBACtB,gBAAgB,CAAC,IAAI,CAAC;oBACpB,EAAE,EAAE,QAAQ,CAAC,EAAE;oBACf,IAAI,EAAE,gBAAgB,CAAC,IAAI;oBAC3B,WAAW,EAAE,gBAAgB,CAAC,WAAW;iBAC1C,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;QAED,MAAM,oBAAoB,GAAG,gBAAgB;aAC1C,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;aAC/D,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAA;QAEnB,0CAA0C;QAC1C,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACjC,MAAM,IAAI,CAAC,mBAAmB,CAAC,iBAAiB,EAAE,EAAE,EAAE,aAAa,CAAC,CAAA;QACtE,CAAC;QAED,MAAM,IAAA,kBAAU,EAAC;YACf,gBAAgB,CAAC,MAAM,GAAG,CAAC;gBACzB,IAAI,CAAC,kBAAkB,CAAC,gBAAgB,EAAE,aAAa,CAAC;YAC1D,gBAAgB,CAAC,MAAM,GAAG,CAAC;gBACzB,IAAI,CAAC,kBAAkB,CAAC,gBAAgB,EAAE,aAAa,CAAC;YAC1D,oBAAoB,CAAC,MAAM,GAAG,CAAC;gBAC7B,IAAI,CAAC,sBAAsB,CAAC,oBAAoB,EAAE,EAAE,EAAE,aAAa,CAAC;SACvE,CAAC,CAAA;IACJ,CAAC;IAGK,AAAN,KAAK,CAAC,mBAAmB,CACvB,MAAc,EACG,gBAAyB,EAAE;QAE5C,OAAO,MAAM,IAAI,CAAC,eAAe,CAAC,mBAAmB,CAAC,MAAM,EAAE,aAAa,CAAC,CAAA;IAC9E,CAAC;IAIK,AADN,mBAAmB;IACnB,KAAK,CAAC,aAAa,CACjB,UAAmC,EAAE,EACrC,SAAkC,EAAE,EACnB,gBAAyB,EAAE;QAE5C,MAAM,KAAK,GAAG,MAAM,KAAK,CAAC,aAAa,CACrC,OAAO,EACP,MAAa,EACb,aAAa,CACd,CAAA;QAED,MAAM,qBAAqB,GACzB,MAAM,CAAC,SAAS,EAAE,QAAQ,CAAC,UAAU,CAAC;YACtC,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAA;QAErC,IAAI,qBAAqB,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9C,MAAM,OAAO,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;YAC5C,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,oBAAoB,CACpE,OAAO,EACP,aAAa,CACd,CAAA;YAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,EAAE,CAAA;YACnD,CAAC;QACH,CAAC;QAED,OAAO,KAAiC,CAAA;IAC1C,CAAC;IAIK,AADN,mBAAmB;IACnB,KAAK,CAAC,qBAAqB,CACzB,UAAmC,EAAE,EACrC,SAAkC,EAAE,EACnB,gBAAyB,EAAE;QAE5C,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,MAAM,KAAK,CAAC,qBAAqB,CACtD,OAAO,EACP,MAAa,EACb,aAAa,CACd,CAAA;QAED,MAAM,qBAAqB,GACzB,MAAM,CAAC,SAAS,EAAE,QAAQ,CAAC,UAAU,CAAC;YACtC,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAA;QAErC,IAAI,qBAAqB,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9C,MAAM,OAAO,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;YAC5C,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,oBAAoB,CACpE,OAAO,EACP,aAAa,CACd,CAAA;YAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,EAAE,CAAA;YACnD,CAAC;QACH,CAAC;QAED,OAAO,CAAC,KAAiC,EAAE,KAAK,CAAC,CAAA;IACnD,CAAC;IAIK,AADN,mBAAmB;IACnB,KAAK,CAAC,qBAAqB,CACzB,IAA+B,EACd,gBAAyB,EAAE;QAE5C,KAAK,MAAM,MAAM,IAAI,IAAI,EAAE,CAAC;YAC1B,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,MAAM,CAAA;YAErC,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;gBAC1B,MAAM,IAAI,KAAK,CACb,qFAAqF,OAAO,GAAG,CAChG,CAAA;YACH,CAAC;YAED,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,aAAa,CAC/D,OAAO,EACP,SAAS,EACT,aAAa,CACd,CAAA;YAED,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,IAAI,KAAK,CACb,6FAA6F,OAAO,gBAAgB,SAAS,GAAG,CACjI,CAAA;YACH,CAAC;QACH,CAAC;QAED,OAAO,MAAM,KAAK,CAAC,qBAAqB,CAAC,IAAI,EAAE,aAAa,CAAC,CAAA;IAC/D,CAAC;IAIK,AADN,mBAAmB;IACnB,KAAK,CAAC,qBAAqB,CACzB,IAA+B,EACd,gBAAyB,EAAE;QAE5C,KAAK,MAAM,MAAM,IAAI,IAAI,EAAE,CAAC;YAC1B,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,MAAM,CAAA;YAErC,IAAI,SAAS,EAAE,CAAC;gBACd,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;oBAC1B,MAAM,IAAI,KAAK,CACb,qFAAqF,OAAO,GAAG,CAChG,CAAA;gBACH,CAAC;gBAED,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,aAAa,CAC/D,OAAQ,EACR,SAAS,EACT,aAAa,CACd,CAAA;gBAED,IAAI,gBAAgB,EAAE,CAAC;oBACrB,MAAM,IAAI,KAAK,CACb,6FAA6F,OAAO,gBAAgB,SAAS,GAAG,CACjI,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,MAAM,KAAK,CAAC,qBAAqB,CAAC,IAAI,EAAE,aAAa,CAAC,CAAA;IAC/D,CAAC;CACF;AA/OD,oCA+OC;AAnNe;IADb,IAAA,qBAAa,GAAE;IAEb,WAAA,IAAA,qBAAa,GAAE,CAAA;;;;+DAyEjB;AAGK;IADL,IAAA,qBAAa,GAAE;IAGb,WAAA,IAAA,qBAAa,GAAE,CAAA;;;;4DAGjB;AAIK;IAFL,IAAA,qBAAa,GAAE;IAChB,mBAAmB;;IAIhB,WAAA,IAAA,qBAAa,GAAE,CAAA;;;;sDAyBjB;AAIK;IAFL,IAAA,qBAAa,GAAE;IAChB,mBAAmB;;IAIhB,WAAA,IAAA,qBAAa,GAAE,CAAA;;;;8DAyBjB;AAIK;IAFL,IAAA,qBAAa,GAAE;IAChB,mBAAmB;;IAGhB,WAAA,IAAA,qBAAa,GAAE,CAAA;;;;8DAyBjB;AAIK;IAFL,IAAA,qBAAa,GAAE;IAChB,mBAAmB;;IAGhB,WAAA,IAAA,qBAAa,GAAE,CAAA;;;;8DA2BjB"}

package/dist/tsconfig.tsbuildinfo

@@ -0,0 +1 @@
+{"root":["../src/index.ts","../src/migrations/Migration20251219163509.ts","../src/models/index.ts","../src/models/rbac-policy.ts","../src/models/rbac-role-inheritance.ts","../src/models/rbac-role-parent.ts","../src/models/rbac-role-policy.ts","../src/models/rbac-role.ts","../src/repositories/index.ts","../src/repositories/rbac.ts","../src/services/index.ts","../src/services/rbac-module-service.ts","../src/types/index.ts"],"version":"5.9.3"}

package/dist/types/index.d.ts

@@ -0,0 +1,2 @@
+export type RbacModuleOptions = Record<string, unknown>;
+//# sourceMappingURL=index.d.ts.map

package/dist/types/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,iBAAiB,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA"}

package/dist/types/index.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=index.js.map

package/dist/types/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":""}

package/package.json

@@ -0,0 +1,45 @@
+{
+  "name": "@medusajs/rbac",
+  "version": "2.12.5-preview-20260108144952",
+  "description": "Medusa RBAC module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist",
+    "!dist/**/__tests__",
+    "!dist/**/__mocks__",
+    "!dist/**/__fixtures__"
+  ],
+  "engines": {
+    "node": ">=20"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/medusajs/medusa",
+    "directory": "packages/modules/rbac"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "author": "Medusa",
+  "license": "MIT",
+  "scripts": {
+    "watch": "yarn run -T tsc --build --watch",
+    "watch:test": "yarn run -T tsc --build tsconfig.spec.json --watch",
+    "resolve:aliases": "yarn run -T tsc --showConfig -p tsconfig.json > tsconfig.resolved.json && yarn run -T tsc-alias -p tsconfig.resolved.json && yarn run -T rimraf tsconfig.resolved.json",
+    "build": "yarn run -T rimraf dist && yarn run -T tsc --build && npm run resolve:aliases",
+    "test": "../../../node_modules/.bin/jest --passWithNoTests --bail --forceExit --testPathPattern=src",
+    "test:integration": "../../../node_modules/.bin/jest --passWithNoTests --forceExit --testPathPattern=\"integration-tests/__tests__/.*\\.ts\"",
+    "migration:initial": "MIKRO_ORM_CLI_CONFIG=./mikro-orm.config.dev.ts MIKRO_ORM_ALLOW_GLOBAL_CLI=true medusa-mikro-orm migration:create --initial",
+    "migration:create": "MIKRO_ORM_CLI_CONFIG=./mikro-orm.config.dev.ts MIKRO_ORM_ALLOW_GLOBAL_CLI=true medusa-mikro-orm migration:create",
+    "migration:up": "MIKRO_ORM_CLI_CONFIG=./mikro-orm.config.dev.ts MIKRO_ORM_ALLOW_GLOBAL_CLI=true medusa-mikro-orm migration:up",
+    "orm:cache:clear": "MIKRO_ORM_CLI_CONFIG=./mikro-orm.config.dev.ts MIKRO_ORM_ALLOW_GLOBAL_CLI=true medusa-mikro-orm cache:clear"
+  },
+  "devDependencies": {
+    "@medusajs/framework": "2.12.5-preview-20260108144952",
+    "@medusajs/test-utils": "2.12.5-preview-20260108144952"
+  },
+  "peerDependencies": {
+    "@medusajs/framework": "2.12.5-preview-20260108144952"
+  }
+}