@mostajs/rbac 1.0.0

package/dist/api/roles-id.js

@@ -0,0 +1,89 @@
+// Author: Dr Hamid MADANI drmdh@msn.com
+// RBAC API handler: GET/PUT/DELETE /admin/roles/[id]
+import { NextResponse } from 'next/server';
+import { RoleRepository, UserRepository } from '@mostajs/auth';
+import { getDialect } from '@mostajs/orm';
+import { z } from 'zod';
+const updateRoleSchema = z.object({
+    name: z.string().min(1).regex(/^[a-z][a-z0-9_]*$/).optional(),
+    description: z.string().optional(),
+    permissionIds: z.array(z.string()).optional(),
+});
+export function createRolesIdHandler(config) {
+    const { checkPermission, adminPermission, systemRoles = [] } = config;
+    async function GET(req, { params }) {
+        const { error } = await checkPermission(adminPermission);
+        if (error)
+            return error;
+        const { id } = await params;
+        const rRepo = new RoleRepository(await getDialect());
+        const role = await rRepo.findByIdWithPermissions(id);
+        if (!role) {
+            return NextResponse.json({ error: { code: 'NOT_FOUND', message: 'Rôle non trouvé' } }, { status: 404 });
+        }
+        const uRepo = new UserRepository(await getDialect());
+        const userCount = await uRepo.count({ role: role.name });
+        return NextResponse.json({ data: Object.assign(Object.assign({}, role), { userCount }) });
+    }
+    async function PUT(req, { params }) {
+        const { error } = await checkPermission(adminPermission);
+        if (error)
+            return error;
+        const { id } = await params;
+        const body = await req.json();
+        const parsed = updateRoleSchema.safeParse(body);
+        if (!parsed.success) {
+            return NextResponse.json({ error: { code: 'VALIDATION_ERROR', message: 'Données invalides', details: parsed.error.flatten() } }, { status: 400 });
+        }
+        const rRepo = new RoleRepository(await getDialect());
+        const existingRole = await rRepo.findById(id);
+        if (!existingRole) {
+            return NextResponse.json({ error: { code: 'NOT_FOUND', message: 'Rôle non trouvé' } }, { status: 404 });
+        }
+        const { name, description, permissionIds } = parsed.data;
+        // Prevent renaming system roles
+        if (name && name !== existingRole.name && systemRoles.includes(existingRole.name)) {
+            return NextResponse.json({ error: { code: 'FORBIDDEN', message: 'Impossible de renommer un rôle système' } }, { status: 403 });
+        }
+        // Check name uniqueness if changing
+        if (name && name !== existingRole.name) {
+            const duplicate = await rRepo.findByName(name);
+            if (duplicate) {
+                return NextResponse.json({ error: { code: 'DUPLICATE', message: 'Un rôle avec ce nom existe déjà' } }, { status: 409 });
+            }
+        }
+        const updateData = {};
+        if (name)
+            updateData.name = name;
+        if (description !== undefined)
+            updateData.description = description;
+        if (permissionIds)
+            updateData.permissions = permissionIds;
+        await rRepo.update(id, updateData);
+        const updated = await rRepo.findByIdWithPermissions(id);
+        return NextResponse.json({ data: updated });
+    }
+    async function DELETE(req, { params }) {
+        const { error } = await checkPermission(adminPermission);
+        if (error)
+            return error;
+        const { id } = await params;
+        const rRepo = new RoleRepository(await getDialect());
+        const role = await rRepo.findById(id);
+        if (!role) {
+            return NextResponse.json({ error: { code: 'NOT_FOUND', message: 'Rôle non trouvé' } }, { status: 404 });
+        }
+        if (systemRoles.includes(role.name)) {
+            return NextResponse.json({ error: { code: 'FORBIDDEN', message: 'Impossible de supprimer un rôle système' } }, { status: 403 });
+        }
+        const uRepo = new UserRepository(await getDialect());
+        const userCount = await uRepo.count({ role: role.name });
+        if (userCount > 0) {
+            return NextResponse.json({ error: { code: 'CONFLICT', message: `Impossible de supprimer : ${userCount} utilisateur(s) utilisent ce rôle` } }, { status: 409 });
+        }
+        await rRepo.delete(id);
+        return NextResponse.json({ data: { message: 'Rôle supprimé' } });
+    }
+    return { GET, PUT, DELETE };
+}
+//# sourceMappingURL=roles-id.js.map

package/dist/api/roles-id.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"roles-id.js","sourceRoot":"","sources":["../../api/roles-id.ts"],"names":[],"mappings":"AAAA,wCAAwC;AACxC,qDAAqD;AACrD,OAAO,EAAe,YAAY,EAAE,MAAM,aAAa,CAAA;AACvD,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,eAAe,CAAA;AAC9D,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AACzC,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC,QAAQ,EAAE;IAC7D,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,aAAa,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CAC9C,CAAC,CAAA;AAQF,MAAM,UAAU,oBAAoB,CAAC,MAA4B;IAC/D,MAAM,EAAE,eAAe,EAAE,eAAe,EAAE,WAAW,GAAG,EAAE,EAAE,GAAG,MAAM,CAAA;IAErE,KAAK,UAAU,GAAG,CAChB,GAAgB,EAChB,EAAE,MAAM,EAAuC;QAE/C,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,eAAe,CAAC,eAAe,CAAC,CAAA;QACxD,IAAI,KAAK;YAAE,OAAO,KAAK,CAAA;QAEvB,MAAM,EAAE,EAAE,EAAE,GAAG,MAAM,MAAM,CAAA;QAC3B,MAAM,KAAK,GAAG,IAAI,cAAc,CAAC,MAAM,UAAU,EAAE,CAAC,CAAA;QAEpD,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,uBAAuB,CAAC,EAAE,CAAC,CAAA;QACpD,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,iBAAiB,EAAE,EAAE,EAC5D,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;QACH,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,cAAc,CAAC,MAAM,UAAU,EAAE,CAAC,CAAA;QACpD,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAA;QAExD,OAAO,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,kCAAO,IAAI,KAAE,SAAS,GAAE,EAAE,CAAC,CAAA;IAC5D,CAAC;IAED,KAAK,UAAU,GAAG,CAChB,GAAgB,EAChB,EAAE,MAAM,EAAuC;QAE/C,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,eAAe,CAAC,eAAe,CAAC,CAAA;QACxD,IAAI,KAAK;YAAE,OAAO,KAAK,CAAA;QAEvB,MAAM,EAAE,EAAE,EAAE,GAAG,MAAM,MAAM,CAAA;QAE3B,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAA;QAC7B,MAAM,MAAM,GAAG,gBAAgB,CAAC,SAAS,CAAC,IAAI,CAAC,CAAA;QAE/C,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,mBAAmB,EAAE,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,EAAE,EACtG,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;QACH,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,cAAc,CAAC,MAAM,UAAU,EAAE,CAAC,CAAA;QACpD,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;QAC7C,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,iBAAiB,EAAE,EAAE,EAC5D,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;QACH,CAAC;QAED,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,aAAa,EAAE,GAAG,MAAM,CAAC,IAAI,CAAA;QAExD,gCAAgC;QAChC,IAAI,IAAI,IAAI,IAAI,KAAK,YAAY,CAAC,IAAI,IAAI,WAAW,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAW,CAAC,EAAE,CAAC;YACzF,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,wCAAwC,EAAE,EAAE,EACnF,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;QACH,CAAC;QAED,oCAAoC;QACpC,IAAI,IAAI,IAAI,IAAI,KAAK,YAAY,CAAC,IAAI,EAAE,CAAC;YACvC,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAA;YAC9C,IAAI,SAAS,EAAE,CAAC;gBACd,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,iCAAiC,EAAE,EAAE,EAC5E,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;YACH,CAAC;QACH,CAAC;QAED,MAAM,UAAU,GAAQ,EAAE,CAAA;QAC1B,IAAI,IAAI;YAAE,UAAU,CAAC,IAAI,GAAG,IAAI,CAAA;QAChC,IAAI,WAAW,KAAK,SAAS;YAAE,UAAU,CAAC,WAAW,GAAG,WAAW,CAAA;QACnE,IAAI,aAAa;YAAE,UAAU,CAAC,WAAW,GAAG,aAAa,CAAA;QAEzD,MAAM,KAAK,CAAC,MAAM,CAAC,EAAE,EAAE,UAAU,CAAC,CAAA;QAClC,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,uBAAuB,CAAC,EAAE,CAAC,CAAA;QAEvD,OAAO,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAA;IAC7C,CAAC;IAED,KAAK,UAAU,MAAM,CACnB,GAAgB,EAChB,EAAE,MAAM,EAAuC;QAE/C,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,eAAe,CAAC,eAAe,CAAC,CAAA;QACxD,IAAI,KAAK;YAAE,OAAO,KAAK,CAAA;QAEvB,MAAM,EAAE,EAAE,EAAE,GAAG,MAAM,MAAM,CAAA;QAC3B,MAAM,KAAK,GAAG,IAAI,cAAc,CAAC,MAAM,UAAU,EAAE,CAAC,CAAA;QAEpD,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;QACrC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,iBAAiB,EAAE,EAAE,EAC5D,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;QACH,CAAC;QAED,IAAI,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAW,CAAC,EAAE,CAAC;YAC3C,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,yCAAyC,EAAE,EAAE,EACpF,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;QACH,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,cAAc,CAAC,MAAM,UAAU,EAAE,CAAC,CAAA;QACpD,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAA;QACxD,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;YAClB,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,6BAA6B,SAAS,mCAAmC,EAAE,EAAE,EACnH,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;QACH,CAAC;QAED,MAAM,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;QAEtB,OAAO,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,eAAe,EAAE,EAAE,CAAC,CAAA;IAClE,CAAC;IAED,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,CAAA;AAC7B,CAAC"}

package/dist/api/roles.d.ts

@@ -0,0 +1,15 @@
+import { NextRequest, NextResponse } from 'next/server';
+import type { RoleDefinition } from '../types';
+export interface RolesHandlerConfig {
+    checkPermission: (perm: string) => Promise<{
+        error: NextResponse | null;
+        session: any;
+    }>;
+    adminPermission: string;
+    defaultRoles?: Record<string, RoleDefinition>;
+}
+export declare function createRolesHandler(config: RolesHandlerConfig): {
+    GET: () => Promise<NextResponse<unknown>>;
+    POST: (req: NextRequest) => Promise<NextResponse<unknown>>;
+};
+//# sourceMappingURL=roles.d.ts.map

package/dist/api/roles.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"roles.d.ts","sourceRoot":"","sources":["../../api/roles.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAIvD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,UAAU,CAAA;AAQ9C,MAAM,WAAW,kBAAkB;IACjC,eAAe,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC;QAAE,KAAK,EAAE,YAAY,GAAG,IAAI,CAAC;QAAC,OAAO,EAAE,GAAG,CAAA;KAAE,CAAC,CAAA;IACxF,eAAe,EAAE,MAAM,CAAA;IACvB,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAA;CAC9C;AAED,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,kBAAkB;;gBAoClC,WAAW;EAqCrC"}

package/dist/api/roles.js

@@ -0,0 +1,65 @@
+// Author: Dr Hamid MADANI drmdh@msn.com
+// RBAC API handler: GET/POST /admin/roles
+import { NextResponse } from 'next/server';
+import { RoleRepository, UserRepository } from '@mostajs/auth';
+import { getDialect } from '@mostajs/orm';
+import { z } from 'zod';
+const createRoleSchema = z.object({
+    name: z.string().min(1).regex(/^[a-z][a-z0-9_]*$/, 'Le nom doit être en minuscules (lettres, chiffres, underscores)'),
+    description: z.string().optional(),
+    permissionIds: z.array(z.string()).optional(),
+});
+export function createRolesHandler(config) {
+    const { checkPermission, adminPermission, defaultRoles = {} } = config;
+    async function GET() {
+        const { error } = await checkPermission(adminPermission);
+        if (error)
+            return error;
+        const rRepo = new RoleRepository(await getDialect());
+        let roles = await rRepo.findAllWithPermissions();
+        // Fallback: if DB is empty, return hardcoded defaults
+        if (roles.length === 0) {
+            const fallbackRoles = Object.values(defaultRoles).map((r, i) => ({
+                id: `fallback_${i}`,
+                name: r.name,
+                description: r.description,
+                permissions: r.permissions.map((p) => ({ name: p })),
+                userCount: 0,
+                _fallback: true,
+            }));
+            return NextResponse.json({ data: fallbackRoles });
+        }
+        const uRepo = new UserRepository(await getDialect());
+        const allUsers = await uRepo.findAllSafe();
+        const rolesWithCount = roles.map((r) => (Object.assign(Object.assign({}, r), { userCount: allUsers.filter((u) => {
+                const userRoles = Array.isArray(u.roles) ? u.roles : [];
+                return userRoles.includes(r.id);
+            }).length })));
+        return NextResponse.json({ data: rolesWithCount });
+    }
+    async function POST(req) {
+        const { error } = await checkPermission(adminPermission);
+        if (error)
+            return error;
+        const body = await req.json();
+        const parsed = createRoleSchema.safeParse(body);
+        if (!parsed.success) {
+            return NextResponse.json({ error: { code: 'VALIDATION_ERROR', message: 'Données invalides', details: parsed.error.flatten() } }, { status: 400 });
+        }
+        const { name, description, permissionIds } = parsed.data;
+        const rRepo = new RoleRepository(await getDialect());
+        const existing = await rRepo.findByName(name);
+        if (existing) {
+            return NextResponse.json({ error: { code: 'DUPLICATE', message: 'Un rôle avec ce nom existe déjà' } }, { status: 409 });
+        }
+        const role = await rRepo.create({
+            name,
+            description: description || '',
+            permissions: permissionIds || [],
+        });
+        const populated = await rRepo.findByIdWithPermissions(role.id);
+        return NextResponse.json({ data: populated }, { status: 201 });
+    }
+    return { GET, POST };
+}
+//# sourceMappingURL=roles.js.map

package/dist/api/roles.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"roles.js","sourceRoot":"","sources":["../../api/roles.ts"],"names":[],"mappings":"AAAA,wCAAwC;AACxC,0CAA0C;AAC1C,OAAO,EAAe,YAAY,EAAE,MAAM,aAAa,CAAA;AACvD,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,eAAe,CAAA;AAC9D,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AACzC,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAGvB,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,mBAAmB,EAAE,iEAAiE,CAAC;IACrH,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,aAAa,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CAC9C,CAAC,CAAA;AAQF,MAAM,UAAU,kBAAkB,CAAC,MAA0B;IAC3D,MAAM,EAAE,eAAe,EAAE,eAAe,EAAE,YAAY,GAAG,EAAE,EAAE,GAAG,MAAM,CAAA;IAEtE,KAAK,UAAU,GAAG;QAChB,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,eAAe,CAAC,eAAe,CAAC,CAAA;QACxD,IAAI,KAAK;YAAE,OAAO,KAAK,CAAA;QAEvB,MAAM,KAAK,GAAG,IAAI,cAAc,CAAC,MAAM,UAAU,EAAE,CAAC,CAAA;QACpD,IAAI,KAAK,GAAG,MAAM,KAAK,CAAC,sBAAsB,EAAE,CAAA;QAEhD,sDAAsD;QACtD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC/D,EAAE,EAAE,YAAY,CAAC,EAAE;gBACnB,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,WAAW,EAAE,CAAC,CAAC,WAAW;gBAC1B,WAAW,EAAE,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;gBACpD,SAAS,EAAE,CAAC;gBACZ,SAAS,EAAE,IAAI;aAChB,CAAC,CAAC,CAAA;YACH,OAAO,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,aAAa,EAAE,CAAC,CAAA;QACnD,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,cAAc,CAAC,MAAM,UAAU,EAAE,CAAC,CAAA;QACpD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,WAAW,EAAE,CAAA;QAC1C,MAAM,cAAc,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,iCACnC,CAAC,KACJ,SAAS,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;gBAC/B,MAAM,SAAS,GAAa,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAA;gBACjE,OAAO,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAA;YACjC,CAAC,CAAC,CAAC,MAAM,IACT,CAAC,CAAA;QAEH,OAAO,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,CAAC,CAAA;IACpD,CAAC;IAED,KAAK,UAAU,IAAI,CAAC,GAAgB;QAClC,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,eAAe,CAAC,eAAe,CAAC,CAAA;QACxD,IAAI,KAAK;YAAE,OAAO,KAAK,CAAA;QAEvB,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAA;QAC7B,MAAM,MAAM,GAAG,gBAAgB,CAAC,SAAS,CAAC,IAAI,CAAC,CAAA;QAE/C,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,mBAAmB,EAAE,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,EAAE,EACtG,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;QACH,CAAC;QAED,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,aAAa,EAAE,GAAG,MAAM,CAAC,IAAI,CAAA;QACxD,MAAM,KAAK,GAAG,IAAI,cAAc,CAAC,MAAM,UAAU,EAAE,CAAC,CAAA;QAEpD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAA;QAC7C,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,iCAAiC,EAAE,EAAE,EAC5E,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;QACH,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC;YAC9B,IAAI;YACJ,WAAW,EAAE,WAAW,IAAI,EAAE;YAC9B,WAAW,EAAE,aAAa,IAAI,EAAE;SACjC,CAAC,CAAA;QAEF,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,uBAAuB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QAE9D,OAAO,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IAChE,CAAC;IAED,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,CAAA;AACtB,CAAC"}

package/dist/api/seed.d.ts

@@ -0,0 +1,16 @@
+import { NextResponse } from 'next/server';
+import type { PermissionDefinition, RoleDefinition, CategoryDefinition } from '../types';
+export interface SeedHandlerConfig {
+    checkPermission: (perm: string) => Promise<{
+        error: NextResponse | null;
+        session: any;
+    }>;
+    adminPermission: string;
+    permissionDefinitions: PermissionDefinition[];
+    defaultRoles: Record<string, RoleDefinition>;
+    categoryDefinitions: CategoryDefinition[];
+}
+export declare function createSeedHandler(config: SeedHandlerConfig): {
+    POST: () => Promise<NextResponse<unknown>>;
+};
+//# sourceMappingURL=seed.d.ts.map

package/dist/api/seed.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"seed.d.ts","sourceRoot":"","sources":["../../api/seed.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAG1C,OAAO,KAAK,EAAE,oBAAoB,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAA;AAExF,MAAM,WAAW,iBAAiB;IAChC,eAAe,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC;QAAE,KAAK,EAAE,YAAY,GAAG,IAAI,CAAC;QAAC,OAAO,EAAE,GAAG,CAAA;KAAE,CAAC,CAAA;IACxF,eAAe,EAAE,MAAM,CAAA;IACvB,qBAAqB,EAAE,oBAAoB,EAAE,CAAA;IAC7C,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAA;IAC5C,mBAAmB,EAAE,kBAAkB,EAAE,CAAA;CAC1C;AAED,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,iBAAiB;;EA6D1D"}

package/dist/api/seed.js

@@ -0,0 +1,49 @@
+// Author: Dr Hamid MADANI drmdh@msn.com
+// RBAC API handler: POST /admin/permissions/seed
+import { NextResponse } from 'next/server';
+import { PermissionRepository, RoleRepository, PermissionCategoryRepository } from '@mostajs/auth';
+import { getDialect } from '@mostajs/orm';
+export function createSeedHandler(config) {
+    const { checkPermission, adminPermission, permissionDefinitions, defaultRoles, categoryDefinitions, } = config;
+    async function POST() {
+        const { error } = await checkPermission(adminPermission);
+        if (error)
+            return error;
+        const catRepo = new PermissionCategoryRepository(await getDialect());
+        const pRepo = new PermissionRepository(await getDialect());
+        const rRepo = new RoleRepository(await getDialect());
+        // Upsert categories
+        for (const catDef of categoryDefinitions) {
+            await catRepo.upsert({ name: catDef.name }, catDef);
+        }
+        // Upsert all permissions
+        const permissionMap = {};
+        for (const pDef of permissionDefinitions) {
+            const perm = await pRepo.upsert({ name: pDef.name }, { name: pDef.name, description: pDef.description, category: pDef.category });
+            permissionMap[pDef.code] = perm.id;
+        }
+        // Upsert all default roles
+        const rolesCreated = [];
+        for (const [, roleDef] of Object.entries(defaultRoles)) {
+            const permissionIds = roleDef.permissions
+                .map((code) => permissionMap[code])
+                .filter(Boolean);
+            await rRepo.upsert({ name: roleDef.name }, {
+                name: roleDef.name,
+                description: roleDef.description,
+                permissions: permissionIds,
+            });
+            rolesCreated.push(roleDef.name);
+        }
+        return NextResponse.json({
+            data: {
+                categories: categoryDefinitions.length,
+                permissions: permissionDefinitions.length,
+                roles: rolesCreated.length,
+                message: `${categoryDefinitions.length} catégories, ${permissionDefinitions.length} permissions et ${rolesCreated.length} rôles initialisés`,
+            },
+        });
+    }
+    return { POST };
+}
+//# sourceMappingURL=seed.js.map

package/dist/api/seed.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"seed.js","sourceRoot":"","sources":["../../api/seed.ts"],"names":[],"mappings":"AAAA,wCAAwC;AACxC,iDAAiD;AACjD,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAC1C,OAAO,EAAE,oBAAoB,EAAE,cAAc,EAAE,4BAA4B,EAAE,MAAM,eAAe,CAAA;AAClG,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AAWzC,MAAM,UAAU,iBAAiB,CAAC,MAAyB;IACzD,MAAM,EACJ,eAAe,EACf,eAAe,EACf,qBAAqB,EACrB,YAAY,EACZ,mBAAmB,GACpB,GAAG,MAAM,CAAA;IAEV,KAAK,UAAU,IAAI;QACjB,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,eAAe,CAAC,eAAe,CAAC,CAAA;QACxD,IAAI,KAAK;YAAE,OAAO,KAAK,CAAA;QAEvB,MAAM,OAAO,GAAG,IAAI,4BAA4B,CAAC,MAAM,UAAU,EAAE,CAAC,CAAA;QACpE,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,MAAM,UAAU,EAAE,CAAC,CAAA;QAC1D,MAAM,KAAK,GAAG,IAAI,cAAc,CAAC,MAAM,UAAU,EAAE,CAAC,CAAA;QAEpD,oBAAoB;QACpB,KAAK,MAAM,MAAM,IAAI,mBAAmB,EAAE,CAAC;YACzC,MAAM,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,MAAa,CAAC,CAAA;QAC5D,CAAC;QAED,yBAAyB;QACzB,MAAM,aAAa,GAA2B,EAAE,CAAA;QAChD,KAAK,MAAM,IAAI,IAAI,qBAAqB,EAAE,CAAC;YACzC,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,MAAM,CAC7B,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,EACnB,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,WAAW,EAAE,IAAI,CAAC,WAAW,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,CAC5E,CAAA;YACD,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,EAAE,CAAA;QACpC,CAAC;QAED,2BAA2B;QAC3B,MAAM,YAAY,GAAa,EAAE,CAAA;QACjC,KAAK,MAAM,CAAC,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;YACvD,MAAM,aAAa,GAAG,OAAO,CAAC,WAAW;iBACtC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;iBAClC,MAAM,CAAC,OAAO,CAAC,CAAA;YAElB,MAAM,KAAK,CAAC,MAAM,CAChB,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,EACtB;gBACE,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,WAAW,EAAE,aAAa;aAC3B,CACF,CAAA;YACD,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAA;QACjC,CAAC;QAED,OAAO,YAAY,CAAC,IAAI,CAAC;YACvB,IAAI,EAAE;gBACJ,UAAU,EAAE,mBAAmB,CAAC,MAAM;gBACtC,WAAW,EAAE,qBAAqB,CAAC,MAAM;gBACzC,KAAK,EAAE,YAAY,CAAC,MAAM;gBAC1B,OAAO,EAAE,GAAG,mBAAmB,CAAC,MAAM,gBAAgB,qBAAqB,CAAC,MAAM,mBAAmB,YAAY,CAAC,MAAM,oBAAoB;aAC7I;SACF,CAAC,CAAA;IACJ,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,CAAA;AACjB,CAAC"}

package/dist/api/users-id.d.ts

@@ -0,0 +1,28 @@
+import { NextRequest, NextResponse } from 'next/server';
+export interface UsersIdHandlerConfig {
+    checkPermission: (perm: string) => Promise<{
+        error: NextResponse | null;
+        session: any;
+    }>;
+    adminPermission: string;
+    knownRoles?: string[];
+    getPermissionsForRole?: (role: string) => Promise<string[]>;
+}
+export declare function createUsersIdHandler(config: UsersIdHandlerConfig): {
+    GET: (req: NextRequest, { params }: {
+        params: Promise<{
+            id: string;
+        }>;
+    }) => Promise<NextResponse<unknown>>;
+    PUT: (req: NextRequest, { params }: {
+        params: Promise<{
+            id: string;
+        }>;
+    }) => Promise<NextResponse<unknown>>;
+    DELETE: (req: NextRequest, { params }: {
+        params: Promise<{
+            id: string;
+        }>;
+    }) => Promise<NextResponse<unknown>>;
+};
+//# sourceMappingURL=users-id.d.ts.map

package/dist/api/users-id.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"users-id.d.ts","sourceRoot":"","sources":["../../api/users-id.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAgBvD,MAAM,WAAW,oBAAoB;IACnC,eAAe,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC;QAAE,KAAK,EAAE,YAAY,GAAG,IAAI,CAAC;QAAC,OAAO,EAAE,GAAG,CAAA;KAAE,CAAC,CAAA;IACxF,eAAe,EAAE,MAAM,CAAA;IACvB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAA;IACrB,qBAAqB,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,EAAE,CAAC,CAAA;CAC5D;AAED,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,oBAAoB;eASxD,WAAW,cACJ;QAAE,MAAM,EAAE,OAAO,CAAC;YAAE,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC,CAAA;KAAE;eAoB1C,WAAW,cACJ;QAAE,MAAM,EAAE,OAAO,CAAC;YAAE,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC,CAAA;KAAE;kBAuD1C,WAAW,cACJ;QAAE,MAAM,EAAE,OAAO,CAAC;YAAE,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC,CAAA;KAAE;EA8BlD"}

package/dist/api/users-id.js

@@ -0,0 +1,94 @@
+var __rest = (this && this.__rest) || function (s, e) {
+    var t = {};
+    for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0)
+        t[p] = s[p];
+    if (s != null && typeof Object.getOwnPropertySymbols === "function")
+        for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) {
+            if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i]))
+                t[p[i]] = s[p[i]];
+        }
+    return t;
+};
+// Author: Dr Hamid MADANI drmdh@msn.com
+// RBAC API handler: GET/PUT/DELETE /users/[id]
+import { NextResponse } from 'next/server';
+import { hashPassword } from '@mostajs/auth/lib/password';
+import { UserRepository, RoleRepository } from '@mostajs/auth';
+import { getDialect } from '@mostajs/orm';
+import { z } from 'zod';
+const updateUserSchema = z.object({
+    email: z.string().email().optional(),
+    password: z.string().min(6).optional(),
+    firstName: z.string().min(1).optional(),
+    lastName: z.string().min(1).optional(),
+    phone: z.string().optional(),
+    role: z.string().min(1).optional(),
+    status: z.enum(['active', 'locked', 'disabled']).optional(),
+});
+export function createUsersIdHandler(config) {
+    const { checkPermission, adminPermission, knownRoles = [], getPermissionsForRole, } = config;
+    async function GET(req, { params }) {
+        const { error } = await checkPermission(adminPermission);
+        if (error)
+            return error;
+        const { id } = await params;
+        const repo = new UserRepository(await getDialect());
+        const user = await repo.findByIdSafe(id);
+        if (!user) {
+            return NextResponse.json({ error: { code: 'NOT_FOUND', message: 'Utilisateur non trouvé' } }, { status: 404 });
+        }
+        return NextResponse.json({ data: user });
+    }
+    async function PUT(req, { params }) {
+        const { error } = await checkPermission(adminPermission);
+        if (error)
+            return error;
+        const { id } = await params;
+        const body = await req.json();
+        const parsed = updateUserSchema.safeParse(body);
+        if (!parsed.success) {
+            return NextResponse.json({ error: { code: 'VALIDATION_ERROR', message: 'Données invalides', details: parsed.error.flatten() } }, { status: 400 });
+        }
+        const updateData = Object.assign({}, parsed.data);
+        if (updateData.password) {
+            updateData.password = await hashPassword(updateData.password);
+        }
+        if (updateData.role) {
+            if (!knownRoles.includes(updateData.role)) {
+                const rRepo = new RoleRepository(await getDialect());
+                const dbRole = await rRepo.findByName(updateData.role);
+                if (!dbRole) {
+                    return NextResponse.json({ error: { code: 'VALIDATION_ERROR', message: `Le rôle "${updateData.role}" n'existe pas` } }, { status: 400 });
+                }
+            }
+            if (getPermissionsForRole) {
+                updateData.permissions = await getPermissionsForRole(updateData.role);
+            }
+        }
+        const repo = new UserRepository(await getDialect());
+        const user = await repo.update(id, updateData);
+        if (!user) {
+            return NextResponse.json({ error: { code: 'NOT_FOUND', message: 'Utilisateur non trouvé' } }, { status: 404 });
+        }
+        const _a = user, { password: _ } = _a, userWithoutPassword = __rest(_a, ["password"]);
+        return NextResponse.json({ data: userWithoutPassword });
+    }
+    async function DELETE(req, { params }) {
+        const { error, session } = await checkPermission(adminPermission);
+        if (error)
+            return error;
+        const { id } = await params;
+        if (session.user.id === id) {
+            return NextResponse.json({ error: { code: 'FORBIDDEN', message: 'Impossible de supprimer votre propre compte' } }, { status: 403 });
+        }
+        const repo = new UserRepository(await getDialect());
+        const user = await repo.update(id, { status: 'disabled' });
+        if (!user) {
+            return NextResponse.json({ error: { code: 'NOT_FOUND', message: 'Utilisateur non trouvé' } }, { status: 404 });
+        }
+        const _a = user, { password: _ } = _a, userWithoutPassword = __rest(_a, ["password"]);
+        return NextResponse.json({ data: userWithoutPassword });
+    }
+    return { GET, PUT, DELETE };
+}
+//# sourceMappingURL=users-id.js.map

package/dist/api/users-id.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"users-id.js","sourceRoot":"","sources":["../../api/users-id.ts"],"names":[],"mappings":";;;;;;;;;;;AAAA,wCAAwC;AACxC,+CAA+C;AAC/C,OAAO,EAAe,YAAY,EAAE,MAAM,aAAa,CAAA;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAA;AACzD,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,eAAe,CAAA;AAC9D,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AACzC,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE;IACpC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACtC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACvC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACtC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAClC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC,QAAQ,EAAE;CAC5D,CAAC,CAAA;AASF,MAAM,UAAU,oBAAoB,CAAC,MAA4B;IAC/D,MAAM,EACJ,eAAe,EACf,eAAe,EACf,UAAU,GAAG,EAAE,EACf,qBAAqB,GACtB,GAAG,MAAM,CAAA;IAEV,KAAK,UAAU,GAAG,CAChB,GAAgB,EAChB,EAAE,MAAM,EAAuC;QAE/C,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,eAAe,CAAC,eAAe,CAAC,CAAA;QACxD,IAAI,KAAK;YAAE,OAAO,KAAK,CAAA;QAEvB,MAAM,EAAE,EAAE,EAAE,GAAG,MAAM,MAAM,CAAA;QAC3B,MAAM,IAAI,GAAG,IAAI,cAAc,CAAC,MAAM,UAAU,EAAE,CAAC,CAAA;QAEnD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC,CAAA;QACxC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,wBAAwB,EAAE,EAAE,EACnE,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;QACH,CAAC;QAED,OAAO,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAA;IAC1C,CAAC;IAED,KAAK,UAAU,GAAG,CAChB,GAAgB,EAChB,EAAE,MAAM,EAAuC;QAE/C,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,eAAe,CAAC,eAAe,CAAC,CAAA;QACxD,IAAI,KAAK;YAAE,OAAO,KAAK,CAAA;QAEvB,MAAM,EAAE,EAAE,EAAE,GAAG,MAAM,MAAM,CAAA;QAE3B,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAA;QAC7B,MAAM,MAAM,GAAG,gBAAgB,CAAC,SAAS,CAAC,IAAI,CAAC,CAAA;QAE/C,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,mBAAmB,EAAE,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,EAAE,EACtG,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;QACH,CAAC;QAED,MAAM,UAAU,qBAAa,MAAM,CAAC,IAAI,CAAE,CAAA;QAE1C,IAAI,UAAU,CAAC,QAAQ,EAAE,CAAC;YACxB,UAAU,CAAC,QAAQ,GAAG,MAAM,YAAY,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAA;QAC/D,CAAC;QAED,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;YACpB,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC1C,MAAM,KAAK,GAAG,IAAI,cAAc,CAAC,MAAM,UAAU,EAAE,CAAC,CAAA;gBACpD,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,CAAA;gBACtD,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,YAAY,UAAU,CAAC,IAAI,gBAAgB,EAAE,EAAE,EAC7F,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;gBACH,CAAC;YACH,CAAC;YACD,IAAI,qBAAqB,EAAE,CAAC;gBAC1B,UAAU,CAAC,WAAW,GAAG,MAAM,qBAAqB,CAAC,UAAU,CAAC,IAAI,CAAC,CAAA;YACvE,CAAC;QACH,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,cAAc,CAAC,MAAM,UAAU,EAAE,CAAC,CAAA;QACnD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,UAAU,CAAC,CAAA;QAE9C,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,wBAAwB,EAAE,EAAE,EACnE,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;QACH,CAAC;QAED,MAAM,KAA0C,IAAW,EAArD,EAAE,QAAQ,EAAE,CAAC,OAAwC,EAAnC,mBAAmB,cAArC,YAAuC,CAAc,CAAA;QAE3D,OAAO,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,mBAAmB,EAAE,CAAC,CAAA;IACzD,CAAC;IAED,KAAK,UAAU,MAAM,CACnB,GAAgB,EAChB,EAAE,MAAM,EAAuC;QAE/C,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,MAAM,eAAe,CAAC,eAAe,CAAC,CAAA;QACjE,IAAI,KAAK;YAAE,OAAO,KAAK,CAAA;QAEvB,MAAM,EAAE,EAAE,EAAE,GAAG,MAAM,MAAM,CAAA;QAE3B,IAAI,OAAQ,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,CAAC;YAC5B,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,6CAA6C,EAAE,EAAE,EACxF,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;QACH,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,cAAc,CAAC,MAAM,UAAU,EAAE,CAAC,CAAA;QACnD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC,CAAA;QAE1D,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,wBAAwB,EAAE,EAAE,EACnE,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;QACH,CAAC;QAED,MAAM,KAA0C,IAAW,EAArD,EAAE,QAAQ,EAAE,CAAC,OAAwC,EAAnC,mBAAmB,cAArC,YAAuC,CAAc,CAAA;QAE3D,OAAO,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,mBAAmB,EAAE,CAAC,CAAA;IACzD,CAAC;IAED,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,CAAA;AAC7B,CAAC"}

package/dist/api/users.d.ts

@@ -0,0 +1,17 @@
+import { NextRequest, NextResponse } from 'next/server';
+export interface UsersHandlerConfig {
+    checkPermission: (perm: string) => Promise<{
+        error: NextResponse | null;
+        session: any;
+    }>;
+    adminPermission: string;
+    knownRoles?: string[];
+    getPermissionsForRole?: (role: string) => Promise<string[]>;
+    logAudit?: (entry: Record<string, unknown>) => Promise<void>;
+    getAuditUser?: (session: any) => Record<string, unknown>;
+}
+export declare function createUsersHandler(config: UsersHandlerConfig): {
+    GET: () => Promise<NextResponse<unknown>>;
+    POST: (req: NextRequest) => Promise<NextResponse<unknown>>;
+};
+//# sourceMappingURL=users.d.ts.map

package/dist/api/users.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"users.d.ts","sourceRoot":"","sources":["../../api/users.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAevD,MAAM,WAAW,kBAAkB;IACjC,eAAe,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC;QAAE,KAAK,EAAE,YAAY,GAAG,IAAI,CAAC;QAAC,OAAO,EAAE,GAAG,CAAA;KAAE,CAAC,CAAA;IACxF,eAAe,EAAE,MAAM,CAAA;IACvB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAA;IACrB,qBAAqB,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,EAAE,CAAC,CAAA;IAC3D,QAAQ,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAC5D,YAAY,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,KAAK,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CACzD;AAED,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,kBAAkB;;gBAoBlC,WAAW;EAoErC"}

package/dist/api/users.js

@@ -0,0 +1,80 @@
+var __rest = (this && this.__rest) || function (s, e) {
+    var t = {};
+    for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0)
+        t[p] = s[p];
+    if (s != null && typeof Object.getOwnPropertySymbols === "function")
+        for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) {
+            if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i]))
+                t[p[i]] = s[p[i]];
+        }
+    return t;
+};
+// Author: Dr Hamid MADANI drmdh@msn.com
+// RBAC API handler: GET/POST /users
+import { NextResponse } from 'next/server';
+import { hashPassword } from '@mostajs/auth/lib/password';
+import { UserRepository, RoleRepository } from '@mostajs/auth';
+import { getDialect } from '@mostajs/orm';
+import { z } from 'zod';
+const createUserSchema = z.object({
+    email: z.string().email(),
+    password: z.string().min(6),
+    firstName: z.string().min(1),
+    lastName: z.string().min(1),
+    phone: z.string().optional(),
+    role: z.string().min(1),
+});
+export function createUsersHandler(config) {
+    const { checkPermission, adminPermission, knownRoles = [], getPermissionsForRole, logAudit, getAuditUser, } = config;
+    async function GET() {
+        const { error } = await checkPermission(adminPermission);
+        if (error)
+            return error;
+        const repo = new UserRepository(await getDialect());
+        const users = await repo.findAllSafe({}, { sort: { createdAt: -1 } });
+        return NextResponse.json({ data: users });
+    }
+    async function POST(req) {
+        const { error, session } = await checkPermission(adminPermission);
+        if (error)
+            return error;
+        const body = await req.json();
+        const parsed = createUserSchema.safeParse(body);
+        if (!parsed.success) {
+            return NextResponse.json({ error: { code: 'VALIDATION_ERROR', message: 'Données invalides', details: parsed.error.flatten() } }, { status: 400 });
+        }
+        const { email, password, firstName, lastName, phone, role } = parsed.data;
+        const repo = new UserRepository(await getDialect());
+        const existing = await repo.findByEmail(email);
+        if (existing) {
+            return NextResponse.json({ error: { code: 'DUPLICATE', message: 'Cet email est déjà utilisé' } }, { status: 409 });
+        }
+        // Validate role exists (known constants or DB)
+        if (!knownRoles.includes(role)) {
+            const rRepo = new RoleRepository(await getDialect());
+            const dbRole = await rRepo.findByName(role);
+            if (!dbRole) {
+                return NextResponse.json({ error: { code: 'VALIDATION_ERROR', message: `Le rôle "${role}" n'existe pas` } }, { status: 400 });
+            }
+        }
+        const hashedPassword = await hashPassword(password);
+        const permissions = getPermissionsForRole ? await getPermissionsForRole(role) : [];
+        const user = await repo.create({
+            email: email.toLowerCase(),
+            password: hashedPassword,
+            firstName,
+            lastName,
+            phone,
+            role,
+            permissions,
+            status: 'active',
+        });
+        const _a = user, { password: _ } = _a, userWithoutPassword = __rest(_a, ["password"]);
+        if (logAudit && getAuditUser) {
+            await logAudit(Object.assign(Object.assign({}, getAuditUser(session)), { action: 'user_create', module: 'users', resource: `${firstName} ${lastName}`, resourceId: user.id, details: { email, role } }));
+        }
+        return NextResponse.json({ data: userWithoutPassword }, { status: 201 });
+    }
+    return { GET, POST };
+}
+//# sourceMappingURL=users.js.map

package/dist/api/users.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"users.js","sourceRoot":"","sources":["../../api/users.ts"],"names":[],"mappings":";;;;;;;;;;;AAAA,wCAAwC;AACxC,oCAAoC;AACpC,OAAO,EAAe,YAAY,EAAE,MAAM,aAAa,CAAA;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAA;AACzD,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,eAAe,CAAA;AAC9D,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AACzC,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE;IACzB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3B,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;CACxB,CAAC,CAAA;AAWF,MAAM,UAAU,kBAAkB,CAAC,MAA0B;IAC3D,MAAM,EACJ,eAAe,EACf,eAAe,EACf,UAAU,GAAG,EAAE,EACf,qBAAqB,EACrB,QAAQ,EACR,YAAY,GACb,GAAG,MAAM,CAAA;IAEV,KAAK,UAAU,GAAG;QAChB,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,eAAe,CAAC,eAAe,CAAC,CAAA;QACxD,IAAI,KAAK;YAAE,OAAO,KAAK,CAAA;QAEvB,MAAM,IAAI,GAAG,IAAI,cAAc,CAAC,MAAM,UAAU,EAAE,CAAC,CAAA;QACnD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;QAErE,OAAO,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAA;IAC3C,CAAC;IAED,KAAK,UAAU,IAAI,CAAC,GAAgB;QAClC,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,MAAM,eAAe,CAAC,eAAe,CAAC,CAAA;QACjE,IAAI,KAAK;YAAE,OAAO,KAAK,CAAA;QAEvB,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAA;QAC7B,MAAM,MAAM,GAAG,gBAAgB,CAAC,SAAS,CAAC,IAAI,CAAC,CAAA;QAE/C,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,mBAAmB,EAAE,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,EAAE,EACtG,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;QACH,CAAC;QAED,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC,IAAI,CAAA;QACzE,MAAM,IAAI,GAAG,IAAI,cAAc,CAAC,MAAM,UAAU,EAAE,CAAC,CAAA;QAEnD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAA;QAC9C,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,4BAA4B,EAAE,EAAE,EACvE,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;QACH,CAAC;QAED,+CAA+C;QAC/C,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,MAAM,KAAK,GAAG,IAAI,cAAc,CAAC,MAAM,UAAU,EAAE,CAAC,CAAA;YACpD,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAA;YAC3C,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,YAAY,IAAI,gBAAgB,EAAE,EAAE,EAClF,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;YACH,CAAC;QACH,CAAC;QAED,MAAM,cAAc,GAAG,MAAM,YAAY,CAAC,QAAQ,CAAC,CAAA;QACnD,MAAM,WAAW,GAAG,qBAAqB,CAAC,CAAC,CAAC,MAAM,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;QAElF,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC;YAC7B,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE;YAC1B,QAAQ,EAAE,cAAc;YACxB,SAAS;YACT,QAAQ;YACR,KAAK;YACL,IAAI;YACJ,WAAW;YACX,MAAM,EAAE,QAAQ;SACV,CAAC,CAAA;QAET,MAAM,KAA0C,IAAW,EAArD,EAAE,QAAQ,EAAE,CAAC,OAAwC,EAAnC,mBAAmB,cAArC,YAAuC,CAAc,CAAA;QAE3D,IAAI,QAAQ,IAAI,YAAY,EAAE,CAAC;YAC7B,MAAM,QAAQ,iCACT,YAAY,CAAC,OAAQ,CAAC,KACzB,MAAM,EAAE,aAAa,EACrB,MAAM,EAAE,OAAO,EACf,QAAQ,EAAE,GAAG,SAAS,IAAI,QAAQ,EAAE,EACpC,UAAU,EAAE,IAAI,CAAC,EAAE,EACnB,OAAO,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,IACxB,CAAA;QACJ,CAAC;QAED,OAAO,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,mBAAmB,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IAC1E,CAAC;IAED,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,CAAA;AACtB,CAAC"}

package/dist/components/CategoriesManager.d.ts

@@ -0,0 +1,5 @@
+import type { RBACConfig } from '../types';
+export interface CategoriesManagerProps extends RBACConfig {
+}
+export declare function CategoriesManager({ apiBasePath, t, }: CategoriesManagerProps): import("react/jsx-runtime").JSX.Element;
+//# sourceMappingURL=CategoriesManager.d.ts.map

package/dist/components/CategoriesManager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"CategoriesManager.d.ts","sourceRoot":"","sources":["../../components/CategoriesManager.tsx"],"names":[],"mappings":"AAgCA,OAAO,KAAK,EAAE,UAAU,EAAgB,MAAM,UAAU,CAAA;AAIxD,MAAM,WAAW,sBAAuB,SAAQ,UAAU;CAAG;AAE7D,wBAAgB,iBAAiB,CAAC,EAChC,WAAoB,EACpB,CAAY,GACb,EAAE,sBAAsB,2CAiRxB"}