@mostajs/rbac 2.3.4 → 2.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (18) hide show
  1. package/dist/lib/account-resolver.d.ts +24 -0
  2. package/dist/lib/account-resolver.d.ts.map +1 -0
  3. package/dist/lib/account-resolver.js +41 -0
  4. package/dist/lib/account-resolver.js.map +1 -0
  5. package/dist/lib/repos-factory.js +2 -2
  6. package/dist/lib/repos-factory.js.map +1 -1
  7. package/dist/repositories/account.repository.d.ts +14 -0
  8. package/dist/repositories/account.repository.d.ts.map +1 -1
  9. package/dist/repositories/account.repository.js +19 -0
  10. package/dist/repositories/account.repository.js.map +1 -1
  11. package/dist/schemas/account.schema.d.ts.map +1 -1
  12. package/dist/schemas/account.schema.js +22 -2
  13. package/dist/schemas/account.schema.js.map +1 -1
  14. package/dist/server.d.ts +2 -0
  15. package/dist/server.d.ts.map +1 -1
  16. package/dist/server.js +25 -0
  17. package/dist/server.js.map +1 -1
  18. package/package.json +2 -2
package/dist/lib/account-resolver.d.ts ADDED
@@ -0,0 +1,24 @@
1
+ import type { IDialect } from '@mostajs/orm';
2
+ export interface ResolveAccountOptions {
3
+ /** Override the auto-create account name (default: "<userEmail>-<type>"). */
4
+ name?: string;
5
+ /** Account type for lookup + auto-create (default: 'personal'). */
6
+ type?: string;
7
+ /** Plan to assign on auto-create (default: 'free'). */
8
+ plan?: string;
9
+ /** Status on auto-create (default: 'active'). */
10
+ status?: string;
11
+ /** Disable auto-create — return null if not found. */
12
+ noAutoCreate?: boolean;
13
+ }
14
+ /**
15
+ * Resolve (or auto-create) the Account owned by `userId`. Returns the
16
+ * account ID, or null if `noAutoCreate` and not found.
17
+ *
18
+ * Lookup order:
19
+ * 1. accounts WHERE owner=userId AND type=options.type
20
+ * 2. accounts WHERE owner=userId (any type — first match)
21
+ * 3. CREATE account (unless noAutoCreate=true)
22
+ */
23
+ export declare function resolveUserAccountId(dialect: IDialect, userId: string, userEmail?: string, options?: ResolveAccountOptions): Promise<string | null>;
24
+ //# sourceMappingURL=account-resolver.d.ts.map
package/dist/lib/account-resolver.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"account-resolver.d.ts","sourceRoot":"","sources":["../../lib/account-resolver.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAA;AAG5C,MAAM,WAAW,qBAAqB;IACpC,6EAA6E;IAC7E,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,mEAAmE;IACnE,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,uDAAuD;IACvD,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,iDAAiD;IACjD,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,sDAAsD;IACtD,YAAY,CAAC,EAAE,OAAO,CAAA;CACvB;AAED;;;;;;;;GAQG;AACH,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,QAAQ,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,CAAC,EAAE,MAAM,EAClB,OAAO,GAAE,qBAA0B,GAClC,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAuBxB"}
package/dist/lib/account-resolver.js ADDED
@@ -0,0 +1,41 @@
1
+ // @mostajs/rbac — Account resolver
2
+ //
3
+ // Resolves the personal Account owned by a User. The Account is the
4
+ // boundary entity for API keys, projects, billing, subscriptions —
5
+ // User is just identity. Centralizes the lookup-or-create pattern so
6
+ // portals (Octocloud, future tenants UIs) don't reimplement it.
7
+ //
8
+ // Author: Dr Hamid MADANI <drmdh@msn.com>
9
+ import { AccountRepository } from '../repositories/account.repository.js';
10
+ /**
11
+ * Resolve (or auto-create) the Account owned by `userId`. Returns the
12
+ * account ID, or null if `noAutoCreate` and not found.
13
+ *
14
+ * Lookup order:
15
+ * 1. accounts WHERE owner=userId AND type=options.type
16
+ * 2. accounts WHERE owner=userId (any type — first match)
17
+ * 3. CREATE account (unless noAutoCreate=true)
18
+ */
19
+ export async function resolveUserAccountId(dialect, userId, userEmail, options = {}) {
20
+ const accountRepo = new AccountRepository(dialect);
21
+ const type = options.type || 'personal';
22
+ const status = options.status || 'active';
23
+ const plan = options.plan || 'free';
24
+ const existing = await accountRepo.findOne({ owner: userId, type });
25
+ if (existing === null || existing === void 0 ? void 0 : existing.id)
26
+ return existing.id;
27
+ // Fallback : owner has an account of a different type (e.g. 'system',
28
+ // 'trial') — pick the first match rather than auto-creating a duplicate.
29
+ const any = await accountRepo.findOne({ owner: userId });
30
+ if (any === null || any === void 0 ? void 0 : any.id)
31
+ return any.id;
32
+ if (options.noAutoCreate)
33
+ return null;
34
+ const created = await accountRepo.create({
35
+ name: options.name || `${userEmail || userId}-${type}`,
36
+ type, plan, status,
37
+ owner: userId,
38
+ });
39
+ return created.id;
40
+ }
41
+ //# sourceMappingURL=account-resolver.js.map
package/dist/lib/account-resolver.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"account-resolver.js","sourceRoot":"","sources":["../../lib/account-resolver.ts"],"names":[],"mappings":"AAAA,mCAAmC;AACnC,EAAE;AACF,oEAAoE;AACpE,mEAAmE;AACnE,qEAAqE;AACrE,gEAAgE;AAChE,EAAE;AACF,0CAA0C;AAG1C,OAAO,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAA;AAetE;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,OAAiB,EACjB,MAAc,EACd,SAAkB,EAClB,UAAiC,EAAE;IAEnC,MAAM,WAAW,GAAG,IAAI,iBAAiB,CAAC,OAAO,CAAC,CAAA;IAElD,MAAM,IAAI,GAAK,OAAO,CAAC,IAAI,IAAM,UAAU,CAAA;IAC3C,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,QAAQ,CAAA;IACzC,MAAM,IAAI,GAAK,OAAO,CAAC,IAAI,IAAM,MAAM,CAAA;IAEvC,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAS,CAAC,CAAA;IAC1E,IAAK,QAAgB,aAAhB,QAAQ,uBAAR,QAAQ,CAAU,EAAE;QAAE,OAAQ,QAAgB,CAAC,EAAE,CAAA;IAEtD,sEAAsE;IACtE,yEAAyE;IACzE,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,MAAM,EAAS,CAAC,CAAA;IAC/D,IAAK,GAAW,aAAX,GAAG,uBAAH,GAAG,CAAU,EAAE;QAAE,OAAQ,GAAW,CAAC,EAAE,CAAA;IAE5C,IAAI,OAAO,CAAC,YAAY;QAAE,OAAO,IAAI,CAAA;IAErC,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,MAAM,CAAC;QACvC,IAAI,EAAI,OAAO,CAAC,IAAI,IAAI,GAAG,SAAS,IAAI,MAAM,IAAI,IAAI,EAAE;QACxD,IAAI,EAAE,IAAI,EAAE,MAAM;QAClB,KAAK,EAAG,MAAM;KACR,CAAC,CAAA;IACT,OAAQ,OAAe,CAAC,EAAE,CAAA;AAC5B,CAAC"}
package/dist/lib/repos-factory.js CHANGED
@@ -1,12 +1,12 @@
1
1
  // repos-factory.ts — Centralized repository factory
2
- // Uses @mostajs/octoswitcher to get the right dialect (ORM or NET)
2
+ // Uses @mostajs/data-plug to get the right dialect (ORM or NET)
3
3
  // Author: Dr Hamid MADANI drmdh@msn.com
4
4
  let _cached = null;
5
5
  /** Get RBAC repositories — dialect resolved by octoswitcher (ORM or NET) */
6
6
  export async function getRbacRepos() {
7
7
  if (_cached)
8
8
  return _cached;
9
- const { getDialect } = await import('@mostajs/octoswitcher');
9
+ const { getDialect } = await import('@mostajs/data-plug');
10
10
  const { registerSchemas } = await import('@mostajs/orm');
11
11
  const { UserSchema } = await import('../schemas/user.schema.js');
12
12
  const { RoleSchema } = await import('../schemas/role.schema.js');
package/dist/lib/repos-factory.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"repos-factory.js","sourceRoot":"","sources":["../../lib/repos-factory.ts"],"names":[],"mappings":"AAAA,oDAAoD;AACpD,mEAAmE;AACnE,wCAAwC;AA6ExC,IAAI,OAAO,GAAqB,IAAI,CAAC;AAErC,4EAA4E;AAC5E,MAAM,CAAC,KAAK,UAAU,YAAY;IAChC,IAAI,OAAO;QAAE,OAAO,OAAO,CAAC;IAE5B,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,uBAAuB,CAAC,CAAC;IAC7D,MAAM,EAAE,eAAe,EAAE,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,CAAC;IACzD,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,2BAA2B,CAAC,CAAC;IACjE,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,2BAA2B,CAAC,CAAC;IACjE,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,MAAM,CAAC,iCAAiC,CAAC,CAAC;IAC7E,MAAM,EAAE,wBAAwB,EAAE,GAAG,MAAM,MAAM,CAAC,0CAA0C,CAAC,CAAC;IAC9F,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,oCAAoC,CAAC,CAAC;IAC9E,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,oCAAoC,CAAC,CAAC;IAC9E,MAAM,EAAE,oBAAoB,EAAE,GAAG,MAAM,MAAM,CAAC,0CAA0C,CAAC,CAAC;IAC1F,MAAM,EAAE,4BAA4B,EAAE,GAAG,MAAM,MAAM,CAAC,mDAAmD,CAAC,CAAC;IAE3G,eAAe,CAAC,CAAC,UAAU,EAAE,UAAU,EAAE,gBAAgB,EAAE,wBAAwB,CAAC,CAAC,CAAC;IACtF,MAAM,OAAO,GAAG,MAAM,UAAU,EAAE,CAAC;IACnC,2FAA2F;IAC3F,IAAI,OAAQ,OAAe,CAAC,UAAU,KAAK,UAAU,EAAE,CAAC;QACtD,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,CAAC;QACvD,MAAO,OAAe,CAAC,UAAU,CAAC,aAAa,EAAE,CAAC,CAAC;IACrD,CAAC;IAED,OAAO,GAAG;QACR,KAAK,EAAE,IAAI,cAAc,CAAC,OAAc,CAAoB;QAC5D,KAAK,EAAE,IAAI,cAAc,CAAC,OAAc,CAAoB;QAC5D,WAAW,EAAE,IAAI,oBAAoB,CAAC,OAAc,CAA0B;QAC9E,UAAU,EAAE,IAAI,4BAA4B,CAAC,OAAc,CAAkC;KAC9F,CAAC;IACF,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,8BAA8B;AAC9B,MAAM,UAAU,cAAc,KAAW,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC"}
1
+ {"version":3,"file":"repos-factory.js","sourceRoot":"","sources":["../../lib/repos-factory.ts"],"names":[],"mappings":"AAAA,oDAAoD;AACpD,gEAAgE;AAChE,wCAAwC;AA6ExC,IAAI,OAAO,GAAqB,IAAI,CAAC;AAErC,4EAA4E;AAC5E,MAAM,CAAC,KAAK,UAAU,YAAY;IAChC,IAAI,OAAO;QAAE,OAAO,OAAO,CAAC;IAE5B,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;IAC1D,MAAM,EAAE,eAAe,EAAE,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,CAAC;IACzD,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,2BAA2B,CAAC,CAAC;IACjE,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,2BAA2B,CAAC,CAAC;IACjE,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,MAAM,CAAC,iCAAiC,CAAC,CAAC;IAC7E,MAAM,EAAE,wBAAwB,EAAE,GAAG,MAAM,MAAM,CAAC,0CAA0C,CAAC,CAAC;IAC9F,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,oCAAoC,CAAC,CAAC;IAC9E,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,oCAAoC,CAAC,CAAC;IAC9E,MAAM,EAAE,oBAAoB,EAAE,GAAG,MAAM,MAAM,CAAC,0CAA0C,CAAC,CAAC;IAC1F,MAAM,EAAE,4BAA4B,EAAE,GAAG,MAAM,MAAM,CAAC,mDAAmD,CAAC,CAAC;IAE3G,eAAe,CAAC,CAAC,UAAU,EAAE,UAAU,EAAE,gBAAgB,EAAE,wBAAwB,CAAC,CAAC,CAAC;IACtF,MAAM,OAAO,GAAG,MAAM,UAAU,EAAE,CAAC;IACnC,2FAA2F;IAC3F,IAAI,OAAQ,OAAe,CAAC,UAAU,KAAK,UAAU,EAAE,CAAC;QACtD,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,CAAC;QACvD,MAAO,OAAe,CAAC,UAAU,CAAC,aAAa,EAAE,CAAC,CAAC;IACrD,CAAC;IAED,OAAO,GAAG;QACR,KAAK,EAAE,IAAI,cAAc,CAAC,OAAc,CAAoB;QAC5D,KAAK,EAAE,IAAI,cAAc,CAAC,OAAc,CAAoB;QAC5D,WAAW,EAAE,IAAI,oBAAoB,CAAC,OAAc,CAA0B;QAC9E,UAAU,EAAE,IAAI,4BAA4B,CAAC,OAAc,CAAkC;KAC9F,CAAC;IACF,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,8BAA8B;AAC9B,MAAM,UAAU,cAAc,KAAW,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC"}
package/dist/repositories/account.repository.d.ts CHANGED
@@ -7,5 +7,19 @@ export declare class AccountRepository extends BaseRepository<AccountDTO> {
7
7
  findByOwner(userId: string): Promise<AccountDTO | null>;
8
8
  /** Find the unique system account by type — useful for the 'trial' shared playground */
9
9
  findByType(type: string): Promise<AccountDTO | null>;
10
+ /** Find direct children of a parent account (1 level). */
11
+ findChildren(parentId: string): Promise<AccountDTO[]>;
12
+ /**
13
+ * Expand a parent account ID into the set of "tenant accounts" :
14
+ * the parent itself + all its direct children. Used by the row-level
15
+ * scoping middleware (mosta-net) to filter account-scoped entities.
16
+ *
17
+ * Returns an array of account IDs.
18
+ *
19
+ * Note : 1 niveau seulement pour l'instant. Si on adopte une vraie
20
+ * récursivité (forêt profonde), implémenter un CTE récursif (postgres
21
+ * `WITH RECURSIVE`) ou itérer ici.
22
+ */
23
+ expandTenant(parentId: string): Promise<string[]>;
10
24
  }
11
25
  //# sourceMappingURL=account.repository.d.ts.map
package/dist/repositories/account.repository.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"account.repository.d.ts","sourceRoot":"","sources":["../../repositories/account.repository.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAA;AAE7C,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAA;AAC5C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAEhD,qBAAa,iBAAkB,SAAQ,cAAc,CAAC,UAAU,CAAC;gBACnD,OAAO,EAAE,QAAQ;IAI7B,6DAA6D;IACvD,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAI7D,wFAAwF;IAClF,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;CAG3D"}
1
+ {"version":3,"file":"account.repository.d.ts","sourceRoot":"","sources":["../../repositories/account.repository.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAA;AAE7C,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAA;AAC5C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAEhD,qBAAa,iBAAkB,SAAQ,cAAc,CAAC,UAAU,CAAC;gBACnD,OAAO,EAAE,QAAQ;IAI7B,6DAA6D;IACvD,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAI7D,wFAAwF;IAClF,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAI1D,0DAA0D;IACpD,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;IAI3D;;;;;;;;;;OAUG;IACG,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;CAIxD"}
package/dist/repositories/account.repository.js CHANGED
@@ -14,5 +14,24 @@ export class AccountRepository extends BaseRepository {
14
14
  async findByType(type) {
15
15
  return this.findOne({ type });
16
16
  }
17
+ /** Find direct children of a parent account (1 level). */
18
+ async findChildren(parentId) {
19
+ return this.findAll({ parent: parentId });
20
+ }
21
+ /**
22
+ * Expand a parent account ID into the set of "tenant accounts" :
23
+ * the parent itself + all its direct children. Used by the row-level
24
+ * scoping middleware (mosta-net) to filter account-scoped entities.
25
+ *
26
+ * Returns an array of account IDs.
27
+ *
28
+ * Note : 1 niveau seulement pour l'instant. Si on adopte une vraie
29
+ * récursivité (forêt profonde), implémenter un CTE récursif (postgres
30
+ * `WITH RECURSIVE`) ou itérer ici.
31
+ */
32
+ async expandTenant(parentId) {
33
+ const children = await this.findChildren(parentId);
34
+ return [parentId, ...children.map((c) => c.id)];
35
+ }
17
36
  }
18
37
  //# sourceMappingURL=account.repository.js.map
package/dist/repositories/account.repository.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"account.repository.js","sourceRoot":"","sources":["../../repositories/account.repository.ts"],"names":[],"mappings":"AAAA,oCAAoC;AACpC,wCAAwC;AACxC,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAA;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAA;AAIzD,MAAM,OAAO,iBAAkB,SAAQ,cAA0B;IAC/D,YAAY,OAAiB;QAC3B,KAAK,CAAC,aAAa,EAAE,OAAO,CAAC,CAAA;IAC/B,CAAC;IAED,6DAA6D;IAC7D,KAAK,CAAC,WAAW,CAAC,MAAc;QAC9B,OAAO,IAAI,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAA;IACxC,CAAC;IAED,wFAAwF;IACxF,KAAK,CAAC,UAAU,CAAC,IAAY;QAC3B,OAAO,IAAI,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,CAAC,CAAA;IAC/B,CAAC;CACF"}
1
+ {"version":3,"file":"account.repository.js","sourceRoot":"","sources":["../../repositories/account.repository.ts"],"names":[],"mappings":"AAAA,oCAAoC;AACpC,wCAAwC;AACxC,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAA;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAA;AAIzD,MAAM,OAAO,iBAAkB,SAAQ,cAA0B;IAC/D,YAAY,OAAiB;QAC3B,KAAK,CAAC,aAAa,EAAE,OAAO,CAAC,CAAA;IAC/B,CAAC;IAED,6DAA6D;IAC7D,KAAK,CAAC,WAAW,CAAC,MAAc;QAC9B,OAAO,IAAI,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAA;IACxC,CAAC;IAED,wFAAwF;IACxF,KAAK,CAAC,UAAU,CAAC,IAAY;QAC3B,OAAO,IAAI,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,CAAC,CAAA;IAC/B,CAAC;IAED,0DAA0D;IAC1D,KAAK,CAAC,YAAY,CAAC,QAAgB;QACjC,OAAO,IAAI,CAAC,OAAO,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAS,CAAC,CAAA;IAClD,CAAC;IAED;;;;;;;;;;OAUG;IACH,KAAK,CAAC,YAAY,CAAC,QAAgB;QACjC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAA;QAClD,OAAO,CAAC,QAAQ,EAAE,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;IACtD,CAAC;CACF"}
package/dist/schemas/account.schema.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"account.schema.d.ts","sourceRoot":"","sources":["../../schemas/account.schema.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,cAAc,CAAA;AAEhD,eAAO,MAAM,aAAa,EAAE,YAuB3B,CAAA"}
1
+ {"version":3,"file":"account.schema.d.ts","sourceRoot":"","sources":["../../schemas/account.schema.ts"],"names":[],"mappings":"AAwBA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,cAAc,CAAA;AAEhD,eAAO,MAAM,aAAa,EAAE,YAyB3B,CAAA"}
package/dist/schemas/account.schema.js CHANGED
@@ -1,7 +1,25 @@
1
1
  // @mostajs/rbac — Account Entity Schema
2
- // Multi-tenant container referenced as target:'Account' by ApiKey, Project,
2
+ //
3
+ // Multi-tenant container référencé comme target:'Account' par ApiKey, Project,
3
4
  // Subscription, Invoice, UsageLog (across mosta-api-keys, mosta-project-life,
4
5
  // mosta-subscriptions-plan).
6
+ //
7
+ // Hiérarchie (depuis 2.4.0, modèle β multi-tenant) :
8
+ // - `parent` (nullable many-to-one Account → Account) permet de modéliser
9
+ // une forêt de comptes : un Account 'portal' (octocloud-amia) en racine,
10
+ // les Accounts 'personal' des users qui s'inscrivent ont parent=portal.
11
+ // - Les modules consomateurs (mosta-net Octonet) utilisent ce parent comme
12
+ // frontière de cloisonnement : une apikey rattachée à un portal Account
13
+ // voit uniquement les données dont l'`account` ∈ {portal} ∪ {children
14
+ // de portal}.
15
+ //
16
+ // Types existants :
17
+ // - personal : compte personnel d'un user
18
+ // - organization : équipe/société (futur)
19
+ // - trial : sandbox transient (T1 /try)
20
+ // - system : compte système (public-demo, services internes)
21
+ // - portal : tenant racine d'un octocloud (ajouté en 2.4.0)
22
+ //
5
23
  // Author: Dr Hamid MADANI drmdh@msn.com
6
24
  export const AccountSchema = {
7
25
  name: 'Account',
@@ -9,7 +27,7 @@ export const AccountSchema = {
9
27
  timestamps: true,
10
28
  fields: {
11
29
  name: { type: 'string', required: true, trim: true },
12
- type: { type: 'string', enum: ['personal', 'organization', 'trial', 'system'], default: 'personal' },
30
+ type: { type: 'string', enum: ['personal', 'organization', 'trial', 'system', 'portal'], default: 'personal' },
13
31
  plan: { type: 'string', default: 'free' },
14
32
  status: { type: 'string', enum: ['active', 'suspended', 'deleted'], default: 'active' },
15
33
  stripeCustomerId: { type: 'string' },
@@ -17,11 +35,13 @@ export const AccountSchema = {
17
35
  },
18
36
  relations: {
19
37
  owner: { type: 'many-to-one', target: 'User', required: true },
38
+ parent: { type: 'many-to-one', target: 'Account', required: false },
20
39
  members: { type: 'many-to-many', target: 'User', through: 'account_members' },
21
40
  },
22
41
  indexes: [
23
42
  { fields: { type: 'asc' } },
24
43
  { fields: { status: 'asc' } },
44
+ { fields: { parent: 'asc' } },
25
45
  ],
26
46
  };
27
47
  //# sourceMappingURL=account.schema.js.map
package/dist/schemas/account.schema.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"account.schema.js","sourceRoot":"","sources":["../../schemas/account.schema.ts"],"names":[],"mappings":"AAAA,wCAAwC;AACxC,4EAA4E;AAC5E,8EAA8E;AAC9E,6BAA6B;AAC7B,wCAAwC;AAIxC,MAAM,CAAC,MAAM,aAAa,GAAiB;IACzC,IAAI,EAAE,SAAS;IACf,UAAU,EAAE,UAAU;IACtB,UAAU,EAAE,IAAI;IAEhB,MAAM,EAAE;QACN,IAAI,EAAc,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE;QAChE,IAAI,EAAc,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,UAAU,EAAE,cAAc,EAAE,OAAO,EAAE,QAAQ,CAAC,EAAE,OAAO,EAAE,UAAU,EAAE;QAChH,IAAI,EAAc,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE;QACrD,MAAM,EAAY,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,QAAQ,EAAE,WAAW,EAAE,SAAS,CAAC,EAAE,OAAO,EAAE,QAAQ,EAAE;QACjG,gBAAgB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;QACpC,QAAQ,EAAU,EAAE,IAAI,EAAE,MAAM,EAAE;KACnC;IAED,SAAS,EAAE;QACT,KAAK,EAAI,EAAE,IAAI,EAAE,aAAa,EAAG,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE;QACjE,OAAO,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,iBAAiB,EAAE;KAC9E;IAED,OAAO,EAAE;QACP,EAAE,MAAM,EAAE,EAAE,IAAI,EAAI,KAAK,EAAE,EAAE;QAC7B,EAAE,MAAM,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE;KAC9B;CACF,CAAA"}
1
+ {"version":3,"file":"account.schema.js","sourceRoot":"","sources":["../../schemas/account.schema.ts"],"names":[],"mappings":"AAAA,wCAAwC;AACxC,EAAE;AACF,+EAA+E;AAC/E,8EAA8E;AAC9E,6BAA6B;AAC7B,EAAE;AACF,qDAAqD;AACrD,4EAA4E;AAC5E,6EAA6E;AAC7E,4EAA4E;AAC5E,6EAA6E;AAC7E,4EAA4E;AAC5E,0EAA0E;AAC1E,kBAAkB;AAClB,EAAE;AACF,oBAAoB;AACpB,gDAAgD;AAChD,4CAA4C;AAC5C,iDAAiD;AACjD,qEAAqE;AACrE,oEAAoE;AACpE,EAAE;AACF,wCAAwC;AAIxC,MAAM,CAAC,MAAM,aAAa,GAAiB;IACzC,IAAI,EAAE,SAAS;IACf,UAAU,EAAE,UAAU;IACtB,UAAU,EAAE,IAAI;IAEhB,MAAM,EAAE;QACN,IAAI,EAAc,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE;QAChE,IAAI,EAAc,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,UAAU,EAAE,cAAc,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,CAAC,EAAE,OAAO,EAAE,UAAU,EAAE;QAC1H,IAAI,EAAc,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE;QACrD,MAAM,EAAY,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,QAAQ,EAAE,WAAW,EAAE,SAAS,CAAC,EAAE,OAAO,EAAE,QAAQ,EAAE;QACjG,gBAAgB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;QACpC,QAAQ,EAAU,EAAE,IAAI,EAAE,MAAM,EAAE;KACnC;IAED,SAAS,EAAE;QACT,KAAK,EAAI,EAAE,IAAI,EAAE,aAAa,EAAG,MAAM,EAAE,MAAM,EAAK,QAAQ,EAAE,IAAI,EAAE;QACpE,MAAM,EAAG,EAAE,IAAI,EAAE,aAAa,EAAG,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,KAAK,EAAE;QACrE,OAAO,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE,MAAM,EAAE,MAAM,EAAK,OAAO,EAAE,iBAAiB,EAAE;KACjF;IAED,OAAO,EAAE;QACP,EAAE,MAAM,EAAE,EAAE,IAAI,EAAI,KAAK,EAAE,EAAE;QAC7B,EAAE,MAAM,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE;QAC7B,EAAE,MAAM,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE;KAC9B;CACF,CAAA"}
package/dist/server.d.ts CHANGED
@@ -14,6 +14,8 @@ export { OCTONET_RBAC_SEED, OCTONET_PERMS } from './seeds/octonet';
14
14
  export { hasPermission, matchesPermission } from './helpers/permissions';
15
15
  export { createAdmin } from './lib/create-admin';
16
16
  export type { CreateAdminOptions, CreateAdminResult } from './lib/create-admin';
17
+ export { resolveUserAccountId } from './lib/account-resolver';
18
+ export type { ResolveAccountOptions } from './lib/account-resolver';
17
19
  export { getSchemas, moduleInfo } from './lib/module-info';
18
20
  export { getPermissionsForRoleFromDB } from './lib/permissions-server';
19
21
  //# sourceMappingURL=server.d.ts.map
package/dist/server.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../server.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAA;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAA;AAClD,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAA;AAC9D,OAAO,EAAE,wBAAwB,EAAE,MAAM,sCAAsC,CAAA;AAC/E,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAA;AAGxD,OAAO,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAA;AAC/D,OAAO,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAA;AAC/D,OAAO,EAAE,oBAAoB,EAAE,MAAM,sCAAsC,CAAA;AAC3E,OAAO,EAAE,4BAA4B,EAAE,MAAM,+CAA+C,CAAA;AAC5F,OAAO,EAAE,iBAAiB,EAAE,MAAM,mCAAmC,CAAA;AAGrE,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAA;AAC1C,YAAY,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAA;AAGtD,OAAO,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAA;AAGlE,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAA;AAGxE,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAA;AAChD,YAAY,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAA;AAG/E,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAG1D,OAAO,EAAE,2BAA2B,EAAE,MAAM,0BAA0B,CAAA"}
1
+ {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../server.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAA;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAA;AAClD,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAA;AAC9D,OAAO,EAAE,wBAAwB,EAAE,MAAM,sCAAsC,CAAA;AAC/E,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAA;AAGxD,OAAO,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAA;AAC/D,OAAO,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAA;AAC/D,OAAO,EAAE,oBAAoB,EAAE,MAAM,sCAAsC,CAAA;AAC3E,OAAO,EAAE,4BAA4B,EAAE,MAAM,+CAA+C,CAAA;AAC5F,OAAO,EAAE,iBAAiB,EAAE,MAAM,mCAAmC,CAAA;AAGrE,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAA;AAC1C,YAAY,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAA;AAGtD,OAAO,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAA;AAGlE,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAA;AAGxE,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAA;AAChD,YAAY,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAA;AAI/E,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAA;AAC7D,YAAY,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAA;AAGnE,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAG1D,OAAO,EAAE,2BAA2B,EAAE,MAAM,0BAA0B,CAAA"}
package/dist/server.js CHANGED
@@ -22,6 +22,9 @@ export { OCTONET_RBAC_SEED, OCTONET_PERMS } from './seeds/octonet.js';
22
22
  export { hasPermission, matchesPermission } from './helpers/permissions.js';
23
23
  // Create admin (depends on repos → ORM + bcrypt)
24
24
  export { createAdmin } from './lib/create-admin.js';
25
+ // Account resolver — lookup-or-create the personal Account for a User.
26
+ // Centralized so portals (Octocloud, etc.) don't reimplement it.
27
+ export { resolveUserAccountId } from './lib/account-resolver.js';
25
28
  // Module info (schemas, seeds, metadata — for setup discovery)
26
29
  export { getSchemas, moduleInfo } from './lib/module-info.js';
27
30
  // Server-side permission DB lookup (depends on repos → ORM)
@@ -31,4 +34,26 @@ export { getPermissionsForRoleFromDB } from './lib/permissions-server.js';
31
34
  // import { createUsersHandler } from '@mostajs/rbac/api/users'
32
35
  // This keeps '@mostajs/rbac/server' Next-free for pure backend runtimes
33
36
  // (Fastify, Express, raw Node) like Octonet.
37
+ // API handler factories
38
+ //export { createUsersHandler } from './api/users.js'
39
+ //export { createUsersIdHandler } from './api/users-id.js'
40
+ //export { createRolesHandler } from './api/roles.js'
41
+ //export { createRolesIdHandler } from './api/roles-id.js'
42
+ //export { createPermissionsHandler } from './api/permissions.js'
43
+ //export { createPermissionsIdHandler } from './api/permissions-id.js'
44
+ //export { createMatrixHandler } from './api/matrix.js'
45
+ //export { createCategoriesHandler } from './api/categories.js'
46
+ //export { createCategoriesIdHandler } from './api/categories-id.js'
47
+ //export { createSeedHandler } from './api/seed.js'
48
+ // Re-//export config types
49
+ //export type { UsersHandlerConfig } from './api/users.js'
50
+ //export type { UsersIdHandlerConfig } from './api/users-id.js'
51
+ //export type { RolesHandlerConfig } from './api/roles.js'
52
+ //export type { RolesIdHandlerConfig } from './api/roles-id.js'
53
+ //export type { PermissionsHandlerConfig } from './api/permissions.js'
54
+ //export type { PermissionsIdHandlerConfig } from './api/permissions-id.js'
55
+ //export type { MatrixHandlerConfig } from './api/matrix.js'
56
+ //export type { CategoriesHandlerConfig } from './api/categories.js'
57
+ //export type { CategoriesIdHandlerConfig } from './api/categories-id.js'
58
+ //export type { SeedHandlerConfig } from './api/seed.js'
34
59
  //# sourceMappingURL=server.js.map
package/dist/server.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"server.js","sourceRoot":"","sources":["../server.ts"],"names":[],"mappings":"AAAA,wCAAwC;AACxC,6DAA6D;AAC7D,mEAAmE;AAEnE,wEAAwE;AACxE,kEAAkE;AAClE,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAA;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAA;AAClD,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAA;AAC9D,OAAO,EAAE,wBAAwB,EAAE,MAAM,sCAAsC,CAAA;AAC/E,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAA;AAExD,wCAAwC;AACxC,OAAO,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAA;AAC/D,OAAO,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAA;AAC/D,OAAO,EAAE,oBAAoB,EAAE,MAAM,sCAAsC,CAAA;AAC3E,OAAO,EAAE,4BAA4B,EAAE,MAAM,+CAA+C,CAAA;AAC5F,OAAO,EAAE,iBAAiB,EAAE,MAAM,mCAAmC,CAAA;AAErE,qCAAqC;AACrC,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAA;AAG1C,yEAAyE;AACzE,OAAO,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAA;AAElE,8BAA8B;AAC9B,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAA;AAExE,iDAAiD;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAA;AAGhD,+DAA+D;AAC/D,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAE1D,4DAA4D;AAC5D,OAAO,EAAE,2BAA2B,EAAE,MAAM,0BAA0B,CAAA;AAEtE,0EAA0E;AAC1E,6EAA6E;AAC7E,iEAAiE;AACjE,wEAAwE;AACxE,6CAA6C"}
1
+ {"version":3,"file":"server.js","sourceRoot":"","sources":["../server.ts"],"names":[],"mappings":"AAAA,wCAAwC;AACxC,6DAA6D;AAC7D,mEAAmE;AAEnE,wEAAwE;AACxE,kEAAkE;AAClE,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAA;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAA;AAClD,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAA;AAC9D,OAAO,EAAE,wBAAwB,EAAE,MAAM,sCAAsC,CAAA;AAC/E,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAA;AAExD,wCAAwC;AACxC,OAAO,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAA;AAC/D,OAAO,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAA;AAC/D,OAAO,EAAE,oBAAoB,EAAE,MAAM,sCAAsC,CAAA;AAC3E,OAAO,EAAE,4BAA4B,EAAE,MAAM,+CAA+C,CAAA;AAC5F,OAAO,EAAE,iBAAiB,EAAE,MAAM,mCAAmC,CAAA;AAErE,qCAAqC;AACrC,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAA;AAG1C,yEAAyE;AACzE,OAAO,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAA;AAElE,8BAA8B;AAC9B,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAA;AAExE,iDAAiD;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAA;AAGhD,uEAAuE;AACvE,iEAAiE;AACjE,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAA;AAG7D,+DAA+D;AAC/D,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAE1D,4DAA4D;AAC5D,OAAO,EAAE,2BAA2B,EAAE,MAAM,0BAA0B,CAAA;AAEtE,0EAA0E;AAC1E,6EAA6E;AAC7E,iEAAiE;AACjE,wEAAwE;AACxE,6CAA6C;AAK7C,wBAAwB;AACxB,kDAAkD;AAClD,uDAAuD;AACvD,kDAAkD;AAClD,uDAAuD;AACvD,8DAA8D;AAC9D,mEAAmE;AACnE,oDAAoD;AACpD,4DAA4D;AAC5D,iEAAiE;AACjE,gDAAgD;AAEhD,2BAA2B;AAC3B,uDAAuD;AACvD,4DAA4D;AAC5D,uDAAuD;AACvD,4DAA4D;AAC5D,mEAAmE;AACnE,wEAAwE;AACxE,yDAAyD;AACzD,iEAAiE;AACjE,sEAAsE;AACtE,qDAAqD"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@mostajs/rbac",
3
- "version": "2.3.4",
3
+ "version": "2.4.0",
4
4
  "description": "RBAC — User/Role/Permission schemas, repos, management UI, API handlers",
5
5
  "author": "Dr Hamid MADANI <drmdh@msn.com>",
6
6
  "license": "AGPL-3.0-or-later",
@@ -193,7 +193,7 @@
193
193
  "prepublishOnly": "npm run build"
194
194
  },
195
195
  "dependencies": {
196
- "@mostajs/octoswitcher": "^1.0.0",
196
+ "@mostajs/data-plug": "^1.0.0",
197
197
  "@mostajs/orm": "^1.0.0",
198
198
  "bcryptjs": "^3.0.3",
199
199
  "class-variance-authority": "^0.7.0",