npm - @mostajs/rbac - Versions diffs - 2.3.5 → 2.4.0 - Mend

@mostajs/rbac 2.3.5 → 2.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/repositories/account.repository.d.ts +14 -0
package/dist/repositories/account.repository.d.ts.map +1 -1
package/dist/repositories/account.repository.js +19 -0
package/dist/repositories/account.repository.js.map +1 -1
package/dist/schemas/account.schema.d.ts.map +1 -1
package/dist/schemas/account.schema.js +22 -2
package/dist/schemas/account.schema.js.map +1 -1
package/package.json +1 -1

package/dist/repositories/account.repository.d.ts CHANGED Viewed

@@ -7,5 +7,19 @@ export declare class AccountRepository extends BaseRepository<AccountDTO> {
     findByOwner(userId: string): Promise<AccountDTO | null>;
     /** Find the unique system account by type — useful for the 'trial' shared playground */
     findByType(type: string): Promise<AccountDTO | null>;
+    /** Find direct children of a parent account (1 level). */
+    findChildren(parentId: string): Promise<AccountDTO[]>;
+    /**
+     * Expand a parent account ID into the set of "tenant accounts" :
+     * the parent itself + all its direct children. Used by the row-level
+     * scoping middleware (mosta-net) to filter account-scoped entities.
+     *
+     * Returns an array of account IDs.
+     *
+     * Note : 1 niveau seulement pour l'instant. Si on adopte une vraie
+     * récursivité (forêt profonde), implémenter un CTE récursif (postgres
+     * `WITH RECURSIVE`) ou itérer ici.
+     */
+    expandTenant(parentId: string): Promise<string[]>;
 }
 //# sourceMappingURL=account.repository.d.ts.map

package/dist/repositories/account.repository.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"account.repository.d.ts","sourceRoot":"","sources":["../../repositories/account.repository.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAA;AAE7C,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAA;AAC5C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAEhD,qBAAa,iBAAkB,SAAQ,cAAc,CAAC,UAAU,CAAC;gBACnD,OAAO,EAAE,QAAQ;IAI7B,6DAA6D;IACvD,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAI7D,wFAAwF;IAClF,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;~~CAG3D~~"}
1	+ {"version":3,"file":"account.repository.d.ts","sourceRoot":"","sources":["../../repositories/account.repository.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAA;AAE7C,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAA;AAC5C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAEhD,qBAAa,iBAAkB,SAAQ,cAAc,CAAC,UAAU,CAAC;gBACnD,OAAO,EAAE,QAAQ;IAI7B,6DAA6D;IACvD,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAI7D,wFAAwF;IAClF,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAI1D,0DAA0D;IACpD,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;IAI3D;;;;;;;;;;OAUG;IACG,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;CAIxD"}

package/dist/repositories/account.repository.js CHANGED Viewed

@@ -14,5 +14,24 @@ export class AccountRepository extends BaseRepository {
     async findByType(type) {
         return this.findOne({ type });
     }
+    /** Find direct children of a parent account (1 level). */
+    async findChildren(parentId) {
+        return this.findAll({ parent: parentId });
+    }
+    /**
+     * Expand a parent account ID into the set of "tenant accounts" :
+     * the parent itself + all its direct children. Used by the row-level
+     * scoping middleware (mosta-net) to filter account-scoped entities.
+     *
+     * Returns an array of account IDs.
+     *
+     * Note : 1 niveau seulement pour l'instant. Si on adopte une vraie
+     * récursivité (forêt profonde), implémenter un CTE récursif (postgres
+     * `WITH RECURSIVE`) ou itérer ici.
+     */
+    async expandTenant(parentId) {
+        const children = await this.findChildren(parentId);
+        return [parentId, ...children.map((c) => c.id)];
+    }
 }
 //# sourceMappingURL=account.repository.js.map

package/dist/repositories/account.repository.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"account.repository.js","sourceRoot":"","sources":["../../repositories/account.repository.ts"],"names":[],"mappings":"AAAA,oCAAoC;AACpC,wCAAwC;AACxC,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAA;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAA;AAIzD,MAAM,OAAO,iBAAkB,SAAQ,cAA0B;IAC/D,YAAY,OAAiB;QAC3B,KAAK,CAAC,aAAa,EAAE,OAAO,CAAC,CAAA;IAC/B,CAAC;IAED,6DAA6D;IAC7D,KAAK,CAAC,WAAW,CAAC,MAAc;QAC9B,OAAO,IAAI,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAA;IACxC,CAAC;IAED,wFAAwF;IACxF,KAAK,CAAC,UAAU,CAAC,IAAY;QAC3B,OAAO,IAAI,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,CAAC,CAAA;IAC/B,CAAC;CACF"}
1	+ {"version":3,"file":"account.repository.js","sourceRoot":"","sources":["../../repositories/account.repository.ts"],"names":[],"mappings":"AAAA,oCAAoC;AACpC,wCAAwC;AACxC,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAA;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAA;AAIzD,MAAM,OAAO,iBAAkB,SAAQ,cAA0B;IAC/D,YAAY,OAAiB;QAC3B,KAAK,CAAC,aAAa,EAAE,OAAO,CAAC,CAAA;IAC/B,CAAC;IAED,6DAA6D;IAC7D,KAAK,CAAC,WAAW,CAAC,MAAc;QAC9B,OAAO,IAAI,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAA;IACxC,CAAC;IAED,wFAAwF;IACxF,KAAK,CAAC,UAAU,CAAC,IAAY;QAC3B,OAAO,IAAI,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,CAAC,CAAA;IAC/B,CAAC;IAED,0DAA0D;IAC1D,KAAK,CAAC,YAAY,CAAC,QAAgB;QACjC,OAAO,IAAI,CAAC,OAAO,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAS,CAAC,CAAA;IAClD,CAAC;IAED;;;;;;;;;;OAUG;IACH,KAAK,CAAC,YAAY,CAAC,QAAgB;QACjC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAA;QAClD,OAAO,CAAC,QAAQ,EAAE,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;IACtD,CAAC;CACF"}

package/dist/schemas/account.schema.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"account.schema.d.ts","sourceRoot":"","sources":["../../schemas/account.schema.ts"],"names":[],"mappings":"~~AAMA~~,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,cAAc,CAAA;AAEhD,eAAO,MAAM,aAAa,EAAE,~~YAuB3B~~,CAAA"}
1	+ {"version":3,"file":"account.schema.d.ts","sourceRoot":"","sources":["../../schemas/account.schema.ts"],"names":[],"mappings":"AAwBA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,cAAc,CAAA;AAEhD,eAAO,MAAM,aAAa,EAAE,YAyB3B,CAAA"}

package/dist/schemas/account.schema.js CHANGED Viewed

@@ -1,7 +1,25 @@
 // @mostajs/rbac — Account Entity Schema
-// Multi-tenant container referenced as target:'Account' by ApiKey, Project,
+//
+// Multi-tenant container référencé comme target:'Account' par ApiKey, Project,
 // Subscription, Invoice, UsageLog (across mosta-api-keys, mosta-project-life,
 // mosta-subscriptions-plan).
+//
+// Hiérarchie (depuis 2.4.0, modèle β multi-tenant) :
+//   - `parent` (nullable many-to-one Account → Account) permet de modéliser
+//     une forêt de comptes : un Account 'portal' (octocloud-amia) en racine,
+//     les Accounts 'personal' des users qui s'inscrivent ont parent=portal.
+//   - Les modules consomateurs (mosta-net Octonet) utilisent ce parent comme
+//     frontière de cloisonnement : une apikey rattachée à un portal Account
+//     voit uniquement les données dont l'`account` ∈ {portal} ∪ {children
+//     de portal}.
+//
+// Types existants :
+//   - personal     : compte personnel d'un user
+//   - organization : équipe/société (futur)
+//   - trial        : sandbox transient (T1 /try)
+//   - system       : compte système (public-demo, services internes)
+//   - portal       : tenant racine d'un octocloud (ajouté en 2.4.0)
+//
 // Author: Dr Hamid MADANI drmdh@msn.com
 export const AccountSchema = {
     name: 'Account',
@@ -9,7 +27,7 @@ export const AccountSchema = {
     timestamps: true,
     fields: {
         name: { type: 'string', required: true, trim: true },
-        type: { type: 'string', enum: ['personal', 'organization', 'trial', 'system'], default: 'personal' },
+        type: { type: 'string', enum: ['personal', 'organization', 'trial', 'system', 'portal'], default: 'personal' },
         plan: { type: 'string', default: 'free' },
         status: { type: 'string', enum: ['active', 'suspended', 'deleted'], default: 'active' },
         stripeCustomerId: { type: 'string' },
@@ -17,11 +35,13 @@ export const AccountSchema = {
     },
     relations: {
         owner: { type: 'many-to-one', target: 'User', required: true },
+        parent: { type: 'many-to-one', target: 'Account', required: false },
         members: { type: 'many-to-many', target: 'User', through: 'account_members' },
     },
     indexes: [
         { fields: { type: 'asc' } },
         { fields: { status: 'asc' } },
+        { fields: { parent: 'asc' } },
     ],
 };
 //# sourceMappingURL=account.schema.js.map

package/dist/schemas/account.schema.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"account.schema.js","sourceRoot":"","sources":["../../schemas/account.schema.ts"],"names":[],"mappings":"AAAA,wCAAwC;AACxC,~~4EAA4E~~;~~AAC5E~~,8EAA8E;AAC9E,6BAA6B;AAC7B,wCAAwC;AAIxC,MAAM,CAAC,MAAM,aAAa,GAAiB;IACzC,IAAI,EAAE,SAAS;IACf,UAAU,EAAE,UAAU;IACtB,UAAU,EAAE,IAAI;IAEhB,MAAM,EAAE;QACN,IAAI,EAAc,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE;QAChE,IAAI,EAAc,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,UAAU,EAAE,cAAc,EAAE,OAAO,EAAE,QAAQ,CAAC,EAAE,OAAO,EAAE,UAAU,EAAE;~~QAChH~~,IAAI,EAAc,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE;QACrD,MAAM,EAAY,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,QAAQ,EAAE,WAAW,EAAE,SAAS,CAAC,EAAE,OAAO,EAAE,QAAQ,EAAE;QACjG,gBAAgB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;QACpC,QAAQ,EAAU,EAAE,IAAI,EAAE,MAAM,EAAE;KACnC;IAED,SAAS,EAAE;QACT,KAAK,EAAI,EAAE,IAAI,EAAE,aAAa,EAAG,MAAM,EAAE,MAAM,~~EAAE~~,QAAQ,EAAE,IAAI,EAAE;~~QACjE~~,OAAO,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE,MAAM,EAAE,MAAM,~~EAAE~~,OAAO,EAAE,iBAAiB,EAAE;~~KAC9E~~;IAED,OAAO,EAAE;QACP,EAAE,MAAM,EAAE,EAAE,IAAI,EAAI,KAAK,EAAE,EAAE;QAC7B,EAAE,MAAM,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE;KAC9B;CACF,CAAA"}
1	+ {"version":3,"file":"account.schema.js","sourceRoot":"","sources":["../../schemas/account.schema.ts"],"names":[],"mappings":"AAAA,wCAAwC;AACxC,EAAE;AACF,+EAA+E;AAC/E,8EAA8E;AAC9E,6BAA6B;AAC7B,EAAE;AACF,qDAAqD;AACrD,4EAA4E;AAC5E,6EAA6E;AAC7E,4EAA4E;AAC5E,6EAA6E;AAC7E,4EAA4E;AAC5E,0EAA0E;AAC1E,kBAAkB;AAClB,EAAE;AACF,oBAAoB;AACpB,gDAAgD;AAChD,4CAA4C;AAC5C,iDAAiD;AACjD,qEAAqE;AACrE,oEAAoE;AACpE,EAAE;AACF,wCAAwC;AAIxC,MAAM,CAAC,MAAM,aAAa,GAAiB;IACzC,IAAI,EAAE,SAAS;IACf,UAAU,EAAE,UAAU;IACtB,UAAU,EAAE,IAAI;IAEhB,MAAM,EAAE;QACN,IAAI,EAAc,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE;QAChE,IAAI,EAAc,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,UAAU,EAAE,cAAc,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,CAAC,EAAE,OAAO,EAAE,UAAU,EAAE;QAC1H,IAAI,EAAc,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE;QACrD,MAAM,EAAY,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,QAAQ,EAAE,WAAW,EAAE,SAAS,CAAC,EAAE,OAAO,EAAE,QAAQ,EAAE;QACjG,gBAAgB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;QACpC,QAAQ,EAAU,EAAE,IAAI,EAAE,MAAM,EAAE;KACnC;IAED,SAAS,EAAE;QACT,KAAK,EAAI,EAAE,IAAI,EAAE,aAAa,EAAG,MAAM,EAAE,MAAM,EAAK,QAAQ,EAAE,IAAI,EAAE;QACpE,MAAM,EAAG,EAAE,IAAI,EAAE,aAAa,EAAG,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,KAAK,EAAE;QACrE,OAAO,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE,MAAM,EAAE,MAAM,EAAK,OAAO,EAAE,iBAAiB,EAAE;KACjF;IAED,OAAO,EAAE;QACP,EAAE,MAAM,EAAE,EAAE,IAAI,EAAI,KAAK,EAAE,EAAE;QAC7B,EAAE,MAAM,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE;QAC7B,EAAE,MAAM,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE;KAC9B;CACF,CAAA"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@mostajs/rbac",
-  "version": "2.3.5",
+  "version": "2.4.0",
   "description": "RBAC — User/Role/Permission schemas, repos, management UI, API handlers",
   "author": "Dr Hamid MADANI <drmdh@msn.com>",
   "license": "AGPL-3.0-or-later",