@nest-boot/permission 7.0.0

package/dist/types/can-subject-factory.type.d.ts

@@ -0,0 +1,3 @@
+import type { Subject } from "@casl/ability";
+/** Factory that resolves a permission subject from the current handler instance and decorated method parameters. */
+export type CanSubjectFactory<T extends Subject = Subject, TSelf = unknown, TArgs extends unknown[] = unknown[]> = (self: TSelf, ...args: TArgs) => T | Promise<T>;

package/dist/types/can-subject-factory.type.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=can-subject-factory.type.js.map

package/dist/types/can-subject-factory.type.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"can-subject-factory.type.js","sourceRoot":"","sources":["../../src/types/can-subject-factory.type.ts"],"names":[],"mappings":""}

package/dist/types/can-subject.type.d.ts

@@ -0,0 +1,5 @@
+import type { Subject } from "@casl/ability";
+import type { Type } from "@nestjs/common";
+import type { CanSubjectFactory } from "./can-subject-factory.type";
+/** Permission subject type or subject resolver factory. */
+export type CanSubject<T extends Subject = Subject> = Type<T> | CanSubjectFactory<T>;

package/dist/types/can-subject.type.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=can-subject.type.js.map

package/dist/types/can-subject.type.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"can-subject.type.js","sourceRoot":"","sources":["../../src/types/can-subject.type.ts"],"names":[],"mappings":""}

package/dist/types/permission-ability.type.d.ts

@@ -0,0 +1,4 @@
+import type { MongoAbility, Subject } from "@casl/ability";
+import type { PermissionAction } from "../enums/permission-action.enum";
+/** CASL ability type used by the permission module. */
+export type PermissionAbility = MongoAbility<[PermissionAction, Subject]>;

package/dist/types/permission-ability.type.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=permission-ability.type.js.map

package/dist/types/permission-ability.type.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"permission-ability.type.js","sourceRoot":"","sources":["../../src/types/permission-ability.type.ts"],"names":[],"mappings":""}

package/dist/types/route-argument-metadata.type.d.ts

@@ -0,0 +1,3 @@
+import type { RouteArgumentMetadataValue } from "../interfaces/route-argument-metadata-value.interface";
+/** Nest route arguments metadata map keyed by route parameter metadata token. */
+export type RouteArgumentMetadata = Record<string, RouteArgumentMetadataValue>;

package/dist/types/route-argument-metadata.type.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=route-argument-metadata.type.js.map

package/dist/types/route-argument-metadata.type.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"route-argument-metadata.type.js","sourceRoot":"","sources":["../../src/types/route-argument-metadata.type.ts"],"names":[],"mappings":""}

package/dist/utils/can.util.d.ts

@@ -0,0 +1,4 @@
+import type { Subject } from "@casl/ability";
+import type { PermissionAction } from "../enums/permission-action.enum";
+/** Checks a permission with the ability prepared for the current request. */
+export declare function can(action: PermissionAction, subject: Subject): boolean;

package/dist/utils/can.util.js

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.can = can;
+const get_permission_ability_util_1 = require("./get-permission-ability.util");
+/** Checks a permission with the ability prepared for the current request. */
+function can(action, subject) {
+    return (0, get_permission_ability_util_1.getPermissionAbility)().can(action, subject);
+}
+//# sourceMappingURL=can.util.js.map

package/dist/utils/can.util.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"can.util.js","sourceRoot":"","sources":["../../src/utils/can.util.ts"],"names":[],"mappings":";;AAMA,kBAEC;AALD,+EAAqE;AAErE,6EAA6E;AAC7E,SAAgB,GAAG,CAAC,MAAwB,EAAE,OAAgB;IAC5D,OAAO,IAAA,kDAAoB,GAAE,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AACrD,CAAC"}

package/dist/utils/can.util.spec.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/utils/can.util.spec.js

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const request_context_1 = require("@nest-boot/request-context");
+const common_1 = require("@nestjs/common");
+const permission_action_enum_1 = require("../enums/permission-action.enum");
+const permission_constants_1 = require("../permission.constants");
+const can_util_1 = require("./can.util");
+class TestSubject {
+}
+describe("can", () => {
+    it("checks permissions with cached current ability", async () => {
+        const canMock = jest.fn(() => true);
+        const ability = {
+            can: canMock,
+        };
+        await request_context_1.RequestContext.run(new request_context_1.RequestContext({ type: "http" }), () => {
+            request_context_1.RequestContext.set(permission_constants_1.PERMISSION_ABILITY, ability);
+            expect((0, can_util_1.can)(permission_action_enum_1.PermissionAction.UPDATE, TestSubject)).toBe(true);
+        });
+        expect(canMock).toHaveBeenCalledWith(permission_action_enum_1.PermissionAction.UPDATE, TestSubject);
+    });
+    it("throws when permission ability is not cached", async () => {
+        await request_context_1.RequestContext.run(new request_context_1.RequestContext({ type: "http" }), () => {
+            expect(() => (0, can_util_1.can)(permission_action_enum_1.PermissionAction.UPDATE, TestSubject)).toThrow(common_1.ForbiddenException);
+        });
+    });
+    it("throws when cached permission ability is null", async () => {
+        await request_context_1.RequestContext.run(new request_context_1.RequestContext({ type: "http" }), () => {
+            request_context_1.RequestContext.set(permission_constants_1.PERMISSION_ABILITY, null);
+            expect(() => (0, can_util_1.can)(permission_action_enum_1.PermissionAction.UPDATE, TestSubject)).toThrow(common_1.ForbiddenException);
+        });
+    });
+});
+//# sourceMappingURL=can.util.spec.js.map

package/dist/utils/can.util.spec.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"can.util.spec.js","sourceRoot":"","sources":["../../src/utils/can.util.spec.ts"],"names":[],"mappings":";;AAAA,gEAA4D;AAC5D,2CAAoD;AAEpD,4EAAmE;AACnE,kEAA6D;AAE7D,yCAAiC;AAEjC,MAAM,WAAW;CAAG;AAEpB,QAAQ,CAAC,KAAK,EAAE,GAAG,EAAE;IACnB,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;QAC9D,MAAM,OAAO,GAAG,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;QACpC,MAAM,OAAO,GAAG;YACd,GAAG,EAAE,OAAO;SACmB,CAAC;QAElC,MAAM,gCAAc,CAAC,GAAG,CAAC,IAAI,gCAAc,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE;YAClE,gCAAc,CAAC,GAAG,CAAC,yCAAkB,EAAE,OAAO,CAAC,CAAC;YAEhD,MAAM,CAAC,IAAA,cAAG,EAAC,yCAAgB,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/D,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,OAAO,CAAC,CAAC,oBAAoB,CAAC,yCAAgB,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAC7E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8CAA8C,EAAE,KAAK,IAAI,EAAE;QAC5D,MAAM,gCAAc,CAAC,GAAG,CAAC,IAAI,gCAAc,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE;YAClE,MAAM,CAAC,GAAG,EAAE,CAAC,IAAA,cAAG,EAAC,yCAAgB,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,OAAO,CAC7D,2BAAkB,CACnB,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,KAAK,IAAI,EAAE;QAC7D,MAAM,gCAAc,CAAC,GAAG,CAAC,IAAI,gCAAc,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE;YAClE,gCAAc,CAAC,GAAG,CAAC,yCAAkB,EAAE,IAAI,CAAC,CAAC;YAE7C,MAAM,CAAC,GAAG,EAAE,CAAC,IAAA,cAAG,EAAC,yCAAgB,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,OAAO,CAC7D,2BAAkB,CACnB,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/utils/get-permission-ability.util.d.ts

@@ -0,0 +1,3 @@
+import type { PermissionAbility } from "../types/permission-ability.type";
+/** Reads the permission ability prepared for the current request. */
+export declare const getPermissionAbility: () => PermissionAbility;

package/dist/utils/get-permission-ability.util.js

@@ -0,0 +1,16 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getPermissionAbility = void 0;
+const request_context_1 = require("@nest-boot/request-context");
+const common_1 = require("@nestjs/common");
+const permission_constants_1 = require("../permission.constants");
+/** Reads the permission ability prepared for the current request. */
+const getPermissionAbility = () => {
+    const ability = request_context_1.RequestContext.get(permission_constants_1.PERMISSION_ABILITY) ?? null;
+    if (!ability) {
+        throw new common_1.ForbiddenException("Permission ability is not available");
+    }
+    return ability;
+};
+exports.getPermissionAbility = getPermissionAbility;
+//# sourceMappingURL=get-permission-ability.util.js.map

package/dist/utils/get-permission-ability.util.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"get-permission-ability.util.js","sourceRoot":"","sources":["../../src/utils/get-permission-ability.util.ts"],"names":[],"mappings":";;;AAAA,gEAA4D;AAC5D,2CAAoD;AAEpD,kEAA6D;AAG7D,qEAAqE;AAC9D,MAAM,oBAAoB,GAAG,GAAsB,EAAE;IAC1D,MAAM,OAAO,GACX,gCAAc,CAAC,GAAG,CAAoB,yCAAkB,CAAC,IAAI,IAAI,CAAC;IAEpE,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,2BAAkB,CAAC,qCAAqC,CAAC,CAAC;IACtE,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC,CAAC;AATW,QAAA,oBAAoB,wBAS/B"}

package/dist/utils/get-permission-ability.util.spec.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/utils/get-permission-ability.util.spec.js

@@ -0,0 +1,27 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const request_context_1 = require("@nest-boot/request-context");
+const common_1 = require("@nestjs/common");
+const permission_constants_1 = require("../permission.constants");
+const get_permission_ability_util_1 = require("./get-permission-ability.util");
+describe("getPermissionAbility", () => {
+    it("throws when no permission ability is cached", async () => {
+        await request_context_1.RequestContext.run(new request_context_1.RequestContext({ type: "http" }), () => {
+            expect(() => (0, get_permission_ability_util_1.getPermissionAbility)()).toThrow(common_1.ForbiddenException);
+        });
+    });
+    it("throws when cached permission ability is null", async () => {
+        await request_context_1.RequestContext.run(new request_context_1.RequestContext({ type: "http" }), () => {
+            request_context_1.RequestContext.set(permission_constants_1.PERMISSION_ABILITY, null);
+            expect(() => (0, get_permission_ability_util_1.getPermissionAbility)()).toThrow(common_1.ForbiddenException);
+        });
+    });
+    it("reads the permission ability from request context", async () => {
+        const ability = { can: jest.fn() };
+        await request_context_1.RequestContext.run(new request_context_1.RequestContext({ type: "http" }), (context) => {
+            context.set(permission_constants_1.PERMISSION_ABILITY, ability);
+            expect((0, get_permission_ability_util_1.getPermissionAbility)()).toBe(ability);
+        });
+    });
+});
+//# sourceMappingURL=get-permission-ability.util.spec.js.map

package/dist/utils/get-permission-ability.util.spec.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"get-permission-ability.util.spec.js","sourceRoot":"","sources":["../../src/utils/get-permission-ability.util.spec.ts"],"names":[],"mappings":";;AAAA,gEAA4D;AAC5D,2CAAoD;AAEpD,kEAA6D;AAC7D,+EAAqE;AAErE,QAAQ,CAAC,sBAAsB,EAAE,GAAG,EAAE;IACpC,EAAE,CAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;QAC3D,MAAM,gCAAc,CAAC,GAAG,CAAC,IAAI,gCAAc,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE;YAClE,MAAM,CAAC,GAAG,EAAE,CAAC,IAAA,kDAAoB,GAAE,CAAC,CAAC,OAAO,CAAC,2BAAkB,CAAC,CAAC;QACnE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,KAAK,IAAI,EAAE;QAC7D,MAAM,gCAAc,CAAC,GAAG,CAAC,IAAI,gCAAc,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE;YAClE,gCAAc,CAAC,GAAG,CAAC,yCAAkB,EAAE,IAAI,CAAC,CAAC;YAE7C,MAAM,CAAC,GAAG,EAAE,CAAC,IAAA,kDAAoB,GAAE,CAAC,CAAC,OAAO,CAAC,2BAAkB,CAAC,CAAC;QACnE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mDAAmD,EAAE,KAAK,IAAI,EAAE;QACjE,MAAM,OAAO,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC;QAEnC,MAAM,gCAAc,CAAC,GAAG,CACtB,IAAI,gCAAc,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EACpC,CAAC,OAAO,EAAE,EAAE;YACV,OAAO,CAAC,GAAG,CAAC,yCAAkB,EAAE,OAAO,CAAC,CAAC;YAEzC,MAAM,CAAC,IAAA,kDAAoB,GAAE,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC/C,CAAC,CACF,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/package.json

@@ -0,0 +1,76 @@
+{
+  "name": "@nest-boot/permission",
+  "version": "7.0.0",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/nest-boot/nest-boot.git",
+    "directory": "packages/permission"
+  },
+  "description": "CASL-based permission helpers for Nest Boot applications",
+  "author": {
+    "name": "Xudong Huang",
+    "email": "me@huangxudong.com",
+    "url": "https://www.huangxudong.com/"
+  },
+  "homepage": "",
+  "license": "MIT",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "directories": {
+    "lib": "dist"
+  },
+  "files": [
+    "dist"
+  ],
+  "peerDependencies": {
+    "@casl/ability": "^6.0.0",
+    "@nest-boot/request-context": "^7.0.0",
+    "@nestjs/common": "^11.0.0",
+    "@nestjs/core": "^11.0.0",
+    "express": "^5.0.0",
+    "reflect-metadata": "^0.2.2",
+    "rxjs": "^7.0.0"
+  },
+  "devDependencies": {
+    "@casl/ability": "^6.7.5",
+    "@nestjs/common": "^11.1.11",
+    "@nestjs/core": "^11.1.11",
+    "@nestjs/testing": "^11.1.11",
+    "@types/express": "^5.0.3",
+    "@types/jest": "^29.5.14",
+    "@types/node": "^24.12.4",
+    "eslint": "^9.39.3",
+    "express": "^5.1.0",
+    "jest": "^29.7.0",
+    "reflect-metadata": "^0.2.2",
+    "rxjs": "^7.8.2",
+    "ts-jest": "^29.4.4",
+    "typescript": "^5.9.3",
+    "@nest-boot/eslint-config": "^7.0.3",
+    "@nest-boot/eslint-plugin": "^7.0.6",
+    "@nest-boot/request-context": "^7.4.3",
+    "@nest-boot/tsconfig": "^7.0.3"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "lint-staged": {
+    "*.ts": [
+      "prettier --write",
+      "eslint --fix"
+    ]
+  },
+  "volta": {
+    "extends": "../../package.json"
+  },
+  "scripts": {
+    "build": "tsc -p tsconfig.build.json",
+    "clean": "rm -rf .turbo && rm -rf node_modules && rm -rf dist",
+    "dev": "tsc -w -p tsconfig.build.json",
+    "lint": "eslint \"{src,test}/**/*.ts\" --fix",
+    "test": "jest",
+    "test:cov": "jest --coverage",
+    "test:watch": "jest --watch",
+    "test:debug": "node --inspect-brk -r tsconfig-paths/register -r ts-node/register node_modules/.bin/jest --runInBand"
+  }
+}