@nest-boot/row-level-security 7.0.0

package/dist/index.spec.js

@@ -0,0 +1,70 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+const rowLevelSecurity = __importStar(require("."));
+const rowLevelSecurityUtils = __importStar(require("./utils"));
+describe("row level security package exports", () => {
+    afterEach(() => {
+        rowLevelSecurityUtils.setRowLevelSecurityOptions();
+    });
+    it("exports the public package API", () => {
+        expect(rowLevelSecurity.Policy).toBeDefined();
+        expect(rowLevelSecurity.PolicyCommand.SELECT).toBe("select");
+        expect(rowLevelSecurity.PolicyMode.PERMISSIVE).toBe("permissive");
+        expect(rowLevelSecurity.RowLevelSecurityContext).toBeDefined();
+        expect(rowLevelSecurity.RowLevelSecurityEntityManager).toBeDefined();
+        expect(rowLevelSecurity.RowLevelSecurityMigration).toBeDefined();
+        expect(rowLevelSecurity.RowLevelSecurityMigrationGenerator).toBeDefined();
+        expect(rowLevelSecurity.createPolicyUpSqlStatements).toBeDefined();
+    });
+    it("exports utility helpers", () => {
+        expect(rowLevelSecurityUtils.assertIdentifier("valid_identifier")).toBe("valid_identifier");
+        expect(rowLevelSecurityUtils.DEFAULT_ROW_LEVEL_SECURITY_OPTIONS).toEqual({
+            anonymousRole: "anonymous",
+            authenticatedRole: "authenticated",
+        });
+        expect(rowLevelSecurityUtils.createPolicyBootstrapSqlStatements()).toEqual(expect.arrayContaining(["create schema if not exists app;"]));
+    });
+    it("exports migration generator types", () => {
+        const diff = { down: [], up: [] };
+        expect(diff).toEqual({ down: [], up: [] });
+    });
+    it("returns a copy of process-level options", () => {
+        const options = rowLevelSecurityUtils.getRowLevelSecurityOptions();
+        options.authenticatedRole = "mutated";
+        expect(rowLevelSecurityUtils.getRowLevelSecurityOptions().authenticatedRole).toBe("authenticated");
+    });
+});
+//# sourceMappingURL=index.spec.js.map

package/dist/index.spec.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.spec.js","sourceRoot":"","sources":["../src/index.spec.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,oDAAsC;AACtC,+DAAiD;AAEjD,QAAQ,CAAC,oCAAoC,EAAE,GAAG,EAAE;IAClD,SAAS,CAAC,GAAG,EAAE;QACb,qBAAqB,CAAC,0BAA0B,EAAE,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;QACxC,MAAM,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;QAC9C,MAAM,CAAC,gBAAgB,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC7D,MAAM,CAAC,gBAAgB,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAClE,MAAM,CAAC,gBAAgB,CAAC,uBAAuB,CAAC,CAAC,WAAW,EAAE,CAAC;QAC/D,MAAM,CAAC,gBAAgB,CAAC,6BAA6B,CAAC,CAAC,WAAW,EAAE,CAAC;QACrE,MAAM,CAAC,gBAAgB,CAAC,yBAAyB,CAAC,CAAC,WAAW,EAAE,CAAC;QACjE,MAAM,CAAC,gBAAgB,CAAC,kCAAkC,CAAC,CAAC,WAAW,EAAE,CAAC;QAC1E,MAAM,CAAC,gBAAgB,CAAC,2BAA2B,CAAC,CAAC,WAAW,EAAE,CAAC;IACrE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yBAAyB,EAAE,GAAG,EAAE;QACjC,MAAM,CAAC,qBAAqB,CAAC,gBAAgB,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CACrE,kBAAkB,CACnB,CAAC;QACF,MAAM,CAAC,qBAAqB,CAAC,kCAAkC,CAAC,CAAC,OAAO,CAAC;YACvE,aAAa,EAAE,WAAW;YAC1B,iBAAiB,EAAE,eAAe;SACnC,CAAC,CAAC;QACH,MAAM,CAAC,qBAAqB,CAAC,kCAAkC,EAAE,CAAC,CAAC,OAAO,CACxE,MAAM,CAAC,eAAe,CAAC,CAAC,kCAAkC,CAAC,CAAC,CAC7D,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;QAC3C,MAAM,IAAI,GAAkB,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC;QAEjD,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;QACjD,MAAM,OAAO,GAAG,qBAAqB,CAAC,0BAA0B,EAAE,CAAC;QAEnE,OAAO,CAAC,iBAAiB,GAAG,SAAS,CAAC;QAEtC,MAAM,CACJ,qBAAqB,CAAC,0BAA0B,EAAE,CAAC,iBAAiB,CACrE,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/interfaces/index.d.ts

@@ -0,0 +1,5 @@
+export * from "./policy-metadata.interface";
+export * from "./policy-options.interface";
+export * from "./policy-sql-options.interface";
+export type { MigrationDiff } from "./row-level-security-migration-generator.interface";
+export * from "./row-level-security-options.interface";

package/dist/interfaces/index.js

@@ -0,0 +1,21 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./policy-metadata.interface"), exports);
+__exportStar(require("./policy-options.interface"), exports);
+__exportStar(require("./policy-sql-options.interface"), exports);
+__exportStar(require("./row-level-security-options.interface"), exports);
+//# sourceMappingURL=index.js.map

package/dist/interfaces/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/interfaces/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,8DAA4C;AAC5C,6DAA2C;AAC3C,iEAA+C;AAE/C,yEAAuD"}

package/dist/interfaces/policy-metadata.interface.d.ts

@@ -0,0 +1,62 @@
+import { PolicyCommand } from "../enums/policy-command.enum";
+import { PolicyMode } from "../enums/policy-mode.enum";
+/** Normalized policy metadata stored by the {@link Policy} decorator. */
+export interface PolicyMetadata {
+    /** PostgreSQL policy name. */
+    name: string;
+    /** PostgreSQL policy mode. */
+    mode: PolicyMode;
+    /** PostgreSQL command covered by the policy. */
+    command: PolicyCommand;
+    /** SQL expression used as the `USING` predicate. */
+    using?: string;
+    /** SQL expression used as the `WITH CHECK` predicate. */
+    withCheck?: string;
+    /** Database roles to which the policy applies. */
+    roles: string[];
+    /** Additional SQL emitted before creating this policy. */
+    bootstrapSql?: string[];
+}
+/** Entity metadata needed to derive policy names and predicates. */
+export interface PolicyEntityMetadata {
+    /** Entity class name. */
+    entityName: string;
+    /** Database schema name. */
+    schemaName: string;
+    /** Database table name. */
+    tableName: string;
+    /** MikroORM property metadata keyed by entity property name. */
+    properties?: Record<string, PolicyEntityPropertyMetadata>;
+}
+/** Property metadata used to resolve policy column names and SQL context types. */
+export interface PolicyEntityPropertyMetadata {
+    /** Entity property name. */
+    fieldName?: string;
+    /** Database column names mapped by this property. */
+    fieldNames?: string[];
+    /** MikroORM property type. */
+    type?: string;
+    /** Runtime TypeScript type name. */
+    runtimeType?: string;
+    /** Database column type names. */
+    columnTypes?: string[];
+    /** Whether the property is a primary key. */
+    primary?: boolean;
+    /** Metadata for the relation target, when the property is a relation. */
+    targetMeta?: PolicyEntityTargetMetadata;
+}
+/** Minimal target entity metadata used when a policy property points at a relation. */
+export interface PolicyEntityTargetMetadata {
+    /** Target entity class name. */
+    className?: string;
+    /** Target entity name. */
+    name?: string;
+    /** Primary key property names on the target entity. */
+    primaryKeys?: string[];
+    /** Target entity properties keyed by property name. */
+    properties?: Record<string, PolicyEntityPropertyMetadata>;
+}
+/** Factory that derives policy metadata after MikroORM entity metadata is available. */
+export type PolicyMetadataFactory = (entityMetadata: PolicyEntityMetadata) => PolicyMetadata;
+/** Stored policy metadata entry, either static or entity-metadata aware. */
+export type PolicyMetadataEntry = PolicyMetadata | PolicyMetadataFactory;

package/dist/interfaces/policy-metadata.interface.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=policy-metadata.interface.js.map

package/dist/interfaces/policy-metadata.interface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-metadata.interface.js","sourceRoot":"","sources":["../../src/interfaces/policy-metadata.interface.ts"],"names":[],"mappings":""}

package/dist/interfaces/policy-options.interface.d.ts

@@ -0,0 +1,21 @@
+import { PolicyCommand } from "../enums/policy-command.enum";
+import { PolicyMode } from "../enums/policy-mode.enum";
+/** Options accepted by the {@link Policy} decorator. */
+export interface PolicyOptions {
+    /** Explicit PostgreSQL policy name. If omitted, a stable name is generated from entity metadata. */
+    name?: string;
+    /** PostgreSQL policy mode. Defaults to {@link PolicyMode.PERMISSIVE}. */
+    mode?: PolicyMode;
+    /** PostgreSQL command covered by the policy. Defaults to {@link PolicyCommand.ALL}. */
+    command?: PolicyCommand;
+    /** Entity property used to generate the default policy predicate. */
+    property?: string;
+    /** Row-level security context key read through `app.get_context`. */
+    context?: string;
+    /** Explicit `USING` expression. Overrides the generated predicate when provided. */
+    using?: string;
+    /** Explicit `WITH CHECK` expression. Overrides the generated predicate when provided. */
+    withCheck?: string;
+    /** Database roles to which the policy applies. Empty or omitted means no role restriction. */
+    roles?: string[];
+}

package/dist/interfaces/policy-options.interface.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=policy-options.interface.js.map

package/dist/interfaces/policy-options.interface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-options.interface.js","sourceRoot":"","sources":["../../src/interfaces/policy-options.interface.ts"],"names":[],"mappings":""}

package/dist/interfaces/policy-sql-options.interface.d.ts

@@ -0,0 +1,21 @@
+import { PolicyCommand } from "../enums/policy-command.enum";
+import { PolicyMode } from "../enums/policy-mode.enum";
+/** Low-level inputs used to generate PostgreSQL policy SQL. */
+export interface PolicySqlOptions {
+    /** Database schema containing the protected table. */
+    schemaName: string;
+    /** Table name on which row-level security is enabled. */
+    tableName: string;
+    /** PostgreSQL policy name. */
+    policyName: string;
+    /** PostgreSQL policy mode. Defaults to {@link PolicyMode.PERMISSIVE}. */
+    mode?: PolicyMode;
+    /** PostgreSQL command covered by the policy. Defaults to {@link PolicyCommand.ALL}. */
+    command?: PolicyCommand;
+    /** SQL expression emitted as the policy `USING` predicate. */
+    using?: string;
+    /** SQL expression emitted as the policy `WITH CHECK` predicate. */
+    withCheck?: string;
+    /** Database roles to which the generated policy applies. */
+    roles?: string[];
+}

package/dist/interfaces/policy-sql-options.interface.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=policy-sql-options.interface.js.map

package/dist/interfaces/policy-sql-options.interface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-sql-options.interface.js","sourceRoot":"","sources":["../../src/interfaces/policy-sql-options.interface.ts"],"names":[],"mappings":""}

package/dist/interfaces/row-level-security-migration-generator.interface.d.ts

@@ -0,0 +1,65 @@
+import type { PolicySqlOptions } from "./policy-sql-options.interface";
+/** SQL diff shape passed from MikroORM to migration generators. */
+export interface MigrationDiff {
+    /** SQL statements applied by the generated migration. */
+    up: string[];
+    /** SQL statements applied when reverting the generated migration. */
+    down: string[];
+}
+export interface EntityMetadataLike {
+    class?: object & {
+        name?: string;
+    };
+    className?: string;
+    name?: string;
+    schema?: string;
+    tableName?: string;
+    collection?: string;
+    properties?: Record<string, EntityPropertyLike>;
+}
+export interface EntityPropertyLike {
+    fieldName?: string;
+    fieldNames?: string[];
+    type?: string;
+    runtimeType?: string;
+    columnTypes?: string[];
+    primary?: boolean;
+    targetMeta?: EntityTargetMetadataLike;
+}
+export interface EntityTargetMetadataLike {
+    className?: string;
+    name?: string;
+    primaryKeys?: string[];
+    properties?: Record<string, EntityPropertyLike>;
+}
+export interface MetadataStorageLike {
+    getAll(): EntityMetadataLike[] | Record<string, EntityMetadataLike>;
+}
+export interface DatabaseConnectionLike {
+    execute<T>(sql: string): Promise<T>;
+}
+export interface RowLevelSecurityMigrationGeneratorDriverLike {
+    config?: {
+        getMetadata?: () => MetadataStorageLike;
+    };
+    getConnection?: () => DatabaseConnectionLike;
+    getMetadata?: () => MetadataStorageLike;
+}
+export interface RowLevelSecurityDefinition extends PolicySqlOptions {
+    entityName: string;
+    bootstrapSql?: string[];
+}
+export interface TableReference {
+    schemaName: string;
+    tableName: string;
+}
+export interface PolicyRow {
+    policy_name: string;
+    schema_name: string;
+    table_name: string;
+    permissive?: boolean | null;
+    command?: string | null;
+    qual?: string | null;
+    roles?: string[] | string | null;
+    with_check?: string | null;
+}

package/dist/interfaces/row-level-security-migration-generator.interface.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=row-level-security-migration-generator.interface.js.map

package/dist/interfaces/row-level-security-migration-generator.interface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"row-level-security-migration-generator.interface.js","sourceRoot":"","sources":["../../src/interfaces/row-level-security-migration-generator.interface.ts"],"names":[],"mappings":""}

package/dist/interfaces/row-level-security-options.interface.d.ts

@@ -0,0 +1,18 @@
+import { RowLevelSecurityContextValue } from "../utils/row-level-security-context-builder.types";
+/** Value or promise-like value accepted by row-level security option hooks. */
+export type MaybePromise<T> = T | Promise<T>;
+/** Context entries converted to transaction-local PostgreSQL settings. */
+export type RowLevelSecurityContextEntries = Iterable<readonly [string, RowLevelSecurityContextValue]>;
+/** Runtime options used by {@link RowLevelSecurityEntityManager}. */
+export interface RowLevelSecurityOptions {
+    /** Database role used for authenticated requests. Defaults to `authenticated`. */
+    authenticatedRole?: string;
+    /** Database role used for anonymous requests. Defaults to `anonymous`. */
+    anonymousRole?: string;
+    /** Optional hook that can disable row-level security setup for a transaction. */
+    shouldApply?: () => MaybePromise<boolean>;
+    /** Optional hook used to infer the authenticated or anonymous role. */
+    isAuthenticated?: () => MaybePromise<boolean>;
+    /** Optional hook that contributes request context values to PostgreSQL settings. */
+    getContext?: () => MaybePromise<RowLevelSecurityContextEntries | undefined>;
+}

package/dist/interfaces/row-level-security-options.interface.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=row-level-security-options.interface.js.map

package/dist/interfaces/row-level-security-options.interface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"row-level-security-options.interface.js","sourceRoot":"","sources":["../../src/interfaces/row-level-security-options.interface.ts"],"names":[],"mappings":""}

package/dist/row-level-security-context.d.ts

@@ -0,0 +1,14 @@
+import { RowLevelSecurityContextValue, SnakeCase } from "./utils/row-level-security-context-builder.types";
+/** Request-scoped row-level security role and context helpers. */
+export declare class RowLevelSecurityContext {
+    /** Stores the database role that should be applied to the next RLS transaction. */
+    static setRole(role: string): void;
+    /** Reads the request-scoped database role, if one is active. */
+    static getRole(): string | undefined;
+    /** Stores a context value that will be converted to a PostgreSQL setting. */
+    static set<S extends string>(key: SnakeCase<S>, value: RowLevelSecurityContextValue): void;
+    /** Reads a request-scoped context value by key. */
+    static get<S extends string>(key: SnakeCase<S>): RowLevelSecurityContextValue;
+    /** Returns all request-scoped context entries for RLS transaction setup. */
+    static entries(): [string, RowLevelSecurityContextValue][];
+}

package/dist/row-level-security-context.js

@@ -0,0 +1,38 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RowLevelSecurityContext = void 0;
+const request_context_1 = require("@nest-boot/request-context");
+const ROW_LEVEL_SECURITY_CONTEXT = Symbol("ROW_LEVEL_SECURITY_CONTEXT");
+const ROW_LEVEL_SECURITY_ROLE = Symbol("ROW_LEVEL_SECURITY_ROLE");
+/** Request-scoped row-level security role and context helpers. */
+class RowLevelSecurityContext {
+    /** Stores the database role that should be applied to the next RLS transaction. */
+    static setRole(role) {
+        request_context_1.RequestContext.set(ROW_LEVEL_SECURITY_ROLE, role);
+    }
+    /** Reads the request-scoped database role, if one is active. */
+    static getRole() {
+        return request_context_1.RequestContext.isActive()
+            ? request_context_1.RequestContext.get(ROW_LEVEL_SECURITY_ROLE)
+            : undefined;
+    }
+    /** Stores a context value that will be converted to a PostgreSQL setting. */
+    static set(key, value) {
+        const context = request_context_1.RequestContext.getOrSet(ROW_LEVEL_SECURITY_CONTEXT, new Map());
+        context.set(key, value);
+    }
+    /** Reads a request-scoped context value by key. */
+    static get(key) {
+        return request_context_1.RequestContext.isActive()
+            ? request_context_1.RequestContext.get(ROW_LEVEL_SECURITY_CONTEXT)?.get(key)
+            : undefined;
+    }
+    /** Returns all request-scoped context entries for RLS transaction setup. */
+    static entries() {
+        return request_context_1.RequestContext.isActive()
+            ? Array.from(request_context_1.RequestContext.get(ROW_LEVEL_SECURITY_CONTEXT) ?? [])
+            : [];
+    }
+}
+exports.RowLevelSecurityContext = RowLevelSecurityContext;
+//# sourceMappingURL=row-level-security-context.js.map

package/dist/row-level-security-context.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"row-level-security-context.js","sourceRoot":"","sources":["../src/row-level-security-context.ts"],"names":[],"mappings":";;;AAAA,gEAA4D;AAS5D,MAAM,0BAA0B,GAAG,MAAM,CAAC,4BAA4B,CAAC,CAAC;AACxE,MAAM,uBAAuB,GAAG,MAAM,CAAC,yBAAyB,CAAC,CAAC;AAElE,kEAAkE;AAClE,MAAa,uBAAuB;IAClC,mFAAmF;IACnF,MAAM,CAAC,OAAO,CAAC,IAAY;QACzB,gCAAc,CAAC,GAAG,CAAC,uBAAuB,EAAE,IAAI,CAAC,CAAC;IACpD,CAAC;IAED,gEAAgE;IAChE,MAAM,CAAC,OAAO;QACZ,OAAO,gCAAc,CAAC,QAAQ,EAAE;YAC9B,CAAC,CAAC,gCAAc,CAAC,GAAG,CAAS,uBAAuB,CAAC;YACrD,CAAC,CAAC,SAAS,CAAC;IAChB,CAAC;IAED,6EAA6E;IAC7E,MAAM,CAAC,GAAG,CACR,GAAiB,EACjB,KAAmC;QAEnC,MAAM,OAAO,GAAG,gCAAc,CAAC,QAAQ,CACrC,0BAA0B,EAC1B,IAAI,GAAG,EAAE,CACV,CAAC;QAEF,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAC1B,CAAC;IAED,mDAAmD;IACnD,MAAM,CAAC,GAAG,CACR,GAAiB;QAEjB,OAAO,gCAAc,CAAC,QAAQ,EAAE;YAC9B,CAAC,CAAC,gCAAc,CAAC,GAAG,CAChB,0BAA0B,CAC3B,EAAE,GAAG,CAAC,GAAG,CAAC;YACb,CAAC,CAAC,SAAS,CAAC;IAChB,CAAC;IAED,4EAA4E;IAC5E,MAAM,CAAC,OAAO;QACZ,OAAO,gCAAc,CAAC,QAAQ,EAAE;YAC9B,CAAC,CAAC,KAAK,CAAC,IAAI,CACR,gCAAc,CAAC,GAAG,CAChB,0BAA0B,CAC3B,IAAI,EAAE,CACR;YACH,CAAC,CAAC,EAAE,CAAC;IACT,CAAC;CACF;AA/CD,0DA+CC"}

package/dist/row-level-security-context.spec.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/row-level-security-context.spec.js

@@ -0,0 +1,29 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const request_context_1 = require("@nest-boot/request-context");
+const row_level_security_context_1 = require("./row-level-security-context");
+describe("RowLevelSecurityContext", () => {
+    it("stores the database role in RequestContext", async () => {
+        await request_context_1.RequestContext.run(new request_context_1.RequestContext({ type: "http" }), () => {
+            row_level_security_context_1.RowLevelSecurityContext.setRole("authenticated");
+            expect(row_level_security_context_1.RowLevelSecurityContext.getRole()).toBe("authenticated");
+        });
+    });
+    it("stores policy context values in RequestContext", async () => {
+        await request_context_1.RequestContext.run(new request_context_1.RequestContext({ type: "http" }), () => {
+            row_level_security_context_1.RowLevelSecurityContext.set("tenant_id", "42");
+            row_level_security_context_1.RowLevelSecurityContext.set("user_id", 7);
+            expect(row_level_security_context_1.RowLevelSecurityContext.get("tenant_id")).toBe("42");
+            expect(row_level_security_context_1.RowLevelSecurityContext.entries()).toEqual([
+                ["tenant_id", "42"],
+                ["user_id", 7],
+            ]);
+        });
+    });
+    it("returns empty values when RequestContext is inactive", () => {
+        expect(row_level_security_context_1.RowLevelSecurityContext.getRole()).toBeUndefined();
+        expect(row_level_security_context_1.RowLevelSecurityContext.get("tenant_id")).toBeUndefined();
+        expect(row_level_security_context_1.RowLevelSecurityContext.entries()).toEqual([]);
+    });
+});
+//# sourceMappingURL=row-level-security-context.spec.js.map

package/dist/row-level-security-context.spec.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"row-level-security-context.spec.js","sourceRoot":"","sources":["../src/row-level-security-context.spec.ts"],"names":[],"mappings":";;AAAA,gEAA4D;AAE5D,6EAAuE;AAEvE,QAAQ,CAAC,yBAAyB,EAAE,GAAG,EAAE;IACvC,EAAE,CAAC,4CAA4C,EAAE,KAAK,IAAI,EAAE;QAC1D,MAAM,gCAAc,CAAC,GAAG,CAAC,IAAI,gCAAc,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE;YAClE,oDAAuB,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;YAEjD,MAAM,CAAC,oDAAuB,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAClE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;QAC9D,MAAM,gCAAc,CAAC,GAAG,CAAC,IAAI,gCAAc,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE;YAClE,oDAAuB,CAAC,GAAG,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;YAC/C,oDAAuB,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;YAE1C,MAAM,CAAC,oDAAuB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC5D,MAAM,CAAC,oDAAuB,CAAC,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC;gBAChD,CAAC,WAAW,EAAE,IAAI,CAAC;gBACnB,CAAC,SAAS,EAAE,CAAC,CAAC;aACf,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sDAAsD,EAAE,GAAG,EAAE;QAC9D,MAAM,CAAC,oDAAuB,CAAC,OAAO,EAAE,CAAC,CAAC,aAAa,EAAE,CAAC;QAC1D,MAAM,CAAC,oDAAuB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,aAAa,EAAE,CAAC;QACjE,MAAM,CAAC,oDAAuB,CAAC,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/row-level-security-entity-manager.d.ts

@@ -0,0 +1,22 @@
+import { CountOptions, Cursor, DeleteOptions, EntityData, EntityManager, EntityName, FilterQuery, FindAllOptions, FindByCursorOptions, FindOneOptions, FindOneOrFailOptions, FindOptions, Loaded, NativeInsertUpdateOptions, NoInfer, PopulatePath, Primary, RequiredEntityData, TransactionOptions, UpdateOptions, UpsertManyOptions, UpsertOptions } from "@mikro-orm/postgresql";
+/**
+ * MikroORM entity manager that wraps database operations in transactions with
+ * transaction-local PostgreSQL role and context settings.
+ */
+export declare class RowLevelSecurityEntityManager extends EntityManager {
+    transactional<T>(cb: (em: this) => T | Promise<T>, options?: TransactionOptions): Promise<T>;
+    find<Entity extends object, Hint extends string = never, Fields extends string = PopulatePath.ALL, Excludes extends string = never>(entityName: EntityName<Entity>, where: FilterQuery<NoInfer<Entity>>, options?: FindOptions<Entity, Hint, Fields, Excludes>): Promise<Loaded<Entity, Hint, Fields, Excludes>[]>;
+    findAll<Entity extends object, Hint extends string = never, Fields extends string = "*", Excludes extends string = never>(entityName: EntityName<Entity>, options?: FindAllOptions<NoInfer<Entity>, Hint, Fields, Excludes>): Promise<Loaded<Entity, Hint, Fields, Excludes>[]>;
+    findOne<Entity extends object, Hint extends string = never, Fields extends string = "*", Excludes extends string = never>(entityName: EntityName<Entity>, where: FilterQuery<NoInfer<Entity>>, options?: FindOneOptions<Entity, Hint, Fields, Excludes>): Promise<Loaded<Entity, Hint, Fields, Excludes> | null>;
+    findOneOrFail<Entity extends object, Hint extends string = never, Fields extends string = "*", Excludes extends string = never>(entityName: EntityName<Entity>, where: FilterQuery<NoInfer<Entity>>, options?: FindOneOrFailOptions<Entity, Hint, Fields, Excludes>): Promise<Loaded<Entity, Hint, Fields, Excludes>>;
+    findAndCount<Entity extends object, Hint extends string = never, Fields extends string = PopulatePath.ALL, Excludes extends string = never>(entityName: EntityName<Entity>, where: FilterQuery<NoInfer<Entity>>, options?: FindOptions<Entity, Hint, Fields, Excludes>): Promise<[Loaded<Entity, Hint, Fields, Excludes>[], number]>;
+    findByCursor<Entity extends object, Hint extends string = never, Fields extends string = "*", Excludes extends string = never, IncludeCount extends boolean = true>(entityName: EntityName<Entity>, where: FilterQuery<NoInfer<Entity>>, options: FindByCursorOptions<Entity, Hint, Fields, Excludes, IncludeCount>): Promise<Cursor<Entity, Hint, Fields, Excludes, IncludeCount>>;
+    count<Entity extends object, Hint extends string = never>(entityName: EntityName<Entity>, where?: FilterQuery<NoInfer<Entity>>, options?: CountOptions<Entity, Hint>): Promise<number>;
+    insert<Entity extends object>(entityNameOrEntity: EntityName<Entity> | Entity, data?: RequiredEntityData<Entity> | Entity, options?: NativeInsertUpdateOptions<Entity>): Promise<Primary<Entity>>;
+    insertMany<Entity extends object>(entityNameOrEntities: EntityName<Entity> | Entity[], data?: RequiredEntityData<Entity>[] | Entity[], options?: NativeInsertUpdateOptions<Entity>): Promise<Primary<Entity>[]>;
+    nativeUpdate<Entity extends object>(entityName: EntityName<Entity>, where: FilterQuery<NoInfer<Entity>>, data: EntityData<Entity>, options?: UpdateOptions<Entity>): Promise<number>;
+    nativeDelete<Entity extends object>(entityName: EntityName<Entity>, where: FilterQuery<NoInfer<Entity>>, options?: DeleteOptions<Entity>): Promise<number>;
+    upsert<Entity extends object, Fields extends string = any>(entityNameOrEntity: EntityName<Entity> | Entity, data?: EntityData<Entity> | NoInfer<Entity>, options?: UpsertOptions<Entity, Fields>): Promise<Entity>;
+    upsertMany<Entity extends object, Fields extends string = any>(entityNameOrEntity: EntityName<Entity> | Entity[], data?: (EntityData<Entity> | NoInfer<Entity>)[], options?: UpsertManyOptions<Entity, Fields>): Promise<Entity[]>;
+    flush(): Promise<void>;
+}

package/dist/row-level-security-entity-manager.js

@@ -0,0 +1,135 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RowLevelSecurityEntityManager = void 0;
+const postgresql_1 = require("@mikro-orm/postgresql");
+const row_level_security_context_1 = require("./row-level-security-context");
+const assert_snake_case_1 = require("./utils/assert-snake-case");
+const get_row_level_security_options_1 = require("./utils/get-row-level-security-options");
+const row_level_security_context_builder_1 = require("./utils/row-level-security-context-builder");
+/**
+ * MikroORM entity manager that wraps database operations in transactions with
+ * transaction-local PostgreSQL role and context settings.
+ */
+class RowLevelSecurityEntityManager extends postgresql_1.EntityManager {
+    async transactional(cb, options) {
+        const rowLevelSecurityOptions = (0, get_row_level_security_options_1.getRowLevelSecurityOptions)();
+        if (rowLevelSecurityOptions.shouldApply &&
+            !(await rowLevelSecurityOptions.shouldApply())) {
+            return await super.transactional(cb, options);
+        }
+        return await super.transactional(async (em) => {
+            const knex = em.getTransactionContext();
+            if (!knex) {
+                throw new Error("Transaction context is not available. Ensure you are calling this method within a transaction.");
+            }
+            const builder = new row_level_security_context_builder_1.RowLevelSecurityContextBuilder();
+            const role = row_level_security_context_1.RowLevelSecurityContext.getRole() ??
+                ((await rowLevelSecurityOptions.isAuthenticated?.())
+                    ? (rowLevelSecurityOptions.authenticatedRole ?? "authenticated")
+                    : (rowLevelSecurityOptions.anonymousRole ?? "anonymous"));
+            const context = await rowLevelSecurityOptions.getContext?.();
+            appendContext(builder, context);
+            appendContext(builder, row_level_security_context_1.RowLevelSecurityContext.entries());
+            (0, assert_snake_case_1.assertSnakeCase)(role, "Row level security database role");
+            await knex.raw([
+                /* SQL */ `SET LOCAL ROLE ${role};`,
+                builder.entries().length > 0 ? builder.toSQL() : "",
+            ]
+                .filter(Boolean)
+                .join("\n"));
+            return await cb(em);
+        }, options);
+    }
+    find(entityName, where, options) {
+        if (this.isInTransaction()) {
+            return super.find(entityName, where, options);
+        }
+        return this.transactional((em) => em.find(entityName, where, options));
+    }
+    findAll(entityName, options) {
+        if (this.isInTransaction()) {
+            return super.findAll(entityName, options);
+        }
+        return this.transactional((em) => em.findAll(entityName, options));
+    }
+    findOne(entityName, where, options) {
+        if (this.isInTransaction()) {
+            return super.findOne(entityName, where, options);
+        }
+        return this.transactional((em) => em.findOne(entityName, where, options));
+    }
+    findOneOrFail(entityName, where, options) {
+        if (this.isInTransaction()) {
+            return super.findOneOrFail(entityName, where, options);
+        }
+        return this.transactional((em) => em.findOneOrFail(entityName, where, options));
+    }
+    findAndCount(entityName, where, options) {
+        if (this.isInTransaction()) {
+            return super.findAndCount(entityName, where, options);
+        }
+        return this.transactional((em) => em.findAndCount(entityName, where, options));
+    }
+    findByCursor(entityName, where, options) {
+        if (this.isInTransaction()) {
+            return super.findByCursor(entityName, where, options);
+        }
+        return this.transactional((em) => em.findByCursor(entityName, where, options));
+    }
+    count(entityName, where, options) {
+        if (this.isInTransaction()) {
+            return super.count(entityName, where, options);
+        }
+        return this.transactional((em) => em.count(entityName, where, options));
+    }
+    insert(entityNameOrEntity, data, options) {
+        if (this.isInTransaction()) {
+            return super.insert(entityNameOrEntity, data, options);
+        }
+        return this.transactional((em) => em.insert(entityNameOrEntity, data, options));
+    }
+    // @ts-expect-error - MikroORM type duplication/deep mapped type collision
+    insertMany(entityNameOrEntities, data, options) {
+        if (this.isInTransaction()) {
+            return super.insertMany(entityNameOrEntities, data, options);
+        }
+        return this.transactional((em) => em.insertMany(entityNameOrEntities, data, options));
+    }
+    nativeUpdate(entityName, where, data, options) {
+        if (this.isInTransaction()) {
+            return super.nativeUpdate(entityName, where, data, options);
+        }
+        return this.transactional((em) => em.nativeUpdate(entityName, where, data, options));
+    }
+    nativeDelete(entityName, where, options) {
+        if (this.isInTransaction()) {
+            return super.nativeDelete(entityName, where, options);
+        }
+        return this.transactional((em) => em.nativeDelete(entityName, where, options));
+    }
+    upsert(entityNameOrEntity, data, options) {
+        if (this.isInTransaction()) {
+            return super.upsert(entityNameOrEntity, data, options);
+        }
+        return this.transactional((em) => em.upsert(entityNameOrEntity, data, options));
+    }
+    upsertMany(entityNameOrEntity, data, options) {
+        if (this.isInTransaction()) {
+            return super.upsertMany(entityNameOrEntity, data, options);
+        }
+        return this.transactional((em) => em.upsertMany(entityNameOrEntity, data, options));
+    }
+    flush() {
+        if (this.isInTransaction()) {
+            return super.flush();
+        }
+        return this.transactional((em) => em.flush());
+    }
+}
+exports.RowLevelSecurityEntityManager = RowLevelSecurityEntityManager;
+function appendContext(builder, context) {
+    for (const [key, value] of context ?? []) {
+        builder.set(key, value);
+    }
+}
+//# sourceMappingURL=row-level-security-entity-manager.js.map

package/dist/row-level-security-entity-manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"row-level-security-entity-manager.js","sourceRoot":"","sources":["../src/row-level-security-entity-manager.ts"],"names":[],"mappings":";;;AAAA,sDAwB+B;AAE/B,6EAAuE;AACvE,iEAA4D;AAC5D,2FAAoF;AACpF,mGAA4F;AAG5F;;;GAGG;AACH,MAAa,6BAA8B,SAAQ,0BAAa;IAC9D,KAAK,CAAC,aAAa,CACjB,EAAgC,EAChC,OAA4B;QAE5B,MAAM,uBAAuB,GAAG,IAAA,2DAA0B,GAAE,CAAC;QAE7D,IACE,uBAAuB,CAAC,WAAW;YACnC,CAAC,CAAC,MAAM,uBAAuB,CAAC,WAAW,EAAE,CAAC,EAC9C,CAAC;YACD,OAAO,MAAM,KAAK,CAAC,aAAa,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QAChD,CAAC;QAED,OAAO,MAAM,KAAK,CAAC,aAAa,CAAC,KAAK,EAAE,EAAE,EAAE,EAAE;YAC5C,MAAM,IAAI,GAAG,EAAE,CAAC,qBAAqB,EAAQ,CAAC;YAE9C,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,MAAM,IAAI,KAAK,CACb,gGAAgG,CACjG,CAAC;YACJ,CAAC;YAED,MAAM,OAAO,GAAG,IAAI,mEAA8B,EAAE,CAAC;YACrD,MAAM,IAAI,GACR,oDAAuB,CAAC,OAAO,EAAE;gBACjC,CAAC,CAAC,MAAM,uBAAuB,CAAC,eAAe,EAAE,EAAE,CAAC;oBAClD,CAAC,CAAC,CAAC,uBAAuB,CAAC,iBAAiB,IAAI,eAAe,CAAC;oBAChE,CAAC,CAAC,CAAC,uBAAuB,CAAC,aAAa,IAAI,WAAW,CAAC,CAAC,CAAC;YAC9D,MAAM,OAAO,GAAG,MAAM,uBAAuB,CAAC,UAAU,EAAE,EAAE,CAAC;YAE7D,aAAa,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAChC,aAAa,CAAC,OAAO,EAAE,oDAAuB,CAAC,OAAO,EAAE,CAAC,CAAC;YAE1D,IAAA,mCAAe,EAAC,IAAI,EAAE,kCAAkC,CAAC,CAAC;YAC1D,MAAM,IAAI,CAAC,GAAG,CACZ;gBACE,SAAS,CAAC,kBAAkB,IAAI,GAAG;gBACnC,OAAO,CAAC,OAAO,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE;aACpD;iBACE,MAAM,CAAC,OAAO,CAAC;iBACf,IAAI,CAAC,IAAI,CAAC,CACd,CAAC;YAEF,OAAO,MAAM,EAAE,CAAC,EAAE,CAAC,CAAC;QACtB,CAAC,EAAE,OAAO,CAAC,CAAC;IACd,CAAC;IAED,IAAI,CAMF,UAA8B,EAC9B,KAAmC,EACnC,OAAqD;QAErD,IAAI,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC;YAC3B,OAAO,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;QAChD,CAAC;QAED,OAAO,IAAI,CAAC,aAAa,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC;IACzE,CAAC;IAED,OAAO,CAML,UAA8B,EAC9B,OAAiE;QAEjE,IAAI,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC;YAC3B,OAAO,KAAK,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAC5C,CAAC;QAED,OAAO,IAAI,CAAC,aAAa,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC;IACrE,CAAC;IAED,OAAO,CAML,UAA8B,EAC9B,KAAmC,EACnC,OAAwD;QAExD,IAAI,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC;YAC3B,OAAO,KAAK,CAAC,OAAO,CAAC,UAAU,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;QACnD,CAAC;QAED,OAAO,IAAI,CAAC,aAAa,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC;IAC5E,CAAC;IAED,aAAa,CAMX,UAA8B,EAC9B,KAAmC,EACnC,OAA8D;QAE9D,IAAI,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC;YAC3B,OAAO,KAAK,CAAC,aAAa,CAAC,UAAU,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;QACzD,CAAC;QAED,OAAO,IAAI,CAAC,aAAa,CAAC,CAAC,EAAE,EAAE,EAAE,CAC/B,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,KAAK,EAAE,OAAO,CAAC,CAC7C,CAAC;IACJ,CAAC;IAED,YAAY,CAMV,UAA8B,EAC9B,KAAmC,EACnC,OAAqD;QAErD,IAAI,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC;YAC3B,OAAO,KAAK,CAAC,YAAY,CAAC,UAAU,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;QACxD,CAAC;QAED,OAAO,IAAI,CAAC,aAAa,CAAC,CAAC,EAAE,EAAE,EAAE,CAC/B,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,KAAK,EAAE,OAAO,CAAC,CAC5C,CAAC;IACJ,CAAC;IAED,YAAY,CAOV,UAA8B,EAC9B,KAAmC,EACnC,OAA0E;QAE1E,IAAI,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC;YAC3B,OAAO,KAAK,CAAC,YAAY,CAAC,UAAU,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;QACxD,CAAC;QAED,OAAO,IAAI,CAAC,aAAa,CAAC,CAAC,EAAE,EAAE,EAAE,CAC/B,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,KAAK,EAAE,OAAO,CAAC,CAC5C,CAAC;IACJ,CAAC;IAED,KAAK,CACH,UAA8B,EAC9B,KAAoC,EACpC,OAAoC;QAEpC,IAAI,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC;YAC3B,OAAO,KAAK,CAAC,KAAK,CAAC,UAAU,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;QACjD,CAAC;QAED,OAAO,IAAI,CAAC,aAAa,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,KAAK,CAAC,UAAU,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC;IAC1E,CAAC;IAED,MAAM,CACJ,kBAA+C,EAC/C,IAA0C,EAC1C,OAA2C;QAE3C,IAAI,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC;YAC3B,OAAO,KAAK,CAAC,MAAM,CAAC,kBAAkB,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;QACzD,CAAC;QAED,OAAO,IAAI,CAAC,aAAa,CAAC,CAAC,EAAE,EAAE,EAAE,CAC/B,EAAE,CAAC,MAAM,CAAC,kBAAkB,EAAE,IAAI,EAAE,OAAO,CAAC,CAC7C,CAAC;IACJ,CAAC;IAED,0EAA0E;IAC1E,UAAU,CACR,oBAAmD,EACnD,IAA8C,EAC9C,OAA2C;QAE3C,IAAI,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC;YAC3B,OAAO,KAAK,CAAC,UAAU,CACrB,oBAA2B,EAC3B,IAAW,EACX,OAAO,CACD,CAAC;QACX,CAAC;QAED,OAAO,IAAI,CAAC,aAAa,CACvB,CAAC,EAAE,EAAE,EAAE,CACL,EAAE,CAAC,UAAU,CAAC,oBAA2B,EAAE,IAAW,EAAE,OAAO,CAAQ,CAC1E,CAAC;IACJ,CAAC;IAED,YAAY,CACV,UAA8B,EAC9B,KAAmC,EACnC,IAAwB,EACxB,OAA+B;QAE/B,IAAI,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC;YAC3B,OAAO,KAAK,CAAC,YAAY,CAAC,UAAU,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;QAC9D,CAAC;QAED,OAAO,IAAI,CAAC,aAAa,CAAC,CAAC,EAAE,EAAE,EAAE,CAC/B,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,CAAC,CAClD,CAAC;IACJ,CAAC;IAED,YAAY,CACV,UAA8B,EAC9B,KAAmC,EACnC,OAA+B;QAE/B,IAAI,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC;YAC3B,OAAO,KAAK,CAAC,YAAY,CAAC,UAAU,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;QACxD,CAAC;QAED,OAAO,IAAI,CAAC,aAAa,CAAC,CAAC,EAAE,EAAE,EAAE,CAC/B,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,KAAK,EAAE,OAAO,CAAC,CAC5C,CAAC;IACJ,CAAC;IAED,MAAM,CACJ,kBAA+C,EAC/C,IAA2C,EAC3C,OAAuC;QAEvC,IAAI,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC;YAC3B,OAAO,KAAK,CAAC,MAAM,CAAC,kBAAkB,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;QACzD,CAAC;QAED,OAAO,IAAI,CAAC,aAAa,CAAC,CAAC,EAAE,EAAE,EAAE,CAC/B,EAAE,CAAC,MAAM,CAAC,kBAAkB,EAAE,IAAI,EAAE,OAAO,CAAC,CAC7C,CAAC;IACJ,CAAC;IAED,UAAU,CACR,kBAAiD,EACjD,IAA+C,EAC/C,OAA2C;QAE3C,IAAI,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC;YAC3B,OAAO,KAAK,CAAC,UAAU,CAAC,kBAAkB,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;QAC7D,CAAC;QAED,OAAO,IAAI,CAAC,aAAa,CAAC,CAAC,EAAE,EAAE,EAAE,CAC/B,EAAE,CAAC,UAAU,CAAC,kBAAkB,EAAE,IAAI,EAAE,OAAO,CAAC,CACjD,CAAC;IACJ,CAAC;IAED,KAAK;QACH,IAAI,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC;YAC3B,OAAO,KAAK,CAAC,KAAK,EAAE,CAAC;QACvB,CAAC;QAED,OAAO,IAAI,CAAC,aAAa,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC;IAChD,CAAC;CACF;AA1QD,sEA0QC;AAED,SAAS,aAAa,CACpB,OAAuC,EACvC,OAEa;IAEb,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,OAAO,IAAI,EAAE,EAAE,CAAC;QACzC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAC1B,CAAC;AACH,CAAC"}

package/dist/row-level-security-entity-manager.spec.d.ts

@@ -0,0 +1 @@
+export {};