@nu-art/permissions-backend 0.401.8 → 0.500.0

package/modules/ModuleBE_PermissionsAssert.d.ts

@@ -1,8 +1,10 @@
 import { Module, StringMap, TypedMap } from '@nu-art/ts-common';
-import { ServerApi_Middleware } from '@nu-art/thunderstorm-backend';
+import type { ServerApi_Middleware } from '@nu-art/http-server';
+import { ModuleBE_BaseDB } from '@nu-art/db-api-backend';
 import { CollectSessionData } from '@nu-art/user-account-backend';
-import { Base_AccessLevel, DB_PermissionAccessLevel, DB_PermissionAPI, DomainToLevelValueMap, SessionData_StrictMode } from '@nu-art/permissions-shared';
+import { API_PermissionsAssert, Base_AccessLevel, DB_PermissionAccessLevel, DB_PermissionAPI, DomainToLevelValueMap, SessionData_StrictMode } from '@nu-art/permissions-shared';
 import { PermissionKey_BE } from '../PermissionKey_BE.js';
+import type { FunctionPermissionDef } from '../core/function-permission-registry.js';
 export type UserCalculatedAccessLevel = {
     [domainId: string]: number;
 };
@@ -27,9 +29,24 @@ export declare class ModuleBE_PermissionsAssert_Class extends Module<Config> imp
     readonly CustomMiddleware: (keys: string[], action: (projectId: string, customFields: StringMap) => Promise<void>) => ServerApi_Middleware;
     __collectSessionData(): Promise<SessionData_StrictMode>;
     init(): void;
+    /**
+     * @deprecated Path-based sync filter; use function-based permissions instead. API collection deprecated.
+     * Returns a filter for sync manager. The app must call SyncManager.setModuleFilter(ModuleBE_PermissionsAssert.getPermissionsAssertSyncFilter()) when using a sync manager.
+     */
+    getPermissionsAssertSyncFilter(): (dbModules: (ModuleBE_BaseDB<any>)[]) => Promise<(ModuleBE_BaseDB<any>)[]>;
+    assertUserPermissions(body: API_PermissionsAssert['assertUserPermissions']['Body']): Promise<API_PermissionsAssert['assertUserPermissions']['Response']>;
     private assertPermission;
-    assertUserPermissions(projectId: string, path: string): Promise<void>;
+    /**
+     * @deprecated Path-based API permission; use function-based permissions and assertFunctionPermission(def) instead. API collection deprecated.
+     */
+    assertPathPermissions(projectId: string, path: string): Promise<void>;
     assertUserPassesAccessLevels(domainToLevelValueMap: DomainToLevelValueMap, userPermissions: TypedMap<number>): void;
+    /**
+     * Asserts that the user has at least the required level for the function-permission def (from @RequirePermission).
+     * Call this before invoking a handler when getRequirePermissionDef(handler) returns a def.
+     */
+    assertFunctionPermission(def: FunctionPermissionDef): void;
+    /** @deprecated Path-based API lookup; API collection deprecated. Use function-based permissions. */
     getApiDetails(_path: string, projectId: string): Promise<{
         dbApi: DB_PermissionAPI;
         requestPermissions: DB_PermissionAccessLevel[];

package/modules/ModuleBE_PermissionsAssert.js

@@ -16,227 +16,293 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-import { _keys, ApiException, arrayToMap, BadImplementationException, batchActionParallel, exists, filterDuplicates, filterInstances, ImplementationMissingException, Module, RuntimeModules } from '@nu-art/ts-common';
-import { addRoutes, createBodyServerApi, ModuleBE_SyncManager } from '@nu-art/thunderstorm-backend';
-import { HttpMethod } from '@nu-art/thunderstorm-shared';
-import { MemKey_AccountEmail } from '@nu-art/user-account-backend';
+var __runInitializers = (this && this.__runInitializers) || function (thisArg, initializers, value) {
+    var useValue = arguments.length > 2;
+    for (var i = 0; i < initializers.length; i++) {
+        value = useValue ? initializers[i].call(thisArg, value) : initializers[i].call(thisArg);
+    }
+    return useValue ? value : void 0;
+};
+var __esDecorate = (this && this.__esDecorate) || function (ctor, descriptorIn, decorators, contextIn, initializers, extraInitializers) {
+    function accept(f) { if (f !== void 0 && typeof f !== "function") throw new TypeError("Function expected"); return f; }
+    var kind = contextIn.kind, key = kind === "getter" ? "get" : kind === "setter" ? "set" : "value";
+    var target = !descriptorIn && ctor ? contextIn["static"] ? ctor : ctor.prototype : null;
+    var descriptor = descriptorIn || (target ? Object.getOwnPropertyDescriptor(target, contextIn.name) : {});
+    var _, done = false;
+    for (var i = decorators.length - 1; i >= 0; i--) {
+        var context = {};
+        for (var p in contextIn) context[p] = p === "access" ? {} : contextIn[p];
+        for (var p in contextIn.access) context.access[p] = contextIn.access[p];
+        context.addInitializer = function (f) { if (done) throw new TypeError("Cannot add initializers after decoration has completed"); extraInitializers.push(accept(f || null)); };
+        var result = (0, decorators[i])(kind === "accessor" ? { get: descriptor.get, set: descriptor.set } : descriptor[key], context);
+        if (kind === "accessor") {
+            if (result === void 0) continue;
+            if (result === null || typeof result !== "object") throw new TypeError("Object expected");
+            if (_ = accept(result.get)) descriptor.get = _;
+            if (_ = accept(result.set)) descriptor.set = _;
+            if (_ = accept(result.init)) initializers.unshift(_);
+        }
+        else if (_ = accept(result)) {
+            if (kind === "field") initializers.unshift(_);
+            else descriptor[key] = _;
+        }
+    }
+    if (target) Object.defineProperty(target, contextIn.name, descriptor);
+    done = true;
+};
+import { _keys, ApiException, arrayToMap, BadImplementationException, batchActionParallel, exists, filterDuplicates, filterInstances, ImplementationMissingException, Module } from '@nu-art/ts-common';
+import { ApiHandler } from '@nu-art/http-server';
+import { HttpMethod } from '@nu-art/api-types';
+import { MemKey_AccountId } from '@nu-art/user-account-backend';
 import { ApiDef_PermissionsAssert } from '@nu-art/permissions-shared';
-import { MemKey_HttpRequestBody, MemKey_HttpRequestMethod, MemKey_HttpRequestQuery, MemKey_HttpRequestUrl } from '@nu-art/thunderstorm-backend/modules/server/consts';
+import { MemKey_HttpRequestBody, MemKey_HttpRequestMethod, MemKey_HttpRequestQuery, MemKey_HttpRequestUrl } from '@nu-art/http-server';
 import { MemKey_UserPermissions, SessionKey_Permissions_BE } from '../consts.js';
 import { PermissionKey_BE } from '../PermissionKey_BE.js';
 import { ModuleBE_PermissionAccessLevelDB, ModuleBE_PermissionAPIDB } from '../_entity.js';
+import { RuntimeBE_Modules } from '@nu-art/db-api-backend';
 /**
  * [DomainId uniqueString]: accessLevel's numerical value
  */
-export class ModuleBE_PermissionsAssert_Class extends Module {
-    projectId;
-    _keys = {};
-    permissionKeys = {};
-    // constructor() {
-    // 	super();
-    // 	this.setMinLevel(LogLevel.Debug);
-    // }
-    Middleware = (keys = []) => async () => {
-        await this.CustomMiddleware(keys, async (projectId) => {
-            return this.assertUserPermissions(projectId, MemKey_HttpRequestUrl.get());
-        })();
-    };
-    LoadPermissionsMiddleware = async () => {
-        try {
-            MemKey_UserPermissions.get();
+let ModuleBE_PermissionsAssert_Class = (() => {
+    let _classSuper = Module;
+    let _instanceExtraInitializers = [];
+    let _assertUserPermissions_decorators;
+    return class ModuleBE_PermissionsAssert_Class extends _classSuper {
+        static {
+            const _metadata = typeof Symbol === "function" && Symbol.metadata ? Object.create(_classSuper[Symbol.metadata] ?? null) : void 0;
+            _assertUserPermissions_decorators = [ApiHandler(ApiDef_PermissionsAssert.assertUserPermissions)];
+            __esDecorate(this, null, _assertUserPermissions_decorators, { kind: "method", name: "assertUserPermissions", static: false, private: false, access: { has: obj => "assertUserPermissions" in obj, get: obj => obj.assertUserPermissions }, metadata: _metadata }, null, _instanceExtraInitializers);
+            if (_metadata) Object.defineProperty(this, Symbol.metadata, { enumerable: true, configurable: true, writable: true, value: _metadata });
         }
-        catch (err) {
-            MemKey_UserPermissions.set(SessionKey_Permissions_BE.get().domainToValueMap);
+        projectId = __runInitializers(this, _instanceExtraInitializers);
+        _keys = {};
+        permissionKeys = {};
+        // constructor() {
+        // 	super();
+        // 	this.setMinLevel(LogLevel.Debug);
+        // }
+        Middleware = (keys = []) => async () => {
+            await this.CustomMiddleware(keys, async (projectId) => {
+                return this.assertPathPermissions(projectId, MemKey_HttpRequestUrl.get());
+            })();
+        };
+        LoadPermissionsMiddleware = async () => {
+            try {
+                MemKey_UserPermissions.get();
+            }
+            catch (err) {
+                MemKey_UserPermissions.set(SessionKey_Permissions_BE.get().domainToValueMap);
+            }
+        };
+        CustomMiddleware = (keys, action) => async () => {
+            const customFields = {};
+            let object;
+            const reqMethod = MemKey_HttpRequestMethod.get();
+            switch (reqMethod) {
+                case HttpMethod.POST:
+                case HttpMethod.PATCH:
+                case HttpMethod.PUT:
+                    object = MemKey_HttpRequestBody.get();
+                    break;
+                case HttpMethod.GET:
+                case HttpMethod.DELETE:
+                    object = MemKey_HttpRequestQuery.get();
+                    break;
+                default:
+                    throw new BadImplementationException(`Generic custom fields cannot be extracted on api with method: ${reqMethod}`);
+            }
+            _keys(object).filter(key => keys.includes(key)).forEach(key => {
+                const oElement = object[key];
+                if (oElement === undefined || oElement === null)
+                    return;
+                if (typeof oElement !== 'string')
+                    return;
+                customFields[key] = oElement;
+            });
+            const projectId = this.projectId;
+            await action(projectId, customFields);
+        };
+        async __collectSessionData() {
+            return { key: 'strictMode', value: { isStrictMode: this.isStrictMode() } };
         }
-    };
-    CustomMiddleware = (keys, action) => async () => {
-        const customFields = {};
-        let object;
-        const reqMethod = MemKey_HttpRequestMethod.get();
-        switch (reqMethod) {
-            case HttpMethod.POST:
-            case HttpMethod.PATCH:
-            case HttpMethod.PUT:
-                object = MemKey_HttpRequestBody.get();
-                break;
-            case HttpMethod.GET:
-            case HttpMethod.DELETE:
-                object = MemKey_HttpRequestQuery.get();
-                break;
-            default:
-                throw new BadImplementationException(`Generic custom fields cannot be extracted on api with method: ${reqMethod}`);
-        }
-        _keys(object).filter(key => keys.includes(key)).forEach(key => {
-            const oElement = object[key];
-            if (oElement === undefined || oElement === null)
-                return;
-            if (typeof oElement !== 'string')
-                return;
-            customFields[key] = oElement;
-        });
-        const projectId = this.projectId;
-        await action(projectId, customFields);
-    };
-    async __collectSessionData() {
-        return { key: 'strictMode', value: { isStrictMode: this.isStrictMode() } };
-    }
-    init() {
-        super.init();
-        addRoutes([createBodyServerApi(ApiDef_PermissionsAssert.vv1.assertUserPermissions, this.assertPermission)]);
-        _keys(this._keys).forEach(key => this.permissionKeys[key] = new PermissionKey_BE(key));
-        ModuleBE_SyncManager.setModuleFilter(async (dbModules) => {
-            // return dbModules;
-            //Filter out any module we don't have permission to sync
+        init() {
+            super.init();
+            _keys(this._keys).forEach(key => this.permissionKeys[key] = new PermissionKey_BE(key));
+        }
+        /**
+         * @deprecated Path-based sync filter; use function-based permissions instead. API collection deprecated.
+         * Returns a filter for sync manager. The app must call SyncManager.setModuleFilter(ModuleBE_PermissionsAssert.getPermissionsAssertSyncFilter()) when using a sync manager.
+         */
+        getPermissionsAssertSyncFilter() {
+            const assert = this;
+            return async (dbModules) => {
+                const userPermissions = MemKey_UserPermissions.get();
+                const mapDbNameToApiModules = arrayToMap(RuntimeBE_Modules(), (item) => item.dbModule.dbDef.dbKey);
+                const paths = dbModules.map(module => {
+                    const apiModule = mapDbNameToApiModules[module.dbDef.dbKey];
+                    if (!apiModule)
+                        return undefined;
+                    return apiModule.crudApiDef?.query?.path;
+                });
+                const _allApis = await ModuleBE_PermissionAPIDB.query.where({});
+                const apis = _allApis.filter(_api => paths.includes(_api.path));
+                const mapPathToDBApi = arrayToMap(apis, api => api.path);
+                return dbModules.filter((dbModule, index) => {
+                    const path = paths[index];
+                    if (!path)
+                        return false;
+                    const dbApi = mapPathToDBApi[path];
+                    if (!dbApi)
+                        return !ModuleBE_PermissionsAssert.isStrictMode();
+                    const accessLevels = dbApi._accessLevels;
+                    return _keys(accessLevels).reduce((hasAccess, domainId) => {
+                        if (!hasAccess)
+                            return false;
+                        const userDomainAccessValue = userPermissions[domainId];
+                        const apiRequiredAccessValue = accessLevels[domainId];
+                        if (!userDomainAccessValue)
+                            return false;
+                        if (!exists(userDomainAccessValue) || userDomainAccessValue < apiRequiredAccessValue) {
+                            assert.logErrorBold(`${(userDomainAccessValue ?? 0)} < ${apiRequiredAccessValue} === ${(userDomainAccessValue ?? 0) < apiRequiredAccessValue}`);
+                            return false;
+                        }
+                        return hasAccess;
+                    }, true);
+                });
+            };
+        }
+        async assertUserPermissions(body) {
+            return this.assertPermission(body);
+        }
+        assertPermission = async (body) => {
+            await ModuleBE_PermissionsAssert.assertPathPermissions(body.projectId, body.path);
+            return { userId: MemKey_AccountId.get() };
+        };
+        /**
+         * @deprecated Path-based API permission; use function-based permissions and assertFunctionPermission(def) instead. API collection deprecated.
+         */
+        async assertPathPermissions(projectId, path) {
+            // [DomainId]: accessLevel's numerical value
             const userPermissions = MemKey_UserPermissions.get();
-            const mapDbNameToApiModules = arrayToMap(RuntimeModules()
-                .filter((module) => !!module.apiDef && !!module.dbModule?.dbDef?.dbKey), item => item.dbModule.dbDef.dbKey);
-            const paths = dbModules.map(module => {
-                const mapDbNameToApiModule = mapDbNameToApiModules[module.dbDef.dbKey];
-                if (!mapDbNameToApiModule) {
-                    // this.logWarning(`no module found for ${module.dbDef.dbKey}`);
-                    return undefined;
-                }
-                return mapDbNameToApiModule.apiDef?.['v1']?.['query'].path;
-            });
-            // this.logWarning(`Paths(${paths.length}):`, paths);
-            const _allApis = await ModuleBE_PermissionAPIDB.query.where({});
-            const apis = _allApis.filter(_api => paths.includes(_api.path));
-            const mapPathToDBApi = arrayToMap(apis, api => api.path);
-            return dbModules.filter((dbModule, index) => {
-                const path = paths[index];
-                if (!path) {
-                    // this.logWarningBold('no path');
-                    return false;
-                }
-                const dbApi = mapPathToDBApi[path];
-                if (!dbApi) {
-                    // this.logWarningBold(`no dbApi ${path}`);
-                    return !ModuleBE_PermissionsAssert.isStrictMode();
+            const apiDetails = await this.getApiDetails(path, projectId);
+            this.logDebug('______________________________');
+            this.logDebug(userPermissions);
+            this.logDebug('______________________________');
+            this.logDebug(apiDetails?.dbApi);
+            this.logDebug('______________________________');
+            if (!apiDetails || !apiDetails.dbApi.accessLevelIds) {
+                if (!this.config.strictMode)
+                    return;
+                throw new ApiException(403, `No permissions configuration specified for api: ${projectId ? `${projectId}--` : ''}${path}`);
+            }
+            //_accessLevels is a map[domain id <> access level numeric value]
+            this.assertUserPassesAccessLevels(apiDetails.dbApi._accessLevels, userPermissions);
+        }
+        assertUserPassesAccessLevels(domainToLevelValueMap, userPermissions) {
+            _keys(domainToLevelValueMap).forEach(domainId => {
+                const userDomainPermission = userPermissions[domainId];
+                if (!exists(userDomainPermission))
+                    throw new ApiException(403, 'Missing Access For This Domain');
+                if (userDomainPermission < domainToLevelValueMap[domainId]) {
+                    this.logErrorBold(`for domain - userAccessLevel <> expectedAccessLevel: "${domainId}" ${(userDomainPermission ?? 0)} <> ${domainToLevelValueMap[domainId]}`);
+                    throw new ApiException(403, 'Action Forbidden');
                 }
-                const accessLevels = dbApi._accessLevels;
-                return _keys(accessLevels).reduce((hasAccess, domainId) => {
-                    if (!hasAccess)
-                        return false;
-                    const userDomainAccessValue = userPermissions[domainId];
-                    const apiRequiredAccessValue = accessLevels[domainId];
-                    if (!userDomainAccessValue)
-                        return false;
-                    if (!exists(userDomainAccessValue) || userDomainAccessValue < apiRequiredAccessValue) {
-                        this.logErrorBold(`${(userDomainAccessValue ?? 0)} < ${apiRequiredAccessValue} === ${(userDomainAccessValue ?? 0) < apiRequiredAccessValue}`);
-                        return false;
-                    }
-                    return hasAccess;
-                }, true);
             });
-        });
-    }
-    assertPermission = async (body) => {
-        await ModuleBE_PermissionsAssert.assertUserPermissions(body.projectId, body.path);
-        return { userId: MemKey_AccountEmail.get() };
-    };
-    async assertUserPermissions(projectId, path) {
-        // [DomainId]: accessLevel's numerical value
-        const userPermissions = MemKey_UserPermissions.get();
-        const apiDetails = await this.getApiDetails(path, projectId);
-        this.logDebug('______________________________');
-        this.logDebug(userPermissions);
-        this.logDebug('______________________________');
-        this.logDebug(apiDetails?.dbApi);
-        this.logDebug('______________________________');
-        if (!apiDetails || !apiDetails.dbApi.accessLevelIds) {
-            if (!this.config.strictMode)
-                return;
-            throw new ApiException(403, `No permissions configuration specified for api: ${projectId ? `${projectId}--` : ''}${path}`);
-        }
-        //_accessLevels is a map[domain id <> access level numeric value]
-        this.assertUserPassesAccessLevels(apiDetails.dbApi._accessLevels, userPermissions);
-    }
-    assertUserPassesAccessLevels(domainToLevelValueMap, userPermissions) {
-        _keys(domainToLevelValueMap).forEach(domainId => {
-            const userDomainPermission = userPermissions[domainId];
+        }
+        /**
+         * Asserts that the user has at least the required level for the function-permission def (from @RequirePermission).
+         * Call this before invoking a handler when getRequirePermissionDef(handler) returns a def.
+         */
+        assertFunctionPermission(def) {
+            if (def.domainId === undefined || def.levelValue === undefined)
+                throw new ApiException(503, `Function permission "${def.scopeKey}/${def.value}" not yet provisioned; run project setup to create domains/levels from registry.`);
+            const userPermissions = MemKey_UserPermissions.get();
+            const userDomainPermission = userPermissions[def.domainId];
             if (!exists(userDomainPermission))
                 throw new ApiException(403, 'Missing Access For This Domain');
-            if (userDomainPermission < domainToLevelValueMap[domainId]) {
-                this.logErrorBold(`for domain - userAccessLevel <> expectedAccessLevel: "${domainId}" ${(userDomainPermission ?? 0)} <> ${domainToLevelValueMap[domainId]}`);
+            if (userDomainPermission < def.levelValue) {
+                this.logErrorBold(`function permission - userLevel < required: "${def.scopeKey}/${def.value}" ${userDomainPermission} < ${def.levelValue}`);
                 throw new ApiException(403, 'Action Forbidden');
             }
-        });
-    }
-    async getApiDetails(_path, projectId) {
-        let path = _path.substring(0, (_path + '?').indexOf('?')); //Get raw path without query
-        if (path.at(0) === '/')
-            path = path.substring(1);
-        this.logDebug(`Fetching Permission API for path: ${path} and project id: ${projectId}`);
-        const dbApi = (await ModuleBE_PermissionAPIDB.query.custom({
-            where: {
-                path,
-                projectId
-            }
-        }))[0];
-        if (!dbApi)
-            return undefined;
-        const requestPermissions = await this.getAccessLevels(dbApi.accessLevelIds || []);
-        return {
-            dbApi,
-            requestPermissions
+        }
+        /** @deprecated Path-based API lookup; API collection deprecated. Use function-based permissions. */
+        async getApiDetails(_path, projectId) {
+            let path = _path.substring(0, (_path + '?').indexOf('?')); //Get raw path without query
+            if (path.at(0) === '/')
+                path = path.substring(1);
+            this.logDebug(`Fetching Permission API for path: ${path} and project id: ${projectId}`);
+            const dbApi = (await ModuleBE_PermissionAPIDB.query.custom({
+                where: {
+                    path,
+                    projectId
+                }
+            }))[0];
+            if (!dbApi)
+                return undefined;
+            const requestPermissions = await this.getAccessLevels(dbApi.accessLevelIds || []);
+            return {
+                dbApi,
+                requestPermissions
+            };
+        }
+        async getApisDetails(urls, projectId) {
+            const paths = urls.map(_path => _path.substring(0, (_path + '?').indexOf('?')));
+            const apiDbs = await batchActionParallel(paths, 10, elements => ModuleBE_PermissionAPIDB.query.custom({
+                where: {
+                    projectId,
+                    path: { $in: elements }
+                }
+            }));
+            return Promise.all(paths.map(async (path) => {
+                const apiDb = apiDbs.find(_apiDb => _apiDb.path === path);
+                if (!apiDb)
+                    return;
+                try {
+                    const requestPermissions = await this.getAccessLevels(apiDb.accessLevelIds);
+                    return ({
+                        apiDb,
+                        requestPermissions
+                    });
+                }
+                catch (e) {
+                    return;
+                }
+            }));
+        }
+        async getAccessLevels(_accessLevelIds) {
+            const accessLevelIds = filterDuplicates(_accessLevelIds || []);
+            const requestPermissions = filterInstances(await ModuleBE_PermissionAccessLevelDB.query.all(accessLevelIds));
+            const idNotFound = accessLevelIds.find(lId => !requestPermissions.find(r => r._id === lId));
+            if (idNotFound)
+                throw new ApiException(404, `Could not find api level with _id: ${idNotFound}`);
+            return requestPermissions;
+        }
+        setProjectId = (projectId) => {
+            this.projectId = projectId;
         };
-    }
-    async getApisDetails(urls, projectId) {
-        const paths = urls.map(_path => _path.substring(0, (_path + '?').indexOf('?')));
-        const apiDbs = await batchActionParallel(paths, 10, elements => ModuleBE_PermissionAPIDB.query.custom({
-            where: {
-                projectId,
-                path: { $in: elements }
-            }
-        }));
-        return Promise.all(paths.map(async (path) => {
-            const apiDb = apiDbs.find(_apiDb => _apiDb.path === path);
-            if (!apiDb)
-                return;
-            try {
-                const requestPermissions = await this.getAccessLevels(apiDb.accessLevelIds);
-                return ({
-                    apiDb,
-                    requestPermissions
-                });
-            }
-            catch (e) {
-                return;
-            }
-        }));
-    }
-    async getAccessLevels(_accessLevelIds) {
-        const accessLevelIds = filterDuplicates(_accessLevelIds || []);
-        const requestPermissions = filterInstances(await ModuleBE_PermissionAccessLevelDB.query.all(accessLevelIds));
-        const idNotFound = accessLevelIds.find(lId => !requestPermissions.find(r => r._id === lId));
-        if (idNotFound)
-            throw new ApiException(404, `Could not find api level with _id: ${idNotFound}`);
-        return requestPermissions;
-    }
-    setProjectId = (projectId) => {
-        this.projectId = projectId;
+        getRegEx(value) {
+            if (!value)
+                return new RegExp(`^${value}$`, 'g');
+            let regExValue = value;
+            const startRegEx = '^';
+            const endRegEx = '$';
+            if (value[0] !== startRegEx)
+                regExValue = startRegEx + regExValue;
+            if (value[value.length - 1] !== endRegEx)
+                regExValue = regExValue + endRegEx;
+            return new RegExp(regExValue, 'g');
+        }
+        registerPermissionKeys(keys) {
+            keys.forEach(key => {
+                if (this._keys[key])
+                    throw new ImplementationMissingException(`Registered PermissionKey '${key}' more than once!`);
+                this._keys[key] = true;
+            });
+        }
+        isStrictMode() {
+            return !!this.config.strictMode;
+        }
     };
-    getRegEx(value) {
-        if (!value)
-            return new RegExp(`^${value}$`, 'g');
-        let regExValue = value;
-        const startRegEx = '^';
-        const endRegEx = '$';
-        if (value[0] !== startRegEx)
-            regExValue = startRegEx + regExValue;
-        if (value[value.length - 1] !== endRegEx)
-            regExValue = regExValue + endRegEx;
-        return new RegExp(regExValue, 'g');
-    }
-    registerPermissionKeys(keys) {
-        keys.forEach(key => {
-            if (this._keys[key])
-                throw new ImplementationMissingException(`Registered PermissionKey '${key}' more than once!`);
-            this._keys[key] = true;
-        });
-    }
-    isStrictMode() {
-        return !!this.config.strictMode;
-    }
-}
+})();
+export { ModuleBE_PermissionsAssert_Class };
 export const ModuleBE_PermissionsAssert = new ModuleBE_PermissionsAssert_Class();

package/modules/consts.d.ts

@@ -1,11 +1,11 @@
 import { DefaultDef_Package } from '../types.js';
 export declare const Domain_PermissionAssignment: Readonly<{
-    _id: "1f41541c4514b50140ae62c1f7097029";
+    _id: import("@nu-art/db-api-shared").DB_UniqueId<"permissions--domain">;
     namespace: "Permissions Assignment";
 }>;
 export declare const Permissions_PermissionAssignment: DefaultDef_Package;
 export declare const Domain_PermissionManagement: Readonly<{
-    _id: "1f41541c4514b50140ae62c1f7097029";
+    _id: import("@nu-art/db-api-shared").DB_UniqueId<"permissions--domain">;
     namespace: "Permissions Management";
 }>;
 export declare const Permissions_PermissionManagement: DefaultDef_Package;

package/modules/consts.js

@@ -1,6 +1,6 @@
-import { DBDef_PermissionAccessLevel, DBDef_PermissionAPI, DBDef_PermissionDomain, DBDef_PermissionGroup, DBDef_PermissionProject, DBDef_PermissionUser, DomainNamespace_PermissionAssignment, DomainNamespace_PermissionManagement, DuplicateDefaultAccessLevels } from '@nu-art/permissions-shared';
+import { DBDef_PermissionAccessLevel, DBDef_PermissionAPI, DBDef_PermissionDomain, DBDef_PermissionGroup, DBDef_PermissionProject, DBDef_PermissionUser, DomainNamespace_PermissionAssignment, DomainNamespace_PermissionManagement, DuplicateDefaultAccessLevels, toPermissionDomainId } from '@nu-art/permissions-shared';
 export const Domain_PermissionAssignment = Object.freeze({
-    _id: '1f41541c4514b50140ae62c1f7097029',
+    _id: toPermissionDomainId('1f41541c4514b50140ae62c1f7097029'),
     namespace: DomainNamespace_PermissionAssignment
 });
 export const Permissions_PermissionAssignment = {
@@ -8,13 +8,13 @@ export const Permissions_PermissionAssignment = {
     domains: [
         {
             ...Domain_PermissionAssignment,
-            levels: [...DuplicateDefaultAccessLevels(Domain_PermissionAssignment._id)],
+            levels: DuplicateDefaultAccessLevels(Domain_PermissionAssignment._id),
             dbNames: [DBDef_PermissionUser.dbKey, DBDef_PermissionGroup.dbKey]
         }
     ]
 };
 export const Domain_PermissionManagement = Object.freeze({
-    _id: '1f41541c4514b50140ae62c1f7097029',
+    _id: toPermissionDomainId('1f41541c4514b50140ae62c1f7097029'),
     namespace: DomainNamespace_PermissionManagement
 });
 export const Permissions_PermissionManagement = {
@@ -22,7 +22,7 @@ export const Permissions_PermissionManagement = {
     domains: [
         {
             ...Domain_PermissionManagement,
-            levels: [...DuplicateDefaultAccessLevels(Domain_PermissionManagement._id)],
+            levels: DuplicateDefaultAccessLevels(Domain_PermissionManagement._id),
             dbNames: [DBDef_PermissionProject.dbKey, DBDef_PermissionDomain.dbKey, DBDef_PermissionAccessLevel.dbKey, DBDef_PermissionAPI.dbKey]
         }
     ]

package/modules/index.d.ts

@@ -1 +1,2 @@
 export * from './consts.js';
+export { CollectPermissionsProjects, PermissionProject_Permissions } from './ModuleBE_Permissions.js';

package/modules/index.js

@@ -17,3 +17,4 @@
  * limitations under the License.
  */
 export * from './consts.js';
+export { PermissionProject_Permissions } from './ModuleBE_Permissions.js';