npm - @nu-art/permissions-backend - Versions diffs - 0.500.0 → 0.500.6 - Mend

@nu-art/permissions-backend 0.500.0 → 0.500.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (88) hide show

package/RequirePermission.d.ts +22 -10
package/RequirePermission.js +24 -15
package/_entity/access-group/ModuleBE_AccessGroupDB.d.ts +13 -0
package/_entity/access-group/ModuleBE_AccessGroupDB.js +36 -0
package/_entity/access-group/module-pack.d.ts +1 -0
package/_entity/access-group/module-pack.js +3 -0
package/_entity/permission-scope/ModuleBE_PermissionScopeDB.d.ts +6 -0
package/_entity/permission-scope/ModuleBE_PermissionScopeDB.js +8 -0
package/_entity/permission-scope/module-pack.d.ts +1 -0
package/_entity/permission-scope/module-pack.js +3 -0
package/_entity/user-permissions/ModuleBE_UserPermissionsAPI.d.ts +9 -0
package/_entity/{permission-user/ModuleBE_PermissionUserAPI.js → user-permissions/ModuleBE_UserPermissionsAPI.js} +17 -16
package/_entity/user-permissions/ModuleBE_UserPermissionsDB.d.ts +6 -0
package/_entity/user-permissions/ModuleBE_UserPermissionsDB.js +8 -0
package/_entity/user-permissions/module-pack.d.ts +2 -0
package/_entity/user-permissions/module-pack.js +3 -0
package/assertion-types.d.ts +9 -0
package/consts.d.ts +7 -4
package/consts.js +4 -2
package/core/function-permission-registry.d.ts +5 -6
package/core/function-permission-registry.js +10 -0
package/core/module-pack.js +6 -7
package/document-access-api.d.ts +6 -0
package/document-access-api.js +49 -0
package/document-access-enforcement.d.ts +9 -0
package/document-access-enforcement.js +137 -0
package/index.d.ts +12 -6
package/index.js +12 -6
package/modules/ModuleBE_Permissions.d.ts +63 -78
package/modules/ModuleBE_Permissions.js +494 -441
package/modules/ModuleBE_PermissionsAssert.d.ts +6 -54
package/modules/ModuleBE_PermissionsAssert.js +60 -285
package/package.json +14 -12
package/PermissionKey_BE.d.ts +0 -16
package/PermissionKey_BE.js +0 -59
package/_entity/permission-access-level/ModuleBE_PermissionAccessLevelDB.d.ts +0 -13
package/_entity/permission-access-level/ModuleBE_PermissionAccessLevelDB.js +0 -49
package/_entity/permission-access-level/index.d.ts +0 -2
package/_entity/permission-access-level/index.js +0 -2
package/_entity/permission-access-level/module-pack.d.ts +0 -1
package/_entity/permission-access-level/module-pack.js +0 -3
package/_entity/permission-api/ModuleBE_PermissionAPIDB.d.ts +0 -10
package/_entity/permission-api/ModuleBE_PermissionAPIDB.js +0 -62
package/_entity/permission-api/index.d.ts +0 -2
package/_entity/permission-api/index.js +0 -2
package/_entity/permission-api/module-pack.d.ts +0 -1
package/_entity/permission-api/module-pack.js +0 -3
package/_entity/permission-domain/ModuleBE_PermissionDomainDB.d.ts +0 -9
package/_entity/permission-domain/ModuleBE_PermissionDomainDB.js +0 -22
package/_entity/permission-domain/index.d.ts +0 -2
package/_entity/permission-domain/index.js +0 -2
package/_entity/permission-domain/module-pack.d.ts +0 -1
package/_entity/permission-domain/module-pack.js +0 -3
package/_entity/permission-group/ModuleBE_PermissionGroupDB.d.ts +0 -12
package/_entity/permission-group/ModuleBE_PermissionGroupDB.js +0 -65
package/_entity/permission-group/index.d.ts +0 -2
package/_entity/permission-group/index.js +0 -2
package/_entity/permission-group/module-pack.d.ts +0 -1
package/_entity/permission-group/module-pack.js +0 -3
package/_entity/permission-project/ModuleBE_PermissionProjectDB.d.ts +0 -8
package/_entity/permission-project/ModuleBE_PermissionProjectDB.js +0 -12
package/_entity/permission-project/index.d.ts +0 -2
package/_entity/permission-project/index.js +0 -2
package/_entity/permission-project/module-pack.d.ts +0 -1
package/_entity/permission-project/module-pack.js +0 -3
package/_entity/permission-user/ModuleBE_PermissionUserAPI.d.ts +0 -9
package/_entity/permission-user/ModuleBE_PermissionUserDB.d.ts +0 -34
package/_entity/permission-user/ModuleBE_PermissionUserDB.js +0 -241
package/_entity/permission-user/index.d.ts +0 -3
package/_entity/permission-user/index.js +0 -3
package/_entity/permission-user/module-pack.d.ts +0 -2
package/_entity/permission-user/module-pack.js +0 -3
package/_entity.d.ts +0 -12
package/_entity.js +0 -18
package/core/external-api-paths.d.ts +0 -13
package/core/external-api-paths.js +0 -13
package/core/utils.d.ts +0 -25
package/core/utils.js +0 -85
package/modules/consts.d.ts +0 -11
package/modules/consts.js +0 -29
package/modules/index.d.ts +0 -2
package/modules/index.js +0 -20
package/permissions-wire.d.ts +0 -46
package/permissions-wire.js +0 -47
package/permissions.d.ts +0 -22
package/permissions.js +0 -152
package/types.d.ts +0 -28
/package/{types.js → assertion-types.js} +0 -0

package/index.js CHANGED Viewed

@@ -16,12 +16,18 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-export * from './consts.js';
 export * from './core/module-pack.js';
-export * from './permissions-wire.js';
 export * from './core/function-permission-registry.js';
+export * from './assertion-types.js';
 export * from './RequirePermission.js';
-export * from './modules/index.js';
-export * from './permissions.js';
-export * from './_entity.js';
-export * from './types.js';
+export * from './modules/ModuleBE_Permissions.js';
+export * from './modules/ModuleBE_PermissionsAssert.js';
+export * from './_entity/permission-scope/ModuleBE_PermissionScopeDB.js';
+export * from './_entity/permission-scope/module-pack.js';
+export * from './_entity/user-permissions/ModuleBE_UserPermissionsDB.js';
+export * from './_entity/user-permissions/ModuleBE_UserPermissionsAPI.js';
+export * from './_entity/user-permissions/module-pack.js';
+export * from './_entity/access-group/ModuleBE_AccessGroupDB.js';
+export * from './_entity/access-group/module-pack.js';
+export * from './document-access-enforcement.js';
+export * from './document-access-api.js';

package/modules/ModuleBE_Permissions.d.ts CHANGED Viewed

@@ -1,83 +1,68 @@
-import { Module, TypedMap } from '@nu-art/ts-common';
-import type { PerformProjectSetup } from '@nu-art/permissions-shared';
-import { DB_PermissionGroup, DB_PermissionProject, DefaultDef_Group, SessionData_Permissions } from '@nu-art/permissions-shared';
-import { BaseSessionClaims, CollectSessionData } from '@nu-art/user-account-backend';
-import { DefaultDef_Project } from '../types.js';
-export interface CollectPermissionsProjects {
-    __collectPermissionsProjects(): DefaultDef_Project;
+import { Module, UniqueId } from '@nu-art/ts-common';
+import type { DB_Prototype } from '@nu-art/db-api-shared';
+import type { ModuleBE_BaseDB } from '@nu-art/db-api-backend';
+import type { DatabaseDef_AccessGroup, DocumentAccessInner } from '@nu-art/permissions-shared';
+import { type PerformProjectSetup, type SetupTask } from '@nu-art/action-processor-backend';
+import type { OnAccessGroupChanged } from '../_entity/access-group/ModuleBE_AccessGroupDB.js';
+import { FirebaseRef } from '@nu-art/firebase-backend';
+import { type AccessContextResolver } from '../document-access-enforcement.js';
+import { OnAccountDeleted, OnUserLogin } from '@nu-art/user-account-backend';
+import { SafeDB_Account } from '@nu-art/user-account-shared';
+export interface ResolveAdditionalGroupMemberships {
+    __resolveAdditionalGroupMemberships(accountId: string, context: 'register' | 'login'): Promise<UniqueId[]>;
 }
-export declare const PermissionGroup_Permissions_SuperAdmin: DefaultDef_Group;
-export declare const PermissionGroup_Permissions_Viewer: DefaultDef_Group;
-export declare const PermissionGroup_Permissions_Editor: DefaultDef_Group;
-export declare const PermissionGroup_Account_Manager: DefaultDef_Group;
-export declare const PermissionGroup_Account_Admin: DefaultDef_Group;
-export declare const PermissionGroup_Account_Viewer: DefaultDef_Group;
-export declare const PermissionGroups_Permissions: DefaultDef_Group[];
-export declare const PermissionProject_Permissions: DefaultDef_Project;
-declare class ModuleBE_Permissions_Class extends Module implements CollectSessionData<SessionData_Permissions>, PerformProjectSetup {
+export type ServiceAccountConfig = {
+    readonly scopes: string[];
+    readonly enabled: boolean;
+    readonly systemOnly: boolean;
+};
+export declare const ServiceAccountId_Bootstrap = "bootstrap-admin";
+type Config = {
+    serviceAccounts: Record<string, ServiceAccountConfig>;
+};
+export declare const GroupId_AppDefault: import("@nu-art/db-api-shared").DB_UniqueId<"permissions--access-groups">;
+export declare const GroupId_PermissionsAdmin: import("@nu-art/db-api-shared").DB_UniqueId<"permissions--access-groups">;
+export declare const PermissionsInfraGroupIds: Record<keyof DocumentAccessInner, DatabaseDef_AccessGroup['id']>;
+export declare const SetupTaskKey_PermissionsGroups: import("@nu-art/action-processor-backend").SetupTaskKey;
+declare class ModuleBE_Permissions_Class extends Module<Config> implements PerformProjectSetup, OnAccessGroupChanged, OnUserLogin, OnAccountDeleted {
+    private adminGrantFlagRef;
+    private readonly accessResolvers;
+    private readonly moduleScopeKeys;
+    constructor();
+    private readonly permissionsAccessResolver;
     protected init(): void;
-    toggleStrictMode(_params?: unknown): Promise<void>;
-    createProject(_params?: unknown): Promise<void>;
-    __collectSessionData(data: BaseSessionClaims): Promise<SessionData_Permissions>;
-    getUserPermissionMap: (userGroups: DB_PermissionGroup[]) => Promise<TypedMap<number>>;
-    __performProjectSetup(): {
-        priority: number;
-        processor: () => Promise<void>;
-    };
-    /**
-     * Creates domains and access levels from the function-permission registry (populated by @RequirePermission decorators).
-     * New (scopeKey, value) pairs get domains/levels created; not assigned to anyone until explicitly assigned.
-     */
-    private createDomainsAndLevelsFromFunctionPermissionRegistry;
-    createPermissionProjects(projects: DefaultDef_Project[]): Promise<void>;
-    /**
-     * Creates All the DB_PermissionProject
-     *
-     * @param projects - predefined permissions projects
-     */
-    createProjects(projects: DefaultDef_Project[]): Promise<TypedMap<DB_PermissionProject>>;
-    /**
-     * Creates All the DB_PermissionDomains
-     *
-     * @param projects - predefined permissions projects
-     * @param map_nameToDBProject
-     */
-    private createDomains;
-    /**
-     * Creates All the DB_PermissionAccessLevel
-     *
-     * @param projects - predefined permissions projects
-     * @param map_nameToDbDomain
-     */
-    private createAccessLevels;
-    /**
-     * Creates All the DB_PermissionGroup
-     *
-     * @param projects - predefined permissions projects
-     * @param map_nameToDbDomain
-     * @param domainNameToLevelNameToDBAccessLevel
-     */
-    private createGroups;
-    /**
-     * Creates All the DB_PermissionApi (path-based).
-     * @deprecated API collection deprecated; use function-based permissions and @RequirePermission. Domains/levels from function-permission registry instead.
-     * @param projects - predefined permissions projects
-     * @param domainNameToLevelNameToDBAccessLevel
-     */
-    private createApis;
-    /**
-     * Creates permission keys associated with the given projects.
-     *
-     * @param projects - An array of projects.
-     */
-    private createPermissionsKeys;
-    /**
-     * If no "Super Admin" user is defined in the system!
-     * The first user to press the create project button will become the "Super Admin" of the system
-     *
-     * If a "Super Admin" already exists in the system, a 403 will be thrown
-     */
-    private assignSuperAdmin;
+    setAccessContextResolver<Database extends DB_Prototype>(dbModule: ModuleBE_BaseDB<Database>, resolver: AccessContextResolver<Database>, scopeKeys?: string[]): void;
+    private wireDocumentAccessToAllModules;
+    getAdminGrantFlagRef(): FirebaseRef<boolean>;
+    __performProjectSetup(): SetupTask[];
+    ensureDefinedGroups(): Promise<void>;
+    __onUserLogin(account: SafeDB_Account): Promise<void>;
+    __onAccountDeleted(account: SafeDB_Account): Promise<void>;
+    private ensurePersonalAccessGroup;
+    private addToDefaultGroup;
+    private promoteIfNoAdmin;
+    private checkAdminGrantFlag;
+    private resolveAdditionalGroupMemberships;
+    recomputePermissionsForUsers(accountIds: UniqueId[]): Promise<void>;
+    recomputePermissionsForAllUsers(): Promise<void>;
+    private materializeFromGroups;
+    __onAccessGroupChanged(changedGroupIds: UniqueId[]): Promise<void>;
+    rematerializeForGroups(changedGroupIds: UniqueId[]): Promise<void>;
+    private walkGroupGraphUp;
+    private resolveScopeIdsToStrings;
+    private deduplicateScopeEntries;
+    runAsServiceAccount<R>(saId: string, action: () => Promise<R>): Promise<R>;
+    private resolveSAAccessIds;
+    private resolveBootstrapAccessIds;
+    private resolveBootstrapScopes;
+    private ensureBootstrapSAAccessGroup;
+    private ensureServiceAccountAccessGroups;
+    private ensurePermissionsInfraAccessGroups;
+    private ensureScopeEntities;
+    private ensureDefaultGroup;
+    private ensurePermissionsAdminGroup;
+    private ensureAppDefinedGroups;
+    private syncPersonalGroupsForExistingAccounts;
 }
 export declare const ModuleBE_Permissions: ModuleBE_Permissions_Class;
 export {};