@nu-art/permissions-frontend 0.401.9 → 0.500.6

package/_entity/access-group/ModuleFE_AccessGroup.d.ts

@@ -0,0 +1,12 @@
+import { ModuleFE_BaseApi } from '@nu-art/db-api-frontend';
+import { ApiCallerEventType } from '@nu-art/db-api-shared';
+import { ThunderDispatcher } from '@nu-art/thunder-core';
+import { DatabaseDef_AccessGroup } from '@nu-art/permissions-shared';
+export interface OnAccessGroupUpdated {
+    __onAccessGroupUpdated: (...params: ApiCallerEventType<DatabaseDef_AccessGroup['dbType']>) => void;
+}
+export declare const dispatch_onAccessGroupChanged: ThunderDispatcher<OnAccessGroupUpdated, "__onAccessGroupUpdated", ApiCallerEventType<import("@nu-art/permissions-shared").DB_AccessGroup>, void>;
+export declare class ModuleFE_AccessGroup_Class extends ModuleFE_BaseApi<DatabaseDef_AccessGroup> {
+    constructor();
+}
+export declare const ModuleFE_AccessGroup: ModuleFE_AccessGroup_Class;

package/_entity/access-group/ModuleFE_AccessGroup.js

@@ -0,0 +1,15 @@
+import { ModuleFE_BaseApi, buildConfigFromDBDef } from '@nu-art/db-api-frontend';
+import { CrudApiDef } from '@nu-art/db-api-shared';
+import { ThunderDispatcher } from '@nu-art/thunder-core';
+import { DBDef_AccessGroup } from '@nu-art/permissions-shared';
+export const dispatch_onAccessGroupChanged = new ThunderDispatcher('__onAccessGroupUpdated');
+export class ModuleFE_AccessGroup_Class extends ModuleFE_BaseApi {
+    constructor() {
+        super({
+            config: buildConfigFromDBDef(DBDef_AccessGroup),
+            crudApiDef: CrudApiDef(DBDef_AccessGroup.dbKey),
+            dispatcher: (...args) => dispatch_onAccessGroupChanged.dispatchAll(...args)
+        });
+    }
+}
+export const ModuleFE_AccessGroup = new ModuleFE_AccessGroup_Class();

package/_entity/access-group/module-pack.d.ts

@@ -0,0 +1 @@
+export declare const ModulePackFE_AccessGroup: import("./ModuleFE_AccessGroup.js").ModuleFE_AccessGroup_Class[];

package/_entity/access-group/module-pack.js

@@ -0,0 +1,2 @@
+import { ModuleFE_AccessGroup } from './ModuleFE_AccessGroup.js';
+export const ModulePackFE_AccessGroup = [ModuleFE_AccessGroup];

package/_entity/permission-scope/ModuleFE_PermissionScope.d.ts

@@ -0,0 +1,12 @@
+import { ModuleFE_BaseApi } from '@nu-art/db-api-frontend';
+import { ApiCallerEventType } from '@nu-art/db-api-shared';
+import { ThunderDispatcher } from '@nu-art/thunder-core';
+import { DatabaseDef_PermissionScope } from '@nu-art/permissions-shared';
+export interface OnPermissionScopeUpdated {
+    __onPermissionScopeUpdated: (...params: ApiCallerEventType<DatabaseDef_PermissionScope['dbType']>) => void;
+}
+export declare const dispatch_onPermissionScopeChanged: ThunderDispatcher<OnPermissionScopeUpdated, "__onPermissionScopeUpdated", ApiCallerEventType<import("@nu-art/permissions-shared").DB_PermissionScope>, void>;
+export declare class ModuleFE_PermissionScope_Class extends ModuleFE_BaseApi<DatabaseDef_PermissionScope> {
+    constructor();
+}
+export declare const ModuleFE_PermissionScope: ModuleFE_PermissionScope_Class;

package/_entity/permission-scope/ModuleFE_PermissionScope.js

@@ -0,0 +1,15 @@
+import { ModuleFE_BaseApi, buildConfigFromDBDef } from '@nu-art/db-api-frontend';
+import { CrudApiDef } from '@nu-art/db-api-shared';
+import { ThunderDispatcher } from '@nu-art/thunder-core';
+import { DBDef_PermissionScope } from '@nu-art/permissions-shared';
+export const dispatch_onPermissionScopeChanged = new ThunderDispatcher('__onPermissionScopeUpdated');
+export class ModuleFE_PermissionScope_Class extends ModuleFE_BaseApi {
+    constructor() {
+        super({
+            config: buildConfigFromDBDef(DBDef_PermissionScope),
+            crudApiDef: CrudApiDef(DBDef_PermissionScope.dbKey),
+            dispatcher: (...args) => dispatch_onPermissionScopeChanged.dispatchAll(...args)
+        });
+    }
+}
+export const ModuleFE_PermissionScope = new ModuleFE_PermissionScope_Class();

package/_entity/permission-scope/module-pack.d.ts

@@ -0,0 +1 @@
+export declare const ModulePackFE_PermissionScope: import("./ModuleFE_PermissionScope.js").ModuleFE_PermissionScope_Class[];

package/_entity/permission-scope/module-pack.js

@@ -0,0 +1,2 @@
+import { ModuleFE_PermissionScope } from './ModuleFE_PermissionScope.js';
+export const ModulePackFE_PermissionScope = [ModuleFE_PermissionScope];

package/_entity/user-permissions/ModuleFE_UserPermissions.d.ts

@@ -0,0 +1,16 @@
+import { ModuleFE_BaseApi } from '@nu-art/db-api-frontend';
+import { ApiCallerEventType } from '@nu-art/db-api-shared';
+import { ThunderDispatcher } from '@nu-art/thunder-core';
+import { API_UserPermissions, DatabaseDef_UserPermissions, Response_MyPermissions } from '@nu-art/permissions-shared';
+export interface OnUserPermissionsUpdated {
+    __onUserPermissionsUpdated: (...params: ApiCallerEventType<DatabaseDef_UserPermissions['dbType']>) => void;
+}
+export declare const dispatch_onUserPermissionsChanged: ThunderDispatcher<OnUserPermissionsUpdated, "__onUserPermissionsUpdated", ApiCallerEventType<import("@nu-art/permissions-shared").DB_UserPermissions>, void>;
+export declare class ModuleFE_UserPermissions_Class extends ModuleFE_BaseApi<DatabaseDef_UserPermissions> {
+    private myPermissions;
+    constructor();
+    fetchMyPermissions(_params?: API_UserPermissions['getMyPermissions']['Params']): Promise<Response_MyPermissions>;
+    private onMyPermissionsFetched;
+    getScopeEntries(): string[];
+}
+export declare const ModuleFE_UserPermissions: ModuleFE_UserPermissions_Class;

package/_entity/user-permissions/ModuleFE_UserPermissions.js

@@ -0,0 +1,83 @@
+var __runInitializers = (this && this.__runInitializers) || function (thisArg, initializers, value) {
+    var useValue = arguments.length > 2;
+    for (var i = 0; i < initializers.length; i++) {
+        value = useValue ? initializers[i].call(thisArg, value) : initializers[i].call(thisArg);
+    }
+    return useValue ? value : void 0;
+};
+var __esDecorate = (this && this.__esDecorate) || function (ctor, descriptorIn, decorators, contextIn, initializers, extraInitializers) {
+    function accept(f) { if (f !== void 0 && typeof f !== "function") throw new TypeError("Function expected"); return f; }
+    var kind = contextIn.kind, key = kind === "getter" ? "get" : kind === "setter" ? "set" : "value";
+    var target = !descriptorIn && ctor ? contextIn["static"] ? ctor : ctor.prototype : null;
+    var descriptor = descriptorIn || (target ? Object.getOwnPropertyDescriptor(target, contextIn.name) : {});
+    var _, done = false;
+    for (var i = decorators.length - 1; i >= 0; i--) {
+        var context = {};
+        for (var p in contextIn) context[p] = p === "access" ? {} : contextIn[p];
+        for (var p in contextIn.access) context.access[p] = contextIn.access[p];
+        context.addInitializer = function (f) { if (done) throw new TypeError("Cannot add initializers after decoration has completed"); extraInitializers.push(accept(f || null)); };
+        var result = (0, decorators[i])(kind === "accessor" ? { get: descriptor.get, set: descriptor.set } : descriptor[key], context);
+        if (kind === "accessor") {
+            if (result === void 0) continue;
+            if (result === null || typeof result !== "object") throw new TypeError("Object expected");
+            if (_ = accept(result.get)) descriptor.get = _;
+            if (_ = accept(result.set)) descriptor.set = _;
+            if (_ = accept(result.init)) initializers.unshift(_);
+        }
+        else if (_ = accept(result)) {
+            if (kind === "field") initializers.unshift(_);
+            else descriptor[key] = _;
+        }
+    }
+    if (target) Object.defineProperty(target, contextIn.name, descriptor);
+    done = true;
+};
+import { buildConfigFromDBDef, ModuleFE_BaseApi } from '@nu-art/db-api-frontend';
+import { CrudApiDef, stringToUniqueId } from '@nu-art/db-api-shared';
+import { ApiCaller } from '@nu-art/http-client';
+import { ThunderDispatcher } from '@nu-art/thunder-core';
+import { ApiDef_UserPermissions, DBDef_UserPermissions, } from '@nu-art/permissions-shared';
+import { SessionKeyFE_Account } from '@nu-art/user-account-frontend';
+export const dispatch_onUserPermissionsChanged = new ThunderDispatcher('__onUserPermissionsUpdated');
+let ModuleFE_UserPermissions_Class = (() => {
+    let _classSuper = ModuleFE_BaseApi;
+    let _instanceExtraInitializers = [];
+    let _fetchMyPermissions_decorators;
+    return class ModuleFE_UserPermissions_Class extends _classSuper {
+        static {
+            const _metadata = typeof Symbol === "function" && Symbol.metadata ? Object.create(_classSuper[Symbol.metadata] ?? null) : void 0;
+            _fetchMyPermissions_decorators = [ApiCaller(ApiDef_UserPermissions.getMyPermissions, {
+                    onComplete: (m, ctx) => m.onMyPermissionsFetched(ctx.response),
+                })];
+            __esDecorate(this, null, _fetchMyPermissions_decorators, { kind: "method", name: "fetchMyPermissions", static: false, private: false, access: { has: obj => "fetchMyPermissions" in obj, get: obj => obj.fetchMyPermissions }, metadata: _metadata }, null, _instanceExtraInitializers);
+            if (_metadata) Object.defineProperty(this, Symbol.metadata, { enumerable: true, configurable: true, writable: true, value: _metadata });
+        }
+        myPermissions = (__runInitializers(this, _instanceExtraInitializers), []);
+        constructor() {
+            super({
+                config: buildConfigFromDBDef(DBDef_UserPermissions),
+                crudApiDef: CrudApiDef(DBDef_UserPermissions.dbKey),
+                dispatcher: (...args) => dispatch_onUserPermissionsChanged.dispatchAll(...args),
+            });
+        }
+        async fetchMyPermissions(_params) {
+            void _params;
+            return undefined;
+        }
+        onMyPermissionsFetched(response) {
+            this.myPermissions = response.scopeEntries;
+        }
+        getScopeEntries() {
+            const account = SessionKeyFE_Account.get();
+            if (!account)
+                return this.myPermissions;
+            const entityId = stringToUniqueId(account._id);
+            const cached = this.cache.unique(entityId);
+            if (cached)
+                return cached.scopeEntries;
+            return this.myPermissions;
+        }
+    };
+})();
+export { ModuleFE_UserPermissions_Class };
+export const ModuleFE_UserPermissions = new ModuleFE_UserPermissions_Class();

package/_entity/user-permissions/module-pack.d.ts

@@ -0,0 +1 @@
+export declare const ModulePackFE_UserPermissions: import("./ModuleFE_UserPermissions.js").ModuleFE_UserPermissions_Class[];

package/_entity/user-permissions/module-pack.js

@@ -0,0 +1,2 @@
+import { ModuleFE_UserPermissions } from './ModuleFE_UserPermissions.js';
+export const ModulePackFE_UserPermissions = [ModuleFE_UserPermissions];

package/consts.d.ts

@@ -1,4 +1,3 @@
-import { SessionData_Permissions, SessionData_StrictMode } from '@nu-art/permissions-shared';
+import { SessionData_StrictMode } from '@nu-art/permissions-shared';
 import { SessionKey_FE } from '@nu-art/user-account-frontend';
-export declare const SessionKey_Permissions_FE: SessionKey_FE<SessionData_Permissions>;
 export declare const SessionKey_StrictMode_FE: SessionKey_FE<SessionData_StrictMode>;

package/consts.js

@@ -1,3 +1,2 @@
 import { SessionKey_FE } from '@nu-art/user-account-frontend';
-export const SessionKey_Permissions_FE = new SessionKey_FE('permissions');
 export const SessionKey_StrictMode_FE = new SessionKey_FE('strictMode');

package/core/module-pack.js

@@ -17,13 +17,12 @@
  * limitations under the License.
  */
 import { ModuleFE_PermissionsAssert } from '../modules/ModuleFE_PermissionsAssert.js';
-import { ModulePackFE_PermissionAccessLevel, ModulePackFE_PermissionAPI, ModulePackFE_PermissionDomain, ModulePackFE_PermissionGroup, ModulePackFE_PermissionProject, ModulePackFE_PermissionUser } from '../_entity.js';
+import { ModulePackFE_PermissionScope } from '../_entity/permission-scope/module-pack.js';
+import { ModulePackFE_UserPermissions } from '../_entity/user-permissions/module-pack.js';
+import { ModulePackFE_AccessGroup } from '../_entity/access-group/module-pack.js';
 export const ModulePackFE_Permissions = [
     ModuleFE_PermissionsAssert,
-    ...ModulePackFE_PermissionAccessLevel,
-    ...ModulePackFE_PermissionAPI,
-    ...ModulePackFE_PermissionProject,
-    ...ModulePackFE_PermissionDomain,
-    ...ModulePackFE_PermissionGroup,
-    ...ModulePackFE_PermissionUser,
+    ...ModulePackFE_PermissionScope,
+    ...ModulePackFE_UserPermissions,
+    ...ModulePackFE_AccessGroup,
 ];

package/index.d.ts

@@ -1,5 +1,15 @@
-export * from './PermissionKey_FE.js';
 export * from './core/module-pack.js';
-export * from './ui/index.js';
+export * from './ui/Page_Permissions/Page_Permissions.js';
+export * from './ui/Page_Permissions/route.js';
+export * from './ui/scope-editor/Component_ScopeLabels.js';
+export * from './ui/scope-editor/Component_ScopeMultiSelect.js';
+export * from './ui/scope-editor/scope-utils.js';
+export * from './ui/PermissionGuard.js';
 export * from './consts.js';
-export * from './_entity.js';
+export * from './_entity/permission-scope/ModuleFE_PermissionScope.js';
+export * from './_entity/permission-scope/module-pack.js';
+export * from './_entity/user-permissions/ModuleFE_UserPermissions.js';
+export * from './_entity/user-permissions/module-pack.js';
+export * from './_entity/access-group/ModuleFE_AccessGroup.js';
+export * from './_entity/access-group/module-pack.js';
+export * from './modules/ModuleFE_PermissionsAssert.js';

package/index.js

@@ -16,8 +16,18 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-export * from './PermissionKey_FE.js';
 export * from './core/module-pack.js';
-export * from './ui/index.js';
+export * from './ui/Page_Permissions/Page_Permissions.js';
+export * from './ui/Page_Permissions/route.js';
+export * from './ui/scope-editor/Component_ScopeLabels.js';
+export * from './ui/scope-editor/Component_ScopeMultiSelect.js';
+export * from './ui/scope-editor/scope-utils.js';
+export * from './ui/PermissionGuard.js';
 export * from './consts.js';
-export * from './_entity.js';
+export * from './_entity/permission-scope/ModuleFE_PermissionScope.js';
+export * from './_entity/permission-scope/module-pack.js';
+export * from './_entity/user-permissions/ModuleFE_UserPermissions.js';
+export * from './_entity/user-permissions/module-pack.js';
+export * from './_entity/access-group/ModuleFE_AccessGroup.js';
+export * from './_entity/access-group/module-pack.js';
+export * from './modules/ModuleFE_PermissionsAssert.js';

package/modules/ModuleFE_PermissionsAssert.d.ts

@@ -1,32 +1,9 @@
-import { Module, TypedMap } from '@nu-art/ts-common';
-import { PermissionKey_FE } from '../PermissionKey_FE.js';
-export type PermissionsModuleFEConfig = {
-    projectId: string;
-};
+import { Module } from '@nu-art/ts-common';
+import type { PermissionScope } from '@nu-art/permissions-shared';
 export interface OnPermissionsChanged {
     __onPermissionsChanged: () => void;
 }
-export interface OnPermissionsFailed {
-    __onPermissionsFailed: () => void;
-}
-export declare enum AccessLevel {
-    Undefined = 0,
-    NoAccessLevelsDefined = 1,
-    NoAccess = 2,
-    HasAccess = 3
-}
-export declare class ModuleFE_PermissionsAssert_Class extends Module<PermissionsModuleFEConfig> {
-    permissionKeys: TypedMap<PermissionKey_FE<any>>;
-    readonly v1: {
-        toggleStrictMode: (params: import("@nu-art/thunderstorm-shared").QueryParams) => import("@nu-art/thunderstorm-shared").BaseHttpRequest<import("@nu-art/thunderstorm-shared").QueryApi<void>>;
-        createProject: (params: import("@nu-art/thunderstorm-shared").QueryParams) => import("@nu-art/thunderstorm-shared").BaseHttpRequest<import("@nu-art/thunderstorm-shared").QueryApi<void>>;
-    };
-    constructor();
-    protected init(): void;
-    getAccessLevelByKeyString(key: string): AccessLevel;
-    getAccessLevel(key: PermissionKey_FE): AccessLevel;
-    getPermissionKey(key: string): PermissionKey_FE;
-    registerPermissionKey(key: PermissionKey_FE): void;
-    getAllPermissionKeys(): TypedMap<PermissionKey_FE<any>>;
+export declare class ModuleFE_PermissionsAssert_Class extends Module {
+    hasScopeAccess(scope: PermissionScope, requiredValue: string): boolean;
 }
 export declare const ModuleFE_PermissionsAssert: ModuleFE_PermissionsAssert_Class;

package/modules/ModuleFE_PermissionsAssert.js

@@ -16,65 +16,19 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-import { _keys, BadImplementationException, exists, Module } from '@nu-art/ts-common';
-import { apiWithQuery, ModuleFE_Utils, } from '@nu-art/thunderstorm-frontend/index';
-import { SessionKey_Permissions_FE, SessionKey_StrictMode_FE } from '../consts.js';
-import { RendererKey_AccountMenu_SubHeader } from '@nu-art/user-account-frontend/consts';
-import { Renderer_RoleNames } from '../ui/Renderer_RoleNames.js';
-import { ApiDef_Permissions } from '@nu-art/permissions-shared';
-// const dispatch_onPermissionsChanged = new ThunderDispatcher<OnPermissionsChanged, '__onPermissionsChanged'>('__onPermissionsChanged');
-// const dispatch_onPermissionsFailed = new ThunderDispatcher<OnPermissionsFailed, '__onPermissionsFailed'>('__onPermissionsFailed');
-export var AccessLevel;
-(function (AccessLevel) {
-    AccessLevel[AccessLevel["Undefined"] = 0] = "Undefined";
-    AccessLevel[AccessLevel["NoAccessLevelsDefined"] = 1] = "NoAccessLevelsDefined";
-    AccessLevel[AccessLevel["NoAccess"] = 2] = "NoAccess";
-    AccessLevel[AccessLevel["HasAccess"] = 3] = "HasAccess";
-})(AccessLevel || (AccessLevel = {}));
+import { Module } from '@nu-art/ts-common';
+import { ModuleFE_UserPermissions } from '../_entity/user-permissions/ModuleFE_UserPermissions.js';
 export class ModuleFE_PermissionsAssert_Class extends Module {
-    permissionKeys = {};
-    v1;
-    constructor() {
-        super();
-        this.v1 = {
-            toggleStrictMode: apiWithQuery(ApiDef_Permissions.v1.toggleStrictMode),
-            createProject: apiWithQuery(ApiDef_Permissions.v1.createProject),
-        };
-    }
-    init() {
-        super.init();
-        ModuleFE_Utils.registerRenderer(RendererKey_AccountMenu_SubHeader, Renderer_RoleNames);
-    }
-    getAccessLevelByKeyString(key) {
-        return this.getAccessLevel(this.getPermissionKey(key));
-    }
-    getAccessLevel(key) {
-        const keyData = key.get();
-        if (!exists(keyData))
-            return SessionKey_StrictMode_FE.get() ? AccessLevel.Undefined : AccessLevel.HasAccess;
-        if (keyData.accessLevelIds.length === 0)
-            return AccessLevel.NoAccessLevelsDefined;
-        const userAccessLevels = SessionKey_Permissions_FE.get().domainToValueMap;
-        try {
-            const canAccess = _keys(keyData._accessLevels).reduce((hasAccess, domainId) => {
-                return hasAccess && userAccessLevels[domainId] >= keyData._accessLevels[domainId];
-            }, true);
-            return canAccess ? AccessLevel.HasAccess : AccessLevel.NoAccess;
-        }
-        catch (e) {
-            return AccessLevel.NoAccess;
-        }
-    }
-    getPermissionKey(key) {
-        return this.permissionKeys[key];
-    }
-    registerPermissionKey(key) {
-        if (this.permissionKeys[key.key])
-            throw new BadImplementationException(`Registered PermissionKey '${key}' more than once!`);
-        this.permissionKeys[key.key] = key;
-    }
-    getAllPermissionKeys() {
-        return this.permissionKeys;
+    hasScopeAccess(scope, requiredValue) {
+        const scopeEntries = ModuleFE_UserPermissions.getScopeEntries();
+        const prefix = scope.key + ':';
+        const entry = scopeEntries.find(p => p.startsWith(prefix));
+        if (!entry)
+            return false;
+        const userValue = entry.substring(prefix.length);
+        const requiredIdx = scope.values.indexOf(requiredValue);
+        const userIdx = scope.values.indexOf(userValue);
+        return userIdx >= requiredIdx;
     }
 }
 export const ModuleFE_PermissionsAssert = new ModuleFE_PermissionsAssert_Class();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nu-art/permissions-frontend",
-  "version": "0.401.9",
+  "version": "0.500.6",
   "description": "Permissions Frontend",
   "keywords": [
     "TacB0sS",
@@ -11,7 +11,6 @@
     "nu-art",
     "permissions",
     "saml",
-    "thunderstorm",
     "typescript",
     "user-account"
   ],
@@ -35,15 +34,24 @@
     "test": "ts-mocha -w -p src/test/tsconfig.json --timeout 0 --inspect=8107 --watch-files '**/*.ts' src/test/__all-tests.ts"
   },
   "dependencies": {
-    "@nu-art/permissions-shared": "0.401.9",
-    "@nu-art/firebase-frontend": "0.401.9",
-    "@nu-art/firebase-shared": "0.401.9",
-    "@nu-art/thunderstorm-frontend": "0.401.9",
-    "@nu-art/thunderstorm-shared": "0.401.9",
-    "@nu-art/ts-common": "0.401.9",
-    "@nu-art/ts-styles": "0.401.9",
-    "@nu-art/user-account-frontend": "0.401.9",
-    "@nu-art/user-account-shared": "0.401.9",
+    "@nu-art/app-config-frontend": "0.500.6",
+    "@nu-art/db-api-frontend": "0.500.6",
+    "@nu-art/sync-manager-frontend": "0.500.6",
+    "@nu-art/db-api-shared": "0.500.6",
+    "@nu-art/permissions-shared": "0.500.6",
+    "@nu-art/firebase-frontend": "0.500.6",
+    "@nu-art/firebase-shared": "0.500.6",
+    "@nu-art/thunder-core": "0.500.6",
+    "@nu-art/thunder-routing": "0.500.6",
+    "@nu-art/thunder-ui-modules": "0.500.6",
+    "@nu-art/thunder-notifications": "0.500.6",
+    "@nu-art/db-item-editor": "0.500.6",
+    "@nu-art/thunder-widgets": "0.500.6",
+    "@nu-art/editable-item": "0.500.6",
+    "@nu-art/ts-common": "0.500.6",
+    "@nu-art/ts-styles": "0.500.6",
+    "@nu-art/user-account-frontend": "0.500.6",
+    "@nu-art/user-account-shared": "0.500.6",
     "express": "^4.18.2",
     "firebase": "^11.9.0",
     "firebase-admin": "13.4.0",
@@ -52,7 +60,8 @@
     "react": "^18.0.0",
     "react-dom": "^18.0.0",
     "react-router-dom": "^6.9.0",
-    "saml2-js": "^4.0.1"
+    "saml2-js": "^4.0.1",
+    "@nu-art/http-client": "0.500.6"
   },
   "devDependencies": {
     "@types/react": "^18.0.0",
@@ -63,6 +72,7 @@
     "@types/chai": "^4.3.4",
     "@types/mocha": "^10.0.1",
     "@types/history": "^4.7.2",
+    "@types/request": "^2.48.1",
     "@types/saml2-js": "^1.6.8"
   },
   "unitConfig": {

package/ui/Page_Permissions/Page_Permissions.d.ts

@@ -0,0 +1,2 @@
+import './Page_Permissions.scss';
+export declare const APage_Permissions: () => import("react/jsx-runtime").JSX.Element;

package/ui/Page_Permissions/Page_Permissions.js

@@ -0,0 +1,186 @@
+import { jsxs as _jsxs, jsx as _jsx, Fragment as _Fragment } from "react/jsx-runtime";
+/*
+ * Permissions management system
+ * Copyright (C) 2020 Adam van der Kruk aka TacB0sS
+ * Licensed under the Apache License, Version 2.0
+ */
+import { AwaitModules } from '@nu-art/sync-manager-frontend';
+import { Filter, sortArray } from '@nu-art/ts-common';
+import { ModuleFE_PermissionScope } from '../../_entity/permission-scope/ModuleFE_PermissionScope.js';
+import { ModuleFE_AccessGroup } from '../../_entity/access-group/ModuleFE_AccessGroup.js';
+import { ComponentSync, LL_H_C, LL_H_T, LL_V_L, SimpleListAdapter, TS_DropDown, TS_Input, TS_JSONViewer } from '@nu-art/thunder-widgets';
+import { Component_ScopeMultiSelect } from '../scope-editor/Component_ScopeMultiSelect.js';
+import { Component_ScopeLabels } from '../scope-editor/Component_ScopeLabels.js';
+import './Page_Permissions.scss';
+const memberFilter = new Filter(item => [item.label]);
+const editableGroupTypes = new Set(['entity', 'custom']);
+function resolveGroupLabel(id) {
+    return ModuleFE_AccessGroup.cache.unique(id)?.label ?? id;
+}
+function resolveScopeLabel(id) {
+    const entity = ModuleFE_PermissionScope.cache.unique(id);
+    return entity ? `${entity.key}:${entity.value}` : id;
+}
+function resolveIds(ids, resolver) {
+    if (!ids?.length)
+        return [];
+    return ids.map(resolver);
+}
+function buildResolvedDocument(group) {
+    const access = group.__access;
+    const result = {
+        _id: group._id,
+        _v: group._v,
+        type: group.type,
+        key: group.key,
+        label: group.label,
+    };
+    const members = resolveIds(group.members, resolveGroupLabel);
+    if (members.length)
+        result.members = members;
+    const scopeEntries = resolveIds((group.scopeEntries ?? []), resolveScopeLabel);
+    if (scopeEntries.length)
+        result.scopeEntries = scopeEntries;
+    if (access) {
+        const resolved = {};
+        for (const [role, ids] of Object.entries(access)) {
+            const labels = resolveIds(ids, resolveGroupLabel);
+            if (labels.length)
+                resolved[role] = labels;
+        }
+        if (Object.keys(resolved).length)
+            result.__access = resolved;
+    }
+    return result;
+}
+class Page_Permissions extends ComponentSync {
+    __onAccessGroupUpdated(..._params) {
+        this.forceUpdate();
+    }
+    __onPermissionScopeUpdated(..._params) {
+        this.forceUpdate();
+    }
+    deriveStateFromProps(_nextProps, state) {
+        return {
+            ...state,
+            groupSearch: state?.groupSearch ?? '',
+        };
+    }
+    selectGroup = (group) => {
+        const isEditable = editableGroupTypes.has(group.type);
+        this.setState({
+            selectedGroupId: group._id,
+            editingGroup: isEditable ? {
+                ...group,
+                members: [...group.members],
+                scopeEntries: group.scopeEntries ? [...group.scopeEntries] : [],
+            } : undefined,
+        });
+    };
+    onScopeEntriesChanged = (entries) => {
+        const draft = this.state.editingGroup;
+        if (!draft)
+            return;
+        this.setState({ editingGroup: { ...draft, scopeEntries: entries } });
+    };
+    addMember = (member) => {
+        const draft = this.state.editingGroup;
+        if (!draft)
+            return;
+        if (draft.members.includes(member._id))
+            return;
+        this.setState({ editingGroup: { ...draft, members: [...draft.members, member._id] } });
+    };
+    removeMember = (memberId) => {
+        const draft = this.state.editingGroup;
+        if (!draft)
+            return;
+        this.setState({ editingGroup: { ...draft, members: draft.members.filter(id => id !== memberId) } });
+    };
+    saveGroup = async () => {
+        const draft = this.state.editingGroup;
+        if (!draft)
+            return;
+        await ModuleFE_AccessGroup.upsert(draft);
+    };
+    cancelEdit = () => {
+        const selectedId = this.state.selectedGroupId;
+        if (!selectedId)
+            return;
+        const original = ModuleFE_AccessGroup.cache.unique(selectedId);
+        if (!original)
+            return;
+        this.setState({
+            editingGroup: editableGroupTypes.has(original.type) ? {
+                ...original,
+                members: [...original.members],
+                scopeEntries: original.scopeEntries ? [...original.scopeEntries] : [],
+            } : undefined,
+        });
+    };
+    render() {
+        const groups = sortArray(ModuleFE_AccessGroup.cache.allMutable(), g => g.label);
+        const filteredGroups = this.state.groupSearch
+            ? groups.filter(g => g.label.toLowerCase().includes(this.state.groupSearch.toLowerCase()))
+            : groups;
+        const selectedGroup = this.state.selectedGroupId
+            ? groups.find(g => g._id === this.state.selectedGroupId)
+            : undefined;
+        return _jsxs(LL_H_T, { className: 'page-permissions', children: [this.renderListPanel(filteredGroups), this.renderDetailPanel(selectedGroup), this.renderDebugPanel(selectedGroup)] });
+    }
+    renderListPanel(groups) {
+        return _jsxs(LL_V_L, { className: 'page-permissions__list-panel', children: [_jsx("h2", { children: "Access Groups" }), _jsx(TS_Input, { type: 'text', value: this.state.groupSearch, placeholder: 'Filter groups...', saveEvent: ['change'], onChange: value => this.setState({ groupSearch: value }) }), _jsx(LL_V_L, { className: 'page-permissions__group-list', children: groups.length === 0
+                        ? _jsx("div", { className: 'empty-state', children: "No groups" })
+                        : groups.map(group => this.renderGroupRow(group)) })] });
+    }
+    renderGroupRow(group) {
+        const isSelected = this.state.selectedGroupId === group._id;
+        const scopeCount = group.scopeEntries?.length ?? 0;
+        return _jsxs("div", { className: `page-permissions__group-row ${isSelected ? 'page-permissions__group-row--selected' : ''}`, onClick: () => this.selectGroup(group), children: [_jsxs(LL_H_C, { className: 'page-permissions__group-row-header', children: [_jsx("span", { className: 'page-permissions__group-row-name', children: group.label }), _jsx("span", { className: 'badge badge--info', children: group.type })] }), _jsxs("span", { className: 'page-permissions__group-row-meta', children: [scopeCount, " scope", scopeCount !== 1 ? 's' : '', " \u00B7 ", group.members.length, " member", group.members.length !== 1 ? 's' : ''] })] }, group._id);
+    }
+    renderDetailPanel(group) {
+        if (!group)
+            return _jsx(LL_V_L, { className: 'page-permissions__detail-panel page-permissions__detail-panel--empty', children: _jsx("div", { className: 'empty-state', children: "Select a group to view details" }) });
+        const isEditable = editableGroupTypes.has(group.type);
+        const draft = this.state.editingGroup;
+        return _jsxs(LL_V_L, { className: 'page-permissions__detail-panel', children: [_jsxs(LL_H_C, { className: 'page-permissions__detail-header', children: [_jsx("h3", { children: group.label }), _jsxs(LL_H_C, { style: { gap: 'var(--space-2)' }, children: [_jsx("span", { className: 'badge badge--info', children: group.type }), _jsx("span", { className: 'page-permissions__detail-key', children: group.key })] })] }), _jsxs(LL_V_L, { className: 'page-permissions__detail-section', children: [_jsx("h4", { children: "Scopes" }), isEditable && draft
+                            ? _jsx(Component_ScopeMultiSelect, { scopeEntries: (draft.scopeEntries ?? []), onChanged: this.onScopeEntriesChanged })
+                            : _jsx(Component_ScopeLabels, { scopeEntries: group.scopeEntries ?? [], emptyMessage: 'No scopes assigned' })] }), _jsxs(LL_V_L, { className: 'page-permissions__detail-section', children: [_jsxs("h4", { children: ["Members (", isEditable && draft ? draft.members.length : group.members.length, ")"] }), isEditable && draft
+                            ? this.renderMemberEditor(draft)
+                            : this.renderMemberReadonly(group)] }), isEditable && draft && _jsxs(LL_H_C, { className: 'editor-panel__actions', children: [_jsx("button", { className: 'btn btn--primary btn--sm', onClick: this.saveGroup, children: "Save" }), _jsx("button", { className: 'btn btn--ghost btn--sm', onClick: this.cancelEdit, children: "Reset" })] })] });
+    }
+    renderDebugPanel(group) {
+        if (!group)
+            return _jsx(LL_V_L, { className: 'page-permissions__debug-panel page-permissions__debug-panel--empty' });
+        const resolved = buildResolvedDocument(group);
+        return _jsxs(LL_V_L, { className: 'page-permissions__debug-panel', children: [_jsx("h4", { children: "Document" }), _jsx("div", { className: 'page-permissions__debug-tree', children: _jsx(TS_JSONViewer, { item: resolved, expandAll: true, compact: true }) })] });
+    }
+    renderMemberReadonly(group) {
+        if (group.members.length === 0)
+            return _jsx("span", { className: 'card-list__item-meta', children: "No members" });
+        return _jsx("div", { className: 'tags', children: group.members.map(memberId => {
+                const memberGroup = ModuleFE_AccessGroup.cache.unique(memberId);
+                return _jsx("span", { className: 'tag tag--accent', children: memberGroup?.label ?? memberId }, memberId);
+            }) });
+    }
+    renderMemberEditor(draft) {
+        return _jsxs(LL_V_L, { className: 'page-permissions__member-editor', children: [this.renderMemberTags(draft.members), this.renderAddMemberDropdown(draft.members)] });
+    }
+    renderMemberTags(members) {
+        if (members.length === 0)
+            return _jsx("span", { className: 'card-list__item-meta', children: "No members" });
+        return _jsx("div", { className: 'tags', children: members.map(memberId => {
+                const memberGroup = ModuleFE_AccessGroup.cache.unique(memberId);
+                return _jsxs("span", { className: 'tag tag--accent', children: [memberGroup?.label ?? memberId, _jsx("button", { className: 'tag__remove', onClick: () => this.removeMember(memberId), children: "\u00D7" })] }, memberId);
+            }) });
+    }
+    renderAddMemberDropdown(currentMembers) {
+        const memberSet = new Set(currentMembers);
+        const candidates = sortArray(ModuleFE_AccessGroup.cache.allMutable()
+            .filter(g => g._id !== this.state.selectedGroupId && !memberSet.has(g._id)), g => g.label);
+        if (candidates.length === 0)
+            return null;
+        return _jsx(TS_DropDown, { className: 'page-permissions__member-dropdown', adapter: SimpleListAdapter(candidates, node => _jsx(_Fragment, { children: node.item.label })), filter: memberFilter, placeholder: 'Add member...', onSelected: this.addMember });
+    }
+}
+export const APage_Permissions = () => (_jsx(AwaitModules, { modules: [ModuleFE_AccessGroup, ModuleFE_PermissionScope], children: _jsx(Page_Permissions, {}) }));