@ooneex/permission 0.0.1 → 0.0.4

package/README.md

@@ -1 +1,712 @@
 # @ooneex/permission
+
+A flexible ability-based access control (ABAC) library for TypeScript applications powered by CASL. This package provides fine-grained permission management with support for actions, subjects, and field-level permissions for comprehensive authorization control.
+
+![Browser](https://img.shields.io/badge/Browser-Compatible-green?style=flat-square&logo=googlechrome)
+![Bun](https://img.shields.io/badge/Bun-Compatible-orange?style=flat-square&logo=bun)
+![Deno](https://img.shields.io/badge/Deno-Compatible-blue?style=flat-square&logo=deno)
+![Node.js](https://img.shields.io/badge/Node.js-Compatible-green?style=flat-square&logo=node.js)
+![TypeScript](https://img.shields.io/badge/TypeScript-Ready-blue?style=flat-square&logo=typescript)
+![MIT License](https://img.shields.io/badge/License-MIT-yellow?style=flat-square)
+
+## Features
+
+✅ **CASL Integration** - Built on the battle-tested CASL library for ability management
+
+✅ **60+ Permission Actions** - Comprehensive set of actions from CRUD to complex operations
+
+✅ **Subject-Based Permissions** - Define permissions for specific entity types
+
+✅ **Field-Level Control** - Restrict access to specific fields within subjects
+
+✅ **User-Aware Permissions** - Set permissions dynamically based on user context
+
+✅ **Type-Safe** - Full TypeScript support with proper type definitions
+
+✅ **Container Integration** - Works seamlessly with dependency injection
+
+✅ **Framework Integration** - Integrates with Ooneex routing for route-level permissions
+
+## Installation
+
+### Bun
+```bash
+bun add @ooneex/permission
+```
+
+### pnpm
+```bash
+pnpm add @ooneex/permission
+```
+
+### Yarn
+```bash
+yarn add @ooneex/permission
+```
+
+### npm
+```bash
+npm install @ooneex/permission
+```
+
+## Usage
+
+### Creating a Permission Class
+
+```typescript
+import { Permission, EPermissionAction, EPermissionSubject } from '@ooneex/permission';
+import type { IUser } from '@ooneex/user';
+
+class UserPermission extends Permission {
+  private user: IUser | null = null;
+
+  public allow(): this {
+    // Define what actions are allowed
+    this.ability.can(EPermissionAction.READ, EPermissionSubject.USER);
+    this.ability.can(EPermissionAction.VIEW, EPermissionSubject.USER);
+    return this;
+  }
+
+  public forbid(): this {
+    // Define what actions are forbidden
+    this.ability.cannot(EPermissionAction.DELETE, EPermissionSubject.USER);
+    return this;
+  }
+
+  public setUserPermissions(user: IUser | null): this {
+    this.user = user;
+    
+    if (user) {
+      // Authenticated users can update their own profile
+      this.ability.can(EPermissionAction.UPDATE, EPermissionSubject.USER);
+    }
+    
+    return this;
+  }
+
+  public async check(): Promise<boolean> {
+    return this.user !== null;
+  }
+}
+```
+
+### Using Permissions
+
+```typescript
+import { UserPermission } from './permissions/UserPermission';
+import { EPermissionAction, EPermissionSubject } from '@ooneex/permission';
+
+const permission = new UserPermission();
+
+// Set up permissions for a user
+permission
+  .setUserPermissions(currentUser)
+  .allow()
+  .forbid()
+  .build();
+
+// Check if action is allowed
+if (permission.can(EPermissionAction.UPDATE, EPermissionSubject.USER)) {
+  console.log('User can update');
+}
+
+// Check if action is forbidden
+if (permission.cannot(EPermissionAction.DELETE, EPermissionSubject.USER)) {
+  console.log('User cannot delete');
+}
+```
+
+### Route-Level Permissions
+
+```typescript
+import { Route } from '@ooneex/routing';
+import type { IController, ContextType } from '@ooneex/controller';
+import { UserPermission } from './permissions/UserPermission';
+
+@Route.http({
+  name: 'api.users.update',
+  path: '/api/users/:id',
+  method: 'PUT',
+  description: 'Update user profile',
+  permission: UserPermission
+})
+class UserUpdateController implements IController {
+  public async index(context: ContextType): Promise<IResponse> {
+    // Permission is automatically checked before reaching this handler
+    const { id } = context.params;
+    const user = await this.userService.update(id, context.payload);
+    
+    return context.response.json({ user });
+  }
+}
+```
+
+### Field-Level Permissions
+
+```typescript
+import { Permission, EPermissionAction, EPermissionSubject } from '@ooneex/permission';
+import type { IUser } from '@ooneex/user';
+
+class UserFieldPermission extends Permission {
+  public allow(): this {
+    // Allow reading only specific fields
+    this.ability.can(EPermissionAction.READ, EPermissionSubject.USER, 'name');
+    this.ability.can(EPermissionAction.READ, EPermissionSubject.USER, 'email');
+    return this;
+  }
+
+  public forbid(): this {
+    // Forbid reading sensitive fields
+    this.ability.cannot(EPermissionAction.READ, EPermissionSubject.USER, 'password');
+    this.ability.cannot(EPermissionAction.READ, EPermissionSubject.USER, 'secretKey');
+    return this;
+  }
+
+  public setUserPermissions(user: IUser | null): this {
+    return this;
+  }
+
+  public async check(): Promise<boolean> {
+    return true;
+  }
+}
+
+// Usage
+const permission = new UserFieldPermission();
+permission.allow().forbid().build();
+
+permission.can(EPermissionAction.READ, EPermissionSubject.USER, 'name');     // true
+permission.can(EPermissionAction.READ, EPermissionSubject.USER, 'password'); // false
+```
+
+### Custom Subjects
+
+```typescript
+import { Permission, EPermissionAction } from '@ooneex/permission';
+import type { IUser } from '@ooneex/user';
+
+// Define custom subjects for your domain
+type CustomSubjects = 'Article' | 'Comment' | 'Category';
+
+class ArticlePermission extends Permission<CustomSubjects> {
+  public allow(): this {
+    this.ability.can(EPermissionAction.READ, 'Article');
+    this.ability.can(EPermissionAction.CREATE, 'Article');
+    return this;
+  }
+
+  public forbid(): this {
+    this.ability.cannot(EPermissionAction.DELETE, 'Article');
+    return this;
+  }
+
+  public setUserPermissions(user: IUser | null): this {
+    if (user) {
+      this.ability.can(EPermissionAction.UPDATE, 'Article');
+    }
+    return this;
+  }
+
+  public async check(): Promise<boolean> {
+    return true;
+  }
+}
+```
+
+## API Reference
+
+### Classes
+
+#### `Permission<S>`
+
+Abstract base class for creating permission implementations.
+
+**Type Parameter:**
+- `S` - Additional subject types (optional)
+
+**Constructor:**
+```typescript
+new Permission()
+```
+
+**Abstract Methods:**
+
+##### `allow(): this`
+
+Define allowed actions for subjects.
+
+**Returns:** Self for chaining
+
+##### `forbid(): this`
+
+Define forbidden actions for subjects.
+
+**Returns:** Self for chaining
+
+##### `setUserPermissions(user: IUser | null): this`
+
+Set permissions based on the current user context.
+
+**Parameters:**
+- `user` - The current user or null for guests
+
+**Returns:** Self for chaining
+
+##### `check(): Promise<boolean>`
+
+Perform custom permission validation logic.
+
+**Returns:** Promise resolving to true if permission check passes
+
+**Concrete Methods:**
+
+##### `build(): this`
+
+Build the ability after defining permissions. Must be called before using `can` or `cannot`.
+
+**Returns:** Self for chaining
+
+**Throws:** None, but `can`/`cannot` will throw if not called
+
+##### `can(action: PermissionActionType, subject: Subjects | S, field?: string): boolean`
+
+Check if an action is allowed on a subject.
+
+**Parameters:**
+- `action` - The action to check
+- `subject` - The subject to check against
+- `field` - Optional field name for field-level permissions
+
+**Returns:** `true` if action is allowed
+
+**Throws:** `PermissionException` if `build()` was not called
+
+##### `cannot(action: PermissionActionType, subject: Subjects | S, field?: string): boolean`
+
+Check if an action is forbidden on a subject.
+
+**Parameters:**
+- `action` - The action to check
+- `subject` - The subject to check against
+- `field` - Optional field name for field-level permissions
+
+**Returns:** `true` if action is forbidden
+
+**Throws:** `PermissionException` if `build()` was not called
+
+### Enums
+
+#### `EPermissionAction`
+
+Comprehensive enum of permission actions.
+
+**CRUD Operations:**
+| Action | Value | Description |
+|--------|-------|-------------|
+| `CREATE` | `create` | Create new resources |
+| `READ` | `read` | Read/view resources |
+| `UPDATE` | `update` | Update existing resources |
+| `DELETE` | `delete` | Delete resources |
+| `MANAGE` | `manage` | Full management (all actions) |
+
+**Content Operations:**
+| Action | Value | Description |
+|--------|-------|-------------|
+| `VIEW` | `view` | View content |
+| `EDIT` | `edit` | Edit content |
+| `PUBLISH` | `publish` | Publish content |
+| `ARCHIVE` | `archive` | Archive content |
+| `APPROVE` | `approve` | Approve content |
+| `REJECT` | `reject` | Reject content |
+
+**File Operations:**
+| Action | Value | Description |
+|--------|-------|-------------|
+| `DOWNLOAD` | `download` | Download files |
+| `UPLOAD` | `upload` | Upload files |
+| `COPY` | `copy` | Copy resources |
+| `MOVE` | `move` | Move resources |
+| `EXPORT` | `export` | Export data |
+| `IMPORT` | `import` | Import data |
+
+**Social Operations:**
+| Action | Value | Description |
+|--------|-------|-------------|
+| `SHARE` | `share` | Share resources |
+| `COMMENT` | `comment` | Add comments |
+| `RATE` | `rate` | Rate content |
+| `LIKE` | `like` | Like content |
+| `DISLIKE` | `dislike` | Dislike content |
+| `FOLLOW` | `follow` | Follow users/content |
+| `UNFOLLOW` | `unfollow` | Unfollow |
+| `SUBSCRIBE` | `subscribe` | Subscribe |
+| `UNSUBSCRIBE` | `unsubscribe` | Unsubscribe |
+| `BOOKMARK` | `bookmark` | Bookmark content |
+
+**User Management:**
+| Action | Value | Description |
+|--------|-------|-------------|
+| `INVITE` | `invite` | Invite users |
+| `ASSIGN` | `assign` | Assign resources |
+| `UNASSIGN` | `unassign` | Unassign resources |
+| `GRANT` | `grant` | Grant permissions |
+| `DENY` | `deny` | Deny permissions |
+| `REVOKE` | `revoke` | Revoke access |
+
+**Moderation:**
+| Action | Value | Description |
+|--------|-------|-------------|
+| `BLOCK` | `block` | Block users |
+| `UNBLOCK` | `unblock` | Unblock users |
+| `REPORT` | `report` | Report content |
+| `MODERATE` | `moderate` | Moderate content |
+| `BAN` | `ban` | Ban users |
+| `UNBAN` | `unban` | Unban users |
+
+**System Operations:**
+| Action | Value | Description |
+|--------|-------|-------------|
+| `EXECUTE` | `execute` | Execute operations |
+| `RESTORE` | `restore` | Restore deleted |
+| `PURGE` | `purge` | Permanently delete |
+| `BACKUP` | `backup` | Backup data |
+| `SYNC` | `sync` | Synchronize data |
+| `CONFIGURE` | `configure` | Configure settings |
+| `MONITOR` | `monitor` | Monitor system |
+| `AUDIT` | `audit` | Audit actions |
+
+**Additional Operations:**
+| Action | Value | Description |
+|--------|-------|-------------|
+| `SEARCH` | `search` | Search resources |
+| `FILTER` | `filter` | Filter resources |
+| `SORT` | `sort` | Sort resources |
+| `TAG` | `tag` | Tag resources |
+| `UNTAG` | `untag` | Remove tags |
+| `LOCK` | `lock` | Lock resources |
+| `UNLOCK` | `unlock` | Unlock resources |
+| `CLONE` | `clone` | Clone resources |
+| `FORK` | `fork` | Fork resources |
+| `MERGE` | `merge` | Merge resources |
+| `SPLIT` | `split` | Split resources |
+| `VALIDATE` | `validate` | Validate data |
+| `VERIFY` | `verify` | Verify data |
+| `CANCEL` | `cancel` | Cancel operations |
+| `PAUSE` | `pause` | Pause operations |
+| `RESUME` | `resume` | Resume operations |
+| `SCHEDULE` | `schedule` | Schedule operations |
+| `UNSCHEDULE` | `unschedule` | Unschedule |
+| `JOIN` | `join` | Join groups |
+| `HIDE` | `hide` | Hide content |
+
+#### `EPermissionSubject`
+
+Enum of common permission subjects.
+
+| Subject | Value | Description |
+|---------|-------|-------------|
+| `USER_ENTITY` | `UserEntity` | User database entity |
+| `AUTH_USER_ENTITY` | `AuthUserEntity` | Auth user entity |
+| `AUTH_USER` | `AuthUser` | Authenticated user |
+| `SYSTEM_ENTITY` | `SystemEntity` | System entity |
+| `SYSTEM` | `System` | System subject |
+| `USER` | `User` | User subject |
+| `ALL` | `all` | All subjects (wildcard) |
+
+### Types
+
+#### `PermissionActionType`
+
+String literal type for permission actions.
+
+```typescript
+type PermissionActionType = `${EPermissionAction}`;
+// "create" | "read" | "update" | "delete" | "manage" | ...
+```
+
+#### `Subjects`
+
+String literal type for permission subjects.
+
+```typescript
+type Subjects = `${EPermissionSubject}`;
+// "UserEntity" | "AuthUserEntity" | "User" | "System" | "all" | ...
+```
+
+#### `PermissionClassType`
+
+Type for permission class constructors.
+
+```typescript
+type PermissionClassType = new (...args: any[]) => IPermission;
+```
+
+### Interfaces
+
+#### `IPermission<S>`
+
+Interface for permission implementations.
+
+```typescript
+interface IPermission<S extends string = string> {
+  allow: () => IPermission<S>;
+  forbid: () => IPermission<S>;
+  setUserPermissions: (user: IUser | null) => IPermission<S>;
+  check: () => Promise<boolean>;
+  build: () => IPermission<S>;
+  can: (action: PermissionActionType, subject: Subjects | S, field?: string) => boolean;
+  cannot: (action: PermissionActionType, subject: Subjects | S, field?: string) => boolean;
+}
+```
+
+### Exceptions
+
+#### `PermissionException`
+
+Thrown when permission operations fail.
+
+```typescript
+import { Permission, PermissionException } from '@ooneex/permission';
+
+try {
+  const permission = new MyPermission();
+  // Forgot to call build()
+  permission.can('read', 'User');
+} catch (error) {
+  if (error instanceof PermissionException) {
+    console.error('Permission error:', error.message);
+  }
+}
+```
+
+### Decorators
+
+#### `@decorator.permission()`
+
+Decorator to register permission classes with the DI container.
+
+```typescript
+import { Permission, decorator } from '@ooneex/permission';
+
+@decorator.permission()
+class ArticlePermission extends Permission {
+  // Implementation
+}
+```
+
+## Advanced Usage
+
+### Role-Based Permission
+
+```typescript
+import { Permission, EPermissionAction } from '@ooneex/permission';
+import { ERole } from '@ooneex/role';
+import type { IUser } from '@ooneex/user';
+
+class AdminPermission extends Permission {
+  private user: IUser | null = null;
+
+  public allow(): this {
+    return this;
+  }
+
+  public forbid(): this {
+    return this;
+  }
+
+  public setUserPermissions(user: IUser | null): this {
+    this.user = user;
+    
+    if (!user) return this;
+
+    // Set permissions based on role
+    switch (user.role) {
+      case ERole.SUPER_ADMIN:
+        this.ability.can(EPermissionAction.MANAGE, 'all');
+        break;
+      
+      case ERole.ADMIN:
+        this.ability.can(EPermissionAction.CREATE, 'User');
+        this.ability.can(EPermissionAction.READ, 'User');
+        this.ability.can(EPermissionAction.UPDATE, 'User');
+        this.ability.cannot(EPermissionAction.DELETE, 'User');
+        break;
+      
+      case ERole.MODERATOR:
+        this.ability.can(EPermissionAction.READ, 'User');
+        this.ability.can(EPermissionAction.MODERATE, 'User');
+        this.ability.can(EPermissionAction.BAN, 'User');
+        break;
+      
+      default:
+        this.ability.can(EPermissionAction.READ, 'User');
+    }
+    
+    return this;
+  }
+
+  public async check(): Promise<boolean> {
+    return this.user !== null;
+  }
+}
+```
+
+### Ownership-Based Permissions
+
+```typescript
+import { Permission, EPermissionAction } from '@ooneex/permission';
+import type { IUser } from '@ooneex/user';
+
+class ArticleOwnerPermission extends Permission<'Article'> {
+  private user: IUser | null = null;
+  private articleOwnerId: string | null = null;
+
+  public setArticleOwner(ownerId: string): this {
+    this.articleOwnerId = ownerId;
+    return this;
+  }
+
+  public allow(): this {
+    this.ability.can(EPermissionAction.READ, 'Article');
+    return this;
+  }
+
+  public forbid(): this {
+    return this;
+  }
+
+  public setUserPermissions(user: IUser | null): this {
+    this.user = user;
+    
+    if (user && this.articleOwnerId === user.id) {
+      // Owner can do everything with their article
+      this.ability.can(EPermissionAction.UPDATE, 'Article');
+      this.ability.can(EPermissionAction.DELETE, 'Article');
+      this.ability.can(EPermissionAction.PUBLISH, 'Article');
+    }
+    
+    return this;
+  }
+
+  public async check(): Promise<boolean> {
+    return this.user !== null && this.articleOwnerId !== null;
+  }
+}
+
+// Usage
+const permission = new ArticleOwnerPermission();
+permission
+  .setArticleOwner(article.userId)
+  .setUserPermissions(currentUser)
+  .allow()
+  .build();
+
+if (permission.can(EPermissionAction.DELETE, 'Article')) {
+  await articleService.delete(articleId);
+}
+```
+
+### Permission Factory
+
+```typescript
+import { Permission, EPermissionAction, type PermissionClassType } from '@ooneex/permission';
+import { container } from '@ooneex/container';
+
+function createPermissionFor(resource: string): PermissionClassType {
+  return class extends Permission {
+    public allow(): this {
+      this.ability.can(EPermissionAction.READ, resource);
+      return this;
+    }
+
+    public forbid(): this {
+      return this;
+    }
+
+    public setUserPermissions(user: IUser | null): this {
+      if (user) {
+        this.ability.can(EPermissionAction.CREATE, resource);
+        this.ability.can(EPermissionAction.UPDATE, resource);
+      }
+      return this;
+    }
+
+    public async check(): Promise<boolean> {
+      return true;
+    }
+  };
+}
+
+// Create permissions dynamically
+const ArticlePermission = createPermissionFor('Article');
+const CommentPermission = createPermissionFor('Comment');
+const CategoryPermission = createPermissionFor('Category');
+```
+
+### Controller with Permission Check
+
+```typescript
+import { Route } from '@ooneex/routing';
+import { EPermissionAction } from '@ooneex/permission';
+import type { IController, ContextType } from '@ooneex/controller';
+import { ArticlePermission } from './permissions/ArticlePermission';
+
+@Route.http({
+  name: 'api.articles.delete',
+  path: '/api/articles/:id',
+  method: 'DELETE',
+  description: 'Delete an article',
+  permission: ArticlePermission
+})
+class ArticleDeleteController implements IController {
+  public async index(context: ContextType): Promise<IResponse> {
+    const { id } = context.params;
+    const article = await this.articleService.findById(id);
+
+    // Additional ownership check
+    const permission = new ArticlePermission();
+    permission
+      .setArticleOwner(article.userId)
+      .setUserPermissions(context.user)
+      .allow()
+      .forbid()
+      .build();
+
+    if (permission.cannot(EPermissionAction.DELETE, 'Article')) {
+      return context.response.exception('Not authorized to delete this article', {
+        status: 403
+      });
+    }
+
+    await this.articleService.delete(id);
+    
+    return context.response.json({ deleted: true });
+  }
+}
+```
+
+## License
+
+This project is licensed under the MIT License - see the [LICENSE](./LICENSE) file for details.
+
+## Contributing
+
+Contributions are welcome! Please feel free to submit a Pull Request. For major changes, please open an issue first to discuss what you would like to change.
+
+### Development Setup
+
+1. Clone the repository
+2. Install dependencies: `bun install`
+3. Run tests: `bun run test`
+4. Build the project: `bun run build`
+
+### Guidelines
+
+- Write tests for new features
+- Follow the existing code style
+- Update documentation for API changes
+- Ensure all tests pass before submitting PR
+
+---
+
+Made with ❤️ by the Ooneex team

package/dist/index.d.ts

@@ -1,6 +1,4 @@
-import { MongoQuery as MongoQuery2 } from "@casl/ability";
-import { IUser as IUser2 } from "@ooneex/user";
-import { MongoQuery } from "@casl/ability";
+import { EContainerScope } from "@ooneex/container";
 import { IUser } from "@ooneex/user";
 declare enum EPermissionAction {
 	CREATE = "create",
@@ -84,26 +82,32 @@ type PermissionActionType = `${EPermissionAction}`;
 type Subjects = `${EPermissionSubject}`;
 type PermissionClassType = new (...args: any[]) => IPermission;
 interface IPermission<S extends string = string> {
-	allow: (action: PermissionActionType | PermissionActionType[], subject: (Subjects | S) | (Subjects | S)[], conditions?: MongoQuery<Record<string, unknown>>) => IPermission<S>;
-	forbid: (action: PermissionActionType | PermissionActionType[], subject: (Subjects | S) | (Subjects | S)[], conditions?: MongoQuery<Record<string, unknown>>) => IPermission<S>;
+	allow: () => IPermission<S>;
+	forbid: () => IPermission<S>;
+	setUserPermissions: (user: IUser | null) => IPermission<S>;
+	check: () => Promise<boolean>;
 	build: () => IPermission<S>;
 	can: (action: PermissionActionType, subject: Subjects | S, field?: string) => boolean;
 	cannot: (action: PermissionActionType, subject: Subjects | S, field?: string) => boolean;
-	setCommonPermissions: (user: IUser) => IPermission<S>;
 }
-declare class Permission<S extends string = string> {
-	private ability;
+declare const decorator: {
+	permission: (scope?: EContainerScope) => (target: PermissionClassType) => void;
+};
+import { AbilityBuilder, MongoAbility } from "@casl/ability";
+import { IUser as IUser2 } from "@ooneex/user";
+declare abstract class Permission<S extends string = string> implements IPermission<S> {
+	protected ability: AbilityBuilder<MongoAbility>;
 	private builtAbility;
 	constructor();
-	allow(action: PermissionActionType | PermissionActionType[], subject: (Subjects | S) | (Subjects | S)[], conditions?: MongoQuery2<Record<string, unknown>>): this;
-	forbid(action: PermissionActionType | PermissionActionType[], subject: (Subjects | S) | (Subjects | S)[], conditions?: MongoQuery2<Record<string, unknown>>): this;
+	abstract forbid(): this;
+	abstract setUserPermissions(user: IUser2 | null): this;
+	abstract check(): Promise<boolean>;
 	build(): this;
 	can(action: PermissionActionType, subject: Subjects | S, field?: string): boolean;
 	cannot(action: PermissionActionType, subject: Subjects | S, field?: string): boolean;
-	setCommonPermissions(user: IUser2): this;
 }
 import { Exception } from "@ooneex/exception";
 declare class PermissionException extends Exception {
 	constructor(message: string, data?: Record<string, unknown>);
 }
-export { Subjects, PermissionException, PermissionClassType, PermissionActionType, Permission, IPermission, EPermissionSubject, EPermissionAction };
+export { decorator, Subjects, PermissionException, PermissionClassType, PermissionActionType, Permission, IPermission, EPermissionSubject, EPermissionAction };

package/dist/index.js

@@ -1,3 +1,4 @@
-import{AbilityBuilder as h,createMongoAbility as q}from"@casl/ability";import{ERole as w}from"@ooneex/role";import{Exception as f}from"@ooneex/exception";import{HttpStatus as g}from"@ooneex/http-status";class H extends f{constructor(x,k={}){super(x,{status:g.Code.InternalServerError,data:k});this.name="PermissionException"}}class I{ability;builtAbility=null;constructor(){this.ability=new h(q)}allow(x,k,v){return this.ability.can(x,k,v),this}forbid(x,k,v){return this.ability.cannot(x,k,v),this}build(){return this.builtAbility=this.ability.build(),this}can(x,k,v){if(!this.builtAbility)throw new H("Permission must be built before checking abilities");return this.builtAbility.can(x,k,v)}cannot(x,k,v){if(!this.builtAbility)throw new H("Permission must be built before checking abilities");return this.builtAbility.cannot(x,k,v)}setCommonPermissions(x){let{roles:k}=x;if(k.includes(w.SYSTEM)||k.includes(w.SUPER_ADMIN)||k.includes(w.ADMIN))return this.allow("manage","all"),this;for(let v of k){if(v===w.USER||v===w.MEMBER)this.allow(["read","update"],["UserEntity","AuthUserEntity","User","AuthUser"],{id:x.id});if(v===w.SUBSCRIBER)this.allow("read",["UserEntity","AuthUserEntity","User","AuthUser"],{id:x.id});if(v===w.TRIAL_USER)this.allow("read",["User","AuthUser"],{id:x.id});if(v===w.SUSPENDED)this.allow("read",["UserEntity","AuthUserEntity","User","AuthUser"],{id:x.id});if(v===w.GUEST)this.allow("read",["UserEntity","AuthUserEntity","User","AuthUser"],{public:!0})}return this}}var z;((p)=>{p.CREATE="create";p.READ="read";p.UPDATE="update";p.DELETE="delete";p.MANAGE="manage";p.VIEW="view";p.EDIT="edit";p.PUBLISH="publish";p.ARCHIVE="archive";p.APPROVE="approve";p.REJECT="reject";p.DOWNLOAD="download";p.UPLOAD="upload";p.SHARE="share";p.COPY="copy";p.MOVE="move";p.EXPORT="export";p.IMPORT="import";p.EXECUTE="execute";p.ASSIGN="assign";p.UNASSIGN="unassign";p.COMMENT="comment";p.RATE="rate";p.LIKE="like";p.DISLIKE="dislike";p.FOLLOW="follow";p.UNFOLLOW="unfollow";p.SUBSCRIBE="subscribe";p.UNSUBSCRIBE="unsubscribe";p.INVITE="invite";p.REVOKE="revoke";p.GRANT="grant";p.DENY="deny";p.BLOCK="block";p.UNBLOCK="unblock";p.REPORT="report";p.MODERATE="moderate";p.BAN="ban";p.UNBAN="unban";p.RESTORE="restore";p.PURGE="purge";p.BACKUP="backup";p.SYNC="sync";p.CONFIGURE="configure";p.MONITOR="monitor";p.AUDIT="audit";p.SEARCH="search";p.FILTER="filter";p.SORT="sort";p.BOOKMARK="bookmark";p.TAG="tag";p.UNTAG="untag";p.LOCK="lock";p.UNLOCK="unlock";p.CLONE="clone";p.FORK="fork";p.MERGE="merge";p.SPLIT="split";p.VALIDATE="validate";p.VERIFY="verify";p.CANCEL="cancel";p.PAUSE="pause";p.RESUME="resume";p.SCHEDULE="schedule";p.UNSCHEDULE="unschedule";p.JOIN="join";p.HIDE="hide"})(z||={});var D;((C)=>{C.USER_ENTITY="UserEntity";C.AUTH_USER_ENTITY="AuthUserEntity";C.AUTH_USER="AuthUser";C.SYSTEM_ENTITY="SystemEntity";C.SYSTEM="System";C.USER="User";C.ALL="all"})(D||={});export{H as PermissionException,I as Permission,D as EPermissionSubject,z as EPermissionAction};
+// @bun
+import{container as r,EContainerScope as h}from"@ooneex/container";var f={permission:(t=h.Singleton)=>{return(p)=>{r.add(p,t)}}};import{AbilityBuilder as e,createMongoAbility as x}from"@casl/ability";import{Exception as g}from"@ooneex/exception";import{HttpStatus as d}from"@ooneex/http-status";class b extends g{constructor(t,p={}){super(t,{status:d.Code.InternalServerError,data:p});this.name="PermissionException"}}class y{ability;builtAbility=null;constructor(){this.ability=new e(x)}build(){return this.builtAbility=this.ability.build(),this}can(t,p,u){if(!this.builtAbility)throw new b("Permission must be built before checking abilities");return this.builtAbility.can(t,p,u)}cannot(t,p,u){if(!this.builtAbility)throw new b("Permission must be built before checking abilities");return this.builtAbility.cannot(t,p,u)}}var w;((l)=>{l.CREATE="create";l.READ="read";l.UPDATE="update";l.DELETE="delete";l.MANAGE="manage";l.VIEW="view";l.EDIT="edit";l.PUBLISH="publish";l.ARCHIVE="archive";l.APPROVE="approve";l.REJECT="reject";l.DOWNLOAD="download";l.UPLOAD="upload";l.SHARE="share";l.COPY="copy";l.MOVE="move";l.EXPORT="export";l.IMPORT="import";l.EXECUTE="execute";l.ASSIGN="assign";l.UNASSIGN="unassign";l.COMMENT="comment";l.RATE="rate";l.LIKE="like";l.DISLIKE="dislike";l.FOLLOW="follow";l.UNFOLLOW="unfollow";l.SUBSCRIBE="subscribe";l.UNSUBSCRIBE="unsubscribe";l.INVITE="invite";l.REVOKE="revoke";l.GRANT="grant";l.DENY="deny";l.BLOCK="block";l.UNBLOCK="unblock";l.REPORT="report";l.MODERATE="moderate";l.BAN="ban";l.UNBAN="unban";l.RESTORE="restore";l.PURGE="purge";l.BACKUP="backup";l.SYNC="sync";l.CONFIGURE="configure";l.MONITOR="monitor";l.AUDIT="audit";l.SEARCH="search";l.FILTER="filter";l.SORT="sort";l.BOOKMARK="bookmark";l.TAG="tag";l.UNTAG="untag";l.LOCK="lock";l.UNLOCK="unlock";l.CLONE="clone";l.FORK="fork";l.MERGE="merge";l.SPLIT="split";l.VALIDATE="validate";l.VERIFY="verify";l.CANCEL="cancel";l.PAUSE="pause";l.RESUME="resume";l.SCHEDULE="schedule";l.UNSCHEDULE="unschedule";l.JOIN="join";l.HIDE="hide"})(w||={});var C;((a)=>{a.USER_ENTITY="UserEntity";a.AUTH_USER_ENTITY="AuthUserEntity";a.AUTH_USER="AuthUser";a.SYSTEM_ENTITY="SystemEntity";a.SYSTEM="System";a.USER="User";a.ALL="all"})(C||={});export{f as decorator,b as PermissionException,y as Permission,C as EPermissionSubject,w as EPermissionAction};
 
-//# debugId=E03E2CB5FC80CB9264756E2164756E21
+//# debugId=2AFA4E169117EE2564756E2164756E21

package/dist/index.js.map

@@ -1,12 +1,13 @@
 {
   "version": 3,
-  "sources": ["src/Permission.ts", "src/PermissionException.ts", "src/types.ts"],
+  "sources": ["src/decorators.ts", "src/Permission.ts", "src/PermissionException.ts", "src/types.ts"],
   "sourcesContent": [
-    "import { AbilityBuilder, createMongoAbility, type MongoAbility, type MongoQuery } from \"@casl/ability\";\nimport { ERole } from \"@ooneex/role\";\nimport type { IUser } from \"@ooneex/user\";\nimport { PermissionException } from \"./PermissionException\";\nimport type { PermissionActionType, Subjects } from \"./types\";\n\nexport class Permission<S extends string = string> {\n  private ability: AbilityBuilder<MongoAbility>;\n  private builtAbility: MongoAbility | null = null;\n\n  constructor() {\n    this.ability = new AbilityBuilder(createMongoAbility);\n  }\n\n  public allow(\n    action: PermissionActionType | PermissionActionType[],\n    subject: (Subjects | S) | (Subjects | S)[],\n    conditions?: MongoQuery<Record<string, unknown>>,\n  ): this {\n    this.ability.can(action as string, subject, conditions);\n    return this;\n  }\n\n  public forbid(\n    action: PermissionActionType | PermissionActionType[],\n    subject: (Subjects | S) | (Subjects | S)[],\n    conditions?: MongoQuery<Record<string, unknown>>,\n  ): this {\n    this.ability.cannot(action as string, subject, conditions);\n    return this;\n  }\n\n  public build(): this {\n    this.builtAbility = this.ability.build();\n    return this;\n  }\n\n  public can(action: PermissionActionType, subject: Subjects | S, field?: string): boolean {\n    if (!this.builtAbility) {\n      throw new PermissionException(\"Permission must be built before checking abilities\");\n    }\n    return this.builtAbility.can(action as string, subject as string, field);\n  }\n\n  public cannot(action: PermissionActionType, subject: Subjects | S, field?: string): boolean {\n    if (!this.builtAbility) {\n      throw new PermissionException(\"Permission must be built before checking abilities\");\n    }\n    return this.builtAbility.cannot(action as string, subject as string, field);\n  }\n\n  public setCommonPermissions(user: IUser): this {\n    const { roles } = user;\n\n    // Check for highest privilege roles first\n    if (roles.includes(ERole.SYSTEM) || roles.includes(ERole.SUPER_ADMIN) || roles.includes(ERole.ADMIN)) {\n      this.allow(\"manage\", \"all\");\n      return this;\n    }\n\n    // Apply permissions for each role\n    for (const role of roles) {\n      if (role === ERole.USER || role === ERole.MEMBER) {\n        this.allow([\"read\", \"update\"], [\"UserEntity\", \"AuthUserEntity\", \"User\", \"AuthUser\"], { id: user.id });\n      }\n\n      if (role === ERole.SUBSCRIBER) {\n        this.allow(\"read\", [\"UserEntity\", \"AuthUserEntity\", \"User\", \"AuthUser\"], { id: user.id });\n      }\n\n      if (role === ERole.TRIAL_USER) {\n        this.allow(\"read\", [\"User\", \"AuthUser\"], { id: user.id });\n      }\n\n      if (role === ERole.SUSPENDED) {\n        this.allow(\"read\", [\"UserEntity\", \"AuthUserEntity\", \"User\", \"AuthUser\"], { id: user.id });\n      }\n\n      if (role === ERole.GUEST) {\n        this.allow(\"read\", [\"UserEntity\", \"AuthUserEntity\", \"User\", \"AuthUser\"], { public: true });\n      }\n    }\n\n    return this;\n  }\n}\n",
+    "import { container, EContainerScope } from \"@ooneex/container\";\nimport type { PermissionClassType } from \"./types\";\n\nexport const decorator = {\n  permission: (scope: EContainerScope = EContainerScope.Singleton) => {\n    return (target: PermissionClassType): void => {\n      container.add(target, scope);\n    };\n  },\n};\n",
+    "import { AbilityBuilder, createMongoAbility, type MongoAbility } from \"@casl/ability\";\nimport type { IUser } from \"@ooneex/user\";\nimport { PermissionException } from \"./PermissionException\";\nimport type { IPermission, PermissionActionType, Subjects } from \"./types\";\n\nexport abstract class Permission<S extends string = string> implements IPermission<S> {\n  protected ability: AbilityBuilder<MongoAbility>;\n  private builtAbility: MongoAbility | null = null;\n\n  constructor() {\n    this.ability = new AbilityBuilder(createMongoAbility);\n  }\n\n  public abstract allow(): this;\n\n  public abstract forbid(): this;\n\n  public abstract setUserPermissions(user: IUser | null): this;\n\n  public abstract check(): Promise<boolean>;\n\n  public build(): this {\n    this.builtAbility = this.ability.build();\n    return this;\n  }\n\n  public can(action: PermissionActionType, subject: Subjects | S, field?: string): boolean {\n    if (!this.builtAbility) {\n      throw new PermissionException(\"Permission must be built before checking abilities\");\n    }\n    return this.builtAbility.can(action as string, subject as string, field);\n  }\n\n  public cannot(action: PermissionActionType, subject: Subjects | S, field?: string): boolean {\n    if (!this.builtAbility) {\n      throw new PermissionException(\"Permission must be built before checking abilities\");\n    }\n    return this.builtAbility.cannot(action as string, subject as string, field);\n  }\n}\n",
     "import { Exception } from \"@ooneex/exception\";\nimport { HttpStatus } from \"@ooneex/http-status\";\n\nexport class PermissionException extends Exception {\n  constructor(message: string, data: Record<string, unknown> = {}) {\n    super(message, {\n      status: HttpStatus.Code.InternalServerError,\n      data,\n    });\n    this.name = \"PermissionException\";\n  }\n}\n",
-    "import type { MongoQuery } from \"@casl/ability\";\nimport type { IUser } from \"@ooneex/user\";\n\nexport enum EPermissionAction {\n  CREATE = \"create\",\n  READ = \"read\",\n  UPDATE = \"update\",\n  DELETE = \"delete\",\n  MANAGE = \"manage\", // Special action that allows everything\n  VIEW = \"view\",\n  EDIT = \"edit\",\n  PUBLISH = \"publish\",\n  ARCHIVE = \"archive\",\n  APPROVE = \"approve\",\n  REJECT = \"reject\",\n  DOWNLOAD = \"download\",\n  UPLOAD = \"upload\",\n  SHARE = \"share\",\n  COPY = \"copy\",\n  MOVE = \"move\",\n  EXPORT = \"export\",\n  IMPORT = \"import\",\n  EXECUTE = \"execute\",\n  ASSIGN = \"assign\",\n  UNASSIGN = \"unassign\",\n  COMMENT = \"comment\",\n  RATE = \"rate\",\n  LIKE = \"like\",\n  DISLIKE = \"dislike\",\n  FOLLOW = \"follow\",\n  UNFOLLOW = \"unfollow\",\n  SUBSCRIBE = \"subscribe\",\n  UNSUBSCRIBE = \"unsubscribe\",\n  INVITE = \"invite\",\n  REVOKE = \"revoke\",\n  GRANT = \"grant\",\n  DENY = \"deny\",\n  BLOCK = \"block\",\n  UNBLOCK = \"unblock\",\n  REPORT = \"report\",\n  MODERATE = \"moderate\",\n  BAN = \"ban\",\n  UNBAN = \"unban\",\n  RESTORE = \"restore\",\n  PURGE = \"purge\",\n  BACKUP = \"backup\",\n  SYNC = \"sync\",\n  CONFIGURE = \"configure\",\n  MONITOR = \"monitor\",\n  AUDIT = \"audit\",\n  SEARCH = \"search\",\n  FILTER = \"filter\",\n  SORT = \"sort\",\n  BOOKMARK = \"bookmark\",\n  TAG = \"tag\",\n  UNTAG = \"untag\",\n  LOCK = \"lock\",\n  UNLOCK = \"unlock\",\n  CLONE = \"clone\",\n  FORK = \"fork\",\n  MERGE = \"merge\",\n  SPLIT = \"split\",\n  VALIDATE = \"validate\",\n  VERIFY = \"verify\",\n  CANCEL = \"cancel\",\n  PAUSE = \"pause\",\n  RESUME = \"resume\",\n  SCHEDULE = \"schedule\",\n  UNSCHEDULE = \"unschedule\",\n  JOIN = \"join\",\n  HIDE = \"hide\",\n}\n\nexport enum EPermissionSubject {\n  USER_ENTITY = \"UserEntity\",\n  AUTH_USER_ENTITY = \"AuthUserEntity\",\n  AUTH_USER = \"AuthUser\",\n  SYSTEM_ENTITY = \"SystemEntity\",\n  SYSTEM = \"System\",\n  USER = \"User\",\n  ALL = \"all\",\n}\n\nexport type PermissionActionType = `${EPermissionAction}`;\nexport type Subjects = `${EPermissionSubject}`;\n\n// biome-ignore lint/suspicious/noExplicitAny: trust me\nexport type PermissionClassType = new (...args: any[]) => IPermission;\n\nexport interface IPermission<S extends string = string> {\n  allow: (\n    action: PermissionActionType | PermissionActionType[],\n    subject: (Subjects | S) | (Subjects | S)[],\n    conditions?: MongoQuery<Record<string, unknown>>,\n  ) => IPermission<S>;\n  forbid: (\n    action: PermissionActionType | PermissionActionType[],\n    subject: (Subjects | S) | (Subjects | S)[],\n    conditions?: MongoQuery<Record<string, unknown>>,\n  ) => IPermission<S>;\n  build: () => IPermission<S>;\n  can: (action: PermissionActionType, subject: Subjects | S, field?: string) => boolean;\n  cannot: (action: PermissionActionType, subject: Subjects | S, field?: string) => boolean;\n  setCommonPermissions: (user: IUser) => IPermission<S>;\n}\n"
+    "import type { IUser } from \"@ooneex/user\";\n\nexport enum EPermissionAction {\n  CREATE = \"create\",\n  READ = \"read\",\n  UPDATE = \"update\",\n  DELETE = \"delete\",\n  MANAGE = \"manage\", // Special action that allows everything\n  VIEW = \"view\",\n  EDIT = \"edit\",\n  PUBLISH = \"publish\",\n  ARCHIVE = \"archive\",\n  APPROVE = \"approve\",\n  REJECT = \"reject\",\n  DOWNLOAD = \"download\",\n  UPLOAD = \"upload\",\n  SHARE = \"share\",\n  COPY = \"copy\",\n  MOVE = \"move\",\n  EXPORT = \"export\",\n  IMPORT = \"import\",\n  EXECUTE = \"execute\",\n  ASSIGN = \"assign\",\n  UNASSIGN = \"unassign\",\n  COMMENT = \"comment\",\n  RATE = \"rate\",\n  LIKE = \"like\",\n  DISLIKE = \"dislike\",\n  FOLLOW = \"follow\",\n  UNFOLLOW = \"unfollow\",\n  SUBSCRIBE = \"subscribe\",\n  UNSUBSCRIBE = \"unsubscribe\",\n  INVITE = \"invite\",\n  REVOKE = \"revoke\",\n  GRANT = \"grant\",\n  DENY = \"deny\",\n  BLOCK = \"block\",\n  UNBLOCK = \"unblock\",\n  REPORT = \"report\",\n  MODERATE = \"moderate\",\n  BAN = \"ban\",\n  UNBAN = \"unban\",\n  RESTORE = \"restore\",\n  PURGE = \"purge\",\n  BACKUP = \"backup\",\n  SYNC = \"sync\",\n  CONFIGURE = \"configure\",\n  MONITOR = \"monitor\",\n  AUDIT = \"audit\",\n  SEARCH = \"search\",\n  FILTER = \"filter\",\n  SORT = \"sort\",\n  BOOKMARK = \"bookmark\",\n  TAG = \"tag\",\n  UNTAG = \"untag\",\n  LOCK = \"lock\",\n  UNLOCK = \"unlock\",\n  CLONE = \"clone\",\n  FORK = \"fork\",\n  MERGE = \"merge\",\n  SPLIT = \"split\",\n  VALIDATE = \"validate\",\n  VERIFY = \"verify\",\n  CANCEL = \"cancel\",\n  PAUSE = \"pause\",\n  RESUME = \"resume\",\n  SCHEDULE = \"schedule\",\n  UNSCHEDULE = \"unschedule\",\n  JOIN = \"join\",\n  HIDE = \"hide\",\n}\n\nexport enum EPermissionSubject {\n  USER_ENTITY = \"UserEntity\",\n  AUTH_USER_ENTITY = \"AuthUserEntity\",\n  AUTH_USER = \"AuthUser\",\n  SYSTEM_ENTITY = \"SystemEntity\",\n  SYSTEM = \"System\",\n  USER = \"User\",\n  ALL = \"all\",\n}\n\nexport type PermissionActionType = `${EPermissionAction}`;\nexport type Subjects = `${EPermissionSubject}`;\n\n// biome-ignore lint/suspicious/noExplicitAny: trust me\nexport type PermissionClassType = new (...args: any[]) => IPermission;\n\nexport interface IPermission<S extends string = string> {\n  allow: () => IPermission<S>;\n  forbid: () => IPermission<S>;\n  setUserPermissions: (user: IUser | null) => IPermission<S>;\n  check: () => Promise<boolean>;\n  build: () => IPermission<S>;\n  can: (action: PermissionActionType, subject: Subjects | S, field?: string) => boolean;\n  cannot: (action: PermissionActionType, subject: Subjects | S, field?: string) => boolean;\n}\n"
   ],
-  "mappings": "AAAA,yBAAS,wBAAgB,sBACzB,gBAAS,qBCDT,oBAAS,0BACT,qBAAS,4BAEF,MAAM,UAA4B,CAAU,CACjD,WAAW,CAAC,EAAiB,EAAgC,CAAC,EAAG,CAC/D,MAAM,EAAS,CACb,OAAQ,EAAW,KAAK,oBACxB,MACF,CAAC,EACD,KAAK,KAAO,sBAEhB,CDLO,MAAM,CAAsC,CACzC,QACA,aAAoC,KAE5C,WAAW,EAAG,CACZ,KAAK,QAAU,IAAI,EAAe,CAAkB,EAG/C,KAAK,CACV,EACA,EACA,EACM,CAEN,OADA,KAAK,QAAQ,IAAI,EAAkB,EAAS,CAAU,EAC/C,KAGF,MAAM,CACX,EACA,EACA,EACM,CAEN,OADA,KAAK,QAAQ,OAAO,EAAkB,EAAS,CAAU,EAClD,KAGF,KAAK,EAAS,CAEnB,OADA,KAAK,aAAe,KAAK,QAAQ,MAAM,EAChC,KAGF,GAAG,CAAC,EAA8B,EAAuB,EAAyB,CACvF,GAAI,CAAC,KAAK,aACR,MAAM,IAAI,EAAoB,oDAAoD,EAEpF,OAAO,KAAK,aAAa,IAAI,EAAkB,EAAmB,CAAK,EAGlE,MAAM,CAAC,EAA8B,EAAuB,EAAyB,CAC1F,GAAI,CAAC,KAAK,aACR,MAAM,IAAI,EAAoB,oDAAoD,EAEpF,OAAO,KAAK,aAAa,OAAO,EAAkB,EAAmB,CAAK,EAGrE,oBAAoB,CAAC,EAAmB,CAC7C,IAAQ,SAAU,EAGlB,GAAI,EAAM,SAAS,EAAM,MAAM,GAAK,EAAM,SAAS,EAAM,WAAW,GAAK,EAAM,SAAS,EAAM,KAAK,EAEjG,OADA,KAAK,MAAM,SAAU,KAAK,EACnB,KAIT,QAAW,KAAQ,EAAO,CACxB,GAAI,IAAS,EAAM,MAAQ,IAAS,EAAM,OACxC,KAAK,MAAM,CAAC,OAAQ,QAAQ,EAAG,CAAC,aAAc,iBAAkB,OAAQ,UAAU,EAAG,CAAE,GAAI,EAAK,EAAG,CAAC,EAGtG,GAAI,IAAS,EAAM,WACjB,KAAK,MAAM,OAAQ,CAAC,aAAc,iBAAkB,OAAQ,UAAU,EAAG,CAAE,GAAI,EAAK,EAAG,CAAC,EAG1F,GAAI,IAAS,EAAM,WACjB,KAAK,MAAM,OAAQ,CAAC,OAAQ,UAAU,EAAG,CAAE,GAAI,EAAK,EAAG,CAAC,EAG1D,GAAI,IAAS,EAAM,UACjB,KAAK,MAAM,OAAQ,CAAC,aAAc,iBAAkB,OAAQ,UAAU,EAAG,CAAE,GAAI,EAAK,EAAG,CAAC,EAG1F,GAAI,IAAS,EAAM,MACjB,KAAK,MAAM,OAAQ,CAAC,aAAc,iBAAkB,OAAQ,UAAU,EAAG,CAAE,OAAQ,EAAK,CAAC,EAI7F,OAAO,KAEX,CElFO,IAAK,GAAL,CAAK,IAAL,CACL,SAAS,SACT,OAAO,OACP,SAAS,SACT,SAAS,SACT,SAAS,SACT,OAAO,OACP,OAAO,OACP,UAAU,UACV,UAAU,UACV,UAAU,UACV,SAAS,SACT,WAAW,WACX,SAAS,SACT,QAAQ,QACR,OAAO,OACP,OAAO,OACP,SAAS,SACT,SAAS,SACT,UAAU,UACV,SAAS,SACT,WAAW,WACX,UAAU,UACV,OAAO,OACP,OAAO,OACP,UAAU,UACV,SAAS,SACT,WAAW,WACX,YAAY,YACZ,cAAc,cACd,SAAS,SACT,SAAS,SACT,QAAQ,QACR,OAAO,OACP,QAAQ,QACR,UAAU,UACV,SAAS,SACT,WAAW,WACX,MAAM,MACN,QAAQ,QACR,UAAU,UACV,QAAQ,QACR,SAAS,SACT,OAAO,OACP,YAAY,YACZ,UAAU,UACV,QAAQ,QACR,SAAS,SACT,SAAS,SACT,OAAO,OACP,WAAW,WACX,MAAM,MACN,QAAQ,QACR,OAAO,OACP,SAAS,SACT,QAAQ,QACR,OAAO,OACP,QAAQ,QACR,QAAQ,QACR,WAAW,WACX,SAAS,SACT,SAAS,SACT,QAAQ,QACR,SAAS,SACT,WAAW,WACX,aAAa,aACb,OAAO,OACP,OAAO,SAnEG,QAsEL,IAAK,GAAL,CAAK,IAAL,CACL,cAAc,aACd,mBAAmB,iBACnB,YAAY,WACZ,gBAAgB,eAChB,SAAS,SACT,OAAO,OACP,MAAM,QAPI",
-  "debugId": "E03E2CB5FC80CB9264756E2164756E21",
+  "mappings": ";AAAA,oBAAS,qBAAW,0BAGb,IAAM,EAAY,CACvB,WAAY,CAAC,EAAyB,EAAgB,YAAc,CAClE,MAAO,CAAC,IAAsC,CAC5C,EAAU,IAAI,EAAQ,CAAK,GAGjC,ECTA,yBAAS,wBAAgB,sBCAzB,oBAAS,0BACT,qBAAS,4BAEF,MAAM,UAA4B,CAAU,CACjD,WAAW,CAAC,EAAiB,EAAgC,CAAC,EAAG,CAC/D,MAAM,EAAS,CACb,OAAQ,EAAW,KAAK,oBACxB,MACF,CAAC,EACD,KAAK,KAAO,sBAEhB,CDNO,MAAe,CAAgE,CAC1E,QACF,aAAoC,KAE5C,WAAW,EAAG,CACZ,KAAK,QAAU,IAAI,EAAe,CAAkB,EAW/C,KAAK,EAAS,CAEnB,OADA,KAAK,aAAe,KAAK,QAAQ,MAAM,EAChC,KAGF,GAAG,CAAC,EAA8B,EAAuB,EAAyB,CACvF,GAAI,CAAC,KAAK,aACR,MAAM,IAAI,EAAoB,oDAAoD,EAEpF,OAAO,KAAK,aAAa,IAAI,EAAkB,EAAmB,CAAK,EAGlE,MAAM,CAAC,EAA8B,EAAuB,EAAyB,CAC1F,GAAI,CAAC,KAAK,aACR,MAAM,IAAI,EAAoB,oDAAoD,EAEpF,OAAO,KAAK,aAAa,OAAO,EAAkB,EAAmB,CAAK,EAE9E,CErCO,IAAK,GAAL,CAAK,IAAL,CACL,SAAS,SACT,OAAO,OACP,SAAS,SACT,SAAS,SACT,SAAS,SACT,OAAO,OACP,OAAO,OACP,UAAU,UACV,UAAU,UACV,UAAU,UACV,SAAS,SACT,WAAW,WACX,SAAS,SACT,QAAQ,QACR,OAAO,OACP,OAAO,OACP,SAAS,SACT,SAAS,SACT,UAAU,UACV,SAAS,SACT,WAAW,WACX,UAAU,UACV,OAAO,OACP,OAAO,OACP,UAAU,UACV,SAAS,SACT,WAAW,WACX,YAAY,YACZ,cAAc,cACd,SAAS,SACT,SAAS,SACT,QAAQ,QACR,OAAO,OACP,QAAQ,QACR,UAAU,UACV,SAAS,SACT,WAAW,WACX,MAAM,MACN,QAAQ,QACR,UAAU,UACV,QAAQ,QACR,SAAS,SACT,OAAO,OACP,YAAY,YACZ,UAAU,UACV,QAAQ,QACR,SAAS,SACT,SAAS,SACT,OAAO,OACP,WAAW,WACX,MAAM,MACN,QAAQ,QACR,OAAO,OACP,SAAS,SACT,QAAQ,QACR,OAAO,OACP,QAAQ,QACR,QAAQ,QACR,WAAW,WACX,SAAS,SACT,SAAS,SACT,QAAQ,QACR,SAAS,SACT,WAAW,WACX,aAAa,aACb,OAAO,OACP,OAAO,SAnEG,QAsEL,IAAK,GAAL,CAAK,IAAL,CACL,cAAc,aACd,mBAAmB,iBACnB,YAAY,WACZ,gBAAgB,eAChB,SAAS,SACT,OAAO,OACP,MAAM,QAPI",
+  "debugId": "2AFA4E169117EE2564756E2164756E21",
   "names": []
 }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@ooneex/permission",
-  "description": "",
-  "version": "0.0.1",
+  "description": "Ability-based access control using CASL for fine-grained permission management",
+  "version": "0.0.4",
   "type": "module",
   "files": [
     "dist",
@@ -25,18 +25,25 @@
     "test": "bun test tests",
     "build": "bunup",
     "lint": "tsgo --noEmit && bunx biome lint",
-    "publish:prod": "bun publish --tolerate-republish --access public",
-    "publish:pack": "bun pm pack --destination ./dist",
-    "publish:dry": "bun publish --dry-run"
+    "publish": "bun publish --access public || true"
   },
   "dependencies": {
     "@casl/ability": "^6.7.3",
+    "@ooneex/container": "0.0.2",
     "@ooneex/exception": "0.0.1",
-    "@ooneex/http-status": "0.0.1",
-    "@ooneex/role": "0.0.1"
+    "@ooneex/http-status": "0.0.1"
   },
   "devDependencies": {
     "@ooneex/user": "0.0.1"
   },
-  "peerDependencies": {}
+  "keywords": [
+    "authorization",
+    "bun",
+    "casl",
+    "ooneex",
+    "permission",
+    "permissions",
+    "rbac",
+    "typescript"
+  ]
 }