@ooneex/permission 0.0.18 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -19
- package/dist/index.d.ts +15 -13
- package/dist/index.js +2 -2
- package/dist/index.js.map +4 -4
- package/package.json +6 -6
package/README.md
CHANGED
|
@@ -1,11 +1,9 @@
|
|
|
1
1
|
# @ooneex/permission
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
Fine-grained access control using CASL -- define, evaluate, and enforce ability-based permissions with role and resource scoping.
|
|
4
4
|
|
|
5
5
|
|
|
6
6
|
|
|
7
|
-
|
|
8
|
-
|
|
9
7
|
|
|
10
8
|
|
|
11
9
|
|
|
@@ -29,26 +27,10 @@ A flexible ability-based access control (ABAC) library for TypeScript applicatio
|
|
|
29
27
|
|
|
30
28
|
## Installation
|
|
31
29
|
|
|
32
|
-
### Bun
|
|
33
30
|
```bash
|
|
34
31
|
bun add @ooneex/permission
|
|
35
32
|
```
|
|
36
33
|
|
|
37
|
-
### pnpm
|
|
38
|
-
```bash
|
|
39
|
-
pnpm add @ooneex/permission
|
|
40
|
-
```
|
|
41
|
-
|
|
42
|
-
### Yarn
|
|
43
|
-
```bash
|
|
44
|
-
yarn add @ooneex/permission
|
|
45
|
-
```
|
|
46
|
-
|
|
47
|
-
### npm
|
|
48
|
-
```bash
|
|
49
|
-
npm install @ooneex/permission
|
|
50
|
-
```
|
|
51
|
-
|
|
52
34
|
## Usage
|
|
53
35
|
|
|
54
36
|
### Creating a Permission Class
|
package/dist/index.d.ts
CHANGED
|
@@ -81,30 +81,32 @@ declare enum EPermissionSubject {
|
|
|
81
81
|
type PermissionActionType = `${EPermissionAction}`;
|
|
82
82
|
type Subjects = `${EPermissionSubject}`;
|
|
83
83
|
type PermissionClassType = new (...args: any[]) => IPermission;
|
|
84
|
-
interface IPermission<
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
84
|
+
interface IPermission<
|
|
85
|
+
A extends string = string,
|
|
86
|
+
S extends string = string
|
|
87
|
+
> {
|
|
88
|
+
allow: () => IPermission<A, S>;
|
|
89
|
+
setUserPermissions: (user: IUser | null) => IPermission<A, S>;
|
|
90
|
+
build: () => IPermission<A, S>;
|
|
91
|
+
can: (action: PermissionActionType | A, subject: Subjects | S, field?: string) => boolean;
|
|
92
|
+
cannot: (action: PermissionActionType | A, subject: Subjects | S, field?: string) => boolean;
|
|
92
93
|
}
|
|
93
94
|
declare const decorator: {
|
|
94
95
|
permission: (scope?: EContainerScope) => (target: PermissionClassType) => void;
|
|
95
96
|
};
|
|
96
97
|
import { AbilityBuilder, MongoAbility } from "@casl/ability";
|
|
97
98
|
import { IUser as IUser2 } from "@ooneex/user";
|
|
98
|
-
declare abstract class Permission<
|
|
99
|
+
declare abstract class Permission<
|
|
100
|
+
A extends string = string,
|
|
101
|
+
S extends string = string
|
|
102
|
+
> implements IPermission<A, S> {
|
|
99
103
|
protected ability: AbilityBuilder<MongoAbility>;
|
|
100
104
|
private builtAbility;
|
|
101
105
|
constructor();
|
|
102
|
-
abstract forbid(): this;
|
|
103
106
|
abstract setUserPermissions(user: IUser2 | null): this;
|
|
104
|
-
abstract check(): Promise<boolean>;
|
|
105
107
|
build(): this;
|
|
106
|
-
can(action: PermissionActionType, subject: Subjects | S, field?: string): boolean;
|
|
107
|
-
cannot(action: PermissionActionType, subject: Subjects | S, field?: string): boolean;
|
|
108
|
+
can(action: PermissionActionType | A, subject: Subjects | S, field?: string): boolean;
|
|
109
|
+
cannot(action: PermissionActionType | A, subject: Subjects | S, field?: string): boolean;
|
|
108
110
|
}
|
|
109
111
|
import { Exception } from "@ooneex/exception";
|
|
110
112
|
declare class PermissionException extends Exception {
|
package/dist/index.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
1
|
// @bun
|
|
2
|
-
import{container as r,EContainerScope as
|
|
2
|
+
import{container as r,EContainerScope as g}from"@ooneex/container";var f={permission:(t=g.Singleton)=>{return(p)=>{r.add(p,t)}}};import{AbilityBuilder as x,createMongoAbility as e}from"@casl/ability";import{Exception as h}from"@ooneex/exception";import{HttpStatus as d}from"@ooneex/http-status";class b extends h{constructor(t,p={}){super(t,{status:d.Code.InternalServerError,data:p});this.name="PermissionException"}}class y{ability;builtAbility=null;constructor(){this.ability=new x(e)}build(){return this.builtAbility=this.ability.build(),this}can(t,p,u){if(!this.builtAbility)throw new b("Permission must be built before checking abilities");return this.builtAbility.can(t,p,u)}cannot(t,p,u){if(!this.builtAbility)throw new b("Permission must be built before checking abilities");return this.builtAbility.cannot(t,p,u)}}var w;((l)=>{l.CREATE="create";l.READ="read";l.UPDATE="update";l.DELETE="delete";l.MANAGE="manage";l.VIEW="view";l.EDIT="edit";l.PUBLISH="publish";l.ARCHIVE="archive";l.APPROVE="approve";l.REJECT="reject";l.DOWNLOAD="download";l.UPLOAD="upload";l.SHARE="share";l.COPY="copy";l.MOVE="move";l.EXPORT="export";l.IMPORT="import";l.EXECUTE="execute";l.ASSIGN="assign";l.UNASSIGN="unassign";l.COMMENT="comment";l.RATE="rate";l.LIKE="like";l.DISLIKE="dislike";l.FOLLOW="follow";l.UNFOLLOW="unfollow";l.SUBSCRIBE="subscribe";l.UNSUBSCRIBE="unsubscribe";l.INVITE="invite";l.REVOKE="revoke";l.GRANT="grant";l.DENY="deny";l.BLOCK="block";l.UNBLOCK="unblock";l.REPORT="report";l.MODERATE="moderate";l.BAN="ban";l.UNBAN="unban";l.RESTORE="restore";l.PURGE="purge";l.BACKUP="backup";l.SYNC="sync";l.CONFIGURE="configure";l.MONITOR="monitor";l.AUDIT="audit";l.SEARCH="search";l.FILTER="filter";l.SORT="sort";l.BOOKMARK="bookmark";l.TAG="tag";l.UNTAG="untag";l.LOCK="lock";l.UNLOCK="unlock";l.CLONE="clone";l.FORK="fork";l.MERGE="merge";l.SPLIT="split";l.VALIDATE="validate";l.VERIFY="verify";l.CANCEL="cancel";l.PAUSE="pause";l.RESUME="resume";l.SCHEDULE="schedule";l.UNSCHEDULE="unschedule";l.JOIN="join";l.HIDE="hide"})(w||={});var C;((a)=>{a.USER_ENTITY="UserEntity";a.AUTH_USER_ENTITY="AuthUserEntity";a.AUTH_USER="AuthUser";a.SYSTEM_ENTITY="SystemEntity";a.SYSTEM="System";a.USER="User";a.ALL="all"})(C||={});export{f as decorator,b as PermissionException,y as Permission,C as EPermissionSubject,w as EPermissionAction};
|
|
3
3
|
|
|
4
|
-
//# debugId=
|
|
4
|
+
//# debugId=A85316E63625015764756E2164756E21
|
package/dist/index.js.map
CHANGED
|
@@ -3,11 +3,11 @@
|
|
|
3
3
|
"sources": ["src/decorators.ts", "src/Permission.ts", "src/PermissionException.ts", "src/types.ts"],
|
|
4
4
|
"sourcesContent": [
|
|
5
5
|
"import { container, EContainerScope } from \"@ooneex/container\";\nimport type { PermissionClassType } from \"./types\";\n\nexport const decorator = {\n permission: (scope: EContainerScope = EContainerScope.Singleton) => {\n return (target: PermissionClassType): void => {\n container.add(target, scope);\n };\n },\n};\n",
|
|
6
|
-
"import { AbilityBuilder, createMongoAbility, type MongoAbility } from \"@casl/ability\";\nimport type { IUser } from \"@ooneex/user\";\nimport { PermissionException } from \"./PermissionException\";\nimport type { IPermission, PermissionActionType, Subjects } from \"./types\";\n\nexport abstract class Permission<S extends string = string> implements IPermission<S> {\n protected ability: AbilityBuilder<MongoAbility>;\n private builtAbility: MongoAbility | null = null;\n\n constructor() {\n this.ability = new AbilityBuilder(createMongoAbility);\n }\n\n public abstract allow(): this;\n
|
|
6
|
+
"import { AbilityBuilder, createMongoAbility, type MongoAbility } from \"@casl/ability\";\nimport type { IUser } from \"@ooneex/user\";\nimport { PermissionException } from \"./PermissionException\";\nimport type { IPermission, PermissionActionType, Subjects } from \"./types\";\n\nexport abstract class Permission<A extends string = string, S extends string = string> implements IPermission<A, S> {\n protected ability: AbilityBuilder<MongoAbility>;\n private builtAbility: MongoAbility | null = null;\n\n constructor() {\n this.ability = new AbilityBuilder(createMongoAbility);\n }\n\n public abstract allow(): this;\n public abstract setUserPermissions(user: IUser | null): this;\n\n public build(): this {\n this.builtAbility = this.ability.build();\n return this;\n }\n\n public can(action: PermissionActionType | A, subject: Subjects | S, field?: string): boolean {\n if (!this.builtAbility) {\n throw new PermissionException(\"Permission must be built before checking abilities\");\n }\n return this.builtAbility.can(action as string, subject as string, field);\n }\n\n public cannot(action: PermissionActionType | A, subject: Subjects | S, field?: string): boolean {\n if (!this.builtAbility) {\n throw new PermissionException(\"Permission must be built before checking abilities\");\n }\n return this.builtAbility.cannot(action as string, subject as string, field);\n }\n}\n",
|
|
7
7
|
"import { Exception } from \"@ooneex/exception\";\nimport { HttpStatus } from \"@ooneex/http-status\";\n\nexport class PermissionException extends Exception {\n constructor(message: string, data: Record<string, unknown> = {}) {\n super(message, {\n status: HttpStatus.Code.InternalServerError,\n data,\n });\n this.name = \"PermissionException\";\n }\n}\n",
|
|
8
|
-
"import type { IUser } from \"@ooneex/user\";\n\nexport enum EPermissionAction {\n CREATE = \"create\",\n READ = \"read\",\n UPDATE = \"update\",\n DELETE = \"delete\",\n MANAGE = \"manage\", // Special action that allows everything\n VIEW = \"view\",\n EDIT = \"edit\",\n PUBLISH = \"publish\",\n ARCHIVE = \"archive\",\n APPROVE = \"approve\",\n REJECT = \"reject\",\n DOWNLOAD = \"download\",\n UPLOAD = \"upload\",\n SHARE = \"share\",\n COPY = \"copy\",\n MOVE = \"move\",\n EXPORT = \"export\",\n IMPORT = \"import\",\n EXECUTE = \"execute\",\n ASSIGN = \"assign\",\n UNASSIGN = \"unassign\",\n COMMENT = \"comment\",\n RATE = \"rate\",\n LIKE = \"like\",\n DISLIKE = \"dislike\",\n FOLLOW = \"follow\",\n UNFOLLOW = \"unfollow\",\n SUBSCRIBE = \"subscribe\",\n UNSUBSCRIBE = \"unsubscribe\",\n INVITE = \"invite\",\n REVOKE = \"revoke\",\n GRANT = \"grant\",\n DENY = \"deny\",\n BLOCK = \"block\",\n UNBLOCK = \"unblock\",\n REPORT = \"report\",\n MODERATE = \"moderate\",\n BAN = \"ban\",\n UNBAN = \"unban\",\n RESTORE = \"restore\",\n PURGE = \"purge\",\n BACKUP = \"backup\",\n SYNC = \"sync\",\n CONFIGURE = \"configure\",\n MONITOR = \"monitor\",\n AUDIT = \"audit\",\n SEARCH = \"search\",\n FILTER = \"filter\",\n SORT = \"sort\",\n BOOKMARK = \"bookmark\",\n TAG = \"tag\",\n UNTAG = \"untag\",\n LOCK = \"lock\",\n UNLOCK = \"unlock\",\n CLONE = \"clone\",\n FORK = \"fork\",\n MERGE = \"merge\",\n SPLIT = \"split\",\n VALIDATE = \"validate\",\n VERIFY = \"verify\",\n CANCEL = \"cancel\",\n PAUSE = \"pause\",\n RESUME = \"resume\",\n SCHEDULE = \"schedule\",\n UNSCHEDULE = \"unschedule\",\n JOIN = \"join\",\n HIDE = \"hide\",\n}\n\nexport enum EPermissionSubject {\n USER_ENTITY = \"UserEntity\",\n AUTH_USER_ENTITY = \"AuthUserEntity\",\n AUTH_USER = \"AuthUser\",\n SYSTEM_ENTITY = \"SystemEntity\",\n SYSTEM = \"System\",\n USER = \"User\",\n ALL = \"all\",\n}\n\nexport type PermissionActionType = `${EPermissionAction}`;\nexport type Subjects = `${EPermissionSubject}`;\n\n// biome-ignore lint/suspicious/noExplicitAny: trust me\nexport type PermissionClassType = new (...args: any[]) => IPermission;\n\nexport interface IPermission<S extends string = string> {\n allow: () => IPermission<
|
|
8
|
+
"import type { IUser } from \"@ooneex/user\";\n\nexport enum EPermissionAction {\n CREATE = \"create\",\n READ = \"read\",\n UPDATE = \"update\",\n DELETE = \"delete\",\n MANAGE = \"manage\", // Special action that allows everything\n VIEW = \"view\",\n EDIT = \"edit\",\n PUBLISH = \"publish\",\n ARCHIVE = \"archive\",\n APPROVE = \"approve\",\n REJECT = \"reject\",\n DOWNLOAD = \"download\",\n UPLOAD = \"upload\",\n SHARE = \"share\",\n COPY = \"copy\",\n MOVE = \"move\",\n EXPORT = \"export\",\n IMPORT = \"import\",\n EXECUTE = \"execute\",\n ASSIGN = \"assign\",\n UNASSIGN = \"unassign\",\n COMMENT = \"comment\",\n RATE = \"rate\",\n LIKE = \"like\",\n DISLIKE = \"dislike\",\n FOLLOW = \"follow\",\n UNFOLLOW = \"unfollow\",\n SUBSCRIBE = \"subscribe\",\n UNSUBSCRIBE = \"unsubscribe\",\n INVITE = \"invite\",\n REVOKE = \"revoke\",\n GRANT = \"grant\",\n DENY = \"deny\",\n BLOCK = \"block\",\n UNBLOCK = \"unblock\",\n REPORT = \"report\",\n MODERATE = \"moderate\",\n BAN = \"ban\",\n UNBAN = \"unban\",\n RESTORE = \"restore\",\n PURGE = \"purge\",\n BACKUP = \"backup\",\n SYNC = \"sync\",\n CONFIGURE = \"configure\",\n MONITOR = \"monitor\",\n AUDIT = \"audit\",\n SEARCH = \"search\",\n FILTER = \"filter\",\n SORT = \"sort\",\n BOOKMARK = \"bookmark\",\n TAG = \"tag\",\n UNTAG = \"untag\",\n LOCK = \"lock\",\n UNLOCK = \"unlock\",\n CLONE = \"clone\",\n FORK = \"fork\",\n MERGE = \"merge\",\n SPLIT = \"split\",\n VALIDATE = \"validate\",\n VERIFY = \"verify\",\n CANCEL = \"cancel\",\n PAUSE = \"pause\",\n RESUME = \"resume\",\n SCHEDULE = \"schedule\",\n UNSCHEDULE = \"unschedule\",\n JOIN = \"join\",\n HIDE = \"hide\",\n}\n\nexport enum EPermissionSubject {\n USER_ENTITY = \"UserEntity\",\n AUTH_USER_ENTITY = \"AuthUserEntity\",\n AUTH_USER = \"AuthUser\",\n SYSTEM_ENTITY = \"SystemEntity\",\n SYSTEM = \"System\",\n USER = \"User\",\n ALL = \"all\",\n}\n\nexport type PermissionActionType = `${EPermissionAction}`;\nexport type Subjects = `${EPermissionSubject}`;\n\n// biome-ignore lint/suspicious/noExplicitAny: trust me\nexport type PermissionClassType = new (...args: any[]) => IPermission;\n\nexport interface IPermission<A extends string = string, S extends string = string> {\n allow: () => IPermission<A, S>;\n setUserPermissions: (user: IUser | null) => IPermission<A, S>;\n build: () => IPermission<A, S>;\n can: (action: PermissionActionType | A, subject: Subjects | S, field?: string) => boolean;\n cannot: (action: PermissionActionType | A, subject: Subjects | S, field?: string) => boolean;\n}\n"
|
|
9
9
|
],
|
|
10
|
-
"mappings": ";AAAA,oBAAS,qBAAW,0BAGb,IAAM,EAAY,CACvB,WAAY,CAAC,EAAyB,EAAgB,YAAc,CAClE,MAAO,CAAC,IAAsC,CAC5C,EAAU,IAAI,EAAQ,CAAK,GAGjC,ECTA,yBAAS,wBAAgB,sBCAzB,oBAAS,0BACT,qBAAS,4BAEF,MAAM,UAA4B,CAAU,CACjD,WAAW,CAAC,EAAiB,EAAgC,CAAC,EAAG,CAC/D,MAAM,EAAS,CACb,OAAQ,EAAW,KAAK,oBACxB,MACF,CAAC,EACD,KAAK,KAAO,sBAEhB,CDNO,MAAe,
|
|
11
|
-
"debugId": "
|
|
10
|
+
"mappings": ";AAAA,oBAAS,qBAAW,0BAGb,IAAM,EAAY,CACvB,WAAY,CAAC,EAAyB,EAAgB,YAAc,CAClE,MAAO,CAAC,IAAsC,CAC5C,EAAU,IAAI,EAAQ,CAAK,GAGjC,ECTA,yBAAS,wBAAgB,sBCAzB,oBAAS,0BACT,qBAAS,4BAEF,MAAM,UAA4B,CAAU,CACjD,WAAW,CAAC,EAAiB,EAAgC,CAAC,EAAG,CAC/D,MAAM,EAAS,CACb,OAAQ,EAAW,KAAK,oBACxB,MACF,CAAC,EACD,KAAK,KAAO,sBAEhB,CDNO,MAAe,CAA8F,CACxG,QACF,aAAoC,KAE5C,WAAW,EAAG,CACZ,KAAK,QAAU,IAAI,EAAe,CAAkB,EAM/C,KAAK,EAAS,CAEnB,OADA,KAAK,aAAe,KAAK,QAAQ,MAAM,EAChC,KAGF,GAAG,CAAC,EAAkC,EAAuB,EAAyB,CAC3F,GAAI,CAAC,KAAK,aACR,MAAM,IAAI,EAAoB,oDAAoD,EAEpF,OAAO,KAAK,aAAa,IAAI,EAAkB,EAAmB,CAAK,EAGlE,MAAM,CAAC,EAAkC,EAAuB,EAAyB,CAC9F,GAAI,CAAC,KAAK,aACR,MAAM,IAAI,EAAoB,oDAAoD,EAEpF,OAAO,KAAK,aAAa,OAAO,EAAkB,EAAmB,CAAK,EAE9E,CEhCO,IAAK,GAAL,CAAK,IAAL,CACL,SAAS,SACT,OAAO,OACP,SAAS,SACT,SAAS,SACT,SAAS,SACT,OAAO,OACP,OAAO,OACP,UAAU,UACV,UAAU,UACV,UAAU,UACV,SAAS,SACT,WAAW,WACX,SAAS,SACT,QAAQ,QACR,OAAO,OACP,OAAO,OACP,SAAS,SACT,SAAS,SACT,UAAU,UACV,SAAS,SACT,WAAW,WACX,UAAU,UACV,OAAO,OACP,OAAO,OACP,UAAU,UACV,SAAS,SACT,WAAW,WACX,YAAY,YACZ,cAAc,cACd,SAAS,SACT,SAAS,SACT,QAAQ,QACR,OAAO,OACP,QAAQ,QACR,UAAU,UACV,SAAS,SACT,WAAW,WACX,MAAM,MACN,QAAQ,QACR,UAAU,UACV,QAAQ,QACR,SAAS,SACT,OAAO,OACP,YAAY,YACZ,UAAU,UACV,QAAQ,QACR,SAAS,SACT,SAAS,SACT,OAAO,OACP,WAAW,WACX,MAAM,MACN,QAAQ,QACR,OAAO,OACP,SAAS,SACT,QAAQ,QACR,OAAO,OACP,QAAQ,QACR,QAAQ,QACR,WAAW,WACX,SAAS,SACT,SAAS,SACT,QAAQ,QACR,SAAS,SACT,WAAW,WACX,aAAa,aACb,OAAO,OACP,OAAO,SAnEG,QAsEL,IAAK,GAAL,CAAK,IAAL,CACL,cAAc,aACd,mBAAmB,iBACnB,YAAY,WACZ,gBAAgB,eAChB,SAAS,SACT,OAAO,OACP,MAAM,QAPI",
|
|
11
|
+
"debugId": "A85316E63625015764756E2164756E21",
|
|
12
12
|
"names": []
|
|
13
13
|
}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@ooneex/permission",
|
|
3
|
-
"description": "
|
|
4
|
-
"version": "0.0
|
|
3
|
+
"description": "Fine-grained access control using CASL — define, evaluate, and enforce ability-based permissions with role and resource scoping",
|
|
4
|
+
"version": "1.0.0",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"files": [
|
|
7
7
|
"dist",
|
|
@@ -29,12 +29,12 @@
|
|
|
29
29
|
},
|
|
30
30
|
"dependencies": {
|
|
31
31
|
"@casl/ability": "^6.7.3",
|
|
32
|
-
"@ooneex/container": "0.0.
|
|
33
|
-
"@ooneex/exception": "0.0.
|
|
34
|
-
"@ooneex/http-status": "0.0.
|
|
32
|
+
"@ooneex/container": "0.0.19",
|
|
33
|
+
"@ooneex/exception": "0.0.18",
|
|
34
|
+
"@ooneex/http-status": "0.0.18"
|
|
35
35
|
},
|
|
36
36
|
"devDependencies": {
|
|
37
|
-
"@ooneex/user": "0.0.
|
|
37
|
+
"@ooneex/user": "0.0.19"
|
|
38
38
|
},
|
|
39
39
|
"keywords": [
|
|
40
40
|
"authorization",
|