@ooneex/permission 1.1.15 → 1.2.1

package/README.md

@@ -503,18 +503,18 @@ class AdminPermission extends Permission {
 
     // Set permissions based on role
     switch (user.role) {
-      case ERole.SUPER_ADMIN:
+      case 'ROLE_SUPER_ADMIN':
         this.ability.can(EPermissionAction.MANAGE, 'all');
         break;
       
-      case ERole.ADMIN:
+      case 'ROLE_ADMIN':
         this.ability.can(EPermissionAction.CREATE, 'User');
         this.ability.can(EPermissionAction.READ, 'User');
         this.ability.can(EPermissionAction.UPDATE, 'User');
         this.ability.cannot(EPermissionAction.DELETE, 'User');
         break;
       
-      case ERole.MODERATOR:
+      case 'ROLE_MODERATOR':
         this.ability.can(EPermissionAction.READ, 'User');
         this.ability.can(EPermissionAction.MODERATE, 'User');
         this.ability.can(EPermissionAction.BAN, 'User');

package/dist/index.d.ts

@@ -11,7 +11,6 @@ import { ILogger, LogsEntity } from "@ooneex/logger";
 import { IMailer } from "@ooneex/mailer";
 import { IPermission } from "@ooneex/permission";
 import { IRateLimiter } from "@ooneex/rate-limit";
-import { ERole } from "@ooneex/role";
 import { IStorage } from "@ooneex/storage";
 import { LocaleInfoType } from "@ooneex/translation";
 import { HttpMethodType, ScalarType } from "@ooneex/types";
@@ -34,7 +33,7 @@ type ContextType<T extends ContextConfigType = ContextConfigType> = {
 		method: HttpMethodType;
 		version: number;
 		description: string;
-		roles?: ERole[];
+		roles?: Uppercase<string>[];
 	} | null;
 	env: IAppEnv;
 	response: IResponse<T["response"]>;
@@ -136,12 +135,12 @@ interface IPermission2<
 	A extends string = string,
 	S extends string = string
 > {
-	allow: () => IPermission2<A, S>;
-	setUserPermissions: (context: ContextType) => IPermission2<A, S>;
-	build: () => IPermission2<A, S>;
-	check: (context: ContextType) => boolean;
-	can: (action: PermissionActionType | A, subject: Subjects | S, field?: string) => boolean;
-	cannot: (action: PermissionActionType | A, subject: Subjects | S, field?: string) => boolean;
+	allow: () => Promise<IPermission2<A, S>> | IPermission2<A, S>;
+	setUserPermissions: (context: ContextType) => Promise<IPermission2<A, S>> | IPermission2<A, S>;
+	build: () => Promise<IPermission2<A, S>> | IPermission2<A, S>;
+	check: (context: ContextType) => Promise<boolean> | boolean;
+	can: (action: PermissionActionType | A, subject: Subjects | S, field?: string) => Promise<boolean> | boolean;
+	cannot: (action: PermissionActionType | A, subject: Subjects | S, field?: string) => Promise<boolean> | boolean;
 }
 declare const decorator: {
 	permission: (scope?: EContainerScope) => (target: PermissionClassType) => void;
@@ -155,7 +154,7 @@ declare abstract class Permission<
 	private builtAbility;
 	constructor();
 	abstract setUserPermissions(context: ContextType): this;
-	abstract check(context: ContextType): boolean;
+	abstract check(context: ContextType): Promise<boolean> | boolean;
 	build(): this;
 	can(action: PermissionActionType | A, subject: Subjects | S, field?: string): boolean;
 	cannot(action: PermissionActionType | A, subject: Subjects | S, field?: string): boolean;

package/dist/index.js.map

@@ -3,9 +3,9 @@
   "sources": ["src/decorators.ts", "src/Permission.ts", "src/PermissionException.ts", "src/types.ts"],
   "sourcesContent": [
     "import { container, EContainerScope } from \"@ooneex/container\";\nimport type { PermissionClassType } from \"./types\";\n\nexport const decorator = {\n  permission: (scope: EContainerScope = EContainerScope.Singleton) => {\n    return (target: PermissionClassType): void => {\n      container.add(target, scope);\n    };\n  },\n};\n",
-    "import { AbilityBuilder, createMongoAbility, type MongoAbility } from \"@casl/ability\";\nimport type { ContextType } from \"../../controller/src/types\";\nimport { PermissionException } from \"./PermissionException\";\nimport type { IPermission, PermissionActionType, Subjects } from \"./types\";\n\nexport abstract class Permission<A extends string = string, S extends string = string> implements IPermission<A, S> {\n  protected ability: AbilityBuilder<MongoAbility>;\n  private builtAbility: MongoAbility | null = null;\n\n  constructor() {\n    this.ability = new AbilityBuilder(createMongoAbility);\n  }\n\n  public abstract allow(): this;\n  public abstract setUserPermissions(context: ContextType): this;\n  public abstract check(context: ContextType): boolean;\n\n  public build(): this {\n    this.builtAbility = this.ability.build();\n    return this;\n  }\n\n  public can(action: PermissionActionType | A, subject: Subjects | S, field?: string): boolean {\n    if (!this.builtAbility) {\n      throw new PermissionException(\"Permission must be built before checking abilities\", \"NOT_BUILT\");\n    }\n    return this.builtAbility.can(action as string, subject as string, field);\n  }\n\n  public cannot(action: PermissionActionType | A, subject: Subjects | S, field?: string): boolean {\n    if (!this.builtAbility) {\n      throw new PermissionException(\"Permission must be built before checking abilities\", \"NOT_BUILT\");\n    }\n    return this.builtAbility.cannot(action as string, subject as string, field);\n  }\n}\n",
+    "import { AbilityBuilder, createMongoAbility, type MongoAbility } from \"@casl/ability\";\nimport type { ContextType } from \"../../controller/src/types\";\nimport { PermissionException } from \"./PermissionException\";\nimport type { IPermission, PermissionActionType, Subjects } from \"./types\";\n\nexport abstract class Permission<A extends string = string, S extends string = string> implements IPermission<A, S> {\n  protected ability: AbilityBuilder<MongoAbility>;\n  private builtAbility: MongoAbility | null = null;\n\n  constructor() {\n    this.ability = new AbilityBuilder(createMongoAbility);\n  }\n\n  public abstract allow(): this;\n  public abstract setUserPermissions(context: ContextType): this;\n  public abstract check(context: ContextType): Promise<boolean> | boolean;\n\n  public build(): this {\n    this.builtAbility = this.ability.build();\n    return this;\n  }\n\n  public can(action: PermissionActionType | A, subject: Subjects | S, field?: string): boolean {\n    if (!this.builtAbility) {\n      throw new PermissionException(\"Permission must be built before checking abilities\", \"NOT_BUILT\");\n    }\n    return this.builtAbility.can(action as string, subject as string, field);\n  }\n\n  public cannot(action: PermissionActionType | A, subject: Subjects | S, field?: string): boolean {\n    if (!this.builtAbility) {\n      throw new PermissionException(\"Permission must be built before checking abilities\", \"NOT_BUILT\");\n    }\n    return this.builtAbility.cannot(action as string, subject as string, field);\n  }\n}\n",
     "import { Exception } from \"@ooneex/exception\";\nimport { HttpStatus } from \"@ooneex/http-status\";\n\nexport class PermissionException extends Exception {\n  constructor(message: string, key: string, data: Record<string, unknown> = {}) {\n    super(message, {\n      key,\n      status: HttpStatus.Code.InternalServerError,\n      data,\n    });\n    this.name = \"PermissionException\";\n  }\n}\n",
-    "import type { ContextType } from \"../../controller/src/types\";\n\nexport enum EPermissionAction {\n  CREATE = \"create\",\n  READ = \"read\",\n  UPDATE = \"update\",\n  DELETE = \"delete\",\n  MANAGE = \"manage\", // Special action that allows everything\n  VIEW = \"view\",\n  EDIT = \"edit\",\n  PUBLISH = \"publish\",\n  ARCHIVE = \"archive\",\n  APPROVE = \"approve\",\n  REJECT = \"reject\",\n  DOWNLOAD = \"download\",\n  UPLOAD = \"upload\",\n  SHARE = \"share\",\n  COPY = \"copy\",\n  MOVE = \"move\",\n  EXPORT = \"export\",\n  IMPORT = \"import\",\n  EXECUTE = \"execute\",\n  ASSIGN = \"assign\",\n  UNASSIGN = \"unassign\",\n  COMMENT = \"comment\",\n  RATE = \"rate\",\n  LIKE = \"like\",\n  DISLIKE = \"dislike\",\n  FOLLOW = \"follow\",\n  UNFOLLOW = \"unfollow\",\n  SUBSCRIBE = \"subscribe\",\n  UNSUBSCRIBE = \"unsubscribe\",\n  INVITE = \"invite\",\n  REVOKE = \"revoke\",\n  GRANT = \"grant\",\n  DENY = \"deny\",\n  BLOCK = \"block\",\n  UNBLOCK = \"unblock\",\n  REPORT = \"report\",\n  MODERATE = \"moderate\",\n  BAN = \"ban\",\n  UNBAN = \"unban\",\n  RESTORE = \"restore\",\n  PURGE = \"purge\",\n  BACKUP = \"backup\",\n  SYNC = \"sync\",\n  CONFIGURE = \"configure\",\n  MONITOR = \"monitor\",\n  AUDIT = \"audit\",\n  SEARCH = \"search\",\n  FILTER = \"filter\",\n  SORT = \"sort\",\n  BOOKMARK = \"bookmark\",\n  TAG = \"tag\",\n  UNTAG = \"untag\",\n  LOCK = \"lock\",\n  UNLOCK = \"unlock\",\n  CLONE = \"clone\",\n  FORK = \"fork\",\n  MERGE = \"merge\",\n  SPLIT = \"split\",\n  VALIDATE = \"validate\",\n  VERIFY = \"verify\",\n  CANCEL = \"cancel\",\n  PAUSE = \"pause\",\n  RESUME = \"resume\",\n  SCHEDULE = \"schedule\",\n  UNSCHEDULE = \"unschedule\",\n  JOIN = \"join\",\n  HIDE = \"hide\",\n}\n\nexport enum EPermissionSubject {\n  USER_ENTITY = \"UserEntity\",\n  AUTH_USER_ENTITY = \"AuthUserEntity\",\n  AUTH_USER = \"AuthUser\",\n  SYSTEM_ENTITY = \"SystemEntity\",\n  SYSTEM = \"System\",\n  USER = \"User\",\n  ALL = \"all\",\n}\n\nexport type PermissionActionType = `${EPermissionAction}`;\nexport type Subjects = `${EPermissionSubject}`;\n\n// biome-ignore lint/suspicious/noExplicitAny: trust me\nexport type PermissionClassType = new (...args: any[]) => IPermission;\n\nexport interface IPermission<A extends string = string, S extends string = string> {\n  allow: () => IPermission<A, S>;\n  setUserPermissions: (context: ContextType) => IPermission<A, S>;\n  build: () => IPermission<A, S>;\n  check: (context: ContextType) => boolean;\n  can: (action: PermissionActionType | A, subject: Subjects | S, field?: string) => boolean;\n  cannot: (action: PermissionActionType | A, subject: Subjects | S, field?: string) => boolean;\n}\n"
+    "import type { ContextType } from \"../../controller/src/types\";\n\nexport enum EPermissionAction {\n  CREATE = \"create\",\n  READ = \"read\",\n  UPDATE = \"update\",\n  DELETE = \"delete\",\n  MANAGE = \"manage\", // Special action that allows everything\n  VIEW = \"view\",\n  EDIT = \"edit\",\n  PUBLISH = \"publish\",\n  ARCHIVE = \"archive\",\n  APPROVE = \"approve\",\n  REJECT = \"reject\",\n  DOWNLOAD = \"download\",\n  UPLOAD = \"upload\",\n  SHARE = \"share\",\n  COPY = \"copy\",\n  MOVE = \"move\",\n  EXPORT = \"export\",\n  IMPORT = \"import\",\n  EXECUTE = \"execute\",\n  ASSIGN = \"assign\",\n  UNASSIGN = \"unassign\",\n  COMMENT = \"comment\",\n  RATE = \"rate\",\n  LIKE = \"like\",\n  DISLIKE = \"dislike\",\n  FOLLOW = \"follow\",\n  UNFOLLOW = \"unfollow\",\n  SUBSCRIBE = \"subscribe\",\n  UNSUBSCRIBE = \"unsubscribe\",\n  INVITE = \"invite\",\n  REVOKE = \"revoke\",\n  GRANT = \"grant\",\n  DENY = \"deny\",\n  BLOCK = \"block\",\n  UNBLOCK = \"unblock\",\n  REPORT = \"report\",\n  MODERATE = \"moderate\",\n  BAN = \"ban\",\n  UNBAN = \"unban\",\n  RESTORE = \"restore\",\n  PURGE = \"purge\",\n  BACKUP = \"backup\",\n  SYNC = \"sync\",\n  CONFIGURE = \"configure\",\n  MONITOR = \"monitor\",\n  AUDIT = \"audit\",\n  SEARCH = \"search\",\n  FILTER = \"filter\",\n  SORT = \"sort\",\n  BOOKMARK = \"bookmark\",\n  TAG = \"tag\",\n  UNTAG = \"untag\",\n  LOCK = \"lock\",\n  UNLOCK = \"unlock\",\n  CLONE = \"clone\",\n  FORK = \"fork\",\n  MERGE = \"merge\",\n  SPLIT = \"split\",\n  VALIDATE = \"validate\",\n  VERIFY = \"verify\",\n  CANCEL = \"cancel\",\n  PAUSE = \"pause\",\n  RESUME = \"resume\",\n  SCHEDULE = \"schedule\",\n  UNSCHEDULE = \"unschedule\",\n  JOIN = \"join\",\n  HIDE = \"hide\",\n}\n\nexport enum EPermissionSubject {\n  USER_ENTITY = \"UserEntity\",\n  AUTH_USER_ENTITY = \"AuthUserEntity\",\n  AUTH_USER = \"AuthUser\",\n  SYSTEM_ENTITY = \"SystemEntity\",\n  SYSTEM = \"System\",\n  USER = \"User\",\n  ALL = \"all\",\n}\n\nexport type PermissionActionType = `${EPermissionAction}`;\nexport type Subjects = `${EPermissionSubject}`;\n\n// biome-ignore lint/suspicious/noExplicitAny: trust me\nexport type PermissionClassType = new (...args: any[]) => IPermission;\n\nexport interface IPermission<A extends string = string, S extends string = string> {\n  allow: () => Promise<IPermission<A, S>> | IPermission<A, S>;\n  setUserPermissions: (context: ContextType) => Promise<IPermission<A, S>> | IPermission<A, S>;\n  build: () => Promise<IPermission<A, S>> | IPermission<A, S>;\n  check: (context: ContextType) => Promise<boolean> | boolean;\n  can: (action: PermissionActionType | A, subject: Subjects | S, field?: string) => Promise<boolean> | boolean;\n  cannot: (action: PermissionActionType | A, subject: Subjects | S, field?: string) => Promise<boolean> | boolean;\n}\n"
   ],
   "mappings": ";;AAAA;AAGO,IAAM,YAAY;AAAA,EACvB,YAAY,CAAC,QAAyB,gBAAgB,cAAc;AAAA,IAClE,OAAO,CAAC,WAAsC;AAAA,MAC5C,UAAU,IAAI,QAAQ,KAAK;AAAA;AAAA;AAGjC;;ACTA;;;ACAA;AACA;AAAA;AAEO,MAAM,4BAA4B,UAAU;AAAA,EACjD,WAAW,CAAC,SAAiB,KAAa,OAAgC,CAAC,GAAG;AAAA,IAC5E,MAAM,SAAS;AAAA,MACb;AAAA,MACA,QAAQ,WAAW,KAAK;AAAA,MACxB;AAAA,IACF,CAAC;AAAA,IACD,KAAK,OAAO;AAAA;AAEhB;;;ADPO,MAAe,WAA8F;AAAA,EACxG;AAAA,EACF,eAAoC;AAAA,EAE5C,WAAW,GAAG;AAAA,IACZ,KAAK,UAAU,IAAI,eAAe,kBAAkB;AAAA;AAAA,EAO/C,KAAK,GAAS;AAAA,IACnB,KAAK,eAAe,KAAK,QAAQ,MAAM;AAAA,IACvC,OAAO;AAAA;AAAA,EAGF,GAAG,CAAC,QAAkC,SAAuB,OAAyB;AAAA,IAC3F,IAAI,CAAC,KAAK,cAAc;AAAA,MACtB,MAAM,IAAI,oBAAoB,sDAAsD,WAAW;AAAA,IACjG;AAAA,IACA,OAAO,KAAK,aAAa,IAAI,QAAkB,SAAmB,KAAK;AAAA;AAAA,EAGlE,MAAM,CAAC,QAAkC,SAAuB,OAAyB;AAAA,IAC9F,IAAI,CAAC,KAAK,cAAc;AAAA,MACtB,MAAM,IAAI,oBAAoB,sDAAsD,WAAW;AAAA,IACjG;AAAA,IACA,OAAO,KAAK,aAAa,OAAO,QAAkB,SAAmB,KAAK;AAAA;AAE9E;;AEjCO,IAAK;AAAA,CAAL,CAAK,uBAAL;AAAA,EACL,+BAAS;AAAA,EACT,6BAAO;AAAA,EACP,+BAAS;AAAA,EACT,+BAAS;AAAA,EACT,+BAAS;AAAA,EACT,6BAAO;AAAA,EACP,6BAAO;AAAA,EACP,gCAAU;AAAA,EACV,gCAAU;AAAA,EACV,gCAAU;AAAA,EACV,+BAAS;AAAA,EACT,iCAAW;AAAA,EACX,+BAAS;AAAA,EACT,8BAAQ;AAAA,EACR,6BAAO;AAAA,EACP,6BAAO;AAAA,EACP,+BAAS;AAAA,EACT,+BAAS;AAAA,EACT,gCAAU;AAAA,EACV,+BAAS;AAAA,EACT,iCAAW;AAAA,EACX,gCAAU;AAAA,EACV,6BAAO;AAAA,EACP,6BAAO;AAAA,EACP,gCAAU;AAAA,EACV,+BAAS;AAAA,EACT,iCAAW;AAAA,EACX,kCAAY;AAAA,EACZ,oCAAc;AAAA,EACd,+BAAS;AAAA,EACT,+BAAS;AAAA,EACT,8BAAQ;AAAA,EACR,6BAAO;AAAA,EACP,8BAAQ;AAAA,EACR,gCAAU;AAAA,EACV,+BAAS;AAAA,EACT,iCAAW;AAAA,EACX,4BAAM;AAAA,EACN,8BAAQ;AAAA,EACR,gCAAU;AAAA,EACV,8BAAQ;AAAA,EACR,+BAAS;AAAA,EACT,6BAAO;AAAA,EACP,kCAAY;AAAA,EACZ,gCAAU;AAAA,EACV,8BAAQ;AAAA,EACR,+BAAS;AAAA,EACT,+BAAS;AAAA,EACT,6BAAO;AAAA,EACP,iCAAW;AAAA,EACX,4BAAM;AAAA,EACN,8BAAQ;AAAA,EACR,6BAAO;AAAA,EACP,+BAAS;AAAA,EACT,8BAAQ;AAAA,EACR,6BAAO;AAAA,EACP,8BAAQ;AAAA,EACR,8BAAQ;AAAA,EACR,iCAAW;AAAA,EACX,+BAAS;AAAA,EACT,+BAAS;AAAA,EACT,8BAAQ;AAAA,EACR,+BAAS;AAAA,EACT,iCAAW;AAAA,EACX,mCAAa;AAAA,EACb,6BAAO;AAAA,EACP,6BAAO;AAAA,GAnEG;AAsEL,IAAK;AAAA,CAAL,CAAK,wBAAL;AAAA,EACL,qCAAc;AAAA,EACd,0CAAmB;AAAA,EACnB,mCAAY;AAAA,EACZ,uCAAgB;AAAA,EAChB,gCAAS;AAAA,EACT,8BAAO;AAAA,EACP,6BAAM;AAAA,GAPI;",
   "debugId": "7A183E36D71E4F1964756E2164756E21",

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@ooneex/permission",
   "description": "Fine-grained access control using CASL — define, evaluate, and enforce ability-based permissions with role and resource scoping",
-  "version": "1.1.15",
+  "version": "1.2.1",
   "type": "module",
   "files": [
     "dist",
@@ -29,12 +29,12 @@
   },
   "dependencies": {
     "@casl/ability": "^6.7.3",
-    "@ooneex/container": "^1.5.0",
-    "@ooneex/exception": "^1.2.9",
+    "@ooneex/container": "^1.5.1",
+    "@ooneex/exception": "^1.2.10",
     "@ooneex/http-status": "^1.1.11"
   },
   "devDependencies": {
-    "@ooneex/user": "^1.2.10"
+    "@ooneex/user": "^1.2.11"
   },
   "keywords": [
     "authorization",