@open-mercato/core 0.4.8-develop-28cee031d6 → 0.4.8-develop-15259be22b

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (333) hide show
  1. package/agentic/standalone-guide.md +235 -0
  2. package/dist/generated/entities/customer_role/index.js +27 -0
  3. package/dist/generated/entities/customer_role/index.js.map +7 -0
  4. package/dist/generated/entities/customer_role_acl/index.js +19 -0
  5. package/dist/generated/entities/customer_role_acl/index.js.map +7 -0
  6. package/dist/generated/entities/customer_user/index.js +37 -0
  7. package/dist/generated/entities/customer_user/index.js.map +7 -0
  8. package/dist/generated/entities/customer_user_acl/index.js +19 -0
  9. package/dist/generated/entities/customer_user_acl/index.js.map +7 -0
  10. package/dist/generated/entities/customer_user_email_verification/index.js +17 -0
  11. package/dist/generated/entities/customer_user_email_verification/index.js.map +7 -0
  12. package/dist/generated/entities/customer_user_invitation/index.js +33 -0
  13. package/dist/generated/entities/customer_user_invitation/index.js.map +7 -0
  14. package/dist/generated/entities/customer_user_password_reset/index.js +15 -0
  15. package/dist/generated/entities/customer_user_password_reset/index.js.map +7 -0
  16. package/dist/generated/entities/customer_user_role/index.js +13 -0
  17. package/dist/generated/entities/customer_user_role/index.js.map +7 -0
  18. package/dist/generated/entities/customer_user_session/index.js +21 -0
  19. package/dist/generated/entities/customer_user_session/index.js.map +7 -0
  20. package/dist/generated/entities/organization/index.js +2 -0
  21. package/dist/generated/entities/organization/index.js.map +2 -2
  22. package/dist/generated/entities.ids.generated.js +14 -1
  23. package/dist/generated/entities.ids.generated.js.map +2 -2
  24. package/dist/generated/entity-fields-registry.js +18 -0
  25. package/dist/generated/entity-fields-registry.js.map +2 -2
  26. package/dist/modules/auth/services/rbacService.js +3 -9
  27. package/dist/modules/auth/services/rbacService.js.map +2 -2
  28. package/dist/modules/customer_accounts/acl.js +12 -0
  29. package/dist/modules/customer_accounts/acl.js.map +7 -0
  30. package/dist/modules/customer_accounts/api/admin/roles/[id]/acl.js +87 -0
  31. package/dist/modules/customer_accounts/api/admin/roles/[id]/acl.js.map +7 -0
  32. package/dist/modules/customer_accounts/api/admin/roles/[id].js +216 -0
  33. package/dist/modules/customer_accounts/api/admin/roles/[id].js.map +7 -0
  34. package/dist/modules/customer_accounts/api/admin/roles.js +189 -0
  35. package/dist/modules/customer_accounts/api/admin/roles.js.map +7 -0
  36. package/dist/modules/customer_accounts/api/admin/users/[id]/reset-password.js +69 -0
  37. package/dist/modules/customer_accounts/api/admin/users/[id]/reset-password.js.map +7 -0
  38. package/dist/modules/customer_accounts/api/admin/users/[id]/verify-email.js +64 -0
  39. package/dist/modules/customer_accounts/api/admin/users/[id]/verify-email.js.map +7 -0
  40. package/dist/modules/customer_accounts/api/admin/users/[id].js +253 -0
  41. package/dist/modules/customer_accounts/api/admin/users/[id].js.map +7 -0
  42. package/dist/modules/customer_accounts/api/admin/users-invite.js +78 -0
  43. package/dist/modules/customer_accounts/api/admin/users-invite.js.map +7 -0
  44. package/dist/modules/customer_accounts/api/admin/users.js +251 -0
  45. package/dist/modules/customer_accounts/api/admin/users.js.map +7 -0
  46. package/dist/modules/customer_accounts/api/email/verify.js +59 -0
  47. package/dist/modules/customer_accounts/api/email/verify.js.map +7 -0
  48. package/dist/modules/customer_accounts/api/interceptors.js +5 -0
  49. package/dist/modules/customer_accounts/api/interceptors.js.map +7 -0
  50. package/dist/modules/customer_accounts/api/invitations/accept.js +114 -0
  51. package/dist/modules/customer_accounts/api/invitations/accept.js.map +7 -0
  52. package/dist/modules/customer_accounts/api/login.js +143 -0
  53. package/dist/modules/customer_accounts/api/login.js.map +7 -0
  54. package/dist/modules/customer_accounts/api/magic-link/request.js +78 -0
  55. package/dist/modules/customer_accounts/api/magic-link/request.js.map +7 -0
  56. package/dist/modules/customer_accounts/api/magic-link/verify.js +114 -0
  57. package/dist/modules/customer_accounts/api/magic-link/verify.js.map +7 -0
  58. package/dist/modules/customer_accounts/api/password/reset-confirm.js +59 -0
  59. package/dist/modules/customer_accounts/api/password/reset-confirm.js.map +7 -0
  60. package/dist/modules/customer_accounts/api/password/reset-request.js +77 -0
  61. package/dist/modules/customer_accounts/api/password/reset-request.js.map +7 -0
  62. package/dist/modules/customer_accounts/api/portal/events/stream.js +163 -0
  63. package/dist/modules/customer_accounts/api/portal/events/stream.js.map +7 -0
  64. package/dist/modules/customer_accounts/api/portal/feature-check.js +57 -0
  65. package/dist/modules/customer_accounts/api/portal/feature-check.js.map +7 -0
  66. package/dist/modules/customer_accounts/api/portal/logout.js +64 -0
  67. package/dist/modules/customer_accounts/api/portal/logout.js.map +7 -0
  68. package/dist/modules/customer_accounts/api/portal/notifications/[id]/dismiss.js +49 -0
  69. package/dist/modules/customer_accounts/api/portal/notifications/[id]/dismiss.js.map +7 -0
  70. package/dist/modules/customer_accounts/api/portal/notifications/[id]/read.js +49 -0
  71. package/dist/modules/customer_accounts/api/portal/notifications/[id]/read.js.map +7 -0
  72. package/dist/modules/customer_accounts/api/portal/notifications/mark-all-read.js +46 -0
  73. package/dist/modules/customer_accounts/api/portal/notifications/mark-all-read.js.map +7 -0
  74. package/dist/modules/customer_accounts/api/portal/notifications/unread-count.js +42 -0
  75. package/dist/modules/customer_accounts/api/portal/notifications/unread-count.js.map +7 -0
  76. package/dist/modules/customer_accounts/api/portal/notifications.js +105 -0
  77. package/dist/modules/customer_accounts/api/portal/notifications.js.map +7 -0
  78. package/dist/modules/customer_accounts/api/portal/password-change.js +57 -0
  79. package/dist/modules/customer_accounts/api/portal/password-change.js.map +7 -0
  80. package/dist/modules/customer_accounts/api/portal/profile.js +135 -0
  81. package/dist/modules/customer_accounts/api/portal/profile.js.map +7 -0
  82. package/dist/modules/customer_accounts/api/portal/sessions/[id].js +62 -0
  83. package/dist/modules/customer_accounts/api/portal/sessions/[id].js.map +7 -0
  84. package/dist/modules/customer_accounts/api/portal/sessions-refresh.js +75 -0
  85. package/dist/modules/customer_accounts/api/portal/sessions-refresh.js.map +7 -0
  86. package/dist/modules/customer_accounts/api/portal/sessions.js +77 -0
  87. package/dist/modules/customer_accounts/api/portal/sessions.js.map +7 -0
  88. package/dist/modules/customer_accounts/api/portal/users/[id]/roles.js +90 -0
  89. package/dist/modules/customer_accounts/api/portal/users/[id]/roles.js.map +7 -0
  90. package/dist/modules/customer_accounts/api/portal/users/[id].js +71 -0
  91. package/dist/modules/customer_accounts/api/portal/users/[id].js.map +7 -0
  92. package/dist/modules/customer_accounts/api/portal/users-invite.js +92 -0
  93. package/dist/modules/customer_accounts/api/portal/users-invite.js.map +7 -0
  94. package/dist/modules/customer_accounts/api/portal/users.js +79 -0
  95. package/dist/modules/customer_accounts/api/portal/users.js.map +7 -0
  96. package/dist/modules/customer_accounts/api/signup.js +121 -0
  97. package/dist/modules/customer_accounts/api/signup.js.map +7 -0
  98. package/dist/modules/customer_accounts/backend/customer_accounts/[id]/page.js +491 -0
  99. package/dist/modules/customer_accounts/backend/customer_accounts/[id]/page.js.map +7 -0
  100. package/dist/modules/customer_accounts/backend/customer_accounts/[id]/page.meta.js +15 -0
  101. package/dist/modules/customer_accounts/backend/customer_accounts/[id]/page.meta.js.map +7 -0
  102. package/dist/modules/customer_accounts/backend/customer_accounts/roles/[id]/page.js +343 -0
  103. package/dist/modules/customer_accounts/backend/customer_accounts/roles/[id]/page.js.map +7 -0
  104. package/dist/modules/customer_accounts/backend/customer_accounts/roles/[id]/page.meta.js +16 -0
  105. package/dist/modules/customer_accounts/backend/customer_accounts/roles/[id]/page.meta.js.map +7 -0
  106. package/dist/modules/customer_accounts/backend/customer_accounts/roles/create/page.js +180 -0
  107. package/dist/modules/customer_accounts/backend/customer_accounts/roles/create/page.js.map +7 -0
  108. package/dist/modules/customer_accounts/backend/customer_accounts/roles/create/page.meta.js +16 -0
  109. package/dist/modules/customer_accounts/backend/customer_accounts/roles/create/page.meta.js.map +7 -0
  110. package/dist/modules/customer_accounts/backend/customer_accounts/roles/page.js +176 -0
  111. package/dist/modules/customer_accounts/backend/customer_accounts/roles/page.js.map +7 -0
  112. package/dist/modules/customer_accounts/backend/customer_accounts/roles/page.meta.js +33 -0
  113. package/dist/modules/customer_accounts/backend/customer_accounts/roles/page.meta.js.map +7 -0
  114. package/dist/modules/customer_accounts/backend/page.js +466 -0
  115. package/dist/modules/customer_accounts/backend/page.js.map +7 -0
  116. package/dist/modules/customer_accounts/backend/page.meta.js +35 -0
  117. package/dist/modules/customer_accounts/backend/page.meta.js.map +7 -0
  118. package/dist/modules/customer_accounts/ce.js +26 -0
  119. package/dist/modules/customer_accounts/ce.js.map +7 -0
  120. package/dist/modules/customer_accounts/data/enrichers.js +85 -0
  121. package/dist/modules/customer_accounts/data/enrichers.js.map +7 -0
  122. package/dist/modules/customer_accounts/data/entities.js +377 -0
  123. package/dist/modules/customer_accounts/data/entities.js.map +7 -0
  124. package/dist/modules/customer_accounts/data/extensions.js +8 -0
  125. package/dist/modules/customer_accounts/data/extensions.js.map +7 -0
  126. package/dist/modules/customer_accounts/data/validators.js +111 -0
  127. package/dist/modules/customer_accounts/data/validators.js.map +7 -0
  128. package/dist/modules/customer_accounts/di.js +17 -0
  129. package/dist/modules/customer_accounts/di.js.map +7 -0
  130. package/dist/modules/customer_accounts/events.js +28 -0
  131. package/dist/modules/customer_accounts/events.js.map +7 -0
  132. package/dist/modules/customer_accounts/index.js +15 -0
  133. package/dist/modules/customer_accounts/index.js.map +7 -0
  134. package/dist/modules/customer_accounts/lib/customerAuth.js +71 -0
  135. package/dist/modules/customer_accounts/lib/customerAuth.js.map +7 -0
  136. package/dist/modules/customer_accounts/lib/customerAuthServer.js +29 -0
  137. package/dist/modules/customer_accounts/lib/customerAuthServer.js.map +7 -0
  138. package/dist/modules/customer_accounts/lib/rateLimiter.js +63 -0
  139. package/dist/modules/customer_accounts/lib/rateLimiter.js.map +7 -0
  140. package/dist/modules/customer_accounts/lib/tokenGenerator.js +12 -0
  141. package/dist/modules/customer_accounts/lib/tokenGenerator.js.map +7 -0
  142. package/dist/modules/customer_accounts/migrations/Migration20260313222043.js +49 -0
  143. package/dist/modules/customer_accounts/migrations/Migration20260313222043.js.map +7 -0
  144. package/dist/modules/customer_accounts/notifications.client.js +47 -0
  145. package/dist/modules/customer_accounts/notifications.client.js.map +7 -0
  146. package/dist/modules/customer_accounts/notifications.js +46 -0
  147. package/dist/modules/customer_accounts/notifications.js.map +7 -0
  148. package/dist/modules/customer_accounts/search.js +120 -0
  149. package/dist/modules/customer_accounts/search.js.map +7 -0
  150. package/dist/modules/customer_accounts/services/customerInvitationService.js +87 -0
  151. package/dist/modules/customer_accounts/services/customerInvitationService.js.map +7 -0
  152. package/dist/modules/customer_accounts/services/customerRbacService.js +109 -0
  153. package/dist/modules/customer_accounts/services/customerRbacService.js.map +7 -0
  154. package/dist/modules/customer_accounts/services/customerSessionService.js +75 -0
  155. package/dist/modules/customer_accounts/services/customerSessionService.js.map +7 -0
  156. package/dist/modules/customer_accounts/services/customerTokenService.js +91 -0
  157. package/dist/modules/customer_accounts/services/customerTokenService.js.map +7 -0
  158. package/dist/modules/customer_accounts/services/customerUserService.js +92 -0
  159. package/dist/modules/customer_accounts/services/customerUserService.js.map +7 -0
  160. package/dist/modules/customer_accounts/setup.js +179 -0
  161. package/dist/modules/customer_accounts/setup.js.map +7 -0
  162. package/dist/modules/customer_accounts/subscribers/autoLinkCrm.js +54 -0
  163. package/dist/modules/customer_accounts/subscribers/autoLinkCrm.js.map +7 -0
  164. package/dist/modules/customer_accounts/subscribers/autoLinkCrmReverse.js +68 -0
  165. package/dist/modules/customer_accounts/subscribers/autoLinkCrmReverse.js.map +7 -0
  166. package/dist/modules/customer_accounts/subscribers/notifyStaffOnSignup.js +29 -0
  167. package/dist/modules/customer_accounts/subscribers/notifyStaffOnSignup.js.map +7 -0
  168. package/dist/modules/customer_accounts/translations.js +9 -0
  169. package/dist/modules/customer_accounts/translations.js.map +7 -0
  170. package/dist/modules/customer_accounts/widgets/injection/account-status/widget.client.js +63 -0
  171. package/dist/modules/customer_accounts/widgets/injection/account-status/widget.client.js.map +7 -0
  172. package/dist/modules/customer_accounts/widgets/injection/account-status/widget.js +17 -0
  173. package/dist/modules/customer_accounts/widgets/injection/account-status/widget.js.map +7 -0
  174. package/dist/modules/customer_accounts/widgets/injection/company-users/widget.client.js +55 -0
  175. package/dist/modules/customer_accounts/widgets/injection/company-users/widget.client.js.map +7 -0
  176. package/dist/modules/customer_accounts/widgets/injection/company-users/widget.js +17 -0
  177. package/dist/modules/customer_accounts/widgets/injection/company-users/widget.js.map +7 -0
  178. package/dist/modules/customer_accounts/widgets/injection-table.js +26 -0
  179. package/dist/modules/customer_accounts/widgets/injection-table.js.map +7 -0
  180. package/dist/modules/customer_accounts/workers/cleanupExpiredSessions.js +23 -0
  181. package/dist/modules/customer_accounts/workers/cleanupExpiredSessions.js.map +7 -0
  182. package/dist/modules/customer_accounts/workers/cleanupExpiredTokens.js +38 -0
  183. package/dist/modules/customer_accounts/workers/cleanupExpiredTokens.js.map +7 -0
  184. package/dist/modules/customers/components/AddressTiles.js +1 -1
  185. package/dist/modules/customers/components/AddressTiles.js.map +2 -2
  186. package/dist/modules/directory/api/get/organizations/lookup.js +83 -0
  187. package/dist/modules/directory/api/get/organizations/lookup.js.map +7 -0
  188. package/dist/modules/directory/commands/organizations.js +32 -1
  189. package/dist/modules/directory/commands/organizations.js.map +2 -2
  190. package/dist/modules/directory/data/entities.js +6 -2
  191. package/dist/modules/directory/data/entities.js.map +2 -2
  192. package/dist/modules/directory/data/validators.js +3 -0
  193. package/dist/modules/directory/data/validators.js.map +2 -2
  194. package/dist/modules/directory/migrations/Migration20260314143323.js +15 -0
  195. package/dist/modules/directory/migrations/Migration20260314143323.js.map +7 -0
  196. package/dist/modules/directory/setup.js +36 -0
  197. package/dist/modules/directory/setup.js.map +2 -2
  198. package/dist/modules/payment_gateways/migrations/Migration20260313222043.js +15 -0
  199. package/dist/modules/payment_gateways/migrations/Migration20260313222043.js.map +7 -0
  200. package/dist/modules/portal/frontend/[orgSlug]/portal/dashboard/page.js +131 -0
  201. package/dist/modules/portal/frontend/[orgSlug]/portal/dashboard/page.js.map +7 -0
  202. package/dist/modules/portal/frontend/[orgSlug]/portal/login/page.js +96 -0
  203. package/dist/modules/portal/frontend/[orgSlug]/portal/login/page.js.map +7 -0
  204. package/dist/modules/portal/frontend/[orgSlug]/portal/page.js +94 -0
  205. package/dist/modules/portal/frontend/[orgSlug]/portal/page.js.map +7 -0
  206. package/dist/modules/portal/frontend/[orgSlug]/portal/profile/page.js +89 -0
  207. package/dist/modules/portal/frontend/[orgSlug]/portal/profile/page.js.map +7 -0
  208. package/dist/modules/portal/frontend/[orgSlug]/portal/signup/page.js +104 -0
  209. package/dist/modules/portal/frontend/[orgSlug]/portal/signup/page.js.map +7 -0
  210. package/dist/modules/portal/index.js +11 -0
  211. package/dist/modules/portal/index.js.map +7 -0
  212. package/dist/modules/portal/setup.js +23 -0
  213. package/dist/modules/portal/setup.js.map +7 -0
  214. package/generated/entities/customer_role/index.ts +12 -0
  215. package/generated/entities/customer_role_acl/index.ts +8 -0
  216. package/generated/entities/customer_user/index.ts +17 -0
  217. package/generated/entities/customer_user_acl/index.ts +8 -0
  218. package/generated/entities/customer_user_email_verification/index.ts +7 -0
  219. package/generated/entities/customer_user_invitation/index.ts +15 -0
  220. package/generated/entities/customer_user_password_reset/index.ts +6 -0
  221. package/generated/entities/customer_user_role/index.ts +5 -0
  222. package/generated/entities/customer_user_session/index.ts +9 -0
  223. package/generated/entities/organization/index.ts +1 -0
  224. package/generated/entities.ids.generated.ts +14 -1
  225. package/generated/entity-fields-registry.ts +18 -0
  226. package/package.json +3 -3
  227. package/src/modules/auth/services/rbacService.ts +3 -9
  228. package/src/modules/customer_accounts/AGENTS.md +377 -0
  229. package/src/modules/customer_accounts/acl.ts +8 -0
  230. package/src/modules/customer_accounts/api/admin/roles/[id]/acl.ts +98 -0
  231. package/src/modules/customer_accounts/api/admin/roles/[id].ts +246 -0
  232. package/src/modules/customer_accounts/api/admin/roles.ts +212 -0
  233. package/src/modules/customer_accounts/api/admin/users/[id]/reset-password.ts +78 -0
  234. package/src/modules/customer_accounts/api/admin/users/[id]/verify-email.ts +72 -0
  235. package/src/modules/customer_accounts/api/admin/users/[id].ts +289 -0
  236. package/src/modules/customer_accounts/api/admin/users-invite.ts +86 -0
  237. package/src/modules/customer_accounts/api/admin/users.ts +280 -0
  238. package/src/modules/customer_accounts/api/email/verify.ts +66 -0
  239. package/src/modules/customer_accounts/api/interceptors.ts +3 -0
  240. package/src/modules/customer_accounts/api/invitations/accept.ts +128 -0
  241. package/src/modules/customer_accounts/api/login.ts +163 -0
  242. package/src/modules/customer_accounts/api/magic-link/request.ts +87 -0
  243. package/src/modules/customer_accounts/api/magic-link/verify.ts +132 -0
  244. package/src/modules/customer_accounts/api/password/reset-confirm.ts +69 -0
  245. package/src/modules/customer_accounts/api/password/reset-request.ts +87 -0
  246. package/src/modules/customer_accounts/api/portal/events/stream.ts +209 -0
  247. package/src/modules/customer_accounts/api/portal/feature-check.ts +60 -0
  248. package/src/modules/customer_accounts/api/portal/logout.ts +71 -0
  249. package/src/modules/customer_accounts/api/portal/notifications/[id]/dismiss.ts +54 -0
  250. package/src/modules/customer_accounts/api/portal/notifications/[id]/read.ts +54 -0
  251. package/src/modules/customer_accounts/api/portal/notifications/mark-all-read.ts +49 -0
  252. package/src/modules/customer_accounts/api/portal/notifications/unread-count.ts +45 -0
  253. package/src/modules/customer_accounts/api/portal/notifications.ts +115 -0
  254. package/src/modules/customer_accounts/api/portal/password-change.ts +65 -0
  255. package/src/modules/customer_accounts/api/portal/profile.ts +151 -0
  256. package/src/modules/customer_accounts/api/portal/sessions/[id].ts +70 -0
  257. package/src/modules/customer_accounts/api/portal/sessions-refresh.ts +87 -0
  258. package/src/modules/customer_accounts/api/portal/sessions.ts +84 -0
  259. package/src/modules/customer_accounts/api/portal/users/[id]/roles.ts +106 -0
  260. package/src/modules/customer_accounts/api/portal/users/[id].ts +81 -0
  261. package/src/modules/customer_accounts/api/portal/users-invite.ts +103 -0
  262. package/src/modules/customer_accounts/api/portal/users.ts +86 -0
  263. package/src/modules/customer_accounts/api/signup.ts +136 -0
  264. package/src/modules/customer_accounts/backend/customer_accounts/[id]/page.meta.ts +11 -0
  265. package/src/modules/customer_accounts/backend/customer_accounts/[id]/page.tsx +607 -0
  266. package/src/modules/customer_accounts/backend/customer_accounts/roles/[id]/page.meta.ts +12 -0
  267. package/src/modules/customer_accounts/backend/customer_accounts/roles/[id]/page.tsx +385 -0
  268. package/src/modules/customer_accounts/backend/customer_accounts/roles/create/page.meta.ts +12 -0
  269. package/src/modules/customer_accounts/backend/customer_accounts/roles/create/page.tsx +203 -0
  270. package/src/modules/customer_accounts/backend/customer_accounts/roles/page.meta.ts +31 -0
  271. package/src/modules/customer_accounts/backend/customer_accounts/roles/page.tsx +217 -0
  272. package/src/modules/customer_accounts/backend/page.meta.ts +33 -0
  273. package/src/modules/customer_accounts/backend/page.tsx +535 -0
  274. package/src/modules/customer_accounts/ce.ts +22 -0
  275. package/src/modules/customer_accounts/data/enrichers.ts +117 -0
  276. package/src/modules/customer_accounts/data/entities.ts +302 -0
  277. package/src/modules/customer_accounts/data/extensions.ts +4 -0
  278. package/src/modules/customer_accounts/data/validators.ts +128 -0
  279. package/src/modules/customer_accounts/di.ts +15 -0
  280. package/src/modules/customer_accounts/events.ts +28 -0
  281. package/src/modules/customer_accounts/i18n/de.json +176 -0
  282. package/src/modules/customer_accounts/i18n/en.json +176 -0
  283. package/src/modules/customer_accounts/i18n/es.json +176 -0
  284. package/src/modules/customer_accounts/i18n/pl.json +176 -0
  285. package/src/modules/customer_accounts/index.ts +13 -0
  286. package/src/modules/customer_accounts/lib/customerAuth.ts +85 -0
  287. package/src/modules/customer_accounts/lib/customerAuthServer.ts +54 -0
  288. package/src/modules/customer_accounts/lib/rateLimiter.ts +36 -0
  289. package/src/modules/customer_accounts/lib/tokenGenerator.ts +9 -0
  290. package/src/modules/customer_accounts/migrations/.snapshot-open-mercato.json +1255 -0
  291. package/src/modules/customer_accounts/migrations/Migration20260313222043.ts +62 -0
  292. package/src/modules/customer_accounts/notifications.client.ts +46 -0
  293. package/src/modules/customer_accounts/notifications.ts +44 -0
  294. package/src/modules/customer_accounts/search.ts +134 -0
  295. package/src/modules/customer_accounts/services/customerInvitationService.ts +109 -0
  296. package/src/modules/customer_accounts/services/customerRbacService.ts +144 -0
  297. package/src/modules/customer_accounts/services/customerSessionService.ts +90 -0
  298. package/src/modules/customer_accounts/services/customerTokenService.ts +98 -0
  299. package/src/modules/customer_accounts/services/customerUserService.ts +105 -0
  300. package/src/modules/customer_accounts/setup.ts +212 -0
  301. package/src/modules/customer_accounts/subscribers/autoLinkCrm.ts +65 -0
  302. package/src/modules/customer_accounts/subscribers/autoLinkCrmReverse.ts +78 -0
  303. package/src/modules/customer_accounts/subscribers/notifyStaffOnSignup.ts +32 -0
  304. package/src/modules/customer_accounts/translations.ts +5 -0
  305. package/src/modules/customer_accounts/widgets/injection/account-status/widget.client.tsx +89 -0
  306. package/src/modules/customer_accounts/widgets/injection/account-status/widget.ts +16 -0
  307. package/src/modules/customer_accounts/widgets/injection/company-users/widget.client.tsx +78 -0
  308. package/src/modules/customer_accounts/widgets/injection/company-users/widget.ts +16 -0
  309. package/src/modules/customer_accounts/widgets/injection-table.ts +24 -0
  310. package/src/modules/customer_accounts/workers/cleanupExpiredSessions.ts +33 -0
  311. package/src/modules/customer_accounts/workers/cleanupExpiredTokens.ts +51 -0
  312. package/src/modules/customers/components/AddressTiles.tsx +1 -1
  313. package/src/modules/directory/api/get/organizations/lookup.ts +92 -0
  314. package/src/modules/directory/commands/organizations.ts +34 -1
  315. package/src/modules/directory/data/entities.ts +5 -1
  316. package/src/modules/directory/data/validators.ts +4 -0
  317. package/src/modules/directory/migrations/.snapshot-open-mercato.json +20 -1
  318. package/src/modules/directory/migrations/Migration20260314143323.ts +15 -0
  319. package/src/modules/directory/setup.ts +41 -0
  320. package/src/modules/payment_gateways/migrations/.snapshot-open-mercato.json +4 -1
  321. package/src/modules/payment_gateways/migrations/Migration20260313222043.ts +17 -0
  322. package/src/modules/portal/frontend/[orgSlug]/portal/dashboard/page.tsx +158 -0
  323. package/src/modules/portal/frontend/[orgSlug]/portal/login/page.tsx +120 -0
  324. package/src/modules/portal/frontend/[orgSlug]/portal/page.tsx +118 -0
  325. package/src/modules/portal/frontend/[orgSlug]/portal/profile/page.tsx +112 -0
  326. package/src/modules/portal/frontend/[orgSlug]/portal/signup/page.tsx +138 -0
  327. package/src/modules/portal/i18n/de.json +93 -0
  328. package/src/modules/portal/i18n/en.json +93 -0
  329. package/src/modules/portal/i18n/es.json +93 -0
  330. package/src/modules/portal/i18n/pl.json +93 -0
  331. package/src/modules/portal/index.ts +9 -0
  332. package/src/modules/portal/setup.ts +23 -0
  333. package/src/modules/shipping_carriers/migrations/.snapshot-open-mercato.json +226 -0
package/dist/generated/entities.ids.generated.js.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["../../generated/entities.ids.generated.ts"],
4
- "sourcesContent": ["// AUTO-GENERATED by mercato generate entity-ids\nexport const M = {\n \"dashboards\": \"dashboards\",\n \"auth\": \"auth\",\n \"directory\": \"directory\",\n \"customers\": \"customers\",\n \"perspectives\": \"perspectives\",\n \"entities\": \"entities\",\n \"configs\": \"configs\",\n \"query_index\": \"query_index\",\n \"audit_logs\": \"audit_logs\",\n \"attachments\": \"attachments\",\n \"catalog\": \"catalog\",\n \"sales\": \"sales\",\n \"api_keys\": \"api_keys\",\n \"dictionaries\": \"dictionaries\",\n \"api_docs\": \"api_docs\",\n \"business_rules\": \"business_rules\",\n \"feature_toggles\": \"feature_toggles\",\n \"workflows\": \"workflows\",\n \"currencies\": \"currencies\",\n \"planner\": \"planner\",\n \"resources\": \"resources\",\n \"staff\": \"staff\",\n \"notifications\": \"notifications\",\n \"progress\": \"progress\",\n \"integrations\": \"integrations\",\n \"data_sync\": \"data_sync\",\n \"messages\": \"messages\",\n \"translations\": \"translations\",\n \"inbox_ops\": \"inbox_ops\",\n \"payment_gateways\": \"payment_gateways\",\n \"shipping_carriers\": \"shipping_carriers\"\n} as const\nexport const E = {\n \"dashboards\": {\n \"dashboard_layout\": \"dashboards:dashboard_layout\",\n \"dashboard_role_widgets\": \"dashboards:dashboard_role_widgets\",\n \"dashboard_user_widgets\": \"dashboards:dashboard_user_widgets\"\n },\n \"auth\": {\n \"user\": \"auth:user\",\n \"role\": \"auth:role\",\n \"user_sidebar_preference\": \"auth:user_sidebar_preference\",\n \"role_sidebar_preference\": \"auth:role_sidebar_preference\",\n \"user_role\": \"auth:user_role\",\n \"session\": \"auth:session\",\n \"password_reset\": \"auth:password_reset\",\n \"role_acl\": \"auth:role_acl\",\n \"user_acl\": \"auth:user_acl\"\n },\n \"directory\": {\n \"tenant\": \"directory:tenant\",\n \"organization\": \"directory:organization\"\n },\n \"customers\": {\n \"customer_entity\": \"customers:customer_entity\",\n \"customer_person_profile\": \"customers:customer_person_profile\",\n \"customer_company_profile\": \"customers:customer_company_profile\",\n \"customer_deal\": \"customers:customer_deal\",\n \"customer_deal_person_link\": \"customers:customer_deal_person_link\",\n \"customer_deal_company_link\": \"customers:customer_deal_company_link\",\n \"customer_activity\": \"customers:customer_activity\",\n \"customer_comment\": \"customers:customer_comment\",\n \"customer_address\": \"customers:customer_address\",\n \"customer_settings\": \"customers:customer_settings\",\n \"customer_tag\": \"customers:customer_tag\",\n \"customer_tag_assignment\": \"customers:customer_tag_assignment\",\n \"customer_dictionary_entry\": \"customers:customer_dictionary_entry\",\n \"customer_pipeline\": \"customers:customer_pipeline\",\n \"customer_pipeline_stage\": \"customers:customer_pipeline_stage\",\n \"customer_todo_link\": \"customers:customer_todo_link\"\n },\n \"perspectives\": {\n \"perspective\": \"perspectives:perspective\",\n \"role_perspective\": \"perspectives:role_perspective\"\n },\n \"entities\": {\n \"custom_field_def\": \"entities:custom_field_def\",\n \"custom_field_entity_config\": \"entities:custom_field_entity_config\",\n \"custom_entity\": \"entities:custom_entity\",\n \"custom_entity_storage\": \"entities:custom_entity_storage\",\n \"custom_field_value\": \"entities:custom_field_value\",\n \"encryption_map\": \"entities:encryption_map\"\n },\n \"configs\": {\n \"module_config\": \"configs:module_config\",\n \"upgrade_action_run\": \"configs:upgrade_action_run\"\n },\n \"query_index\": {\n \"entity_index_row\": \"query_index:entity_index_row\",\n \"entity_index_job\": \"query_index:entity_index_job\",\n \"entity_index_coverage\": \"query_index:entity_index_coverage\",\n \"indexer_error_log\": \"query_index:indexer_error_log\",\n \"indexer_status_log\": \"query_index:indexer_status_log\",\n \"search_token\": \"query_index:search_token\"\n },\n \"audit_logs\": {\n \"action_log\": \"audit_logs:action_log\",\n \"access_log\": \"audit_logs:access_log\"\n },\n \"attachments\": {\n \"attachment_partition\": \"attachments:attachment_partition\",\n \"attachment\": \"attachments:attachment\"\n },\n \"catalog\": {\n \"catalog_option_schema_template\": \"catalog:catalog_option_schema_template\",\n \"catalog_product\": \"catalog:catalog_product\",\n \"catalog_product_unit_conversion\": \"catalog:catalog_product_unit_conversion\",\n \"catalog_product_category\": \"catalog:catalog_product_category\",\n \"catalog_product_category_assignment\": \"catalog:catalog_product_category_assignment\",\n \"catalog_product_tag\": \"catalog:catalog_product_tag\",\n \"catalog_product_tag_assignment\": \"catalog:catalog_product_tag_assignment\",\n \"catalog_offer\": \"catalog:catalog_offer\",\n \"catalog_product_variant\": \"catalog:catalog_product_variant\",\n \"catalog_product_variant_relation\": \"catalog:catalog_product_variant_relation\",\n \"catalog_price_kind\": \"catalog:catalog_price_kind\",\n \"catalog_product_price\": \"catalog:catalog_product_price\"\n },\n \"sales\": {\n \"sales_channel\": \"sales:sales_channel\",\n \"sales_shipping_method\": \"sales:sales_shipping_method\",\n \"sales_delivery_window\": \"sales:sales_delivery_window\",\n \"sales_payment_method\": \"sales:sales_payment_method\",\n \"sales_tax_rate\": \"sales:sales_tax_rate\",\n \"sales_order\": \"sales:sales_order\",\n \"sales_order_line\": \"sales:sales_order_line\",\n \"sales_order_adjustment\": \"sales:sales_order_adjustment\",\n \"sales_settings\": \"sales:sales_settings\",\n \"sales_document_sequence\": \"sales:sales_document_sequence\",\n \"sales_quote\": \"sales:sales_quote\",\n \"sales_quote_line\": \"sales:sales_quote_line\",\n \"sales_quote_adjustment\": \"sales:sales_quote_adjustment\",\n \"sales_shipment\": \"sales:sales_shipment\",\n \"sales_shipment_item\": \"sales:sales_shipment_item\",\n \"sales_invoice\": \"sales:sales_invoice\",\n \"sales_invoice_line\": \"sales:sales_invoice_line\",\n \"sales_credit_memo\": \"sales:sales_credit_memo\",\n \"sales_credit_memo_line\": \"sales:sales_credit_memo_line\",\n \"sales_payment\": \"sales:sales_payment\",\n \"sales_payment_allocation\": \"sales:sales_payment_allocation\",\n \"sales_note\": \"sales:sales_note\",\n \"sales_document_address\": \"sales:sales_document_address\",\n \"sales_document_tag\": \"sales:sales_document_tag\",\n \"sales_document_tag_assignment\": \"sales:sales_document_tag_assignment\"\n },\n \"api_keys\": {\n \"api_key\": \"api_keys:api_key\"\n },\n \"dictionaries\": {\n \"dictionary\": \"dictionaries:dictionary\",\n \"dictionary_entry\": \"dictionaries:dictionary_entry\"\n },\n \"business_rules\": {\n \"business_rule\": \"business_rules:business_rule\",\n \"rule_execution_log\": \"business_rules:rule_execution_log\",\n \"rule_set\": \"business_rules:rule_set\",\n \"rule_set_member\": \"business_rules:rule_set_member\"\n },\n \"feature_toggles\": {\n \"feature_toggle\": \"feature_toggles:feature_toggle\",\n \"feature_toggle_override\": \"feature_toggles:feature_toggle_override\"\n },\n \"workflows\": {\n \"workflow_definition\": \"workflows:workflow_definition\",\n \"workflow_instance\": \"workflows:workflow_instance\",\n \"step_instance\": \"workflows:step_instance\",\n \"user_task\": \"workflows:user_task\",\n \"workflow_event\": \"workflows:workflow_event\",\n \"workflow_event_trigger\": \"workflows:workflow_event_trigger\"\n },\n \"currencies\": {\n \"currency\": \"currencies:currency\",\n \"exchange_rate\": \"currencies:exchange_rate\",\n \"currency_fetch_config\": \"currencies:currency_fetch_config\"\n },\n \"planner\": {\n \"planner_availability_rule_set\": \"planner:planner_availability_rule_set\",\n \"planner_availability_rule\": \"planner:planner_availability_rule\"\n },\n \"resources\": {\n \"resources_resource_type\": \"resources:resources_resource_type\",\n \"resources_resource\": \"resources:resources_resource\",\n \"resources_resource_comment\": \"resources:resources_resource_comment\",\n \"resources_resource_activity\": \"resources:resources_resource_activity\",\n \"resources_resource_tag\": \"resources:resources_resource_tag\",\n \"resources_resource_tag_assignment\": \"resources:resources_resource_tag_assignment\"\n },\n \"staff\": {\n \"staff_team\": \"staff:staff_team\",\n \"staff_team_role\": \"staff:staff_team_role\",\n \"staff_team_member\": \"staff:staff_team_member\",\n \"staff_leave_request\": \"staff:staff_leave_request\",\n \"staff_team_member_comment\": \"staff:staff_team_member_comment\",\n \"staff_team_member_activity\": \"staff:staff_team_member_activity\",\n \"staff_team_member_job_history\": \"staff:staff_team_member_job_history\",\n \"staff_team_member_address\": \"staff:staff_team_member_address\"\n },\n \"notifications\": {\n \"notification\": \"notifications:notification\"\n },\n \"progress\": {\n \"progress_job\": \"progress:progress_job\"\n },\n \"integrations\": {\n \"sync_external_id_mapping\": \"integrations:sync_external_id_mapping\",\n \"integration_credentials\": \"integrations:integration_credentials\",\n \"integration_state\": \"integrations:integration_state\",\n \"integration_log\": \"integrations:integration_log\"\n },\n \"data_sync\": {\n \"sync_run\": \"data_sync:sync_run\",\n \"sync_cursor\": \"data_sync:sync_cursor\",\n \"sync_mapping\": \"data_sync:sync_mapping\",\n \"sync_schedule\": \"data_sync:sync_schedule\"\n },\n \"messages\": {\n \"message\": \"messages:message\",\n \"message_recipient\": \"messages:message_recipient\",\n \"message_object\": \"messages:message_object\",\n \"message_access_token\": \"messages:message_access_token\",\n \"message_confirmation\": \"messages:message_confirmation\"\n },\n \"translations\": {\n \"entity_translation\": \"translations:entity_translation\"\n },\n \"inbox_ops\": {\n \"inbox_settings\": \"inbox_ops:inbox_settings\",\n \"inbox_email\": \"inbox_ops:inbox_email\",\n \"inbox_proposal\": \"inbox_ops:inbox_proposal\",\n \"inbox_proposal_action\": \"inbox_ops:inbox_proposal_action\",\n \"inbox_discrepancy\": \"inbox_ops:inbox_discrepancy\"\n },\n \"payment_gateways\": {\n \"gateway_transaction\": \"payment_gateways:gateway_transaction\",\n \"webhook_processed_event\": \"payment_gateways:webhook_processed_event\"\n },\n \"shipping_carriers\": {\n \"carrier_shipment\": \"shipping_carriers:carrier_shipment\"\n }\n} as const\nexport type KnownModuleId = keyof typeof M\nexport type KnownEntities = typeof E\n"],
5
- "mappings": "AACO,MAAM,IAAI;AAAA,EACf,cAAc;AAAA,EACd,QAAQ;AAAA,EACR,aAAa;AAAA,EACb,aAAa;AAAA,EACb,gBAAgB;AAAA,EAChB,YAAY;AAAA,EACZ,WAAW;AAAA,EACX,eAAe;AAAA,EACf,cAAc;AAAA,EACd,eAAe;AAAA,EACf,WAAW;AAAA,EACX,SAAS;AAAA,EACT,YAAY;AAAA,EACZ,gBAAgB;AAAA,EAChB,YAAY;AAAA,EACZ,kBAAkB;AAAA,EAClB,mBAAmB;AAAA,EACnB,aAAa;AAAA,EACb,cAAc;AAAA,EACd,WAAW;AAAA,EACX,aAAa;AAAA,EACb,SAAS;AAAA,EACT,iBAAiB;AAAA,EACjB,YAAY;AAAA,EACZ,gBAAgB;AAAA,EAChB,aAAa;AAAA,EACb,YAAY;AAAA,EACZ,gBAAgB;AAAA,EAChB,aAAa;AAAA,EACb,oBAAoB;AAAA,EACpB,qBAAqB;AACvB;AACO,MAAM,IAAI;AAAA,EACf,cAAc;AAAA,IACZ,oBAAoB;AAAA,IACpB,0BAA0B;AAAA,IAC1B,0BAA0B;AAAA,EAC5B;AAAA,EACA,QAAQ;AAAA,IACN,QAAQ;AAAA,IACR,QAAQ;AAAA,IACR,2BAA2B;AAAA,IAC3B,2BAA2B;AAAA,IAC3B,aAAa;AAAA,IACb,WAAW;AAAA,IACX,kBAAkB;AAAA,IAClB,YAAY;AAAA,IACZ,YAAY;AAAA,EACd;AAAA,EACA,aAAa;AAAA,IACX,UAAU;AAAA,IACV,gBAAgB;AAAA,EAClB;AAAA,EACA,aAAa;AAAA,IACX,mBAAmB;AAAA,IACnB,2BAA2B;AAAA,IAC3B,4BAA4B;AAAA,IAC5B,iBAAiB;AAAA,IACjB,6BAA6B;AAAA,IAC7B,8BAA8B;AAAA,IAC9B,qBAAqB;AAAA,IACrB,oBAAoB;AAAA,IACpB,oBAAoB;AAAA,IACpB,qBAAqB;AAAA,IACrB,gBAAgB;AAAA,IAChB,2BAA2B;AAAA,IAC3B,6BAA6B;AAAA,IAC7B,qBAAqB;AAAA,IACrB,2BAA2B;AAAA,IAC3B,sBAAsB;AAAA,EACxB;AAAA,EACA,gBAAgB;AAAA,IACd,eAAe;AAAA,IACf,oBAAoB;AAAA,EACtB;AAAA,EACA,YAAY;AAAA,IACV,oBAAoB;AAAA,IACpB,8BAA8B;AAAA,IAC9B,iBAAiB;AAAA,IACjB,yBAAyB;AAAA,IACzB,sBAAsB;AAAA,IACtB,kBAAkB;AAAA,EACpB;AAAA,EACA,WAAW;AAAA,IACT,iBAAiB;AAAA,IACjB,sBAAsB;AAAA,EACxB;AAAA,EACA,eAAe;AAAA,IACb,oBAAoB;AAAA,IACpB,oBAAoB;AAAA,IACpB,yBAAyB;AAAA,IACzB,qBAAqB;AAAA,IACrB,sBAAsB;AAAA,IACtB,gBAAgB;AAAA,EAClB;AAAA,EACA,cAAc;AAAA,IACZ,cAAc;AAAA,IACd,cAAc;AAAA,EAChB;AAAA,EACA,eAAe;AAAA,IACb,wBAAwB;AAAA,IACxB,cAAc;AAAA,EAChB;AAAA,EACA,WAAW;AAAA,IACT,kCAAkC;AAAA,IAClC,mBAAmB;AAAA,IACnB,mCAAmC;AAAA,IACnC,4BAA4B;AAAA,IAC5B,uCAAuC;AAAA,IACvC,uBAAuB;AAAA,IACvB,kCAAkC;AAAA,IAClC,iBAAiB;AAAA,IACjB,2BAA2B;AAAA,IAC3B,oCAAoC;AAAA,IACpC,sBAAsB;AAAA,IACtB,yBAAyB;AAAA,EAC3B;AAAA,EACA,SAAS;AAAA,IACP,iBAAiB;AAAA,IACjB,yBAAyB;AAAA,IACzB,yBAAyB;AAAA,IACzB,wBAAwB;AAAA,IACxB,kBAAkB;AAAA,IAClB,eAAe;AAAA,IACf,oBAAoB;AAAA,IACpB,0BAA0B;AAAA,IAC1B,kBAAkB;AAAA,IAClB,2BAA2B;AAAA,IAC3B,eAAe;AAAA,IACf,oBAAoB;AAAA,IACpB,0BAA0B;AAAA,IAC1B,kBAAkB;AAAA,IAClB,uBAAuB;AAAA,IACvB,iBAAiB;AAAA,IACjB,sBAAsB;AAAA,IACtB,qBAAqB;AAAA,IACrB,0BAA0B;AAAA,IAC1B,iBAAiB;AAAA,IACjB,4BAA4B;AAAA,IAC5B,cAAc;AAAA,IACd,0BAA0B;AAAA,IAC1B,sBAAsB;AAAA,IACtB,iCAAiC;AAAA,EACnC;AAAA,EACA,YAAY;AAAA,IACV,WAAW;AAAA,EACb;AAAA,EACA,gBAAgB;AAAA,IACd,cAAc;AAAA,IACd,oBAAoB;AAAA,EACtB;AAAA,EACA,kBAAkB;AAAA,IAChB,iBAAiB;AAAA,IACjB,sBAAsB;AAAA,IACtB,YAAY;AAAA,IACZ,mBAAmB;AAAA,EACrB;AAAA,EACA,mBAAmB;AAAA,IACjB,kBAAkB;AAAA,IAClB,2BAA2B;AAAA,EAC7B;AAAA,EACA,aAAa;AAAA,IACX,uBAAuB;AAAA,IACvB,qBAAqB;AAAA,IACrB,iBAAiB;AAAA,IACjB,aAAa;AAAA,IACb,kBAAkB;AAAA,IAClB,0BAA0B;AAAA,EAC5B;AAAA,EACA,cAAc;AAAA,IACZ,YAAY;AAAA,IACZ,iBAAiB;AAAA,IACjB,yBAAyB;AAAA,EAC3B;AAAA,EACA,WAAW;AAAA,IACT,iCAAiC;AAAA,IACjC,6BAA6B;AAAA,EAC/B;AAAA,EACA,aAAa;AAAA,IACX,2BAA2B;AAAA,IAC3B,sBAAsB;AAAA,IACtB,8BAA8B;AAAA,IAC9B,+BAA+B;AAAA,IAC/B,0BAA0B;AAAA,IAC1B,qCAAqC;AAAA,EACvC;AAAA,EACA,SAAS;AAAA,IACP,cAAc;AAAA,IACd,mBAAmB;AAAA,IACnB,qBAAqB;AAAA,IACrB,uBAAuB;AAAA,IACvB,6BAA6B;AAAA,IAC7B,8BAA8B;AAAA,IAC9B,iCAAiC;AAAA,IACjC,6BAA6B;AAAA,EAC/B;AAAA,EACA,iBAAiB;AAAA,IACf,gBAAgB;AAAA,EAClB;AAAA,EACA,YAAY;AAAA,IACV,gBAAgB;AAAA,EAClB;AAAA,EACA,gBAAgB;AAAA,IACd,4BAA4B;AAAA,IAC5B,2BAA2B;AAAA,IAC3B,qBAAqB;AAAA,IACrB,mBAAmB;AAAA,EACrB;AAAA,EACA,aAAa;AAAA,IACX,YAAY;AAAA,IACZ,eAAe;AAAA,IACf,gBAAgB;AAAA,IAChB,iBAAiB;AAAA,EACnB;AAAA,EACA,YAAY;AAAA,IACV,WAAW;AAAA,IACX,qBAAqB;AAAA,IACrB,kBAAkB;AAAA,IAClB,wBAAwB;AAAA,IACxB,wBAAwB;AAAA,EAC1B;AAAA,EACA,gBAAgB;AAAA,IACd,sBAAsB;AAAA,EACxB;AAAA,EACA,aAAa;AAAA,IACX,kBAAkB;AAAA,IAClB,eAAe;AAAA,IACf,kBAAkB;AAAA,IAClB,yBAAyB;AAAA,IACzB,qBAAqB;AAAA,EACvB;AAAA,EACA,oBAAoB;AAAA,IAClB,uBAAuB;AAAA,IACvB,2BAA2B;AAAA,EAC7B;AAAA,EACA,qBAAqB;AAAA,IACnB,oBAAoB;AAAA,EACtB;AACF;",
4
+ "sourcesContent": ["// AUTO-GENERATED by mercato generate entity-ids\nexport const M = {\n \"dashboards\": \"dashboards\",\n \"auth\": \"auth\",\n \"directory\": \"directory\",\n \"customers\": \"customers\",\n \"perspectives\": \"perspectives\",\n \"entities\": \"entities\",\n \"configs\": \"configs\",\n \"query_index\": \"query_index\",\n \"audit_logs\": \"audit_logs\",\n \"attachments\": \"attachments\",\n \"catalog\": \"catalog\",\n \"sales\": \"sales\",\n \"api_keys\": \"api_keys\",\n \"dictionaries\": \"dictionaries\",\n \"api_docs\": \"api_docs\",\n \"business_rules\": \"business_rules\",\n \"feature_toggles\": \"feature_toggles\",\n \"workflows\": \"workflows\",\n \"currencies\": \"currencies\",\n \"planner\": \"planner\",\n \"resources\": \"resources\",\n \"staff\": \"staff\",\n \"notifications\": \"notifications\",\n \"progress\": \"progress\",\n \"integrations\": \"integrations\",\n \"data_sync\": \"data_sync\",\n \"messages\": \"messages\",\n \"translations\": \"translations\",\n \"inbox_ops\": \"inbox_ops\",\n \"payment_gateways\": \"payment_gateways\",\n \"shipping_carriers\": \"shipping_carriers\",\n \"customer_accounts\": \"customer_accounts\",\n \"portal\": \"portal\"\n} as const\nexport const E = {\n \"dashboards\": {\n \"dashboard_layout\": \"dashboards:dashboard_layout\",\n \"dashboard_role_widgets\": \"dashboards:dashboard_role_widgets\",\n \"dashboard_user_widgets\": \"dashboards:dashboard_user_widgets\"\n },\n \"auth\": {\n \"user\": \"auth:user\",\n \"role\": \"auth:role\",\n \"user_sidebar_preference\": \"auth:user_sidebar_preference\",\n \"role_sidebar_preference\": \"auth:role_sidebar_preference\",\n \"user_role\": \"auth:user_role\",\n \"session\": \"auth:session\",\n \"password_reset\": \"auth:password_reset\",\n \"role_acl\": \"auth:role_acl\",\n \"user_acl\": \"auth:user_acl\"\n },\n \"directory\": {\n \"tenant\": \"directory:tenant\",\n \"organization\": \"directory:organization\"\n },\n \"customers\": {\n \"customer_entity\": \"customers:customer_entity\",\n \"customer_person_profile\": \"customers:customer_person_profile\",\n \"customer_company_profile\": \"customers:customer_company_profile\",\n \"customer_deal\": \"customers:customer_deal\",\n \"customer_deal_person_link\": \"customers:customer_deal_person_link\",\n \"customer_deal_company_link\": \"customers:customer_deal_company_link\",\n \"customer_activity\": \"customers:customer_activity\",\n \"customer_comment\": \"customers:customer_comment\",\n \"customer_address\": \"customers:customer_address\",\n \"customer_settings\": \"customers:customer_settings\",\n \"customer_tag\": \"customers:customer_tag\",\n \"customer_tag_assignment\": \"customers:customer_tag_assignment\",\n \"customer_dictionary_entry\": \"customers:customer_dictionary_entry\",\n \"customer_pipeline\": \"customers:customer_pipeline\",\n \"customer_pipeline_stage\": \"customers:customer_pipeline_stage\",\n \"customer_todo_link\": \"customers:customer_todo_link\"\n },\n \"perspectives\": {\n \"perspective\": \"perspectives:perspective\",\n \"role_perspective\": \"perspectives:role_perspective\"\n },\n \"entities\": {\n \"custom_field_def\": \"entities:custom_field_def\",\n \"custom_field_entity_config\": \"entities:custom_field_entity_config\",\n \"custom_entity\": \"entities:custom_entity\",\n \"custom_entity_storage\": \"entities:custom_entity_storage\",\n \"custom_field_value\": \"entities:custom_field_value\",\n \"encryption_map\": \"entities:encryption_map\"\n },\n \"configs\": {\n \"module_config\": \"configs:module_config\",\n \"upgrade_action_run\": \"configs:upgrade_action_run\"\n },\n \"query_index\": {\n \"entity_index_row\": \"query_index:entity_index_row\",\n \"entity_index_job\": \"query_index:entity_index_job\",\n \"entity_index_coverage\": \"query_index:entity_index_coverage\",\n \"indexer_error_log\": \"query_index:indexer_error_log\",\n \"indexer_status_log\": \"query_index:indexer_status_log\",\n \"search_token\": \"query_index:search_token\"\n },\n \"audit_logs\": {\n \"action_log\": \"audit_logs:action_log\",\n \"access_log\": \"audit_logs:access_log\"\n },\n \"attachments\": {\n \"attachment_partition\": \"attachments:attachment_partition\",\n \"attachment\": \"attachments:attachment\"\n },\n \"catalog\": {\n \"catalog_option_schema_template\": \"catalog:catalog_option_schema_template\",\n \"catalog_product\": \"catalog:catalog_product\",\n \"catalog_product_unit_conversion\": \"catalog:catalog_product_unit_conversion\",\n \"catalog_product_category\": \"catalog:catalog_product_category\",\n \"catalog_product_category_assignment\": \"catalog:catalog_product_category_assignment\",\n \"catalog_product_tag\": \"catalog:catalog_product_tag\",\n \"catalog_product_tag_assignment\": \"catalog:catalog_product_tag_assignment\",\n \"catalog_offer\": \"catalog:catalog_offer\",\n \"catalog_product_variant\": \"catalog:catalog_product_variant\",\n \"catalog_product_variant_relation\": \"catalog:catalog_product_variant_relation\",\n \"catalog_price_kind\": \"catalog:catalog_price_kind\",\n \"catalog_product_price\": \"catalog:catalog_product_price\"\n },\n \"sales\": {\n \"sales_channel\": \"sales:sales_channel\",\n \"sales_shipping_method\": \"sales:sales_shipping_method\",\n \"sales_delivery_window\": \"sales:sales_delivery_window\",\n \"sales_payment_method\": \"sales:sales_payment_method\",\n \"sales_tax_rate\": \"sales:sales_tax_rate\",\n \"sales_order\": \"sales:sales_order\",\n \"sales_order_line\": \"sales:sales_order_line\",\n \"sales_order_adjustment\": \"sales:sales_order_adjustment\",\n \"sales_settings\": \"sales:sales_settings\",\n \"sales_document_sequence\": \"sales:sales_document_sequence\",\n \"sales_quote\": \"sales:sales_quote\",\n \"sales_quote_line\": \"sales:sales_quote_line\",\n \"sales_quote_adjustment\": \"sales:sales_quote_adjustment\",\n \"sales_shipment\": \"sales:sales_shipment\",\n \"sales_shipment_item\": \"sales:sales_shipment_item\",\n \"sales_invoice\": \"sales:sales_invoice\",\n \"sales_invoice_line\": \"sales:sales_invoice_line\",\n \"sales_credit_memo\": \"sales:sales_credit_memo\",\n \"sales_credit_memo_line\": \"sales:sales_credit_memo_line\",\n \"sales_payment\": \"sales:sales_payment\",\n \"sales_payment_allocation\": \"sales:sales_payment_allocation\",\n \"sales_note\": \"sales:sales_note\",\n \"sales_document_address\": \"sales:sales_document_address\",\n \"sales_document_tag\": \"sales:sales_document_tag\",\n \"sales_document_tag_assignment\": \"sales:sales_document_tag_assignment\"\n },\n \"api_keys\": {\n \"api_key\": \"api_keys:api_key\"\n },\n \"dictionaries\": {\n \"dictionary\": \"dictionaries:dictionary\",\n \"dictionary_entry\": \"dictionaries:dictionary_entry\"\n },\n \"business_rules\": {\n \"business_rule\": \"business_rules:business_rule\",\n \"rule_execution_log\": \"business_rules:rule_execution_log\",\n \"rule_set\": \"business_rules:rule_set\",\n \"rule_set_member\": \"business_rules:rule_set_member\"\n },\n \"feature_toggles\": {\n \"feature_toggle\": \"feature_toggles:feature_toggle\",\n \"feature_toggle_override\": \"feature_toggles:feature_toggle_override\"\n },\n \"workflows\": {\n \"workflow_definition\": \"workflows:workflow_definition\",\n \"workflow_instance\": \"workflows:workflow_instance\",\n \"step_instance\": \"workflows:step_instance\",\n \"user_task\": \"workflows:user_task\",\n \"workflow_event\": \"workflows:workflow_event\",\n \"workflow_event_trigger\": \"workflows:workflow_event_trigger\"\n },\n \"currencies\": {\n \"currency\": \"currencies:currency\",\n \"exchange_rate\": \"currencies:exchange_rate\",\n \"currency_fetch_config\": \"currencies:currency_fetch_config\"\n },\n \"planner\": {\n \"planner_availability_rule_set\": \"planner:planner_availability_rule_set\",\n \"planner_availability_rule\": \"planner:planner_availability_rule\"\n },\n \"resources\": {\n \"resources_resource_type\": \"resources:resources_resource_type\",\n \"resources_resource\": \"resources:resources_resource\",\n \"resources_resource_comment\": \"resources:resources_resource_comment\",\n \"resources_resource_activity\": \"resources:resources_resource_activity\",\n \"resources_resource_tag\": \"resources:resources_resource_tag\",\n \"resources_resource_tag_assignment\": \"resources:resources_resource_tag_assignment\"\n },\n \"staff\": {\n \"staff_team\": \"staff:staff_team\",\n \"staff_team_role\": \"staff:staff_team_role\",\n \"staff_team_member\": \"staff:staff_team_member\",\n \"staff_leave_request\": \"staff:staff_leave_request\",\n \"staff_team_member_comment\": \"staff:staff_team_member_comment\",\n \"staff_team_member_activity\": \"staff:staff_team_member_activity\",\n \"staff_team_member_job_history\": \"staff:staff_team_member_job_history\",\n \"staff_team_member_address\": \"staff:staff_team_member_address\"\n },\n \"notifications\": {\n \"notification\": \"notifications:notification\"\n },\n \"progress\": {\n \"progress_job\": \"progress:progress_job\"\n },\n \"integrations\": {\n \"sync_external_id_mapping\": \"integrations:sync_external_id_mapping\",\n \"integration_credentials\": \"integrations:integration_credentials\",\n \"integration_state\": \"integrations:integration_state\",\n \"integration_log\": \"integrations:integration_log\"\n },\n \"data_sync\": {\n \"sync_run\": \"data_sync:sync_run\",\n \"sync_cursor\": \"data_sync:sync_cursor\",\n \"sync_mapping\": \"data_sync:sync_mapping\",\n \"sync_schedule\": \"data_sync:sync_schedule\"\n },\n \"messages\": {\n \"message\": \"messages:message\",\n \"message_recipient\": \"messages:message_recipient\",\n \"message_object\": \"messages:message_object\",\n \"message_access_token\": \"messages:message_access_token\",\n \"message_confirmation\": \"messages:message_confirmation\"\n },\n \"translations\": {\n \"entity_translation\": \"translations:entity_translation\"\n },\n \"inbox_ops\": {\n \"inbox_settings\": \"inbox_ops:inbox_settings\",\n \"inbox_email\": \"inbox_ops:inbox_email\",\n \"inbox_proposal\": \"inbox_ops:inbox_proposal\",\n \"inbox_proposal_action\": \"inbox_ops:inbox_proposal_action\",\n \"inbox_discrepancy\": \"inbox_ops:inbox_discrepancy\"\n },\n \"payment_gateways\": {\n \"gateway_transaction\": \"payment_gateways:gateway_transaction\",\n \"webhook_processed_event\": \"payment_gateways:webhook_processed_event\"\n },\n \"shipping_carriers\": {\n \"carrier_shipment\": \"shipping_carriers:carrier_shipment\"\n },\n \"customer_accounts\": {\n \"customer_user\": \"customer_accounts:customer_user\",\n \"customer_role\": \"customer_accounts:customer_role\",\n \"customer_role_acl\": \"customer_accounts:customer_role_acl\",\n \"customer_user_role\": \"customer_accounts:customer_user_role\",\n \"customer_user_acl\": \"customer_accounts:customer_user_acl\",\n \"customer_user_session\": \"customer_accounts:customer_user_session\",\n \"customer_user_email_verification\": \"customer_accounts:customer_user_email_verification\",\n \"customer_user_password_reset\": \"customer_accounts:customer_user_password_reset\",\n \"customer_user_invitation\": \"customer_accounts:customer_user_invitation\"\n }\n} as const\nexport type KnownModuleId = keyof typeof M\nexport type KnownEntities = typeof E\n"],
5
+ "mappings": "AACO,MAAM,IAAI;AAAA,EACf,cAAc;AAAA,EACd,QAAQ;AAAA,EACR,aAAa;AAAA,EACb,aAAa;AAAA,EACb,gBAAgB;AAAA,EAChB,YAAY;AAAA,EACZ,WAAW;AAAA,EACX,eAAe;AAAA,EACf,cAAc;AAAA,EACd,eAAe;AAAA,EACf,WAAW;AAAA,EACX,SAAS;AAAA,EACT,YAAY;AAAA,EACZ,gBAAgB;AAAA,EAChB,YAAY;AAAA,EACZ,kBAAkB;AAAA,EAClB,mBAAmB;AAAA,EACnB,aAAa;AAAA,EACb,cAAc;AAAA,EACd,WAAW;AAAA,EACX,aAAa;AAAA,EACb,SAAS;AAAA,EACT,iBAAiB;AAAA,EACjB,YAAY;AAAA,EACZ,gBAAgB;AAAA,EAChB,aAAa;AAAA,EACb,YAAY;AAAA,EACZ,gBAAgB;AAAA,EAChB,aAAa;AAAA,EACb,oBAAoB;AAAA,EACpB,qBAAqB;AAAA,EACrB,qBAAqB;AAAA,EACrB,UAAU;AACZ;AACO,MAAM,IAAI;AAAA,EACf,cAAc;AAAA,IACZ,oBAAoB;AAAA,IACpB,0BAA0B;AAAA,IAC1B,0BAA0B;AAAA,EAC5B;AAAA,EACA,QAAQ;AAAA,IACN,QAAQ;AAAA,IACR,QAAQ;AAAA,IACR,2BAA2B;AAAA,IAC3B,2BAA2B;AAAA,IAC3B,aAAa;AAAA,IACb,WAAW;AAAA,IACX,kBAAkB;AAAA,IAClB,YAAY;AAAA,IACZ,YAAY;AAAA,EACd;AAAA,EACA,aAAa;AAAA,IACX,UAAU;AAAA,IACV,gBAAgB;AAAA,EAClB;AAAA,EACA,aAAa;AAAA,IACX,mBAAmB;AAAA,IACnB,2BAA2B;AAAA,IAC3B,4BAA4B;AAAA,IAC5B,iBAAiB;AAAA,IACjB,6BAA6B;AAAA,IAC7B,8BAA8B;AAAA,IAC9B,qBAAqB;AAAA,IACrB,oBAAoB;AAAA,IACpB,oBAAoB;AAAA,IACpB,qBAAqB;AAAA,IACrB,gBAAgB;AAAA,IAChB,2BAA2B;AAAA,IAC3B,6BAA6B;AAAA,IAC7B,qBAAqB;AAAA,IACrB,2BAA2B;AAAA,IAC3B,sBAAsB;AAAA,EACxB;AAAA,EACA,gBAAgB;AAAA,IACd,eAAe;AAAA,IACf,oBAAoB;AAAA,EACtB;AAAA,EACA,YAAY;AAAA,IACV,oBAAoB;AAAA,IACpB,8BAA8B;AAAA,IAC9B,iBAAiB;AAAA,IACjB,yBAAyB;AAAA,IACzB,sBAAsB;AAAA,IACtB,kBAAkB;AAAA,EACpB;AAAA,EACA,WAAW;AAAA,IACT,iBAAiB;AAAA,IACjB,sBAAsB;AAAA,EACxB;AAAA,EACA,eAAe;AAAA,IACb,oBAAoB;AAAA,IACpB,oBAAoB;AAAA,IACpB,yBAAyB;AAAA,IACzB,qBAAqB;AAAA,IACrB,sBAAsB;AAAA,IACtB,gBAAgB;AAAA,EAClB;AAAA,EACA,cAAc;AAAA,IACZ,cAAc;AAAA,IACd,cAAc;AAAA,EAChB;AAAA,EACA,eAAe;AAAA,IACb,wBAAwB;AAAA,IACxB,cAAc;AAAA,EAChB;AAAA,EACA,WAAW;AAAA,IACT,kCAAkC;AAAA,IAClC,mBAAmB;AAAA,IACnB,mCAAmC;AAAA,IACnC,4BAA4B;AAAA,IAC5B,uCAAuC;AAAA,IACvC,uBAAuB;AAAA,IACvB,kCAAkC;AAAA,IAClC,iBAAiB;AAAA,IACjB,2BAA2B;AAAA,IAC3B,oCAAoC;AAAA,IACpC,sBAAsB;AAAA,IACtB,yBAAyB;AAAA,EAC3B;AAAA,EACA,SAAS;AAAA,IACP,iBAAiB;AAAA,IACjB,yBAAyB;AAAA,IACzB,yBAAyB;AAAA,IACzB,wBAAwB;AAAA,IACxB,kBAAkB;AAAA,IAClB,eAAe;AAAA,IACf,oBAAoB;AAAA,IACpB,0BAA0B;AAAA,IAC1B,kBAAkB;AAAA,IAClB,2BAA2B;AAAA,IAC3B,eAAe;AAAA,IACf,oBAAoB;AAAA,IACpB,0BAA0B;AAAA,IAC1B,kBAAkB;AAAA,IAClB,uBAAuB;AAAA,IACvB,iBAAiB;AAAA,IACjB,sBAAsB;AAAA,IACtB,qBAAqB;AAAA,IACrB,0BAA0B;AAAA,IAC1B,iBAAiB;AAAA,IACjB,4BAA4B;AAAA,IAC5B,cAAc;AAAA,IACd,0BAA0B;AAAA,IAC1B,sBAAsB;AAAA,IACtB,iCAAiC;AAAA,EACnC;AAAA,EACA,YAAY;AAAA,IACV,WAAW;AAAA,EACb;AAAA,EACA,gBAAgB;AAAA,IACd,cAAc;AAAA,IACd,oBAAoB;AAAA,EACtB;AAAA,EACA,kBAAkB;AAAA,IAChB,iBAAiB;AAAA,IACjB,sBAAsB;AAAA,IACtB,YAAY;AAAA,IACZ,mBAAmB;AAAA,EACrB;AAAA,EACA,mBAAmB;AAAA,IACjB,kBAAkB;AAAA,IAClB,2BAA2B;AAAA,EAC7B;AAAA,EACA,aAAa;AAAA,IACX,uBAAuB;AAAA,IACvB,qBAAqB;AAAA,IACrB,iBAAiB;AAAA,IACjB,aAAa;AAAA,IACb,kBAAkB;AAAA,IAClB,0BAA0B;AAAA,EAC5B;AAAA,EACA,cAAc;AAAA,IACZ,YAAY;AAAA,IACZ,iBAAiB;AAAA,IACjB,yBAAyB;AAAA,EAC3B;AAAA,EACA,WAAW;AAAA,IACT,iCAAiC;AAAA,IACjC,6BAA6B;AAAA,EAC/B;AAAA,EACA,aAAa;AAAA,IACX,2BAA2B;AAAA,IAC3B,sBAAsB;AAAA,IACtB,8BAA8B;AAAA,IAC9B,+BAA+B;AAAA,IAC/B,0BAA0B;AAAA,IAC1B,qCAAqC;AAAA,EACvC;AAAA,EACA,SAAS;AAAA,IACP,cAAc;AAAA,IACd,mBAAmB;AAAA,IACnB,qBAAqB;AAAA,IACrB,uBAAuB;AAAA,IACvB,6BAA6B;AAAA,IAC7B,8BAA8B;AAAA,IAC9B,iCAAiC;AAAA,IACjC,6BAA6B;AAAA,EAC/B;AAAA,EACA,iBAAiB;AAAA,IACf,gBAAgB;AAAA,EAClB;AAAA,EACA,YAAY;AAAA,IACV,gBAAgB;AAAA,EAClB;AAAA,EACA,gBAAgB;AAAA,IACd,4BAA4B;AAAA,IAC5B,2BAA2B;AAAA,IAC3B,qBAAqB;AAAA,IACrB,mBAAmB;AAAA,EACrB;AAAA,EACA,aAAa;AAAA,IACX,YAAY;AAAA,IACZ,eAAe;AAAA,IACf,gBAAgB;AAAA,IAChB,iBAAiB;AAAA,EACnB;AAAA,EACA,YAAY;AAAA,IACV,WAAW;AAAA,IACX,qBAAqB;AAAA,IACrB,kBAAkB;AAAA,IAClB,wBAAwB;AAAA,IACxB,wBAAwB;AAAA,EAC1B;AAAA,EACA,gBAAgB;AAAA,IACd,sBAAsB;AAAA,EACxB;AAAA,EACA,aAAa;AAAA,IACX,kBAAkB;AAAA,IAClB,eAAe;AAAA,IACf,kBAAkB;AAAA,IAClB,yBAAyB;AAAA,IACzB,qBAAqB;AAAA,EACvB;AAAA,EACA,oBAAoB;AAAA,IAClB,uBAAuB;AAAA,IACvB,2BAA2B;AAAA,EAC7B;AAAA,EACA,qBAAqB;AAAA,IACnB,oBAAoB;AAAA,EACtB;AAAA,EACA,qBAAqB;AAAA,IACnB,iBAAiB;AAAA,IACjB,iBAAiB;AAAA,IACjB,qBAAqB;AAAA,IACrB,sBAAsB;AAAA,IACtB,qBAAqB;AAAA,IACrB,yBAAyB;AAAA,IACzB,oCAAoC;AAAA,IACpC,gCAAgC;AAAA,IAChC,4BAA4B;AAAA,EAC9B;AACF;",
6
6
  "names": []
7
7
  }
package/dist/generated/entity-fields-registry.js CHANGED
@@ -36,10 +36,19 @@ import * as customer_entity from "./entities/customer_entity/index.js";
36
36
  import * as customer_person_profile from "./entities/customer_person_profile/index.js";
37
37
  import * as customer_pipeline from "./entities/customer_pipeline/index.js";
38
38
  import * as customer_pipeline_stage from "./entities/customer_pipeline_stage/index.js";
39
+ import * as customer_role from "./entities/customer_role/index.js";
40
+ import * as customer_role_acl from "./entities/customer_role_acl/index.js";
39
41
  import * as customer_settings from "./entities/customer_settings/index.js";
40
42
  import * as customer_tag from "./entities/customer_tag/index.js";
41
43
  import * as customer_tag_assignment from "./entities/customer_tag_assignment/index.js";
42
44
  import * as customer_todo_link from "./entities/customer_todo_link/index.js";
45
+ import * as customer_user from "./entities/customer_user/index.js";
46
+ import * as customer_user_acl from "./entities/customer_user_acl/index.js";
47
+ import * as customer_user_email_verification from "./entities/customer_user_email_verification/index.js";
48
+ import * as customer_user_invitation from "./entities/customer_user_invitation/index.js";
49
+ import * as customer_user_password_reset from "./entities/customer_user_password_reset/index.js";
50
+ import * as customer_user_role from "./entities/customer_user_role/index.js";
51
+ import * as customer_user_session from "./entities/customer_user_session/index.js";
43
52
  import * as dashboard_layout from "./entities/dashboard_layout/index.js";
44
53
  import * as dashboard_role_widgets from "./entities/dashboard_role_widgets/index.js";
45
54
  import * as dashboard_user_widgets from "./entities/dashboard_user_widgets/index.js";
@@ -182,10 +191,19 @@ const entityFieldsRegistry = {
182
191
  customer_person_profile,
183
192
  customer_pipeline,
184
193
  customer_pipeline_stage,
194
+ customer_role,
195
+ customer_role_acl,
185
196
  customer_settings,
186
197
  customer_tag,
187
198
  customer_tag_assignment,
188
199
  customer_todo_link,
200
+ customer_user,
201
+ customer_user_acl,
202
+ customer_user_email_verification,
203
+ customer_user_invitation,
204
+ customer_user_password_reset,
205
+ customer_user_role,
206
+ customer_user_session,
189
207
  dashboard_layout,
190
208
  dashboard_role_widgets,
191
209
  dashboard_user_widgets,
package/dist/generated/entity-fields-registry.js.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["../../generated/entity-fields-registry.ts"],
4
- "sourcesContent": ["// AUTO-GENERATED by mercato generate entity-ids\n// Static registry for entity fields - eliminates dynamic imports for Turbopack compatibility\nimport * as access_log from './entities/access_log/index'\nimport * as action_log from './entities/action_log/index'\nimport * as api_key from './entities/api_key/index'\nimport * as attachment from './entities/attachment/index'\nimport * as attachment_partition from './entities/attachment_partition/index'\nimport * as business_rule from './entities/business_rule/index'\nimport * as carrier_shipment from './entities/carrier_shipment/index'\nimport * as catalog_offer from './entities/catalog_offer/index'\nimport * as catalog_option_schema_template from './entities/catalog_option_schema_template/index'\nimport * as catalog_price_kind from './entities/catalog_price_kind/index'\nimport * as catalog_product from './entities/catalog_product/index'\nimport * as catalog_product_category from './entities/catalog_product_category/index'\nimport * as catalog_product_category_assignment from './entities/catalog_product_category_assignment/index'\nimport * as catalog_product_price from './entities/catalog_product_price/index'\nimport * as catalog_product_tag from './entities/catalog_product_tag/index'\nimport * as catalog_product_tag_assignment from './entities/catalog_product_tag_assignment/index'\nimport * as catalog_product_unit_conversion from './entities/catalog_product_unit_conversion/index'\nimport * as catalog_product_variant from './entities/catalog_product_variant/index'\nimport * as catalog_product_variant_relation from './entities/catalog_product_variant_relation/index'\nimport * as currency from './entities/currency/index'\nimport * as currency_fetch_config from './entities/currency_fetch_config/index'\nimport * as custom_entity from './entities/custom_entity/index'\nimport * as custom_entity_storage from './entities/custom_entity_storage/index'\nimport * as custom_field_def from './entities/custom_field_def/index'\nimport * as custom_field_entity_config from './entities/custom_field_entity_config/index'\nimport * as custom_field_value from './entities/custom_field_value/index'\nimport * as customer_activity from './entities/customer_activity/index'\nimport * as customer_address from './entities/customer_address/index'\nimport * as customer_comment from './entities/customer_comment/index'\nimport * as customer_company_profile from './entities/customer_company_profile/index'\nimport * as customer_deal from './entities/customer_deal/index'\nimport * as customer_deal_company_link from './entities/customer_deal_company_link/index'\nimport * as customer_deal_person_link from './entities/customer_deal_person_link/index'\nimport * as customer_dictionary_entry from './entities/customer_dictionary_entry/index'\nimport * as customer_entity from './entities/customer_entity/index'\nimport * as customer_person_profile from './entities/customer_person_profile/index'\nimport * as customer_pipeline from './entities/customer_pipeline/index'\nimport * as customer_pipeline_stage from './entities/customer_pipeline_stage/index'\nimport * as customer_settings from './entities/customer_settings/index'\nimport * as customer_tag from './entities/customer_tag/index'\nimport * as customer_tag_assignment from './entities/customer_tag_assignment/index'\nimport * as customer_todo_link from './entities/customer_todo_link/index'\nimport * as dashboard_layout from './entities/dashboard_layout/index'\nimport * as dashboard_role_widgets from './entities/dashboard_role_widgets/index'\nimport * as dashboard_user_widgets from './entities/dashboard_user_widgets/index'\nimport * as dictionary from './entities/dictionary/index'\nimport * as dictionary_entry from './entities/dictionary_entry/index'\nimport * as encryption_map from './entities/encryption_map/index'\nimport * as entity_index_coverage from './entities/entity_index_coverage/index'\nimport * as entity_index_job from './entities/entity_index_job/index'\nimport * as entity_index_row from './entities/entity_index_row/index'\nimport * as entity_translation from './entities/entity_translation/index'\nimport * as exchange_rate from './entities/exchange_rate/index'\nimport * as feature_toggle from './entities/feature_toggle/index'\nimport * as feature_toggle_override from './entities/feature_toggle_override/index'\nimport * as gateway_transaction from './entities/gateway_transaction/index'\nimport * as inbox_discrepancy from './entities/inbox_discrepancy/index'\nimport * as inbox_email from './entities/inbox_email/index'\nimport * as inbox_proposal from './entities/inbox_proposal/index'\nimport * as inbox_proposal_action from './entities/inbox_proposal_action/index'\nimport * as inbox_settings from './entities/inbox_settings/index'\nimport * as indexer_error_log from './entities/indexer_error_log/index'\nimport * as indexer_status_log from './entities/indexer_status_log/index'\nimport * as integration_credentials from './entities/integration_credentials/index'\nimport * as integration_log from './entities/integration_log/index'\nimport * as integration_state from './entities/integration_state/index'\nimport * as message from './entities/message/index'\nimport * as message_access_token from './entities/message_access_token/index'\nimport * as message_confirmation from './entities/message_confirmation/index'\nimport * as message_object from './entities/message_object/index'\nimport * as message_recipient from './entities/message_recipient/index'\nimport * as module_config from './entities/module_config/index'\nimport * as notification from './entities/notification/index'\nimport * as organization from './entities/organization/index'\nimport * as password_reset from './entities/password_reset/index'\nimport * as perspective from './entities/perspective/index'\nimport * as planner_availability_rule from './entities/planner_availability_rule/index'\nimport * as planner_availability_rule_set from './entities/planner_availability_rule_set/index'\nimport * as progress_job from './entities/progress_job/index'\nimport * as resources_resource from './entities/resources_resource/index'\nimport * as resources_resource_activity from './entities/resources_resource_activity/index'\nimport * as resources_resource_comment from './entities/resources_resource_comment/index'\nimport * as resources_resource_tag from './entities/resources_resource_tag/index'\nimport * as resources_resource_tag_assignment from './entities/resources_resource_tag_assignment/index'\nimport * as resources_resource_type from './entities/resources_resource_type/index'\nimport * as role from './entities/role/index'\nimport * as role_acl from './entities/role_acl/index'\nimport * as role_perspective from './entities/role_perspective/index'\nimport * as role_sidebar_preference from './entities/role_sidebar_preference/index'\nimport * as rule_execution_log from './entities/rule_execution_log/index'\nimport * as rule_set from './entities/rule_set/index'\nimport * as rule_set_member from './entities/rule_set_member/index'\nimport * as sales_channel from './entities/sales_channel/index'\nimport * as sales_credit_memo from './entities/sales_credit_memo/index'\nimport * as sales_credit_memo_line from './entities/sales_credit_memo_line/index'\nimport * as sales_delivery_window from './entities/sales_delivery_window/index'\nimport * as sales_document_address from './entities/sales_document_address/index'\nimport * as sales_document_sequence from './entities/sales_document_sequence/index'\nimport * as sales_document_tag from './entities/sales_document_tag/index'\nimport * as sales_document_tag_assignment from './entities/sales_document_tag_assignment/index'\nimport * as sales_invoice from './entities/sales_invoice/index'\nimport * as sales_invoice_line from './entities/sales_invoice_line/index'\nimport * as sales_note from './entities/sales_note/index'\nimport * as sales_order from './entities/sales_order/index'\nimport * as sales_order_adjustment from './entities/sales_order_adjustment/index'\nimport * as sales_order_line from './entities/sales_order_line/index'\nimport * as sales_payment from './entities/sales_payment/index'\nimport * as sales_payment_allocation from './entities/sales_payment_allocation/index'\nimport * as sales_payment_method from './entities/sales_payment_method/index'\nimport * as sales_quote from './entities/sales_quote/index'\nimport * as sales_quote_adjustment from './entities/sales_quote_adjustment/index'\nimport * as sales_quote_line from './entities/sales_quote_line/index'\nimport * as sales_settings from './entities/sales_settings/index'\nimport * as sales_shipment from './entities/sales_shipment/index'\nimport * as sales_shipment_item from './entities/sales_shipment_item/index'\nimport * as sales_shipping_method from './entities/sales_shipping_method/index'\nimport * as sales_tax_rate from './entities/sales_tax_rate/index'\nimport * as search_token from './entities/search_token/index'\nimport * as session from './entities/session/index'\nimport * as staff_leave_request from './entities/staff_leave_request/index'\nimport * as staff_team from './entities/staff_team/index'\nimport * as staff_team_member from './entities/staff_team_member/index'\nimport * as staff_team_member_activity from './entities/staff_team_member_activity/index'\nimport * as staff_team_member_address from './entities/staff_team_member_address/index'\nimport * as staff_team_member_comment from './entities/staff_team_member_comment/index'\nimport * as staff_team_member_job_history from './entities/staff_team_member_job_history/index'\nimport * as staff_team_role from './entities/staff_team_role/index'\nimport * as step_instance from './entities/step_instance/index'\nimport * as sync_cursor from './entities/sync_cursor/index'\nimport * as sync_external_id_mapping from './entities/sync_external_id_mapping/index'\nimport * as sync_mapping from './entities/sync_mapping/index'\nimport * as sync_run from './entities/sync_run/index'\nimport * as sync_schedule from './entities/sync_schedule/index'\nimport * as tenant from './entities/tenant/index'\nimport * as upgrade_action_run from './entities/upgrade_action_run/index'\nimport * as user from './entities/user/index'\nimport * as user_acl from './entities/user_acl/index'\nimport * as user_role from './entities/user_role/index'\nimport * as user_sidebar_preference from './entities/user_sidebar_preference/index'\nimport * as user_task from './entities/user_task/index'\nimport * as webhook_processed_event from './entities/webhook_processed_event/index'\nimport * as workflow_definition from './entities/workflow_definition/index'\nimport * as workflow_event from './entities/workflow_event/index'\nimport * as workflow_event_trigger from './entities/workflow_event_trigger/index'\nimport * as workflow_instance from './entities/workflow_instance/index'\n\nexport const entityFieldsRegistry: Record<string, Record<string, string>> = {\n access_log,\n action_log,\n api_key,\n attachment,\n attachment_partition,\n business_rule,\n carrier_shipment,\n catalog_offer,\n catalog_option_schema_template,\n catalog_price_kind,\n catalog_product,\n catalog_product_category,\n catalog_product_category_assignment,\n catalog_product_price,\n catalog_product_tag,\n catalog_product_tag_assignment,\n catalog_product_unit_conversion,\n catalog_product_variant,\n catalog_product_variant_relation,\n currency,\n currency_fetch_config,\n custom_entity,\n custom_entity_storage,\n custom_field_def,\n custom_field_entity_config,\n custom_field_value,\n customer_activity,\n customer_address,\n customer_comment,\n customer_company_profile,\n customer_deal,\n customer_deal_company_link,\n customer_deal_person_link,\n customer_dictionary_entry,\n customer_entity,\n customer_person_profile,\n customer_pipeline,\n customer_pipeline_stage,\n customer_settings,\n customer_tag,\n customer_tag_assignment,\n customer_todo_link,\n dashboard_layout,\n dashboard_role_widgets,\n dashboard_user_widgets,\n dictionary,\n dictionary_entry,\n encryption_map,\n entity_index_coverage,\n entity_index_job,\n entity_index_row,\n entity_translation,\n exchange_rate,\n feature_toggle,\n feature_toggle_override,\n gateway_transaction,\n inbox_discrepancy,\n inbox_email,\n inbox_proposal,\n inbox_proposal_action,\n inbox_settings,\n indexer_error_log,\n indexer_status_log,\n integration_credentials,\n integration_log,\n integration_state,\n message,\n message_access_token,\n message_confirmation,\n message_object,\n message_recipient,\n module_config,\n notification,\n organization,\n password_reset,\n perspective,\n planner_availability_rule,\n planner_availability_rule_set,\n progress_job,\n resources_resource,\n resources_resource_activity,\n resources_resource_comment,\n resources_resource_tag,\n resources_resource_tag_assignment,\n resources_resource_type,\n role,\n role_acl,\n role_perspective,\n role_sidebar_preference,\n rule_execution_log,\n rule_set,\n rule_set_member,\n sales_channel,\n sales_credit_memo,\n sales_credit_memo_line,\n sales_delivery_window,\n sales_document_address,\n sales_document_sequence,\n sales_document_tag,\n sales_document_tag_assignment,\n sales_invoice,\n sales_invoice_line,\n sales_note,\n sales_order,\n sales_order_adjustment,\n sales_order_line,\n sales_payment,\n sales_payment_allocation,\n sales_payment_method,\n sales_quote,\n sales_quote_adjustment,\n sales_quote_line,\n sales_settings,\n sales_shipment,\n sales_shipment_item,\n sales_shipping_method,\n sales_tax_rate,\n search_token,\n session,\n staff_leave_request,\n staff_team,\n staff_team_member,\n staff_team_member_activity,\n staff_team_member_address,\n staff_team_member_comment,\n staff_team_member_job_history,\n staff_team_role,\n step_instance,\n sync_cursor,\n sync_external_id_mapping,\n sync_mapping,\n sync_run,\n sync_schedule,\n tenant,\n upgrade_action_run,\n user,\n user_acl,\n user_role,\n user_sidebar_preference,\n user_task,\n webhook_processed_event,\n workflow_definition,\n workflow_event,\n workflow_event_trigger,\n workflow_instance\n}\n\nexport function getEntityFields(slug: string): Record<string, string> | undefined {\n return entityFieldsRegistry[slug]\n}\n"],
5
- "mappings": "AAEA,YAAY,gBAAgB;AAC5B,YAAY,gBAAgB;AAC5B,YAAY,aAAa;AACzB,YAAY,gBAAgB;AAC5B,YAAY,0BAA0B;AACtC,YAAY,mBAAmB;AAC/B,YAAY,sBAAsB;AAClC,YAAY,mBAAmB;AAC/B,YAAY,oCAAoC;AAChD,YAAY,wBAAwB;AACpC,YAAY,qBAAqB;AACjC,YAAY,8BAA8B;AAC1C,YAAY,yCAAyC;AACrD,YAAY,2BAA2B;AACvC,YAAY,yBAAyB;AACrC,YAAY,oCAAoC;AAChD,YAAY,qCAAqC;AACjD,YAAY,6BAA6B;AACzC,YAAY,sCAAsC;AAClD,YAAY,cAAc;AAC1B,YAAY,2BAA2B;AACvC,YAAY,mBAAmB;AAC/B,YAAY,2BAA2B;AACvC,YAAY,sBAAsB;AAClC,YAAY,gCAAgC;AAC5C,YAAY,wBAAwB;AACpC,YAAY,uBAAuB;AACnC,YAAY,sBAAsB;AAClC,YAAY,sBAAsB;AAClC,YAAY,8BAA8B;AAC1C,YAAY,mBAAmB;AAC/B,YAAY,gCAAgC;AAC5C,YAAY,+BAA+B;AAC3C,YAAY,+BAA+B;AAC3C,YAAY,qBAAqB;AACjC,YAAY,6BAA6B;AACzC,YAAY,uBAAuB;AACnC,YAAY,6BAA6B;AACzC,YAAY,uBAAuB;AACnC,YAAY,kBAAkB;AAC9B,YAAY,6BAA6B;AACzC,YAAY,wBAAwB;AACpC,YAAY,sBAAsB;AAClC,YAAY,4BAA4B;AACxC,YAAY,4BAA4B;AACxC,YAAY,gBAAgB;AAC5B,YAAY,sBAAsB;AAClC,YAAY,oBAAoB;AAChC,YAAY,2BAA2B;AACvC,YAAY,sBAAsB;AAClC,YAAY,sBAAsB;AAClC,YAAY,wBAAwB;AACpC,YAAY,mBAAmB;AAC/B,YAAY,oBAAoB;AAChC,YAAY,6BAA6B;AACzC,YAAY,yBAAyB;AACrC,YAAY,uBAAuB;AACnC,YAAY,iBAAiB;AAC7B,YAAY,oBAAoB;AAChC,YAAY,2BAA2B;AACvC,YAAY,oBAAoB;AAChC,YAAY,uBAAuB;AACnC,YAAY,wBAAwB;AACpC,YAAY,6BAA6B;AACzC,YAAY,qBAAqB;AACjC,YAAY,uBAAuB;AACnC,YAAY,aAAa;AACzB,YAAY,0BAA0B;AACtC,YAAY,0BAA0B;AACtC,YAAY,oBAAoB;AAChC,YAAY,uBAAuB;AACnC,YAAY,mBAAmB;AAC/B,YAAY,kBAAkB;AAC9B,YAAY,kBAAkB;AAC9B,YAAY,oBAAoB;AAChC,YAAY,iBAAiB;AAC7B,YAAY,+BAA+B;AAC3C,YAAY,mCAAmC;AAC/C,YAAY,kBAAkB;AAC9B,YAAY,wBAAwB;AACpC,YAAY,iCAAiC;AAC7C,YAAY,gCAAgC;AAC5C,YAAY,4BAA4B;AACxC,YAAY,uCAAuC;AACnD,YAAY,6BAA6B;AACzC,YAAY,UAAU;AACtB,YAAY,cAAc;AAC1B,YAAY,sBAAsB;AAClC,YAAY,6BAA6B;AACzC,YAAY,wBAAwB;AACpC,YAAY,cAAc;AAC1B,YAAY,qBAAqB;AACjC,YAAY,mBAAmB;AAC/B,YAAY,uBAAuB;AACnC,YAAY,4BAA4B;AACxC,YAAY,2BAA2B;AACvC,YAAY,4BAA4B;AACxC,YAAY,6BAA6B;AACzC,YAAY,wBAAwB;AACpC,YAAY,mCAAmC;AAC/C,YAAY,mBAAmB;AAC/B,YAAY,wBAAwB;AACpC,YAAY,gBAAgB;AAC5B,YAAY,iBAAiB;AAC7B,YAAY,4BAA4B;AACxC,YAAY,sBAAsB;AAClC,YAAY,mBAAmB;AAC/B,YAAY,8BAA8B;AAC1C,YAAY,0BAA0B;AACtC,YAAY,iBAAiB;AAC7B,YAAY,4BAA4B;AACxC,YAAY,sBAAsB;AAClC,YAAY,oBAAoB;AAChC,YAAY,oBAAoB;AAChC,YAAY,yBAAyB;AACrC,YAAY,2BAA2B;AACvC,YAAY,oBAAoB;AAChC,YAAY,kBAAkB;AAC9B,YAAY,aAAa;AACzB,YAAY,yBAAyB;AACrC,YAAY,gBAAgB;AAC5B,YAAY,uBAAuB;AACnC,YAAY,gCAAgC;AAC5C,YAAY,+BAA+B;AAC3C,YAAY,+BAA+B;AAC3C,YAAY,mCAAmC;AAC/C,YAAY,qBAAqB;AACjC,YAAY,mBAAmB;AAC/B,YAAY,iBAAiB;AAC7B,YAAY,8BAA8B;AAC1C,YAAY,kBAAkB;AAC9B,YAAY,cAAc;AAC1B,YAAY,mBAAmB;AAC/B,YAAY,YAAY;AACxB,YAAY,wBAAwB;AACpC,YAAY,UAAU;AACtB,YAAY,cAAc;AAC1B,YAAY,eAAe;AAC3B,YAAY,6BAA6B;AACzC,YAAY,eAAe;AAC3B,YAAY,6BAA6B;AACzC,YAAY,yBAAyB;AACrC,YAAY,oBAAoB;AAChC,YAAY,4BAA4B;AACxC,YAAY,uBAAuB;AAE5B,MAAM,uBAA+D;AAAA,EAC1E;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEO,SAAS,gBAAgB,MAAkD;AAChF,SAAO,qBAAqB,IAAI;AAClC;",
4
+ "sourcesContent": ["// AUTO-GENERATED by mercato generate entity-ids\n// Static registry for entity fields - eliminates dynamic imports for Turbopack compatibility\nimport * as access_log from './entities/access_log/index'\nimport * as action_log from './entities/action_log/index'\nimport * as api_key from './entities/api_key/index'\nimport * as attachment from './entities/attachment/index'\nimport * as attachment_partition from './entities/attachment_partition/index'\nimport * as business_rule from './entities/business_rule/index'\nimport * as carrier_shipment from './entities/carrier_shipment/index'\nimport * as catalog_offer from './entities/catalog_offer/index'\nimport * as catalog_option_schema_template from './entities/catalog_option_schema_template/index'\nimport * as catalog_price_kind from './entities/catalog_price_kind/index'\nimport * as catalog_product from './entities/catalog_product/index'\nimport * as catalog_product_category from './entities/catalog_product_category/index'\nimport * as catalog_product_category_assignment from './entities/catalog_product_category_assignment/index'\nimport * as catalog_product_price from './entities/catalog_product_price/index'\nimport * as catalog_product_tag from './entities/catalog_product_tag/index'\nimport * as catalog_product_tag_assignment from './entities/catalog_product_tag_assignment/index'\nimport * as catalog_product_unit_conversion from './entities/catalog_product_unit_conversion/index'\nimport * as catalog_product_variant from './entities/catalog_product_variant/index'\nimport * as catalog_product_variant_relation from './entities/catalog_product_variant_relation/index'\nimport * as currency from './entities/currency/index'\nimport * as currency_fetch_config from './entities/currency_fetch_config/index'\nimport * as custom_entity from './entities/custom_entity/index'\nimport * as custom_entity_storage from './entities/custom_entity_storage/index'\nimport * as custom_field_def from './entities/custom_field_def/index'\nimport * as custom_field_entity_config from './entities/custom_field_entity_config/index'\nimport * as custom_field_value from './entities/custom_field_value/index'\nimport * as customer_activity from './entities/customer_activity/index'\nimport * as customer_address from './entities/customer_address/index'\nimport * as customer_comment from './entities/customer_comment/index'\nimport * as customer_company_profile from './entities/customer_company_profile/index'\nimport * as customer_deal from './entities/customer_deal/index'\nimport * as customer_deal_company_link from './entities/customer_deal_company_link/index'\nimport * as customer_deal_person_link from './entities/customer_deal_person_link/index'\nimport * as customer_dictionary_entry from './entities/customer_dictionary_entry/index'\nimport * as customer_entity from './entities/customer_entity/index'\nimport * as customer_person_profile from './entities/customer_person_profile/index'\nimport * as customer_pipeline from './entities/customer_pipeline/index'\nimport * as customer_pipeline_stage from './entities/customer_pipeline_stage/index'\nimport * as customer_role from './entities/customer_role/index'\nimport * as customer_role_acl from './entities/customer_role_acl/index'\nimport * as customer_settings from './entities/customer_settings/index'\nimport * as customer_tag from './entities/customer_tag/index'\nimport * as customer_tag_assignment from './entities/customer_tag_assignment/index'\nimport * as customer_todo_link from './entities/customer_todo_link/index'\nimport * as customer_user from './entities/customer_user/index'\nimport * as customer_user_acl from './entities/customer_user_acl/index'\nimport * as customer_user_email_verification from './entities/customer_user_email_verification/index'\nimport * as customer_user_invitation from './entities/customer_user_invitation/index'\nimport * as customer_user_password_reset from './entities/customer_user_password_reset/index'\nimport * as customer_user_role from './entities/customer_user_role/index'\nimport * as customer_user_session from './entities/customer_user_session/index'\nimport * as dashboard_layout from './entities/dashboard_layout/index'\nimport * as dashboard_role_widgets from './entities/dashboard_role_widgets/index'\nimport * as dashboard_user_widgets from './entities/dashboard_user_widgets/index'\nimport * as dictionary from './entities/dictionary/index'\nimport * as dictionary_entry from './entities/dictionary_entry/index'\nimport * as encryption_map from './entities/encryption_map/index'\nimport * as entity_index_coverage from './entities/entity_index_coverage/index'\nimport * as entity_index_job from './entities/entity_index_job/index'\nimport * as entity_index_row from './entities/entity_index_row/index'\nimport * as entity_translation from './entities/entity_translation/index'\nimport * as exchange_rate from './entities/exchange_rate/index'\nimport * as feature_toggle from './entities/feature_toggle/index'\nimport * as feature_toggle_override from './entities/feature_toggle_override/index'\nimport * as gateway_transaction from './entities/gateway_transaction/index'\nimport * as inbox_discrepancy from './entities/inbox_discrepancy/index'\nimport * as inbox_email from './entities/inbox_email/index'\nimport * as inbox_proposal from './entities/inbox_proposal/index'\nimport * as inbox_proposal_action from './entities/inbox_proposal_action/index'\nimport * as inbox_settings from './entities/inbox_settings/index'\nimport * as indexer_error_log from './entities/indexer_error_log/index'\nimport * as indexer_status_log from './entities/indexer_status_log/index'\nimport * as integration_credentials from './entities/integration_credentials/index'\nimport * as integration_log from './entities/integration_log/index'\nimport * as integration_state from './entities/integration_state/index'\nimport * as message from './entities/message/index'\nimport * as message_access_token from './entities/message_access_token/index'\nimport * as message_confirmation from './entities/message_confirmation/index'\nimport * as message_object from './entities/message_object/index'\nimport * as message_recipient from './entities/message_recipient/index'\nimport * as module_config from './entities/module_config/index'\nimport * as notification from './entities/notification/index'\nimport * as organization from './entities/organization/index'\nimport * as password_reset from './entities/password_reset/index'\nimport * as perspective from './entities/perspective/index'\nimport * as planner_availability_rule from './entities/planner_availability_rule/index'\nimport * as planner_availability_rule_set from './entities/planner_availability_rule_set/index'\nimport * as progress_job from './entities/progress_job/index'\nimport * as resources_resource from './entities/resources_resource/index'\nimport * as resources_resource_activity from './entities/resources_resource_activity/index'\nimport * as resources_resource_comment from './entities/resources_resource_comment/index'\nimport * as resources_resource_tag from './entities/resources_resource_tag/index'\nimport * as resources_resource_tag_assignment from './entities/resources_resource_tag_assignment/index'\nimport * as resources_resource_type from './entities/resources_resource_type/index'\nimport * as role from './entities/role/index'\nimport * as role_acl from './entities/role_acl/index'\nimport * as role_perspective from './entities/role_perspective/index'\nimport * as role_sidebar_preference from './entities/role_sidebar_preference/index'\nimport * as rule_execution_log from './entities/rule_execution_log/index'\nimport * as rule_set from './entities/rule_set/index'\nimport * as rule_set_member from './entities/rule_set_member/index'\nimport * as sales_channel from './entities/sales_channel/index'\nimport * as sales_credit_memo from './entities/sales_credit_memo/index'\nimport * as sales_credit_memo_line from './entities/sales_credit_memo_line/index'\nimport * as sales_delivery_window from './entities/sales_delivery_window/index'\nimport * as sales_document_address from './entities/sales_document_address/index'\nimport * as sales_document_sequence from './entities/sales_document_sequence/index'\nimport * as sales_document_tag from './entities/sales_document_tag/index'\nimport * as sales_document_tag_assignment from './entities/sales_document_tag_assignment/index'\nimport * as sales_invoice from './entities/sales_invoice/index'\nimport * as sales_invoice_line from './entities/sales_invoice_line/index'\nimport * as sales_note from './entities/sales_note/index'\nimport * as sales_order from './entities/sales_order/index'\nimport * as sales_order_adjustment from './entities/sales_order_adjustment/index'\nimport * as sales_order_line from './entities/sales_order_line/index'\nimport * as sales_payment from './entities/sales_payment/index'\nimport * as sales_payment_allocation from './entities/sales_payment_allocation/index'\nimport * as sales_payment_method from './entities/sales_payment_method/index'\nimport * as sales_quote from './entities/sales_quote/index'\nimport * as sales_quote_adjustment from './entities/sales_quote_adjustment/index'\nimport * as sales_quote_line from './entities/sales_quote_line/index'\nimport * as sales_settings from './entities/sales_settings/index'\nimport * as sales_shipment from './entities/sales_shipment/index'\nimport * as sales_shipment_item from './entities/sales_shipment_item/index'\nimport * as sales_shipping_method from './entities/sales_shipping_method/index'\nimport * as sales_tax_rate from './entities/sales_tax_rate/index'\nimport * as search_token from './entities/search_token/index'\nimport * as session from './entities/session/index'\nimport * as staff_leave_request from './entities/staff_leave_request/index'\nimport * as staff_team from './entities/staff_team/index'\nimport * as staff_team_member from './entities/staff_team_member/index'\nimport * as staff_team_member_activity from './entities/staff_team_member_activity/index'\nimport * as staff_team_member_address from './entities/staff_team_member_address/index'\nimport * as staff_team_member_comment from './entities/staff_team_member_comment/index'\nimport * as staff_team_member_job_history from './entities/staff_team_member_job_history/index'\nimport * as staff_team_role from './entities/staff_team_role/index'\nimport * as step_instance from './entities/step_instance/index'\nimport * as sync_cursor from './entities/sync_cursor/index'\nimport * as sync_external_id_mapping from './entities/sync_external_id_mapping/index'\nimport * as sync_mapping from './entities/sync_mapping/index'\nimport * as sync_run from './entities/sync_run/index'\nimport * as sync_schedule from './entities/sync_schedule/index'\nimport * as tenant from './entities/tenant/index'\nimport * as upgrade_action_run from './entities/upgrade_action_run/index'\nimport * as user from './entities/user/index'\nimport * as user_acl from './entities/user_acl/index'\nimport * as user_role from './entities/user_role/index'\nimport * as user_sidebar_preference from './entities/user_sidebar_preference/index'\nimport * as user_task from './entities/user_task/index'\nimport * as webhook_processed_event from './entities/webhook_processed_event/index'\nimport * as workflow_definition from './entities/workflow_definition/index'\nimport * as workflow_event from './entities/workflow_event/index'\nimport * as workflow_event_trigger from './entities/workflow_event_trigger/index'\nimport * as workflow_instance from './entities/workflow_instance/index'\n\nexport const entityFieldsRegistry: Record<string, Record<string, string>> = {\n access_log,\n action_log,\n api_key,\n attachment,\n attachment_partition,\n business_rule,\n carrier_shipment,\n catalog_offer,\n catalog_option_schema_template,\n catalog_price_kind,\n catalog_product,\n catalog_product_category,\n catalog_product_category_assignment,\n catalog_product_price,\n catalog_product_tag,\n catalog_product_tag_assignment,\n catalog_product_unit_conversion,\n catalog_product_variant,\n catalog_product_variant_relation,\n currency,\n currency_fetch_config,\n custom_entity,\n custom_entity_storage,\n custom_field_def,\n custom_field_entity_config,\n custom_field_value,\n customer_activity,\n customer_address,\n customer_comment,\n customer_company_profile,\n customer_deal,\n customer_deal_company_link,\n customer_deal_person_link,\n customer_dictionary_entry,\n customer_entity,\n customer_person_profile,\n customer_pipeline,\n customer_pipeline_stage,\n customer_role,\n customer_role_acl,\n customer_settings,\n customer_tag,\n customer_tag_assignment,\n customer_todo_link,\n customer_user,\n customer_user_acl,\n customer_user_email_verification,\n customer_user_invitation,\n customer_user_password_reset,\n customer_user_role,\n customer_user_session,\n dashboard_layout,\n dashboard_role_widgets,\n dashboard_user_widgets,\n dictionary,\n dictionary_entry,\n encryption_map,\n entity_index_coverage,\n entity_index_job,\n entity_index_row,\n entity_translation,\n exchange_rate,\n feature_toggle,\n feature_toggle_override,\n gateway_transaction,\n inbox_discrepancy,\n inbox_email,\n inbox_proposal,\n inbox_proposal_action,\n inbox_settings,\n indexer_error_log,\n indexer_status_log,\n integration_credentials,\n integration_log,\n integration_state,\n message,\n message_access_token,\n message_confirmation,\n message_object,\n message_recipient,\n module_config,\n notification,\n organization,\n password_reset,\n perspective,\n planner_availability_rule,\n planner_availability_rule_set,\n progress_job,\n resources_resource,\n resources_resource_activity,\n resources_resource_comment,\n resources_resource_tag,\n resources_resource_tag_assignment,\n resources_resource_type,\n role,\n role_acl,\n role_perspective,\n role_sidebar_preference,\n rule_execution_log,\n rule_set,\n rule_set_member,\n sales_channel,\n sales_credit_memo,\n sales_credit_memo_line,\n sales_delivery_window,\n sales_document_address,\n sales_document_sequence,\n sales_document_tag,\n sales_document_tag_assignment,\n sales_invoice,\n sales_invoice_line,\n sales_note,\n sales_order,\n sales_order_adjustment,\n sales_order_line,\n sales_payment,\n sales_payment_allocation,\n sales_payment_method,\n sales_quote,\n sales_quote_adjustment,\n sales_quote_line,\n sales_settings,\n sales_shipment,\n sales_shipment_item,\n sales_shipping_method,\n sales_tax_rate,\n search_token,\n session,\n staff_leave_request,\n staff_team,\n staff_team_member,\n staff_team_member_activity,\n staff_team_member_address,\n staff_team_member_comment,\n staff_team_member_job_history,\n staff_team_role,\n step_instance,\n sync_cursor,\n sync_external_id_mapping,\n sync_mapping,\n sync_run,\n sync_schedule,\n tenant,\n upgrade_action_run,\n user,\n user_acl,\n user_role,\n user_sidebar_preference,\n user_task,\n webhook_processed_event,\n workflow_definition,\n workflow_event,\n workflow_event_trigger,\n workflow_instance\n}\n\nexport function getEntityFields(slug: string): Record<string, string> | undefined {\n return entityFieldsRegistry[slug]\n}\n"],
5
+ "mappings": "AAEA,YAAY,gBAAgB;AAC5B,YAAY,gBAAgB;AAC5B,YAAY,aAAa;AACzB,YAAY,gBAAgB;AAC5B,YAAY,0BAA0B;AACtC,YAAY,mBAAmB;AAC/B,YAAY,sBAAsB;AAClC,YAAY,mBAAmB;AAC/B,YAAY,oCAAoC;AAChD,YAAY,wBAAwB;AACpC,YAAY,qBAAqB;AACjC,YAAY,8BAA8B;AAC1C,YAAY,yCAAyC;AACrD,YAAY,2BAA2B;AACvC,YAAY,yBAAyB;AACrC,YAAY,oCAAoC;AAChD,YAAY,qCAAqC;AACjD,YAAY,6BAA6B;AACzC,YAAY,sCAAsC;AAClD,YAAY,cAAc;AAC1B,YAAY,2BAA2B;AACvC,YAAY,mBAAmB;AAC/B,YAAY,2BAA2B;AACvC,YAAY,sBAAsB;AAClC,YAAY,gCAAgC;AAC5C,YAAY,wBAAwB;AACpC,YAAY,uBAAuB;AACnC,YAAY,sBAAsB;AAClC,YAAY,sBAAsB;AAClC,YAAY,8BAA8B;AAC1C,YAAY,mBAAmB;AAC/B,YAAY,gCAAgC;AAC5C,YAAY,+BAA+B;AAC3C,YAAY,+BAA+B;AAC3C,YAAY,qBAAqB;AACjC,YAAY,6BAA6B;AACzC,YAAY,uBAAuB;AACnC,YAAY,6BAA6B;AACzC,YAAY,mBAAmB;AAC/B,YAAY,uBAAuB;AACnC,YAAY,uBAAuB;AACnC,YAAY,kBAAkB;AAC9B,YAAY,6BAA6B;AACzC,YAAY,wBAAwB;AACpC,YAAY,mBAAmB;AAC/B,YAAY,uBAAuB;AACnC,YAAY,sCAAsC;AAClD,YAAY,8BAA8B;AAC1C,YAAY,kCAAkC;AAC9C,YAAY,wBAAwB;AACpC,YAAY,2BAA2B;AACvC,YAAY,sBAAsB;AAClC,YAAY,4BAA4B;AACxC,YAAY,4BAA4B;AACxC,YAAY,gBAAgB;AAC5B,YAAY,sBAAsB;AAClC,YAAY,oBAAoB;AAChC,YAAY,2BAA2B;AACvC,YAAY,sBAAsB;AAClC,YAAY,sBAAsB;AAClC,YAAY,wBAAwB;AACpC,YAAY,mBAAmB;AAC/B,YAAY,oBAAoB;AAChC,YAAY,6BAA6B;AACzC,YAAY,yBAAyB;AACrC,YAAY,uBAAuB;AACnC,YAAY,iBAAiB;AAC7B,YAAY,oBAAoB;AAChC,YAAY,2BAA2B;AACvC,YAAY,oBAAoB;AAChC,YAAY,uBAAuB;AACnC,YAAY,wBAAwB;AACpC,YAAY,6BAA6B;AACzC,YAAY,qBAAqB;AACjC,YAAY,uBAAuB;AACnC,YAAY,aAAa;AACzB,YAAY,0BAA0B;AACtC,YAAY,0BAA0B;AACtC,YAAY,oBAAoB;AAChC,YAAY,uBAAuB;AACnC,YAAY,mBAAmB;AAC/B,YAAY,kBAAkB;AAC9B,YAAY,kBAAkB;AAC9B,YAAY,oBAAoB;AAChC,YAAY,iBAAiB;AAC7B,YAAY,+BAA+B;AAC3C,YAAY,mCAAmC;AAC/C,YAAY,kBAAkB;AAC9B,YAAY,wBAAwB;AACpC,YAAY,iCAAiC;AAC7C,YAAY,gCAAgC;AAC5C,YAAY,4BAA4B;AACxC,YAAY,uCAAuC;AACnD,YAAY,6BAA6B;AACzC,YAAY,UAAU;AACtB,YAAY,cAAc;AAC1B,YAAY,sBAAsB;AAClC,YAAY,6BAA6B;AACzC,YAAY,wBAAwB;AACpC,YAAY,cAAc;AAC1B,YAAY,qBAAqB;AACjC,YAAY,mBAAmB;AAC/B,YAAY,uBAAuB;AACnC,YAAY,4BAA4B;AACxC,YAAY,2BAA2B;AACvC,YAAY,4BAA4B;AACxC,YAAY,6BAA6B;AACzC,YAAY,wBAAwB;AACpC,YAAY,mCAAmC;AAC/C,YAAY,mBAAmB;AAC/B,YAAY,wBAAwB;AACpC,YAAY,gBAAgB;AAC5B,YAAY,iBAAiB;AAC7B,YAAY,4BAA4B;AACxC,YAAY,sBAAsB;AAClC,YAAY,mBAAmB;AAC/B,YAAY,8BAA8B;AAC1C,YAAY,0BAA0B;AACtC,YAAY,iBAAiB;AAC7B,YAAY,4BAA4B;AACxC,YAAY,sBAAsB;AAClC,YAAY,oBAAoB;AAChC,YAAY,oBAAoB;AAChC,YAAY,yBAAyB;AACrC,YAAY,2BAA2B;AACvC,YAAY,oBAAoB;AAChC,YAAY,kBAAkB;AAC9B,YAAY,aAAa;AACzB,YAAY,yBAAyB;AACrC,YAAY,gBAAgB;AAC5B,YAAY,uBAAuB;AACnC,YAAY,gCAAgC;AAC5C,YAAY,+BAA+B;AAC3C,YAAY,+BAA+B;AAC3C,YAAY,mCAAmC;AAC/C,YAAY,qBAAqB;AACjC,YAAY,mBAAmB;AAC/B,YAAY,iBAAiB;AAC7B,YAAY,8BAA8B;AAC1C,YAAY,kBAAkB;AAC9B,YAAY,cAAc;AAC1B,YAAY,mBAAmB;AAC/B,YAAY,YAAY;AACxB,YAAY,wBAAwB;AACpC,YAAY,UAAU;AACtB,YAAY,cAAc;AAC1B,YAAY,eAAe;AAC3B,YAAY,6BAA6B;AACzC,YAAY,eAAe;AAC3B,YAAY,6BAA6B;AACzC,YAAY,yBAAyB;AACrC,YAAY,oBAAoB;AAChC,YAAY,4BAA4B;AACxC,YAAY,uBAAuB;AAE5B,MAAM,uBAA+D;AAAA,EAC1E;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEO,SAAS,gBAAgB,MAAkD;AAChF,SAAO,qBAAqB,IAAI;AAClC;",
6
6
  "names": []
7
7
  }
package/dist/modules/auth/services/rbacService.js CHANGED
@@ -2,6 +2,7 @@ import { getCurrentCacheTenant, runWithCacheTenant } from "@open-mercato/cache";
2
2
  import { UserAcl, RoleAcl, User, UserRole } from "@open-mercato/core/modules/auth/data/entities";
3
3
  import { ApiKey } from "@open-mercato/core/modules/api_keys/data/entities";
4
4
  import { findWithDecryption } from "@open-mercato/shared/lib/encryption/find";
5
+ import { matchFeature as sharedMatchFeature, hasAllFeatures as sharedHasAllFeatures } from "@open-mercato/shared/lib/auth/featureMatch";
5
6
  function isAclData(value) {
6
7
  if (typeof value !== "object" || value === null) return false;
7
8
  const record = value;
@@ -50,17 +51,10 @@ class RbacService {
50
51
  * matchFeature('users.view', 'users.view') // true - exact match
51
52
  */
52
53
  matchFeature(required, granted) {
53
- if (granted === "*") return true;
54
- if (granted.endsWith(".*")) {
55
- const prefix = granted.slice(0, -2);
56
- return required === prefix || required.startsWith(prefix + ".");
57
- }
58
- return granted === required;
54
+ return sharedMatchFeature(required, granted);
59
55
  }
60
56
  hasAllFeatures(required, granted) {
61
- if (!required.length) return true;
62
- if (!granted.length) return false;
63
- return required.every((req) => granted.some((g) => this.matchFeature(req, g)));
57
+ return sharedHasAllFeatures(required, granted);
64
58
  }
65
59
  getCacheKey(userId, scope) {
66
60
  return `rbac:${userId}:${scope.tenantId || "null"}:${scope.organizationId || "null"}`;
package/dist/modules/auth/services/rbacService.js.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["../../../../src/modules/auth/services/rbacService.ts"],
4
- "sourcesContent": ["import type { EntityManager } from '@mikro-orm/postgresql'\nimport type { CacheStrategy } from '@open-mercato/cache'\nimport { getCurrentCacheTenant, runWithCacheTenant } from '@open-mercato/cache'\nimport { UserAcl, RoleAcl, User, UserRole } from '@open-mercato/core/modules/auth/data/entities'\nimport { ApiKey } from '@open-mercato/core/modules/api_keys/data/entities'\nimport { findWithDecryption } from '@open-mercato/shared/lib/encryption/find'\n\ninterface AclData {\n isSuperAdmin: boolean\n features: string[]\n organizations: string[] | null\n}\n\nfunction isAclData(value: unknown): value is AclData {\n if (typeof value !== 'object' || value === null) return false\n const record = value as Partial<AclData>\n if (typeof record.isSuperAdmin !== 'boolean') return false\n if (!Array.isArray(record.features) || record.features.some((feature) => typeof feature !== 'string')) return false\n if (record.organizations !== null && record.organizations !== undefined) {\n if (!Array.isArray(record.organizations)) return false\n if (record.organizations.some((org) => typeof org !== 'string')) return false\n }\n return true\n}\n\nexport class RbacService {\n private cacheTtlMs: number = 5 * 60 * 1000 // 5 minutes default\n private cache: CacheStrategy | null = null\n private globalSuperAdminCache = new Map<string, boolean>()\n\n constructor(private em: EntityManager, cache?: CacheStrategy) {\n this.cache = cache || null\n }\n\n /**\n * Set cache TTL in milliseconds\n * @param ttlMs - Time to live in milliseconds\n */\n setCacheTtl(ttlMs: number) {\n this.cacheTtlMs = ttlMs\n }\n\n /**\n * Checks if a required feature is satisfied by a granted feature permission.\n * \n * Wildcard patterns:\n * - `*` (global wildcard): Grants access to all features\n * - `prefix.*` (module wildcard): Grants access to all features starting with `prefix.`\n * and also the exact prefix itself (e.g., `entities.*` matches both `entities` and `entities.records.view`)\n * - Exact match: Feature must match exactly (e.g., `users.view` only matches `users.view`)\n * \n * @param required - The feature being requested (e.g., 'entities.records.view')\n * @param granted - The feature permission granted (e.g., 'entities.*' or '*')\n * @returns true if the granted permission satisfies the required feature\n * \n * @example\n * matchFeature('users.view', '*') // true - global wildcard\n * matchFeature('entities.records.view', 'entities.*') // true - module wildcard\n * matchFeature('entities', 'entities.*') // true - exact prefix match\n * matchFeature('users.view', 'entities.*') // false - different module\n * matchFeature('users.view', 'users.view') // true - exact match\n */\n private matchFeature(required: string, granted: string): boolean {\n if (granted === '*') return true\n if (granted.endsWith('.*')) {\n const prefix = granted.slice(0, -2)\n return required === prefix || required.startsWith(prefix + '.')\n }\n return granted === required\n }\n\n public hasAllFeatures(required: string[], granted: string[]): boolean {\n if (!required.length) return true\n if (!granted.length) return false\n return required.every((req) => granted.some((g) => this.matchFeature(req, g)))\n }\n\n private getCacheKey(userId: string, scope: { tenantId: string | null; organizationId: string | null }): string {\n return `rbac:${userId}:${scope.tenantId || 'null'}:${scope.organizationId || 'null'}`\n }\n\n private getUserTag(userId: string): string {\n return `rbac:user:${userId}`\n }\n\n private getTenantTag(tenantId: string): string {\n return `rbac:tenant:${tenantId}`\n }\n\n private getOrganizationTag(organizationId: string): string {\n return `rbac:org:${organizationId}`\n }\n\n private async getFromCache(cacheKey: string): Promise<AclData | null> {\n if (!this.cache) return null\n const cached = await this.cache.get(cacheKey)\n if (!cached) return null\n return isAclData(cached) ? cached : null\n }\n\n private async setCache(cacheKey: string, data: AclData, userId: string, scope: { tenantId: string | null; organizationId: string | null }): Promise<void> {\n if (!this.cache) return\n\n const tags = [\n this.getUserTag(userId),\n 'rbac:all'\n ]\n\n if (scope.tenantId) {\n tags.push(this.getTenantTag(scope.tenantId))\n }\n\n if (scope.organizationId) {\n tags.push(this.getOrganizationTag(scope.organizationId))\n }\n\n await this.cache.set(cacheKey, data, {\n ttl: this.cacheTtlMs,\n tags\n })\n }\n\n /**\n * Invalidates cached ACL data for a specific user across all tenants and organizations.\n * Call this when a user's roles or user-specific ACL is modified.\n * \n * @param userId - The ID of the user whose cache should be invalidated\n */\n async invalidateUserCache(userId: string): Promise<void> {\n this.globalSuperAdminCache.delete(userId)\n await this.deleteCacheByTags([this.getUserTag(userId)])\n }\n\n /**\n * Invalidates cached ACL data for all users within a specific tenant.\n * Call this when a role's ACL is modified, since roles are tenant-scoped\n * and affect all users in that tenant who have that role.\n * \n * @param tenantId - The ID of the tenant whose cache should be invalidated\n */\n async invalidateTenantCache(tenantId: string): Promise<void> {\n this.globalSuperAdminCache.clear()\n await this.deleteCacheByTags([this.getTenantTag(tenantId)], [tenantId])\n }\n\n /**\n * Invalidates cached ACL data for all users within a specific organization.\n * Call this when organization-level permissions or visibility changes.\n * \n * @param organizationId - The ID of the organization whose cache should be invalidated\n */\n async invalidateOrganizationCache(organizationId: string): Promise<void> {\n await this.deleteCacheByTags([this.getOrganizationTag(organizationId)])\n }\n\n /**\n * Clears all cached ACL data.\n * Use this for bulk operations or system-wide ACL changes.\n */\n async invalidateAllCache(): Promise<void> {\n this.globalSuperAdminCache.clear()\n await this.deleteCacheByTags(['rbac:all'])\n }\n\n private async deleteCacheByTags(tags: string[], tenantHints?: Array<string | null>): Promise<void> {\n if (!this.cache) return\n const contexts = new Set<string | null>()\n const current = getCurrentCacheTenant()\n contexts.add(current ?? null)\n contexts.add(null)\n if (Array.isArray(tenantHints)) {\n for (const hint of tenantHints) {\n contexts.add(hint ?? null)\n }\n }\n for (const ctx of contexts) {\n if (ctx === current) {\n await this.cache.deleteByTags(tags)\n } else {\n await runWithCacheTenant(ctx, async () => {\n await this.cache!.deleteByTags(tags)\n })\n }\n }\n }\n\n private async isGlobalSuperAdmin(userId: string): Promise<boolean> {\n if (this.globalSuperAdminCache.has(userId)) return this.globalSuperAdminCache.get(userId)!\n const em = this.em.fork()\n const userSuper = await em.findOne(UserAcl, { user: userId as any, isSuperAdmin: true })\n if (userSuper && (userSuper as any).isSuperAdmin) {\n this.globalSuperAdminCache.set(userId, true)\n return true\n }\n const links = await findWithDecryption(\n em,\n UserRole,\n { user: userId as any },\n { populate: ['role'] },\n { tenantId: null, organizationId: null },\n )\n const linkList = Array.isArray(links) ? links : []\n if (!linkList.length) {\n this.globalSuperAdminCache.set(userId, false)\n return false\n }\n const roleIds = Array.from(new Set(linkList.map((link) => {\n const role = link.role as any\n return role?.id ? String(role.id) : null\n }).filter((id): id is string => typeof id === 'string' && id.length > 0)))\n if (!roleIds.length) {\n this.globalSuperAdminCache.set(userId, false)\n return false\n }\n const roleSuper = await em.findOne(RoleAcl, { isSuperAdmin: true, role: { $in: roleIds as any } } as any)\n const result = !!(roleSuper && (roleSuper as any).isSuperAdmin)\n this.globalSuperAdminCache.set(userId, result)\n return result\n }\n\n /**\n * Loads the Access Control List (ACL) for a user within a given scope.\n * \n * The ACL resolution follows this priority:\n * 1. Per-user ACL (UserAcl) - if exists, use it exclusively\n * 2. Aggregated role ACLs (RoleAcl) - combine permissions from all user's roles\n * \n * Results are cached for performance (default 5 minutes TTL).\n * Cache is automatically invalidated when ACL-related data changes.\n * \n * @param userId - The ID of the user\n * @param scope - The tenant and organization context for ACL evaluation\n * @returns An object containing:\n * - isSuperAdmin: If true, user has unrestricted access to all features\n * - features: Array of feature strings (may include wildcards like 'entities.*')\n * - organizations: Array of organization IDs user can access, or null for all organizations\n * \n * @example\n * const acl = await rbacService.loadAcl('user-123', { tenantId: 'tenant-1', organizationId: 'org-1' })\n * // Returns: { isSuperAdmin: false, features: ['users.view', 'entities.*'], organizations: ['org-1', 'org-2'] }\n */\n async loadAcl(userId: string, scope: { tenantId: string | null; organizationId: string | null }): Promise<{\n isSuperAdmin: boolean\n features: string[]\n organizations: string[] | null\n }> {\n const cacheKey = this.getCacheKey(userId, scope)\n const cached = await this.getFromCache(cacheKey)\n if (cached) return cached\n\n if (!userId.startsWith('api_key:')) {\n if (await this.isGlobalSuperAdmin(userId)) {\n const result = { isSuperAdmin: true, features: ['*'], organizations: null }\n await this.setCache(cacheKey, result, userId, scope)\n return result\n }\n }\n\n if (userId.startsWith('api_key:')) {\n const apiKeyId = userId.slice('api_key:'.length)\n const em = this.em.fork()\n const key = await em.findOne(ApiKey, { id: apiKeyId, deletedAt: null })\n if (!key || (key.expiresAt && key.expiresAt.getTime() < Date.now())) {\n const result = { isSuperAdmin: false, features: [], organizations: null }\n await this.setCache(cacheKey, result, userId, scope)\n return result\n }\n const tenantId = scope.tenantId || key.tenantId || null\n const roleIds = Array.isArray(key.rolesJson) ? key.rolesJson.filter(Boolean) : []\n let isSuper = false\n const features: string[] = []\n let organizations: string[] | null = key.organizationId ? [key.organizationId] : null\n if (tenantId && roleIds.length) {\n const racls = await em.find(RoleAcl, { tenantId, role: { $in: roleIds as any } } as any)\n for (const acl of racls) {\n isSuper = isSuper || !!acl.isSuperAdmin\n if (Array.isArray(acl.featuresJson)) {\n for (const f of acl.featuresJson) if (!features.includes(f)) features.push(f)\n }\n if (organizations !== null) {\n if (acl.organizationsJson == null) {\n organizations = null\n } else {\n organizations = Array.from(new Set([...(organizations || []), ...acl.organizationsJson]))\n }\n }\n }\n }\n const result = { isSuperAdmin: isSuper, features, organizations }\n await this.setCache(cacheKey, result, userId, scope)\n return result\n }\n\n // Use a forked EntityManager to avoid inheriting an aborted transaction from callers\n const em = this.em.fork()\n const user = await em.findOne(User, { id: userId })\n if (!user) {\n const result = { isSuperAdmin: false, features: [], organizations: null }\n await this.setCache(cacheKey, result, userId, scope)\n return result\n }\n const tenantId = scope.tenantId || user.tenantId || null\n const orgId = scope.organizationId || user.organizationId || null\n\n if (!tenantId) {\n const result = { isSuperAdmin: false, features: [], organizations: null }\n await this.setCache(cacheKey, result, userId, scope)\n return result\n }\n\n // Per-user ACL first\n const uacl = await em.findOne(UserAcl, { user: userId as any, tenantId })\n if (uacl) {\n const result = {\n isSuperAdmin: !!uacl.isSuperAdmin,\n features: Array.isArray(uacl.featuresJson) ? (uacl.featuresJson as string[]) : [],\n organizations: Array.isArray(uacl.organizationsJson) ? (uacl.organizationsJson as string[]) : null,\n }\n await this.setCache(cacheKey, result, userId, scope)\n return result\n }\n\n // Aggregate role ACLs\n const links = await findWithDecryption(\n em,\n UserRole,\n { user: userId as any, role: { tenantId } } as any,\n { populate: ['role'] },\n { tenantId, organizationId: orgId },\n )\n const linkList = Array.isArray(links) ? links : []\n const roleIds = linkList.map((l) => (l.role as any)?.id).filter(Boolean)\n let isSuper = false\n const features: string[] = []\n let organizations: string[] | null = []\n if (roleIds.length) {\n const racls = await em.find(RoleAcl, { tenantId, role: { $in: roleIds as any } } as any, {})\n const roleAcls = Array.isArray(racls) ? racls : []\n for (const r of roleAcls) {\n isSuper = isSuper || !!r.isSuperAdmin\n if (Array.isArray(r.featuresJson)) for (const f of r.featuresJson) if (!features.includes(f)) features.push(f)\n if (organizations !== null) {\n if (r.organizationsJson == null) organizations = null\n else organizations = Array.from(new Set([...(organizations || []), ...r.organizationsJson]))\n }\n }\n }\n if (organizations && orgId && !organizations.includes(orgId)) {\n // Out-of-scope org; caller will enforce\n }\n const result = { isSuperAdmin: isSuper, features, organizations }\n await this.setCache(cacheKey, result, userId, scope)\n return result\n }\n\n /**\n * Checks if a user has all required features within a given scope.\n * \n * This is the primary authorization check method used throughout the application.\n * It combines feature checking with organization visibility validation.\n * \n * Authorization logic:\n * 1. No features required \u2192 always returns true\n * 2. User is super admin \u2192 always returns true\n * 3. Organization restriction check: If the user's ACL has a restricted organization list\n * and the requested organization is not in that list \u2192 returns false\n * 4. Feature matching: User must have all required features (supports wildcards)\n * \n * @param userId - The ID of the user\n * @param required - Array of feature strings to check (e.g., ['users.view', 'users.edit'])\n * @param scope - The tenant and organization context for authorization\n * @returns true if the user has all required features and organization access, false otherwise\n * \n * @example\n * // Check if user can view and edit users\n * const canManageUsers = await rbacService.userHasAllFeatures(\n * 'user-123',\n * ['users.view', 'users.edit'],\n * { tenantId: 'tenant-1', organizationId: 'org-1' }\n * )\n * \n * @example\n * // Check with wildcard features\n * const canAccessEntities = await rbacService.userHasAllFeatures(\n * 'user-123',\n * ['entities.records.view'],\n * { tenantId: 'tenant-1', organizationId: 'org-1' }\n * )\n * // Returns true if user has 'entities.*', '*', or 'entities.records.view'\n */\n async userHasAllFeatures(userId: string, required: string[], scope: { tenantId: string | null; organizationId: string | null }): Promise<boolean> {\n if (!required.length) return true\n const acl = await this.loadAcl(userId, scope)\n if (acl.isSuperAdmin) return true\n if (acl.organizations && scope.organizationId && !acl.organizations.includes(scope.organizationId)) return false\n return this.hasAllFeatures(required, acl.features)\n }\n}\n"],
5
- "mappings": "AAEA,SAAS,uBAAuB,0BAA0B;AAC1D,SAAS,SAAS,SAAS,MAAM,gBAAgB;AACjD,SAAS,cAAc;AACvB,SAAS,0BAA0B;AAQnC,SAAS,UAAU,OAAkC;AACnD,MAAI,OAAO,UAAU,YAAY,UAAU,KAAM,QAAO;AACxD,QAAM,SAAS;AACf,MAAI,OAAO,OAAO,iBAAiB,UAAW,QAAO;AACrD,MAAI,CAAC,MAAM,QAAQ,OAAO,QAAQ,KAAK,OAAO,SAAS,KAAK,CAAC,YAAY,OAAO,YAAY,QAAQ,EAAG,QAAO;AAC9G,MAAI,OAAO,kBAAkB,QAAQ,OAAO,kBAAkB,QAAW;AACvE,QAAI,CAAC,MAAM,QAAQ,OAAO,aAAa,EAAG,QAAO;AACjD,QAAI,OAAO,cAAc,KAAK,CAAC,QAAQ,OAAO,QAAQ,QAAQ,EAAG,QAAO;AAAA,EAC1E;AACA,SAAO;AACT;AAEO,MAAM,YAAY;AAAA,EAKvB,YAAoB,IAAmB,OAAuB;AAA1C;AAJpB,SAAQ,aAAqB,IAAI,KAAK;AACtC;AAAA,SAAQ,QAA8B;AACtC,SAAQ,wBAAwB,oBAAI,IAAqB;AAGvD,SAAK,QAAQ,SAAS;AAAA,EACxB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,YAAY,OAAe;AACzB,SAAK,aAAa;AAAA,EACpB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAsBQ,aAAa,UAAkB,SAA0B;AAC/D,QAAI,YAAY,IAAK,QAAO;AAC5B,QAAI,QAAQ,SAAS,IAAI,GAAG;AAC1B,YAAM,SAAS,QAAQ,MAAM,GAAG,EAAE;AAClC,aAAO,aAAa,UAAU,SAAS,WAAW,SAAS,GAAG;AAAA,IAChE;AACA,WAAO,YAAY;AAAA,EACrB;AAAA,EAEO,eAAe,UAAoB,SAA4B;AACpE,QAAI,CAAC,SAAS,OAAQ,QAAO;AAC7B,QAAI,CAAC,QAAQ,OAAQ,QAAO;AAC5B,WAAO,SAAS,MAAM,CAAC,QAAQ,QAAQ,KAAK,CAAC,MAAM,KAAK,aAAa,KAAK,CAAC,CAAC,CAAC;AAAA,EAC/E;AAAA,EAEQ,YAAY,QAAgB,OAA2E;AAC7G,WAAO,QAAQ,MAAM,IAAI,MAAM,YAAY,MAAM,IAAI,MAAM,kBAAkB,MAAM;AAAA,EACrF;AAAA,EAEQ,WAAW,QAAwB;AACzC,WAAO,aAAa,MAAM;AAAA,EAC5B;AAAA,EAEQ,aAAa,UAA0B;AAC7C,WAAO,eAAe,QAAQ;AAAA,EAChC;AAAA,EAEQ,mBAAmB,gBAAgC;AACzD,WAAO,YAAY,cAAc;AAAA,EACnC;AAAA,EAEA,MAAc,aAAa,UAA2C;AACpE,QAAI,CAAC,KAAK,MAAO,QAAO;AACxB,UAAM,SAAS,MAAM,KAAK,MAAM,IAAI,QAAQ;AAC5C,QAAI,CAAC,OAAQ,QAAO;AACpB,WAAO,UAAU,MAAM,IAAI,SAAS;AAAA,EACtC;AAAA,EAEA,MAAc,SAAS,UAAkB,MAAe,QAAgB,OAAkF;AACxJ,QAAI,CAAC,KAAK,MAAO;AAEjB,UAAM,OAAO;AAAA,MACX,KAAK,WAAW,MAAM;AAAA,MACtB;AAAA,IACF;AAEA,QAAI,MAAM,UAAU;AAClB,WAAK,KAAK,KAAK,aAAa,MAAM,QAAQ,CAAC;AAAA,IAC7C;AAEA,QAAI,MAAM,gBAAgB;AACxB,WAAK,KAAK,KAAK,mBAAmB,MAAM,cAAc,CAAC;AAAA,IACzD;AAEA,UAAM,KAAK,MAAM,IAAI,UAAU,MAAM;AAAA,MACnC,KAAK,KAAK;AAAA,MACV;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,oBAAoB,QAA+B;AACvD,SAAK,sBAAsB,OAAO,MAAM;AACxC,UAAM,KAAK,kBAAkB,CAAC,KAAK,WAAW,MAAM,CAAC,CAAC;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,sBAAsB,UAAiC;AAC3D,SAAK,sBAAsB,MAAM;AACjC,UAAM,KAAK,kBAAkB,CAAC,KAAK,aAAa,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC;AAAA,EACxE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,4BAA4B,gBAAuC;AACvE,UAAM,KAAK,kBAAkB,CAAC,KAAK,mBAAmB,cAAc,CAAC,CAAC;AAAA,EACxE;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,qBAAoC;AACxC,SAAK,sBAAsB,MAAM;AACjC,UAAM,KAAK,kBAAkB,CAAC,UAAU,CAAC;AAAA,EAC3C;AAAA,EAEA,MAAc,kBAAkB,MAAgB,aAAmD;AACjG,QAAI,CAAC,KAAK,MAAO;AACjB,UAAM,WAAW,oBAAI,IAAmB;AACxC,UAAM,UAAU,sBAAsB;AACtC,aAAS,IAAI,WAAW,IAAI;AAC5B,aAAS,IAAI,IAAI;AACjB,QAAI,MAAM,QAAQ,WAAW,GAAG;AAC9B,iBAAW,QAAQ,aAAa;AAC9B,iBAAS,IAAI,QAAQ,IAAI;AAAA,MAC3B;AAAA,IACF;AACA,eAAW,OAAO,UAAU;AAC1B,UAAI,QAAQ,SAAS;AACnB,cAAM,KAAK,MAAM,aAAa,IAAI;AAAA,MACpC,OAAO;AACL,cAAM,mBAAmB,KAAK,YAAY;AACxC,gBAAM,KAAK,MAAO,aAAa,IAAI;AAAA,QACrC,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAc,mBAAmB,QAAkC;AACjE,QAAI,KAAK,sBAAsB,IAAI,MAAM,EAAG,QAAO,KAAK,sBAAsB,IAAI,MAAM;AACxF,UAAM,KAAK,KAAK,GAAG,KAAK;AACxB,UAAM,YAAY,MAAM,GAAG,QAAQ,SAAS,EAAE,MAAM,QAAe,cAAc,KAAK,CAAC;AACvF,QAAI,aAAc,UAAkB,cAAc;AAChD,WAAK,sBAAsB,IAAI,QAAQ,IAAI;AAC3C,aAAO;AAAA,IACT;AACA,UAAM,QAAQ,MAAM;AAAA,MAClB;AAAA,MACA;AAAA,MACA,EAAE,MAAM,OAAc;AAAA,MACtB,EAAE,UAAU,CAAC,MAAM,EAAE;AAAA,MACrB,EAAE,UAAU,MAAM,gBAAgB,KAAK;AAAA,IACzC;AACA,UAAM,WAAW,MAAM,QAAQ,KAAK,IAAI,QAAQ,CAAC;AACjD,QAAI,CAAC,SAAS,QAAQ;AACpB,WAAK,sBAAsB,IAAI,QAAQ,KAAK;AAC5C,aAAO;AAAA,IACT;AACA,UAAM,UAAU,MAAM,KAAK,IAAI,IAAI,SAAS,IAAI,CAAC,SAAS;AACxD,YAAM,OAAO,KAAK;AAClB,aAAO,MAAM,KAAK,OAAO,KAAK,EAAE,IAAI;AAAA,IACtC,CAAC,EAAE,OAAO,CAAC,OAAqB,OAAO,OAAO,YAAY,GAAG,SAAS,CAAC,CAAC,CAAC;AACzE,QAAI,CAAC,QAAQ,QAAQ;AACnB,WAAK,sBAAsB,IAAI,QAAQ,KAAK;AAC5C,aAAO;AAAA,IACT;AACA,UAAM,YAAY,MAAM,GAAG,QAAQ,SAAS,EAAE,cAAc,MAAM,MAAM,EAAE,KAAK,QAAe,EAAE,CAAQ;AACxG,UAAM,SAAS,CAAC,EAAE,aAAc,UAAkB;AAClD,SAAK,sBAAsB,IAAI,QAAQ,MAAM;AAC7C,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAuBA,MAAM,QAAQ,QAAgB,OAI3B;AACD,UAAM,WAAW,KAAK,YAAY,QAAQ,KAAK;AAC/C,UAAM,SAAS,MAAM,KAAK,aAAa,QAAQ;AAC/C,QAAI,OAAQ,QAAO;AAEnB,QAAI,CAAC,OAAO,WAAW,UAAU,GAAG;AAClC,UAAI,MAAM,KAAK,mBAAmB,MAAM,GAAG;AACzC,cAAMA,UAAS,EAAE,cAAc,MAAM,UAAU,CAAC,GAAG,GAAG,eAAe,KAAK;AAC1E,cAAM,KAAK,SAAS,UAAUA,SAAQ,QAAQ,KAAK;AACnD,eAAOA;AAAA,MACT;AAAA,IACF;AAEA,QAAI,OAAO,WAAW,UAAU,GAAG;AACjC,YAAM,WAAW,OAAO,MAAM,WAAW,MAAM;AAC/C,YAAMC,MAAK,KAAK,GAAG,KAAK;AACxB,YAAM,MAAM,MAAMA,IAAG,QAAQ,QAAQ,EAAE,IAAI,UAAU,WAAW,KAAK,CAAC;AACtE,UAAI,CAAC,OAAQ,IAAI,aAAa,IAAI,UAAU,QAAQ,IAAI,KAAK,IAAI,GAAI;AACnE,cAAMD,UAAS,EAAE,cAAc,OAAO,UAAU,CAAC,GAAG,eAAe,KAAK;AACxE,cAAM,KAAK,SAAS,UAAUA,SAAQ,QAAQ,KAAK;AACnD,eAAOA;AAAA,MACT;AACA,YAAME,YAAW,MAAM,YAAY,IAAI,YAAY;AACnD,YAAMC,WAAU,MAAM,QAAQ,IAAI,SAAS,IAAI,IAAI,UAAU,OAAO,OAAO,IAAI,CAAC;AAChF,UAAIC,WAAU;AACd,YAAMC,YAAqB,CAAC;AAC5B,UAAIC,iBAAiC,IAAI,iBAAiB,CAAC,IAAI,cAAc,IAAI;AACjF,UAAIJ,aAAYC,SAAQ,QAAQ;AAC9B,cAAM,QAAQ,MAAMF,IAAG,KAAK,SAAS,EAAE,UAAAC,WAAU,MAAM,EAAE,KAAKC,SAAe,EAAE,CAAQ;AACvF,mBAAW,OAAO,OAAO;AACvB,UAAAC,WAAUA,YAAW,CAAC,CAAC,IAAI;AAC3B,cAAI,MAAM,QAAQ,IAAI,YAAY,GAAG;AACnC,uBAAW,KAAK,IAAI,aAAc,KAAI,CAACC,UAAS,SAAS,CAAC,EAAG,CAAAA,UAAS,KAAK,CAAC;AAAA,UAC9E;AACA,cAAIC,mBAAkB,MAAM;AAC1B,gBAAI,IAAI,qBAAqB,MAAM;AACjC,cAAAA,iBAAgB;AAAA,YAClB,OAAO;AACL,cAAAA,iBAAgB,MAAM,KAAK,oBAAI,IAAI,CAAC,GAAIA,kBAAiB,CAAC,GAAI,GAAG,IAAI,iBAAiB,CAAC,CAAC;AAAA,YAC1F;AAAA,UACF;AAAA,QACF;AAAA,MACF;AACA,YAAMN,UAAS,EAAE,cAAcI,UAAS,UAAAC,WAAU,eAAAC,eAAc;AAChE,YAAM,KAAK,SAAS,UAAUN,SAAQ,QAAQ,KAAK;AACnD,aAAOA;AAAA,IACT;AAGA,UAAM,KAAK,KAAK,GAAG,KAAK;AACxB,UAAM,OAAO,MAAM,GAAG,QAAQ,MAAM,EAAE,IAAI,OAAO,CAAC;AAClD,QAAI,CAAC,MAAM;AACT,YAAMA,UAAS,EAAE,cAAc,OAAO,UAAU,CAAC,GAAG,eAAe,KAAK;AACxE,YAAM,KAAK,SAAS,UAAUA,SAAQ,QAAQ,KAAK;AACnD,aAAOA;AAAA,IACT;AACA,UAAM,WAAW,MAAM,YAAY,KAAK,YAAY;AACpD,UAAM,QAAQ,MAAM,kBAAkB,KAAK,kBAAkB;AAE7D,QAAI,CAAC,UAAU;AACb,YAAMA,UAAS,EAAE,cAAc,OAAO,UAAU,CAAC,GAAG,eAAe,KAAK;AACxE,YAAM,KAAK,SAAS,UAAUA,SAAQ,QAAQ,KAAK;AACnD,aAAOA;AAAA,IACT;AAGA,UAAM,OAAO,MAAM,GAAG,QAAQ,SAAS,EAAE,MAAM,QAAe,SAAS,CAAC;AACxE,QAAI,MAAM;AACR,YAAMA,UAAS;AAAA,QACb,cAAc,CAAC,CAAC,KAAK;AAAA,QACrB,UAAU,MAAM,QAAQ,KAAK,YAAY,IAAK,KAAK,eAA4B,CAAC;AAAA,QAChF,eAAe,MAAM,QAAQ,KAAK,iBAAiB,IAAK,KAAK,oBAAiC;AAAA,MAChG;AACA,YAAM,KAAK,SAAS,UAAUA,SAAQ,QAAQ,KAAK;AACnD,aAAOA;AAAA,IACT;AAGA,UAAM,QAAQ,MAAM;AAAA,MAClB;AAAA,MACA;AAAA,MACA,EAAE,MAAM,QAAe,MAAM,EAAE,SAAS,EAAE;AAAA,MAC1C,EAAE,UAAU,CAAC,MAAM,EAAE;AAAA,MACrB,EAAE,UAAU,gBAAgB,MAAM;AAAA,IACpC;AACA,UAAM,WAAW,MAAM,QAAQ,KAAK,IAAI,QAAQ,CAAC;AACjD,UAAM,UAAU,SAAS,IAAI,CAAC,MAAO,EAAE,MAAc,EAAE,EAAE,OAAO,OAAO;AACvE,QAAI,UAAU;AACd,UAAM,WAAqB,CAAC;AAC5B,QAAI,gBAAiC,CAAC;AACtC,QAAI,QAAQ,QAAQ;AAClB,YAAM,QAAQ,MAAM,GAAG,KAAK,SAAS,EAAE,UAAU,MAAM,EAAE,KAAK,QAAe,EAAE,GAAU,CAAC,CAAC;AAC3F,YAAM,WAAW,MAAM,QAAQ,KAAK,IAAI,QAAQ,CAAC;AACjD,iBAAW,KAAK,UAAU;AACxB,kBAAU,WAAW,CAAC,CAAC,EAAE;AACzB,YAAI,MAAM,QAAQ,EAAE,YAAY;AAAG,qBAAW,KAAK,EAAE,aAAc,KAAI,CAAC,SAAS,SAAS,CAAC,EAAG,UAAS,KAAK,CAAC;AAAA;AAC7G,YAAI,kBAAkB,MAAM;AAC1B,cAAI,EAAE,qBAAqB,KAAM,iBAAgB;AAAA,cAC5C,iBAAgB,MAAM,KAAK,oBAAI,IAAI,CAAC,GAAI,iBAAiB,CAAC,GAAI,GAAG,EAAE,iBAAiB,CAAC,CAAC;AAAA,QAC7F;AAAA,MACF;AAAA,IACF;AACA,QAAI,iBAAiB,SAAS,CAAC,cAAc,SAAS,KAAK,GAAG;AAAA,IAE9D;AACA,UAAM,SAAS,EAAE,cAAc,SAAS,UAAU,cAAc;AAChE,UAAM,KAAK,SAAS,UAAU,QAAQ,QAAQ,KAAK;AACnD,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAqCA,MAAM,mBAAmB,QAAgB,UAAoB,OAAqF;AAChJ,QAAI,CAAC,SAAS,OAAQ,QAAO;AAC7B,UAAM,MAAM,MAAM,KAAK,QAAQ,QAAQ,KAAK;AAC5C,QAAI,IAAI,aAAc,QAAO;AAC7B,QAAI,IAAI,iBAAiB,MAAM,kBAAkB,CAAC,IAAI,cAAc,SAAS,MAAM,cAAc,EAAG,QAAO;AAC3G,WAAO,KAAK,eAAe,UAAU,IAAI,QAAQ;AAAA,EACnD;AACF;",
4
+ "sourcesContent": ["import type { EntityManager } from '@mikro-orm/postgresql'\nimport type { CacheStrategy } from '@open-mercato/cache'\nimport { getCurrentCacheTenant, runWithCacheTenant } from '@open-mercato/cache'\nimport { UserAcl, RoleAcl, User, UserRole } from '@open-mercato/core/modules/auth/data/entities'\nimport { ApiKey } from '@open-mercato/core/modules/api_keys/data/entities'\nimport { findWithDecryption } from '@open-mercato/shared/lib/encryption/find'\nimport { matchFeature as sharedMatchFeature, hasAllFeatures as sharedHasAllFeatures } from '@open-mercato/shared/lib/auth/featureMatch'\n\ninterface AclData {\n isSuperAdmin: boolean\n features: string[]\n organizations: string[] | null\n}\n\nfunction isAclData(value: unknown): value is AclData {\n if (typeof value !== 'object' || value === null) return false\n const record = value as Partial<AclData>\n if (typeof record.isSuperAdmin !== 'boolean') return false\n if (!Array.isArray(record.features) || record.features.some((feature) => typeof feature !== 'string')) return false\n if (record.organizations !== null && record.organizations !== undefined) {\n if (!Array.isArray(record.organizations)) return false\n if (record.organizations.some((org) => typeof org !== 'string')) return false\n }\n return true\n}\n\nexport class RbacService {\n private cacheTtlMs: number = 5 * 60 * 1000 // 5 minutes default\n private cache: CacheStrategy | null = null\n private globalSuperAdminCache = new Map<string, boolean>()\n\n constructor(private em: EntityManager, cache?: CacheStrategy) {\n this.cache = cache || null\n }\n\n /**\n * Set cache TTL in milliseconds\n * @param ttlMs - Time to live in milliseconds\n */\n setCacheTtl(ttlMs: number) {\n this.cacheTtlMs = ttlMs\n }\n\n /**\n * Checks if a required feature is satisfied by a granted feature permission.\n * \n * Wildcard patterns:\n * - `*` (global wildcard): Grants access to all features\n * - `prefix.*` (module wildcard): Grants access to all features starting with `prefix.`\n * and also the exact prefix itself (e.g., `entities.*` matches both `entities` and `entities.records.view`)\n * - Exact match: Feature must match exactly (e.g., `users.view` only matches `users.view`)\n * \n * @param required - The feature being requested (e.g., 'entities.records.view')\n * @param granted - The feature permission granted (e.g., 'entities.*' or '*')\n * @returns true if the granted permission satisfies the required feature\n * \n * @example\n * matchFeature('users.view', '*') // true - global wildcard\n * matchFeature('entities.records.view', 'entities.*') // true - module wildcard\n * matchFeature('entities', 'entities.*') // true - exact prefix match\n * matchFeature('users.view', 'entities.*') // false - different module\n * matchFeature('users.view', 'users.view') // true - exact match\n */\n private matchFeature(required: string, granted: string): boolean {\n return sharedMatchFeature(required, granted)\n }\n\n public hasAllFeatures(required: string[], granted: string[]): boolean {\n return sharedHasAllFeatures(required, granted)\n }\n\n private getCacheKey(userId: string, scope: { tenantId: string | null; organizationId: string | null }): string {\n return `rbac:${userId}:${scope.tenantId || 'null'}:${scope.organizationId || 'null'}`\n }\n\n private getUserTag(userId: string): string {\n return `rbac:user:${userId}`\n }\n\n private getTenantTag(tenantId: string): string {\n return `rbac:tenant:${tenantId}`\n }\n\n private getOrganizationTag(organizationId: string): string {\n return `rbac:org:${organizationId}`\n }\n\n private async getFromCache(cacheKey: string): Promise<AclData | null> {\n if (!this.cache) return null\n const cached = await this.cache.get(cacheKey)\n if (!cached) return null\n return isAclData(cached) ? cached : null\n }\n\n private async setCache(cacheKey: string, data: AclData, userId: string, scope: { tenantId: string | null; organizationId: string | null }): Promise<void> {\n if (!this.cache) return\n\n const tags = [\n this.getUserTag(userId),\n 'rbac:all'\n ]\n\n if (scope.tenantId) {\n tags.push(this.getTenantTag(scope.tenantId))\n }\n\n if (scope.organizationId) {\n tags.push(this.getOrganizationTag(scope.organizationId))\n }\n\n await this.cache.set(cacheKey, data, {\n ttl: this.cacheTtlMs,\n tags\n })\n }\n\n /**\n * Invalidates cached ACL data for a specific user across all tenants and organizations.\n * Call this when a user's roles or user-specific ACL is modified.\n * \n * @param userId - The ID of the user whose cache should be invalidated\n */\n async invalidateUserCache(userId: string): Promise<void> {\n this.globalSuperAdminCache.delete(userId)\n await this.deleteCacheByTags([this.getUserTag(userId)])\n }\n\n /**\n * Invalidates cached ACL data for all users within a specific tenant.\n * Call this when a role's ACL is modified, since roles are tenant-scoped\n * and affect all users in that tenant who have that role.\n * \n * @param tenantId - The ID of the tenant whose cache should be invalidated\n */\n async invalidateTenantCache(tenantId: string): Promise<void> {\n this.globalSuperAdminCache.clear()\n await this.deleteCacheByTags([this.getTenantTag(tenantId)], [tenantId])\n }\n\n /**\n * Invalidates cached ACL data for all users within a specific organization.\n * Call this when organization-level permissions or visibility changes.\n * \n * @param organizationId - The ID of the organization whose cache should be invalidated\n */\n async invalidateOrganizationCache(organizationId: string): Promise<void> {\n await this.deleteCacheByTags([this.getOrganizationTag(organizationId)])\n }\n\n /**\n * Clears all cached ACL data.\n * Use this for bulk operations or system-wide ACL changes.\n */\n async invalidateAllCache(): Promise<void> {\n this.globalSuperAdminCache.clear()\n await this.deleteCacheByTags(['rbac:all'])\n }\n\n private async deleteCacheByTags(tags: string[], tenantHints?: Array<string | null>): Promise<void> {\n if (!this.cache) return\n const contexts = new Set<string | null>()\n const current = getCurrentCacheTenant()\n contexts.add(current ?? null)\n contexts.add(null)\n if (Array.isArray(tenantHints)) {\n for (const hint of tenantHints) {\n contexts.add(hint ?? null)\n }\n }\n for (const ctx of contexts) {\n if (ctx === current) {\n await this.cache.deleteByTags(tags)\n } else {\n await runWithCacheTenant(ctx, async () => {\n await this.cache!.deleteByTags(tags)\n })\n }\n }\n }\n\n private async isGlobalSuperAdmin(userId: string): Promise<boolean> {\n if (this.globalSuperAdminCache.has(userId)) return this.globalSuperAdminCache.get(userId)!\n const em = this.em.fork()\n const userSuper = await em.findOne(UserAcl, { user: userId as any, isSuperAdmin: true })\n if (userSuper && (userSuper as any).isSuperAdmin) {\n this.globalSuperAdminCache.set(userId, true)\n return true\n }\n const links = await findWithDecryption(\n em,\n UserRole,\n { user: userId as any },\n { populate: ['role'] },\n { tenantId: null, organizationId: null },\n )\n const linkList = Array.isArray(links) ? links : []\n if (!linkList.length) {\n this.globalSuperAdminCache.set(userId, false)\n return false\n }\n const roleIds = Array.from(new Set(linkList.map((link) => {\n const role = link.role as any\n return role?.id ? String(role.id) : null\n }).filter((id): id is string => typeof id === 'string' && id.length > 0)))\n if (!roleIds.length) {\n this.globalSuperAdminCache.set(userId, false)\n return false\n }\n const roleSuper = await em.findOne(RoleAcl, { isSuperAdmin: true, role: { $in: roleIds as any } } as any)\n const result = !!(roleSuper && (roleSuper as any).isSuperAdmin)\n this.globalSuperAdminCache.set(userId, result)\n return result\n }\n\n /**\n * Loads the Access Control List (ACL) for a user within a given scope.\n * \n * The ACL resolution follows this priority:\n * 1. Per-user ACL (UserAcl) - if exists, use it exclusively\n * 2. Aggregated role ACLs (RoleAcl) - combine permissions from all user's roles\n * \n * Results are cached for performance (default 5 minutes TTL).\n * Cache is automatically invalidated when ACL-related data changes.\n * \n * @param userId - The ID of the user\n * @param scope - The tenant and organization context for ACL evaluation\n * @returns An object containing:\n * - isSuperAdmin: If true, user has unrestricted access to all features\n * - features: Array of feature strings (may include wildcards like 'entities.*')\n * - organizations: Array of organization IDs user can access, or null for all organizations\n * \n * @example\n * const acl = await rbacService.loadAcl('user-123', { tenantId: 'tenant-1', organizationId: 'org-1' })\n * // Returns: { isSuperAdmin: false, features: ['users.view', 'entities.*'], organizations: ['org-1', 'org-2'] }\n */\n async loadAcl(userId: string, scope: { tenantId: string | null; organizationId: string | null }): Promise<{\n isSuperAdmin: boolean\n features: string[]\n organizations: string[] | null\n }> {\n const cacheKey = this.getCacheKey(userId, scope)\n const cached = await this.getFromCache(cacheKey)\n if (cached) return cached\n\n if (!userId.startsWith('api_key:')) {\n if (await this.isGlobalSuperAdmin(userId)) {\n const result = { isSuperAdmin: true, features: ['*'], organizations: null }\n await this.setCache(cacheKey, result, userId, scope)\n return result\n }\n }\n\n if (userId.startsWith('api_key:')) {\n const apiKeyId = userId.slice('api_key:'.length)\n const em = this.em.fork()\n const key = await em.findOne(ApiKey, { id: apiKeyId, deletedAt: null })\n if (!key || (key.expiresAt && key.expiresAt.getTime() < Date.now())) {\n const result = { isSuperAdmin: false, features: [], organizations: null }\n await this.setCache(cacheKey, result, userId, scope)\n return result\n }\n const tenantId = scope.tenantId || key.tenantId || null\n const roleIds = Array.isArray(key.rolesJson) ? key.rolesJson.filter(Boolean) : []\n let isSuper = false\n const features: string[] = []\n let organizations: string[] | null = key.organizationId ? [key.organizationId] : null\n if (tenantId && roleIds.length) {\n const racls = await em.find(RoleAcl, { tenantId, role: { $in: roleIds as any } } as any)\n for (const acl of racls) {\n isSuper = isSuper || !!acl.isSuperAdmin\n if (Array.isArray(acl.featuresJson)) {\n for (const f of acl.featuresJson) if (!features.includes(f)) features.push(f)\n }\n if (organizations !== null) {\n if (acl.organizationsJson == null) {\n organizations = null\n } else {\n organizations = Array.from(new Set([...(organizations || []), ...acl.organizationsJson]))\n }\n }\n }\n }\n const result = { isSuperAdmin: isSuper, features, organizations }\n await this.setCache(cacheKey, result, userId, scope)\n return result\n }\n\n // Use a forked EntityManager to avoid inheriting an aborted transaction from callers\n const em = this.em.fork()\n const user = await em.findOne(User, { id: userId })\n if (!user) {\n const result = { isSuperAdmin: false, features: [], organizations: null }\n await this.setCache(cacheKey, result, userId, scope)\n return result\n }\n const tenantId = scope.tenantId || user.tenantId || null\n const orgId = scope.organizationId || user.organizationId || null\n\n if (!tenantId) {\n const result = { isSuperAdmin: false, features: [], organizations: null }\n await this.setCache(cacheKey, result, userId, scope)\n return result\n }\n\n // Per-user ACL first\n const uacl = await em.findOne(UserAcl, { user: userId as any, tenantId })\n if (uacl) {\n const result = {\n isSuperAdmin: !!uacl.isSuperAdmin,\n features: Array.isArray(uacl.featuresJson) ? (uacl.featuresJson as string[]) : [],\n organizations: Array.isArray(uacl.organizationsJson) ? (uacl.organizationsJson as string[]) : null,\n }\n await this.setCache(cacheKey, result, userId, scope)\n return result\n }\n\n // Aggregate role ACLs\n const links = await findWithDecryption(\n em,\n UserRole,\n { user: userId as any, role: { tenantId } } as any,\n { populate: ['role'] },\n { tenantId, organizationId: orgId },\n )\n const linkList = Array.isArray(links) ? links : []\n const roleIds = linkList.map((l) => (l.role as any)?.id).filter(Boolean)\n let isSuper = false\n const features: string[] = []\n let organizations: string[] | null = []\n if (roleIds.length) {\n const racls = await em.find(RoleAcl, { tenantId, role: { $in: roleIds as any } } as any, {})\n const roleAcls = Array.isArray(racls) ? racls : []\n for (const r of roleAcls) {\n isSuper = isSuper || !!r.isSuperAdmin\n if (Array.isArray(r.featuresJson)) for (const f of r.featuresJson) if (!features.includes(f)) features.push(f)\n if (organizations !== null) {\n if (r.organizationsJson == null) organizations = null\n else organizations = Array.from(new Set([...(organizations || []), ...r.organizationsJson]))\n }\n }\n }\n if (organizations && orgId && !organizations.includes(orgId)) {\n // Out-of-scope org; caller will enforce\n }\n const result = { isSuperAdmin: isSuper, features, organizations }\n await this.setCache(cacheKey, result, userId, scope)\n return result\n }\n\n /**\n * Checks if a user has all required features within a given scope.\n * \n * This is the primary authorization check method used throughout the application.\n * It combines feature checking with organization visibility validation.\n * \n * Authorization logic:\n * 1. No features required \u2192 always returns true\n * 2. User is super admin \u2192 always returns true\n * 3. Organization restriction check: If the user's ACL has a restricted organization list\n * and the requested organization is not in that list \u2192 returns false\n * 4. Feature matching: User must have all required features (supports wildcards)\n * \n * @param userId - The ID of the user\n * @param required - Array of feature strings to check (e.g., ['users.view', 'users.edit'])\n * @param scope - The tenant and organization context for authorization\n * @returns true if the user has all required features and organization access, false otherwise\n * \n * @example\n * // Check if user can view and edit users\n * const canManageUsers = await rbacService.userHasAllFeatures(\n * 'user-123',\n * ['users.view', 'users.edit'],\n * { tenantId: 'tenant-1', organizationId: 'org-1' }\n * )\n * \n * @example\n * // Check with wildcard features\n * const canAccessEntities = await rbacService.userHasAllFeatures(\n * 'user-123',\n * ['entities.records.view'],\n * { tenantId: 'tenant-1', organizationId: 'org-1' }\n * )\n * // Returns true if user has 'entities.*', '*', or 'entities.records.view'\n */\n async userHasAllFeatures(userId: string, required: string[], scope: { tenantId: string | null; organizationId: string | null }): Promise<boolean> {\n if (!required.length) return true\n const acl = await this.loadAcl(userId, scope)\n if (acl.isSuperAdmin) return true\n if (acl.organizations && scope.organizationId && !acl.organizations.includes(scope.organizationId)) return false\n return this.hasAllFeatures(required, acl.features)\n }\n}\n"],
5
+ "mappings": "AAEA,SAAS,uBAAuB,0BAA0B;AAC1D,SAAS,SAAS,SAAS,MAAM,gBAAgB;AACjD,SAAS,cAAc;AACvB,SAAS,0BAA0B;AACnC,SAAS,gBAAgB,oBAAoB,kBAAkB,4BAA4B;AAQ3F,SAAS,UAAU,OAAkC;AACnD,MAAI,OAAO,UAAU,YAAY,UAAU,KAAM,QAAO;AACxD,QAAM,SAAS;AACf,MAAI,OAAO,OAAO,iBAAiB,UAAW,QAAO;AACrD,MAAI,CAAC,MAAM,QAAQ,OAAO,QAAQ,KAAK,OAAO,SAAS,KAAK,CAAC,YAAY,OAAO,YAAY,QAAQ,EAAG,QAAO;AAC9G,MAAI,OAAO,kBAAkB,QAAQ,OAAO,kBAAkB,QAAW;AACvE,QAAI,CAAC,MAAM,QAAQ,OAAO,aAAa,EAAG,QAAO;AACjD,QAAI,OAAO,cAAc,KAAK,CAAC,QAAQ,OAAO,QAAQ,QAAQ,EAAG,QAAO;AAAA,EAC1E;AACA,SAAO;AACT;AAEO,MAAM,YAAY;AAAA,EAKvB,YAAoB,IAAmB,OAAuB;AAA1C;AAJpB,SAAQ,aAAqB,IAAI,KAAK;AACtC;AAAA,SAAQ,QAA8B;AACtC,SAAQ,wBAAwB,oBAAI,IAAqB;AAGvD,SAAK,QAAQ,SAAS;AAAA,EACxB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,YAAY,OAAe;AACzB,SAAK,aAAa;AAAA,EACpB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAsBQ,aAAa,UAAkB,SAA0B;AAC/D,WAAO,mBAAmB,UAAU,OAAO;AAAA,EAC7C;AAAA,EAEO,eAAe,UAAoB,SAA4B;AACpE,WAAO,qBAAqB,UAAU,OAAO;AAAA,EAC/C;AAAA,EAEQ,YAAY,QAAgB,OAA2E;AAC7G,WAAO,QAAQ,MAAM,IAAI,MAAM,YAAY,MAAM,IAAI,MAAM,kBAAkB,MAAM;AAAA,EACrF;AAAA,EAEQ,WAAW,QAAwB;AACzC,WAAO,aAAa,MAAM;AAAA,EAC5B;AAAA,EAEQ,aAAa,UAA0B;AAC7C,WAAO,eAAe,QAAQ;AAAA,EAChC;AAAA,EAEQ,mBAAmB,gBAAgC;AACzD,WAAO,YAAY,cAAc;AAAA,EACnC;AAAA,EAEA,MAAc,aAAa,UAA2C;AACpE,QAAI,CAAC,KAAK,MAAO,QAAO;AACxB,UAAM,SAAS,MAAM,KAAK,MAAM,IAAI,QAAQ;AAC5C,QAAI,CAAC,OAAQ,QAAO;AACpB,WAAO,UAAU,MAAM,IAAI,SAAS;AAAA,EACtC;AAAA,EAEA,MAAc,SAAS,UAAkB,MAAe,QAAgB,OAAkF;AACxJ,QAAI,CAAC,KAAK,MAAO;AAEjB,UAAM,OAAO;AAAA,MACX,KAAK,WAAW,MAAM;AAAA,MACtB;AAAA,IACF;AAEA,QAAI,MAAM,UAAU;AAClB,WAAK,KAAK,KAAK,aAAa,MAAM,QAAQ,CAAC;AAAA,IAC7C;AAEA,QAAI,MAAM,gBAAgB;AACxB,WAAK,KAAK,KAAK,mBAAmB,MAAM,cAAc,CAAC;AAAA,IACzD;AAEA,UAAM,KAAK,MAAM,IAAI,UAAU,MAAM;AAAA,MACnC,KAAK,KAAK;AAAA,MACV;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,oBAAoB,QAA+B;AACvD,SAAK,sBAAsB,OAAO,MAAM;AACxC,UAAM,KAAK,kBAAkB,CAAC,KAAK,WAAW,MAAM,CAAC,CAAC;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,sBAAsB,UAAiC;AAC3D,SAAK,sBAAsB,MAAM;AACjC,UAAM,KAAK,kBAAkB,CAAC,KAAK,aAAa,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC;AAAA,EACxE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,4BAA4B,gBAAuC;AACvE,UAAM,KAAK,kBAAkB,CAAC,KAAK,mBAAmB,cAAc,CAAC,CAAC;AAAA,EACxE;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,qBAAoC;AACxC,SAAK,sBAAsB,MAAM;AACjC,UAAM,KAAK,kBAAkB,CAAC,UAAU,CAAC;AAAA,EAC3C;AAAA,EAEA,MAAc,kBAAkB,MAAgB,aAAmD;AACjG,QAAI,CAAC,KAAK,MAAO;AACjB,UAAM,WAAW,oBAAI,IAAmB;AACxC,UAAM,UAAU,sBAAsB;AACtC,aAAS,IAAI,WAAW,IAAI;AAC5B,aAAS,IAAI,IAAI;AACjB,QAAI,MAAM,QAAQ,WAAW,GAAG;AAC9B,iBAAW,QAAQ,aAAa;AAC9B,iBAAS,IAAI,QAAQ,IAAI;AAAA,MAC3B;AAAA,IACF;AACA,eAAW,OAAO,UAAU;AAC1B,UAAI,QAAQ,SAAS;AACnB,cAAM,KAAK,MAAM,aAAa,IAAI;AAAA,MACpC,OAAO;AACL,cAAM,mBAAmB,KAAK,YAAY;AACxC,gBAAM,KAAK,MAAO,aAAa,IAAI;AAAA,QACrC,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAc,mBAAmB,QAAkC;AACjE,QAAI,KAAK,sBAAsB,IAAI,MAAM,EAAG,QAAO,KAAK,sBAAsB,IAAI,MAAM;AACxF,UAAM,KAAK,KAAK,GAAG,KAAK;AACxB,UAAM,YAAY,MAAM,GAAG,QAAQ,SAAS,EAAE,MAAM,QAAe,cAAc,KAAK,CAAC;AACvF,QAAI,aAAc,UAAkB,cAAc;AAChD,WAAK,sBAAsB,IAAI,QAAQ,IAAI;AAC3C,aAAO;AAAA,IACT;AACA,UAAM,QAAQ,MAAM;AAAA,MAClB;AAAA,MACA;AAAA,MACA,EAAE,MAAM,OAAc;AAAA,MACtB,EAAE,UAAU,CAAC,MAAM,EAAE;AAAA,MACrB,EAAE,UAAU,MAAM,gBAAgB,KAAK;AAAA,IACzC;AACA,UAAM,WAAW,MAAM,QAAQ,KAAK,IAAI,QAAQ,CAAC;AACjD,QAAI,CAAC,SAAS,QAAQ;AACpB,WAAK,sBAAsB,IAAI,QAAQ,KAAK;AAC5C,aAAO;AAAA,IACT;AACA,UAAM,UAAU,MAAM,KAAK,IAAI,IAAI,SAAS,IAAI,CAAC,SAAS;AACxD,YAAM,OAAO,KAAK;AAClB,aAAO,MAAM,KAAK,OAAO,KAAK,EAAE,IAAI;AAAA,IACtC,CAAC,EAAE,OAAO,CAAC,OAAqB,OAAO,OAAO,YAAY,GAAG,SAAS,CAAC,CAAC,CAAC;AACzE,QAAI,CAAC,QAAQ,QAAQ;AACnB,WAAK,sBAAsB,IAAI,QAAQ,KAAK;AAC5C,aAAO;AAAA,IACT;AACA,UAAM,YAAY,MAAM,GAAG,QAAQ,SAAS,EAAE,cAAc,MAAM,MAAM,EAAE,KAAK,QAAe,EAAE,CAAQ;AACxG,UAAM,SAAS,CAAC,EAAE,aAAc,UAAkB;AAClD,SAAK,sBAAsB,IAAI,QAAQ,MAAM;AAC7C,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAuBA,MAAM,QAAQ,QAAgB,OAI3B;AACD,UAAM,WAAW,KAAK,YAAY,QAAQ,KAAK;AAC/C,UAAM,SAAS,MAAM,KAAK,aAAa,QAAQ;AAC/C,QAAI,OAAQ,QAAO;AAEnB,QAAI,CAAC,OAAO,WAAW,UAAU,GAAG;AAClC,UAAI,MAAM,KAAK,mBAAmB,MAAM,GAAG;AACzC,cAAMA,UAAS,EAAE,cAAc,MAAM,UAAU,CAAC,GAAG,GAAG,eAAe,KAAK;AAC1E,cAAM,KAAK,SAAS,UAAUA,SAAQ,QAAQ,KAAK;AACnD,eAAOA;AAAA,MACT;AAAA,IACF;AAEA,QAAI,OAAO,WAAW,UAAU,GAAG;AACjC,YAAM,WAAW,OAAO,MAAM,WAAW,MAAM;AAC/C,YAAMC,MAAK,KAAK,GAAG,KAAK;AACxB,YAAM,MAAM,MAAMA,IAAG,QAAQ,QAAQ,EAAE,IAAI,UAAU,WAAW,KAAK,CAAC;AACtE,UAAI,CAAC,OAAQ,IAAI,aAAa,IAAI,UAAU,QAAQ,IAAI,KAAK,IAAI,GAAI;AACnE,cAAMD,UAAS,EAAE,cAAc,OAAO,UAAU,CAAC,GAAG,eAAe,KAAK;AACxE,cAAM,KAAK,SAAS,UAAUA,SAAQ,QAAQ,KAAK;AACnD,eAAOA;AAAA,MACT;AACA,YAAME,YAAW,MAAM,YAAY,IAAI,YAAY;AACnD,YAAMC,WAAU,MAAM,QAAQ,IAAI,SAAS,IAAI,IAAI,UAAU,OAAO,OAAO,IAAI,CAAC;AAChF,UAAIC,WAAU;AACd,YAAMC,YAAqB,CAAC;AAC5B,UAAIC,iBAAiC,IAAI,iBAAiB,CAAC,IAAI,cAAc,IAAI;AACjF,UAAIJ,aAAYC,SAAQ,QAAQ;AAC9B,cAAM,QAAQ,MAAMF,IAAG,KAAK,SAAS,EAAE,UAAAC,WAAU,MAAM,EAAE,KAAKC,SAAe,EAAE,CAAQ;AACvF,mBAAW,OAAO,OAAO;AACvB,UAAAC,WAAUA,YAAW,CAAC,CAAC,IAAI;AAC3B,cAAI,MAAM,QAAQ,IAAI,YAAY,GAAG;AACnC,uBAAW,KAAK,IAAI,aAAc,KAAI,CAACC,UAAS,SAAS,CAAC,EAAG,CAAAA,UAAS,KAAK,CAAC;AAAA,UAC9E;AACA,cAAIC,mBAAkB,MAAM;AAC1B,gBAAI,IAAI,qBAAqB,MAAM;AACjC,cAAAA,iBAAgB;AAAA,YAClB,OAAO;AACL,cAAAA,iBAAgB,MAAM,KAAK,oBAAI,IAAI,CAAC,GAAIA,kBAAiB,CAAC,GAAI,GAAG,IAAI,iBAAiB,CAAC,CAAC;AAAA,YAC1F;AAAA,UACF;AAAA,QACF;AAAA,MACF;AACA,YAAMN,UAAS,EAAE,cAAcI,UAAS,UAAAC,WAAU,eAAAC,eAAc;AAChE,YAAM,KAAK,SAAS,UAAUN,SAAQ,QAAQ,KAAK;AACnD,aAAOA;AAAA,IACT;AAGA,UAAM,KAAK,KAAK,GAAG,KAAK;AACxB,UAAM,OAAO,MAAM,GAAG,QAAQ,MAAM,EAAE,IAAI,OAAO,CAAC;AAClD,QAAI,CAAC,MAAM;AACT,YAAMA,UAAS,EAAE,cAAc,OAAO,UAAU,CAAC,GAAG,eAAe,KAAK;AACxE,YAAM,KAAK,SAAS,UAAUA,SAAQ,QAAQ,KAAK;AACnD,aAAOA;AAAA,IACT;AACA,UAAM,WAAW,MAAM,YAAY,KAAK,YAAY;AACpD,UAAM,QAAQ,MAAM,kBAAkB,KAAK,kBAAkB;AAE7D,QAAI,CAAC,UAAU;AACb,YAAMA,UAAS,EAAE,cAAc,OAAO,UAAU,CAAC,GAAG,eAAe,KAAK;AACxE,YAAM,KAAK,SAAS,UAAUA,SAAQ,QAAQ,KAAK;AACnD,aAAOA;AAAA,IACT;AAGA,UAAM,OAAO,MAAM,GAAG,QAAQ,SAAS,EAAE,MAAM,QAAe,SAAS,CAAC;AACxE,QAAI,MAAM;AACR,YAAMA,UAAS;AAAA,QACb,cAAc,CAAC,CAAC,KAAK;AAAA,QACrB,UAAU,MAAM,QAAQ,KAAK,YAAY,IAAK,KAAK,eAA4B,CAAC;AAAA,QAChF,eAAe,MAAM,QAAQ,KAAK,iBAAiB,IAAK,KAAK,oBAAiC;AAAA,MAChG;AACA,YAAM,KAAK,SAAS,UAAUA,SAAQ,QAAQ,KAAK;AACnD,aAAOA;AAAA,IACT;AAGA,UAAM,QAAQ,MAAM;AAAA,MAClB;AAAA,MACA;AAAA,MACA,EAAE,MAAM,QAAe,MAAM,EAAE,SAAS,EAAE;AAAA,MAC1C,EAAE,UAAU,CAAC,MAAM,EAAE;AAAA,MACrB,EAAE,UAAU,gBAAgB,MAAM;AAAA,IACpC;AACA,UAAM,WAAW,MAAM,QAAQ,KAAK,IAAI,QAAQ,CAAC;AACjD,UAAM,UAAU,SAAS,IAAI,CAAC,MAAO,EAAE,MAAc,EAAE,EAAE,OAAO,OAAO;AACvE,QAAI,UAAU;AACd,UAAM,WAAqB,CAAC;AAC5B,QAAI,gBAAiC,CAAC;AACtC,QAAI,QAAQ,QAAQ;AAClB,YAAM,QAAQ,MAAM,GAAG,KAAK,SAAS,EAAE,UAAU,MAAM,EAAE,KAAK,QAAe,EAAE,GAAU,CAAC,CAAC;AAC3F,YAAM,WAAW,MAAM,QAAQ,KAAK,IAAI,QAAQ,CAAC;AACjD,iBAAW,KAAK,UAAU;AACxB,kBAAU,WAAW,CAAC,CAAC,EAAE;AACzB,YAAI,MAAM,QAAQ,EAAE,YAAY;AAAG,qBAAW,KAAK,EAAE,aAAc,KAAI,CAAC,SAAS,SAAS,CAAC,EAAG,UAAS,KAAK,CAAC;AAAA;AAC7G,YAAI,kBAAkB,MAAM;AAC1B,cAAI,EAAE,qBAAqB,KAAM,iBAAgB;AAAA,cAC5C,iBAAgB,MAAM,KAAK,oBAAI,IAAI,CAAC,GAAI,iBAAiB,CAAC,GAAI,GAAG,EAAE,iBAAiB,CAAC,CAAC;AAAA,QAC7F;AAAA,MACF;AAAA,IACF;AACA,QAAI,iBAAiB,SAAS,CAAC,cAAc,SAAS,KAAK,GAAG;AAAA,IAE9D;AACA,UAAM,SAAS,EAAE,cAAc,SAAS,UAAU,cAAc;AAChE,UAAM,KAAK,SAAS,UAAU,QAAQ,QAAQ,KAAK;AACnD,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAqCA,MAAM,mBAAmB,QAAgB,UAAoB,OAAqF;AAChJ,QAAI,CAAC,SAAS,OAAQ,QAAO;AAC7B,UAAM,MAAM,MAAM,KAAK,QAAQ,QAAQ,KAAK;AAC5C,QAAI,IAAI,aAAc,QAAO;AAC7B,QAAI,IAAI,iBAAiB,MAAM,kBAAkB,CAAC,IAAI,cAAc,SAAS,MAAM,cAAc,EAAG,QAAO;AAC3G,WAAO,KAAK,eAAe,UAAU,IAAI,QAAQ;AAAA,EACnD;AACF;",
6
6
  "names": ["result", "em", "tenantId", "roleIds", "isSuper", "features", "organizations"]
7
7
  }
package/dist/modules/customer_accounts/acl.js ADDED
@@ -0,0 +1,12 @@
1
+ const features = [
2
+ { id: "customer_accounts.view", title: "View customer accounts", module: "customer_accounts" },
3
+ { id: "customer_accounts.manage", title: "Manage customer accounts", module: "customer_accounts" },
4
+ { id: "customer_accounts.roles.manage", title: "Manage customer roles", module: "customer_accounts" },
5
+ { id: "customer_accounts.invite", title: "Invite customer users", module: "customer_accounts" }
6
+ ];
7
+ var acl_default = features;
8
+ export {
9
+ acl_default as default,
10
+ features
11
+ };
12
+ //# sourceMappingURL=acl.js.map
package/dist/modules/customer_accounts/acl.js.map ADDED
@@ -0,0 +1,7 @@
1
+ {
2
+ "version": 3,
3
+ "sources": ["../../../src/modules/customer_accounts/acl.ts"],
4
+ "sourcesContent": ["export const features = [\n { id: 'customer_accounts.view', title: 'View customer accounts', module: 'customer_accounts' },\n { id: 'customer_accounts.manage', title: 'Manage customer accounts', module: 'customer_accounts' },\n { id: 'customer_accounts.roles.manage', title: 'Manage customer roles', module: 'customer_accounts' },\n { id: 'customer_accounts.invite', title: 'Invite customer users', module: 'customer_accounts' },\n]\n\nexport default features\n"],
5
+ "mappings": "AAAO,MAAM,WAAW;AAAA,EACtB,EAAE,IAAI,0BAA0B,OAAO,0BAA0B,QAAQ,oBAAoB;AAAA,EAC7F,EAAE,IAAI,4BAA4B,OAAO,4BAA4B,QAAQ,oBAAoB;AAAA,EACjG,EAAE,IAAI,kCAAkC,OAAO,yBAAyB,QAAQ,oBAAoB;AAAA,EACpG,EAAE,IAAI,4BAA4B,OAAO,yBAAyB,QAAQ,oBAAoB;AAChG;AAEA,IAAO,cAAQ;",
6
+ "names": []
7
+ }
package/dist/modules/customer_accounts/api/admin/roles/[id]/acl.js ADDED
@@ -0,0 +1,87 @@
1
+ import { NextResponse } from "next/server";
2
+ import { z } from "zod";
3
+ import { getAuthFromRequest } from "@open-mercato/shared/lib/auth/server";
4
+ import { createRequestContainer } from "@open-mercato/shared/lib/di/container";
5
+ import { CustomerRole, CustomerRoleAcl } from "@open-mercato/core/modules/customer_accounts/data/entities";
6
+ import { updateRoleAclSchema } from "@open-mercato/core/modules/customer_accounts/data/validators";
7
+ const metadata = {};
8
+ async function PUT(req, { params }) {
9
+ const auth = await getAuthFromRequest(req);
10
+ if (!auth) {
11
+ return NextResponse.json({ ok: false, error: "Authentication required" }, { status: 401 });
12
+ }
13
+ const container = await createRequestContainer();
14
+ const rbacService = container.resolve("rbacService");
15
+ const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ["customer_accounts.roles.manage"], { tenantId: auth.tenantId, organizationId: auth.orgId });
16
+ if (!hasAccess) {
17
+ return NextResponse.json({ ok: false, error: "Insufficient permissions" }, { status: 403 });
18
+ }
19
+ let body;
20
+ try {
21
+ body = await req.json();
22
+ } catch {
23
+ return NextResponse.json({ ok: false, error: "Invalid request body" }, { status: 400 });
24
+ }
25
+ const parsed = updateRoleAclSchema.safeParse(body);
26
+ if (!parsed.success) {
27
+ return NextResponse.json({ ok: false, error: "Validation failed", details: parsed.error.flatten().fieldErrors }, { status: 400 });
28
+ }
29
+ const em = container.resolve("em");
30
+ const role = await em.findOne(CustomerRole, {
31
+ id: params.id,
32
+ tenantId: auth.tenantId,
33
+ deletedAt: null
34
+ });
35
+ if (!role) {
36
+ return NextResponse.json({ ok: false, error: "Role not found" }, { status: 404 });
37
+ }
38
+ const acl = await em.findOne(CustomerRoleAcl, {
39
+ role: role.id,
40
+ tenantId: auth.tenantId
41
+ });
42
+ if (acl) {
43
+ await em.nativeUpdate(CustomerRoleAcl, { id: acl.id }, {
44
+ featuresJson: parsed.data.features,
45
+ isPortalAdmin: parsed.data.isPortalAdmin ?? acl.isPortalAdmin
46
+ });
47
+ } else {
48
+ const newAcl = em.create(CustomerRoleAcl, {
49
+ role,
50
+ tenantId: auth.tenantId,
51
+ featuresJson: parsed.data.features,
52
+ isPortalAdmin: parsed.data.isPortalAdmin ?? false,
53
+ createdAt: /* @__PURE__ */ new Date()
54
+ });
55
+ em.persist(newAcl);
56
+ await em.flush();
57
+ }
58
+ const customerRbacService = container.resolve("customerRbacService");
59
+ await customerRbacService.invalidateRoleCache(role.id);
60
+ return NextResponse.json({ ok: true });
61
+ }
62
+ const successSchema = z.object({ ok: z.literal(true) });
63
+ const errorSchema = z.object({ ok: z.literal(false), error: z.string() });
64
+ const methodDoc = {
65
+ summary: "Update customer role ACL (admin)",
66
+ description: "Updates the ACL (features and portal admin flag) for a customer role. Invalidates RBAC cache after update.",
67
+ tags: ["Customer Accounts Admin"],
68
+ requestBody: { schema: updateRoleAclSchema },
69
+ responses: [{ status: 200, description: "ACL updated", schema: successSchema }],
70
+ errors: [
71
+ { status: 400, description: "Validation failed", schema: errorSchema },
72
+ { status: 401, description: "Not authenticated", schema: errorSchema },
73
+ { status: 403, description: "Insufficient permissions", schema: errorSchema },
74
+ { status: 404, description: "Role not found", schema: errorSchema }
75
+ ]
76
+ };
77
+ const openApi = {
78
+ summary: "Update customer role ACL (admin)",
79
+ pathParams: z.object({ id: z.string().uuid() }),
80
+ methods: { PUT: methodDoc }
81
+ };
82
+ export {
83
+ PUT,
84
+ metadata,
85
+ openApi
86
+ };
87
+ //# sourceMappingURL=acl.js.map
package/dist/modules/customer_accounts/api/admin/roles/[id]/acl.js.map ADDED
@@ -0,0 +1,7 @@
1
+ {
2
+ "version": 3,
3
+ "sources": ["../../../../../../../src/modules/customer_accounts/api/admin/roles/%5Bid%5D/acl.ts"],
4
+ "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc, OpenApiMethodDoc } from '@open-mercato/shared/lib/openapi'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'\nimport { CustomerRole, CustomerRoleAcl } from '@open-mercato/core/modules/customer_accounts/data/entities'\nimport { CustomerRbacService } from '@open-mercato/core/modules/customer_accounts/services/customerRbacService'\nimport { updateRoleAclSchema } from '@open-mercato/core/modules/customer_accounts/data/validators'\n\nexport const metadata = {}\n\nexport async function PUT(req: Request, { params }: { params: { id: string } }) {\n const auth = await getAuthFromRequest(req)\n if (!auth) {\n return NextResponse.json({ ok: false, error: 'Authentication required' }, { status: 401 })\n }\n\n const container = await createRequestContainer()\n const rbacService = container.resolve('rbacService') as RbacService\n const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ['customer_accounts.roles.manage'], { tenantId: auth.tenantId, organizationId: auth.orgId })\n if (!hasAccess) {\n return NextResponse.json({ ok: false, error: 'Insufficient permissions' }, { status: 403 })\n }\n\n let body: unknown\n try {\n body = await req.json()\n } catch {\n return NextResponse.json({ ok: false, error: 'Invalid request body' }, { status: 400 })\n }\n\n const parsed = updateRoleAclSchema.safeParse(body)\n if (!parsed.success) {\n return NextResponse.json({ ok: false, error: 'Validation failed', details: parsed.error.flatten().fieldErrors }, { status: 400 })\n }\n\n const em = container.resolve('em') as import('@mikro-orm/postgresql').EntityManager\n\n const role = await em.findOne(CustomerRole, {\n id: params.id,\n tenantId: auth.tenantId,\n deletedAt: null,\n })\n if (!role) {\n return NextResponse.json({ ok: false, error: 'Role not found' }, { status: 404 })\n }\n\n const acl = await em.findOne(CustomerRoleAcl, {\n role: role.id as any,\n tenantId: auth.tenantId,\n })\n\n if (acl) {\n await em.nativeUpdate(CustomerRoleAcl, { id: acl.id }, {\n featuresJson: parsed.data.features,\n isPortalAdmin: parsed.data.isPortalAdmin ?? acl.isPortalAdmin,\n })\n } else {\n const newAcl = em.create(CustomerRoleAcl, {\n role,\n tenantId: auth.tenantId,\n featuresJson: parsed.data.features,\n isPortalAdmin: parsed.data.isPortalAdmin ?? false,\n createdAt: new Date(),\n } as any)\n em.persist(newAcl)\n await em.flush()\n }\n\n const customerRbacService = container.resolve('customerRbacService') as CustomerRbacService\n await customerRbacService.invalidateRoleCache(role.id)\n\n return NextResponse.json({ ok: true })\n}\n\nconst successSchema = z.object({ ok: z.literal(true) })\nconst errorSchema = z.object({ ok: z.literal(false), error: z.string() })\n\nconst methodDoc: OpenApiMethodDoc = {\n summary: 'Update customer role ACL (admin)',\n description: 'Updates the ACL (features and portal admin flag) for a customer role. Invalidates RBAC cache after update.',\n tags: ['Customer Accounts Admin'],\n requestBody: { schema: updateRoleAclSchema },\n responses: [{ status: 200, description: 'ACL updated', schema: successSchema }],\n errors: [\n { status: 400, description: 'Validation failed', schema: errorSchema },\n { status: 401, description: 'Not authenticated', schema: errorSchema },\n { status: 403, description: 'Insufficient permissions', schema: errorSchema },\n { status: 404, description: 'Role not found', schema: errorSchema },\n ],\n}\n\nexport const openApi: OpenApiRouteDoc = {\n summary: 'Update customer role ACL (admin)',\n pathParams: z.object({ id: z.string().uuid() }),\n methods: { PUT: methodDoc },\n}\n"],
5
+ "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAElB,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AAEvC,SAAS,cAAc,uBAAuB;AAE9C,SAAS,2BAA2B;AAE7B,MAAM,WAAW,CAAC;AAEzB,eAAsB,IAAI,KAAc,EAAE,OAAO,GAA+B;AAC9E,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,0BAA0B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC3F;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,cAAc,UAAU,QAAQ,aAAa;AACnD,QAAM,YAAY,MAAM,YAAY,mBAAmB,KAAK,KAAK,CAAC,gCAAgC,GAAG,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM,CAAC;AAC5J,MAAI,CAAC,WAAW;AACd,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,2BAA2B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC5F;AAEA,MAAI;AACJ,MAAI;AACF,WAAO,MAAM,IAAI,KAAK;AAAA,EACxB,QAAQ;AACN,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,uBAAuB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACxF;AAEA,QAAM,SAAS,oBAAoB,UAAU,IAAI;AACjD,MAAI,CAAC,OAAO,SAAS;AACnB,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,qBAAqB,SAAS,OAAO,MAAM,QAAQ,EAAE,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClI;AAEA,QAAM,KAAK,UAAU,QAAQ,IAAI;AAEjC,QAAM,OAAO,MAAM,GAAG,QAAQ,cAAc;AAAA,IAC1C,IAAI,OAAO;AAAA,IACX,UAAU,KAAK;AAAA,IACf,WAAW;AAAA,EACb,CAAC;AACD,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,iBAAiB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClF;AAEA,QAAM,MAAM,MAAM,GAAG,QAAQ,iBAAiB;AAAA,IAC5C,MAAM,KAAK;AAAA,IACX,UAAU,KAAK;AAAA,EACjB,CAAC;AAED,MAAI,KAAK;AACP,UAAM,GAAG,aAAa,iBAAiB,EAAE,IAAI,IAAI,GAAG,GAAG;AAAA,MACrD,cAAc,OAAO,KAAK;AAAA,MAC1B,eAAe,OAAO,KAAK,iBAAiB,IAAI;AAAA,IAClD,CAAC;AAAA,EACH,OAAO;AACL,UAAM,SAAS,GAAG,OAAO,iBAAiB;AAAA,MACxC;AAAA,MACA,UAAU,KAAK;AAAA,MACf,cAAc,OAAO,KAAK;AAAA,MAC1B,eAAe,OAAO,KAAK,iBAAiB;AAAA,MAC5C,WAAW,oBAAI,KAAK;AAAA,IACtB,CAAQ;AACR,OAAG,QAAQ,MAAM;AACjB,UAAM,GAAG,MAAM;AAAA,EACjB;AAEA,QAAM,sBAAsB,UAAU,QAAQ,qBAAqB;AACnE,QAAM,oBAAoB,oBAAoB,KAAK,EAAE;AAErD,SAAO,aAAa,KAAK,EAAE,IAAI,KAAK,CAAC;AACvC;AAEA,MAAM,gBAAgB,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,IAAI,EAAE,CAAC;AACtD,MAAM,cAAc,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,KAAK,GAAG,OAAO,EAAE,OAAO,EAAE,CAAC;AAExE,MAAM,YAA8B;AAAA,EAClC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,MAAM,CAAC,yBAAyB;AAAA,EAChC,aAAa,EAAE,QAAQ,oBAAoB;AAAA,EAC3C,WAAW,CAAC,EAAE,QAAQ,KAAK,aAAa,eAAe,QAAQ,cAAc,CAAC;AAAA,EAC9E,QAAQ;AAAA,IACN,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,4BAA4B,QAAQ,YAAY;AAAA,IAC5E,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,YAAY;AAAA,EACpE;AACF;AAEO,MAAM,UAA2B;AAAA,EACtC,SAAS;AAAA,EACT,YAAY,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AAAA,EAC9C,SAAS,EAAE,KAAK,UAAU;AAC5B;",
6
+ "names": []
7
+ }