@open-rlb/nestjs-amqp 2.0.1 → 2.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (112) hide show
  1. package/README.md +6 -8
  2. package/common/errors.d.ts +2 -0
  3. package/common/errors.js +4 -1
  4. package/common/errors.js.map +1 -1
  5. package/index.d.ts +0 -1
  6. package/index.js +0 -1
  7. package/index.js.map +1 -1
  8. package/modules/acl/cache/acl-cache.service.d.ts +2 -2
  9. package/modules/acl/cache/acl-cache.service.js +6 -6
  10. package/modules/acl/cache/acl-cache.service.js.map +1 -1
  11. package/modules/acl/config/acl.config.d.ts +0 -1
  12. package/modules/acl/const.d.ts +5 -0
  13. package/modules/acl/const.js +5 -0
  14. package/modules/acl/const.js.map +1 -1
  15. package/modules/acl/models.d.ts +9 -0
  16. package/modules/acl/repository/acl-action.repository.d.ts +10 -0
  17. package/modules/acl/repository/acl-action.repository.js.map +1 -1
  18. package/modules/acl/repository/acl-grant.repository.d.ts +4 -0
  19. package/modules/acl/repository/acl-grant.repository.js.map +1 -1
  20. package/modules/acl/repository/acl-role.repository.d.ts +10 -0
  21. package/modules/acl/repository/acl-role.repository.js.map +1 -1
  22. package/modules/acl/services/acl-management.service.d.ts +4 -1
  23. package/modules/acl/services/acl-management.service.js +50 -6
  24. package/modules/acl/services/acl-management.service.js.map +1 -1
  25. package/modules/acl/services/acl.service.d.ts +12 -3
  26. package/modules/acl/services/acl.service.js +129 -11
  27. package/modules/acl/services/acl.service.js.map +1 -1
  28. package/modules/broker/broker.module.d.ts +4 -1
  29. package/modules/broker/broker.module.js +17 -1
  30. package/modules/broker/broker.module.js.map +1 -1
  31. package/modules/broker/config/decorator-paths.d.ts +1 -0
  32. package/modules/broker/config/decorator-paths.js +35 -0
  33. package/modules/broker/config/decorator-paths.js.map +1 -0
  34. package/modules/broker/config/handler-auth.config.d.ts +2 -2
  35. package/modules/broker/config/route-discovery.config.d.ts +8 -0
  36. package/modules/broker/config/route-discovery.config.js +3 -0
  37. package/modules/broker/config/route-discovery.config.js.map +1 -0
  38. package/modules/broker/const.d.ts +3 -0
  39. package/modules/broker/const.js +4 -1
  40. package/modules/broker/const.js.map +1 -1
  41. package/modules/broker/decorators/broker-action.decorator.d.ts +15 -2
  42. package/modules/broker/decorators/broker-action.decorator.js +4 -4
  43. package/modules/broker/decorators/broker-action.decorator.js.map +1 -1
  44. package/modules/broker/index.d.ts +3 -0
  45. package/modules/broker/index.js +3 -0
  46. package/modules/broker/index.js.map +1 -1
  47. package/modules/broker/services/metadata-scanner.service.d.ts +1 -0
  48. package/modules/broker/services/metadata-scanner.service.js +28 -4
  49. package/modules/broker/services/metadata-scanner.service.js.map +1 -1
  50. package/modules/broker/services/route-discovery-publisher.service.d.ts +13 -0
  51. package/modules/broker/services/route-discovery-publisher.service.js +64 -0
  52. package/modules/broker/services/route-discovery-publisher.service.js.map +1 -0
  53. package/modules/gateway-admin/const.d.ts +2 -0
  54. package/modules/gateway-admin/const.js +2 -0
  55. package/modules/gateway-admin/const.js.map +1 -1
  56. package/modules/gateway-admin/gateway-admin.module.js +2 -1
  57. package/modules/gateway-admin/gateway-admin.module.js.map +1 -1
  58. package/modules/gateway-admin/index.d.ts +4 -0
  59. package/modules/gateway-admin/index.js +4 -0
  60. package/modules/gateway-admin/index.js.map +1 -1
  61. package/modules/gateway-admin/models.d.ts +49 -0
  62. package/modules/gateway-admin/repository/http-metric.repository.d.ts +4 -1
  63. package/modules/gateway-admin/repository/http-metric.repository.js.map +1 -1
  64. package/modules/gateway-admin/repository/http-path.repository.d.ts +5 -0
  65. package/modules/gateway-admin/repository/http-path.repository.js +6 -0
  66. package/modules/gateway-admin/repository/http-path.repository.js.map +1 -1
  67. package/modules/gateway-admin/repository/route-sync-log.repository.d.ts +5 -0
  68. package/modules/gateway-admin/repository/route-sync-log.repository.js +7 -0
  69. package/modules/gateway-admin/repository/route-sync-log.repository.js.map +1 -0
  70. package/modules/gateway-admin/services/gateway-metrics.service.d.ts +3 -1
  71. package/modules/gateway-admin/services/gateway-metrics.service.js +53 -0
  72. package/modules/gateway-admin/services/gateway-metrics.service.js.map +1 -1
  73. package/modules/gateway-admin/services/gateway-path.service.d.ts +1 -0
  74. package/modules/gateway-admin/services/gateway-path.service.js +16 -1
  75. package/modules/gateway-admin/services/gateway-path.service.js.map +1 -1
  76. package/modules/gateway-admin/services/route-sync.service.d.ts +19 -0
  77. package/modules/gateway-admin/services/route-sync.service.js +137 -0
  78. package/modules/gateway-admin/services/route-sync.service.js.map +1 -0
  79. package/modules/gateway-admin/util/route-diff.d.ts +27 -0
  80. package/modules/gateway-admin/util/route-diff.js +44 -0
  81. package/modules/gateway-admin/util/route-diff.js.map +1 -0
  82. package/modules/gateway-admin/util/route-manifest.d.ts +7 -0
  83. package/modules/gateway-admin/util/route-manifest.js +34 -0
  84. package/modules/gateway-admin/util/route-manifest.js.map +1 -0
  85. package/modules/proxy/index.d.ts +1 -0
  86. package/modules/proxy/index.js +1 -0
  87. package/modules/proxy/index.js.map +1 -1
  88. package/modules/proxy/services/acl.service.d.ts +2 -1
  89. package/modules/proxy/services/http-auth-handler.service.d.ts +1 -1
  90. package/modules/proxy/services/http-auth-handler.service.js +29 -34
  91. package/modules/proxy/services/http-auth-handler.service.js.map +1 -1
  92. package/modules/proxy/services/http-handler.service.d.ts +3 -1
  93. package/modules/proxy/services/http-handler.service.js +49 -18
  94. package/modules/proxy/services/http-handler.service.js.map +1 -1
  95. package/modules/proxy/services/metrics-hook.d.ts +15 -0
  96. package/modules/proxy/services/metrics-hook.js +5 -0
  97. package/modules/proxy/services/metrics-hook.js.map +1 -0
  98. package/modules/proxy/services/websocket.service.js +4 -1
  99. package/modules/proxy/services/websocket.service.js.map +1 -1
  100. package/package.json +2 -3
  101. package/schematics/nest-add/files/skills/rlb-amqp/references/config-schema.md +4 -3
  102. package/schematics/nest-add/files/skills/rlb-amqp/references/gotchas.md +14 -5
  103. package/schematics/nest-add/files/skills/rlb-amqp-add-route/SKILL.md +5 -2
  104. package/modules/remote-config/index.d.ts +0 -2
  105. package/modules/remote-config/index.js +0 -19
  106. package/modules/remote-config/index.js.map +0 -1
  107. package/modules/remote-config/remote-config.module.d.ts +0 -2
  108. package/modules/remote-config/remote-config.module.js +0 -22
  109. package/modules/remote-config/remote-config.module.js.map +0 -1
  110. package/modules/remote-config/remote-config.service.d.ts +0 -12
  111. package/modules/remote-config/remote-config.service.js +0 -68
  112. package/modules/remote-config/remote-config.service.js.map +0 -1
package/README.md CHANGED
@@ -268,8 +268,6 @@ auth-providers:
268
268
  headerPrefix: X-GTW-AUTH- # prefisso degli header propagati ai microservizi
269
269
  uidClaim: USERID # dest (uppercase) usato come user id per l'ACL
270
270
  usernameClaim: USERNAME
271
- aclTopic: acl # topic RPC interrogato per i ruoli
272
- aclAction: can-user-do
273
271
 
274
272
  - name: gateway-jwt
275
273
  type: jwt
@@ -281,8 +279,6 @@ auth-providers:
281
279
  headerPrefix: X-GTW-AUTH-
282
280
  uidClaim: USERID
283
281
  usernameClaim: USERNAME
284
- aclTopic: acl
285
- aclAction: can-user-do
286
282
 
287
283
  - name: gateway-basic
288
284
  type: basic
@@ -298,7 +294,7 @@ auth-providers:
298
294
 
299
295
  Mapping dei claim: un token con `{ sub: "u_1", roles: [...] }` e `jwtMap: [sub:userId]`, `headerPrefix: X-GTW-AUTH-` produce l'header `X-GTW-AUTH-USERID = u_1` propagato al microservizio. Leggilo con `@BrokerParam('header', 'X-GTW-AUTH-USERID')`.
300
296
 
301
- > **Sicurezza dei provider**: `algorithms` è **obbligatorio** per `jwt`/`jwks` (se omesso la verifica è negata → previene l'algorithm-confusion); per `jwks` solo algoritmi asimmetrici (RS\*/ES\*/PS\*), `HS*`/`none` rifiutati. `str-compare` senza `secret` e `basic` senza `clientSecret` fanno **pass-through** (richiesta considerata autenticata — provider di fatto aperto/disabilitato; usalo consapevolmente). Senza `jwtMap` i claim vengono propagati non mappati: definiscilo sempre.
297
+ > **Sicurezza dei provider**: `algorithms` è **obbligatorio** per `jwt`/`jwks` (se omesso la verifica è negata → previene l'algorithm-confusion); per `jwks` solo algoritmi asimmetrici (RS\*/ES\*/PS\*), `HS*`/`none` rifiutati. `str-compare` senza `secret` e `basic` senza `clientSecret` fanno **pass-through** (richiesta considerata autenticata — provider di fatto aperto/disabilitato; usalo consapevolmente). Senza `jwtMap` **nessun claim viene inoltrato** (il token resta accettato, `success:true`): il gateway fa fail-safe invece di propagare l'intero payload. Definiscilo sempre per inoltrare gli header identità (es. `X-GTW-AUTH-USERID`).
302
298
 
303
299
  ### `gateway`
304
300
 
@@ -574,8 +570,10 @@ import { AclModule, AclService, AclActionRepository, AclRoleRepository, AclGrant
574
570
  export class AppModule {}
575
571
  ```
576
572
 
577
- - I handler sono esposti su `BrokerService` con topic **`rlb-acl`** (costante `ACL_TOPIC`): `acl-can-user-do` (rpc), `acl-grant`/`acl-revoke`, `acl-action-*`, `acl-role-*`. Definisci nel tuo `broker.topics` un topic `rlb-acl` e imposta negli auth-provider `aclTopic: rlb-acl`, `aclAction: acl-can-user-do`.
578
- - `AclService.canUserDo(topic, action, userId)` serve dalla cache; sul miss interroga il DB (`checkActions`: i ruoli del grant devono coprire l'azione) e ripopola RAM+L2.
573
+ - I handler sono esposti su `BrokerService` con topic **`rlb-acl`** (costante `ACL_TOPIC`): `acl-can-user-do` / `acl-can-user-do-gtw` (rpc), `acl-grant`/`acl-revoke`, `acl-action-*`, `acl-role-*`. Definisci nel tuo `broker.topics` un topic `rlb-acl`. (Il check ruoli del gateway è in-process via `IAclRoleService`, quindi gli auth-provider non richiedono più `aclTopic`/`aclAction`.)
574
+ - **Due verifiche role-based** (servite dalla cache 2-tier, miss DB ripopola); input solo `userId` + `roles`, **niente topic/action**:
575
+ - `canUserDoGtw(roles, userId)` — **filtro primario del gateway** (role-based, OR): vero se l'utente ha almeno uno dei ruoli, resource-agnostico. È quello usato da `checkRoles` su `path.roles`. RPC `acl-can-user-do-gtw`.
576
+ - `canUserDo(roles, userId, resourceId)` — **lato microservizio**: vero se un grant **globale** (senza `resourceId`) **oppure** legato a quella risorsa dà all'utente il ruolo (`roles` accetta `string | string[]`). La risorsa è nota solo al ms, che chiama l'RPC `acl-can-user-do` con payload `{ userId, resource, roles }`.
579
577
  - **Invalidazione**: ogni mutazione (grant/role/action) svuota L1 e L2 → la prossima verifica pesca dal DB. Senza L2, la coerenza multi-istanza è limitata dal `ramTtlMs`.
580
578
  - **Cache L2 pluggable**: il consumer fornisce `{ provide: RLB_ACL_CACHE_STORE, useClass/useExisting }` che implementa `AclCacheStore` (`get/set/del/keys`). In `gateway-2` è `InMemoryAclStore` (mock in RAM, nessuna dipendenza esterna); in produzione plugga uno store condiviso (es. Redis).
581
579
 
@@ -660,7 +658,7 @@ Questi sono i punti che causano più frequentemente bug silenziosi. **Leggili pr
660
658
 
661
659
  ### Auth / ACL
662
660
 
663
- 14. **`roles` su una path o evento richiede un `IAclRoleService`** registrato via `RLB_GTW_ACL_ROLE_SERVICE` in `ProxyModule.forRootAsync({ providers: [...] })`. L'auth-provider deve definire `aclTopic`, `aclAction`, `uidClaim`, `usernameClaim`, e `uidClaim` deve corrispondere a un `dest` del `jwtMap`. Mancante → throw. Nota: `authOptions`/`gatewayOptions` si passano a `ProxyModule`, non a `BrokerModule`.
661
+ 14. **`roles` su una path richiede un `IAclRoleService`** registrato via `RLB_GTW_ACL_ROLE_SERVICE` in `ProxyModule.forRootAsync({ providers: [...] })`. Il check del gateway è **role-based**: `path.roles` elenca **nomi di ruolo** e l'utente passa se ne possiede **almeno uno** (`canUserDoGtw(path.roles, userId)`, filtro primario resource-agnostico). L'auth-provider deve definire `uidClaim` (per estrarre lo userId) + `headerPrefix`. La verifica fine sulla risorsa va fatta sul microservizio con `canUserDo(roles, userId, resourceId)` (RPC `acl-can-user-do`). Nota: `authOptions`/`gatewayOptions` si passano a `ProxyModule`, non a `BrokerModule`.
664
662
  15. **Gli header propagati sono uppercase e prefissati** (`${headerPrefix}${DEST}`): leggi `X-GTW-AUTH-USERID`, non `userId`.
665
663
 
666
664
  ### WebSocket
package/common/errors.d.ts CHANGED
@@ -9,5 +9,7 @@ export declare class ForbiddenError extends BrokerHttpError {
9
9
  }
10
10
  export declare class NotFoundError extends BrokerHttpError {
11
11
  }
12
+ export declare class ConflictError extends BrokerHttpError {
13
+ }
12
14
  export declare class InvalidParamsErrror extends BrokerHttpError {
13
15
  }
package/common/errors.js CHANGED
@@ -1,6 +1,6 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.InvalidParamsErrror = exports.NotFoundError = exports.ForbiddenError = exports.UnauthorizedError = exports.BadRequestError = exports.BrokerHttpError = void 0;
3
+ exports.InvalidParamsErrror = exports.ConflictError = exports.NotFoundError = exports.ForbiddenError = exports.UnauthorizedError = exports.BadRequestError = exports.BrokerHttpError = void 0;
4
4
  class BrokerHttpError extends Error {
5
5
  constructor(message) {
6
6
  super(message);
@@ -20,6 +20,9 @@ exports.ForbiddenError = ForbiddenError;
20
20
  class NotFoundError extends BrokerHttpError {
21
21
  }
22
22
  exports.NotFoundError = NotFoundError;
23
+ class ConflictError extends BrokerHttpError {
24
+ }
25
+ exports.ConflictError = ConflictError;
23
26
  class InvalidParamsErrror extends BrokerHttpError {
24
27
  }
25
28
  exports.InvalidParamsErrror = InvalidParamsErrror;
package/common/errors.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"errors.js","sourceRoot":"","sources":["../../libs/rlb-nestjs-amqp/src/common/errors.ts"],"names":[],"mappings":";;;AAKA,MAAa,eAAgB,SAAQ,KAAK;IACxC,YAAY,OAAgB;QAC1B,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC;IAC9B,CAAC;CACF;AALD,0CAKC;AAED,MAAa,eAAgB,SAAQ,eAAe;CAAI;AAAxD,0CAAwD;AACxD,MAAa,iBAAkB,SAAQ,eAAe;CAAI;AAA1D,8CAA0D;AAC1D,MAAa,cAAe,SAAQ,eAAe;CAAI;AAAvD,wCAAuD;AACvD,MAAa,aAAc,SAAQ,eAAe;CAAI;AAAtD,sCAAsD;AAEtD,MAAa,mBAAoB,SAAQ,eAAe;CAAI;AAA5D,kDAA4D"}
1
+ {"version":3,"file":"errors.js","sourceRoot":"","sources":["../../libs/rlb-nestjs-amqp/src/common/errors.ts"],"names":[],"mappings":";;;AAKA,MAAa,eAAgB,SAAQ,KAAK;IACxC,YAAY,OAAgB;QAC1B,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC;IAC9B,CAAC;CACF;AALD,0CAKC;AAED,MAAa,eAAgB,SAAQ,eAAe;CAAI;AAAxD,0CAAwD;AACxD,MAAa,iBAAkB,SAAQ,eAAe;CAAI;AAA1D,8CAA0D;AAC1D,MAAa,cAAe,SAAQ,eAAe;CAAI;AAAvD,wCAAuD;AACvD,MAAa,aAAc,SAAQ,eAAe;CAAI;AAAtD,sCAAsD;AACtD,MAAa,aAAc,SAAQ,eAAe;CAAI;AAAtD,sCAAsD;AAEtD,MAAa,mBAAoB,SAAQ,eAAe;CAAI;AAA5D,kDAA4D"}
package/index.d.ts CHANGED
@@ -4,4 +4,3 @@ export * from './modules/broker/index';
4
4
  export * from './modules/broker/services/utils.service';
5
5
  export * from './modules/gateway-admin';
6
6
  export * from './modules/proxy/index';
7
- export * from './modules/remote-config/index';
package/index.js CHANGED
@@ -20,5 +20,4 @@ __exportStar(require("./modules/broker/index"), exports);
20
20
  __exportStar(require("./modules/broker/services/utils.service"), exports);
21
21
  __exportStar(require("./modules/gateway-admin"), exports);
22
22
  __exportStar(require("./modules/proxy/index"), exports);
23
- __exportStar(require("./modules/remote-config/index"), exports);
24
23
  //# sourceMappingURL=index.js.map
package/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../libs/rlb-nestjs-amqp/src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAAyB;AACzB,gDAA8B;AAC9B,yDAAuC;AACvC,0EAAwD;AACxD,0DAAwC;AACxC,wDAAsC;AACtC,gEAA8C"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../libs/rlb-nestjs-amqp/src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAAyB;AACzB,gDAA8B;AAC9B,yDAAuC;AACvC,0EAAwD;AACxD,0DAAwC;AACxC,wDAAsC"}
package/modules/acl/cache/acl-cache.service.d.ts CHANGED
@@ -8,8 +8,8 @@ export declare class AclCacheService {
8
8
  private readonly l2TtlSec;
9
9
  constructor(options: AclModuleOptions, store?: AclCacheStore);
10
10
  private key;
11
- get(userId: string, topic: string, action: string): Promise<boolean | null>;
12
- set(userId: string, topic: string, action: string, value: boolean): Promise<void>;
11
+ get(userId: string, action: string): Promise<boolean | null>;
12
+ set(userId: string, action: string, value: boolean): Promise<void>;
13
13
  invalidate(userId?: string): Promise<void>;
14
14
  invalidateLocalRam(userId?: string): void;
15
15
  }
package/modules/acl/cache/acl-cache.service.js CHANGED
@@ -24,11 +24,11 @@ let AclCacheService = AclCacheService_1 = class AclCacheService {
24
24
  this.ramTtlMs = options.cache?.ramTtlMs ?? 30_000;
25
25
  this.l2TtlSec = options.cache?.l2TtlSec ?? 600;
26
26
  }
27
- key(userId, topic, action) {
28
- return `acl/${userId}/${topic}/${action}`;
27
+ key(userId, action) {
28
+ return `acl/${userId}/${action}`;
29
29
  }
30
- async get(userId, topic, action) {
31
- const key = this.key(userId, topic, action);
30
+ async get(userId, action) {
31
+ const key = this.key(userId, action);
32
32
  const local = this.ram.get(key);
33
33
  if (local && local.exp > Date.now())
34
34
  return local.v;
@@ -49,8 +49,8 @@ let AclCacheService = AclCacheService_1 = class AclCacheService {
49
49
  }
50
50
  return null;
51
51
  }
52
- async set(userId, topic, action, value) {
53
- const key = this.key(userId, topic, action);
52
+ async set(userId, action, value) {
53
+ const key = this.key(userId, action);
54
54
  this.ram.set(key, { v: value, exp: Date.now() + this.ramTtlMs });
55
55
  if (this.store) {
56
56
  try {
package/modules/acl/cache/acl-cache.service.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"acl-cache.service.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/cache/acl-cache.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAAsE;AAEtE,oCAAgE;AAMzD,IAAM,eAAe,uBAArB,MAAM,eAAe;IAM1B,YAC2B,OAAyB,EACT,KAAsC;QAArB,UAAK,GAAL,KAAK,CAAgB;QAPhE,WAAM,GAAG,IAAI,eAAM,CAAC,iBAAe,CAAC,IAAI,CAAC,CAAC;QAC1C,QAAG,GAAG,IAAI,GAAG,EAAoB,CAAC;QAQjD,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,KAAK,EAAE,QAAQ,IAAI,MAAM,CAAC;QAClD,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,KAAK,EAAE,QAAQ,IAAI,GAAG,CAAC;IACjD,CAAC;IAEO,GAAG,CAAC,MAAc,EAAE,KAAa,EAAE,MAAc;QACvD,OAAO,OAAO,MAAM,IAAI,KAAK,IAAI,MAAM,EAAE,CAAC;IAC5C,CAAC;IAGD,KAAK,CAAC,GAAG,CAAC,MAAc,EAAE,KAAa,EAAE,MAAc;QACrD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QAC5C,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,KAAK,IAAI,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE;YAAE,OAAO,KAAK,CAAC,CAAC,CAAC;QACpD,IAAI,KAAK;YAAE,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBACzC,IAAI,MAAM,KAAK,GAAG,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;oBACrC,MAAM,KAAK,GAAG,MAAM,KAAK,GAAG,CAAC;oBAC7B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;oBACjE,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gCAAgC,GAAG,KAAK,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;YAC7E,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,MAAc,EAAE,KAAa,EAAE,MAAc,EAAE,KAAc;QACrE,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QAC5C,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QACjE,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC9D,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,iCAAiC,GAAG,KAAK,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;YAC9E,CAAC;QACH,CAAC;IACH,CAAC;IAGD,KAAK,CAAC,UAAU,CAAC,MAAe;QAC9B,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAChC,IAAI,CAAC,IAAI,CAAC,KAAK;YAAE,OAAO;QACxB,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,OAAO,MAAM,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC;QACrD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC5C,IAAI,IAAI,CAAC,MAAM;gBAAE,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC9C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,wCAAwC,OAAO,KAAK,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;QACzF,CAAC;IACH,CAAC;IAGD,kBAAkB,CAAC,MAAe;QAChC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;YACjB,OAAO;QACT,CAAC;QACD,MAAM,MAAM,GAAG,OAAO,MAAM,GAAG,CAAC;QAChC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC;YAClC,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC;gBAAE,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;CACF,CAAA;AA3EY,0CAAe;0BAAf,eAAe;IAD3B,IAAA,mBAAU,GAAE;IAQR,WAAA,IAAA,eAAM,EAAC,uBAAe,CAAC,CAAA;IACvB,WAAA,IAAA,iBAAQ,GAAE,CAAA;IAAE,WAAA,IAAA,eAAM,EAAC,2BAAmB,CAAC,CAAA;;GAR/B,eAAe,CA2E3B"}
1
+ {"version":3,"file":"acl-cache.service.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/cache/acl-cache.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAAsE;AAEtE,oCAAgE;AAMzD,IAAM,eAAe,uBAArB,MAAM,eAAe;IAM1B,YAC2B,OAAyB,EACT,KAAsC;QAArB,UAAK,GAAL,KAAK,CAAgB;QAPhE,WAAM,GAAG,IAAI,eAAM,CAAC,iBAAe,CAAC,IAAI,CAAC,CAAC;QAC1C,QAAG,GAAG,IAAI,GAAG,EAAoB,CAAC;QAQjD,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,KAAK,EAAE,QAAQ,IAAI,MAAM,CAAC;QAClD,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,KAAK,EAAE,QAAQ,IAAI,GAAG,CAAC;IACjD,CAAC;IAEO,GAAG,CAAC,MAAc,EAAE,MAAc;QACxC,OAAO,OAAO,MAAM,IAAI,MAAM,EAAE,CAAC;IACnC,CAAC;IAGD,KAAK,CAAC,GAAG,CAAC,MAAc,EAAE,MAAc;QACtC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACrC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,KAAK,IAAI,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE;YAAE,OAAO,KAAK,CAAC,CAAC,CAAC;QACpD,IAAI,KAAK;YAAE,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBACzC,IAAI,MAAM,KAAK,GAAG,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;oBACrC,MAAM,KAAK,GAAG,MAAM,KAAK,GAAG,CAAC;oBAC7B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;oBACjE,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gCAAgC,GAAG,KAAK,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;YAC7E,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,MAAc,EAAE,MAAc,EAAE,KAAc;QACtD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACrC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QACjE,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC9D,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,iCAAiC,GAAG,KAAK,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;YAC9E,CAAC;QACH,CAAC;IACH,CAAC;IAGD,KAAK,CAAC,UAAU,CAAC,MAAe;QAC9B,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAChC,IAAI,CAAC,IAAI,CAAC,KAAK;YAAE,OAAO;QACxB,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,OAAO,MAAM,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC;QACrD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC5C,IAAI,IAAI,CAAC,MAAM;gBAAE,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC9C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,wCAAwC,OAAO,KAAK,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;QACzF,CAAC;IACH,CAAC;IAGD,kBAAkB,CAAC,MAAe;QAChC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;YACjB,OAAO;QACT,CAAC;QACD,MAAM,MAAM,GAAG,OAAO,MAAM,GAAG,CAAC;QAChC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC;YAClC,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC;gBAAE,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;CACF,CAAA;AA3EY,0CAAe;0BAAf,eAAe;IAD3B,IAAA,mBAAU,GAAE;IAQR,WAAA,IAAA,eAAM,EAAC,uBAAe,CAAC,CAAA;IACvB,WAAA,IAAA,iBAAQ,GAAE,CAAA;IAAE,WAAA,IAAA,eAAM,EAAC,2BAAmB,CAAC,CAAA;;GAR/B,eAAe,CA2E3B"}
package/modules/acl/config/acl.config.d.ts CHANGED
@@ -4,5 +4,4 @@ export interface AclCacheOptions {
4
4
  }
5
5
  export interface AclModuleOptions {
6
6
  cache?: AclCacheOptions;
7
- topic?: string;
8
7
  }
package/modules/acl/const.d.ts CHANGED
@@ -3,6 +3,10 @@ export declare const RLB_ACL_OPTIONS = "RLB_ACL_OPTIONS";
3
3
  export declare const RLB_ACL_CACHE_STORE = "RLB_ACL_CACHE_STORE";
4
4
  export declare const ACL_ACTIONS: {
5
5
  readonly canUserDo: "acl-can-user-do";
6
+ readonly canUserDoGtw: "acl-can-user-do-gtw";
7
+ readonly listResourcesByUser: "acl-list-resources-by-user";
8
+ readonly listByUser: "acl-list-by-user";
9
+ readonly verifyAccess: "acl-verify-access";
6
10
  readonly grant: "acl-grant";
7
11
  readonly revoke: "acl-revoke";
8
12
  readonly invalidate: "acl-invalidate";
@@ -14,4 +18,5 @@ export declare const ACL_ACTIONS: {
14
18
  readonly roleUpdate: "acl-role-update";
15
19
  readonly roleDelete: "acl-role-delete";
16
20
  readonly roleList: "acl-role-list";
21
+ readonly roleGet: "acl-role-get";
17
22
  };
package/modules/acl/const.js CHANGED
@@ -6,6 +6,10 @@ exports.RLB_ACL_OPTIONS = 'RLB_ACL_OPTIONS';
6
6
  exports.RLB_ACL_CACHE_STORE = 'RLB_ACL_CACHE_STORE';
7
7
  exports.ACL_ACTIONS = {
8
8
  canUserDo: 'acl-can-user-do',
9
+ canUserDoGtw: 'acl-can-user-do-gtw',
10
+ listResourcesByUser: 'acl-list-resources-by-user',
11
+ listByUser: 'acl-list-by-user',
12
+ verifyAccess: 'acl-verify-access',
9
13
  grant: 'acl-grant',
10
14
  revoke: 'acl-revoke',
11
15
  invalidate: 'acl-invalidate',
@@ -17,5 +21,6 @@ exports.ACL_ACTIONS = {
17
21
  roleUpdate: 'acl-role-update',
18
22
  roleDelete: 'acl-role-delete',
19
23
  roleList: 'acl-role-list',
24
+ roleGet: 'acl-role-get',
20
25
  };
21
26
  //# sourceMappingURL=const.js.map
package/modules/acl/const.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"const.js","sourceRoot":"","sources":["../../../libs/rlb-nestjs-amqp/src/modules/acl/const.ts"],"names":[],"mappings":";;;AAEa,QAAA,SAAS,GAAG,SAAS,CAAC;AAEtB,QAAA,eAAe,GAAG,iBAAiB,CAAC;AAEpC,QAAA,mBAAmB,GAAG,qBAAqB,CAAC;AAG5C,QAAA,WAAW,GAAG;IACzB,SAAS,EAAE,iBAAiB;IAC5B,KAAK,EAAE,WAAW;IAClB,MAAM,EAAE,YAAY;IACpB,UAAU,EAAE,gBAAgB;IAC5B,YAAY,EAAE,mBAAmB;IACjC,YAAY,EAAE,mBAAmB;IACjC,YAAY,EAAE,mBAAmB;IACjC,UAAU,EAAE,iBAAiB;IAC7B,UAAU,EAAE,iBAAiB;IAC7B,UAAU,EAAE,iBAAiB;IAC7B,UAAU,EAAE,iBAAiB;IAC7B,QAAQ,EAAE,eAAe;CACjB,CAAC"}
1
+ {"version":3,"file":"const.js","sourceRoot":"","sources":["../../../libs/rlb-nestjs-amqp/src/modules/acl/const.ts"],"names":[],"mappings":";;;AAGa,QAAA,SAAS,GAAG,SAAS,CAAC;AAEtB,QAAA,eAAe,GAAG,iBAAiB,CAAC;AAEpC,QAAA,mBAAmB,GAAG,qBAAqB,CAAC;AAG5C,QAAA,WAAW,GAAG;IAEzB,SAAS,EAAE,iBAAiB;IAE5B,YAAY,EAAE,qBAAqB;IAEnC,mBAAmB,EAAE,4BAA4B;IAEjD,UAAU,EAAE,kBAAkB;IAE9B,YAAY,EAAE,mBAAmB;IACjC,KAAK,EAAE,WAAW;IAClB,MAAM,EAAE,YAAY;IACpB,UAAU,EAAE,gBAAgB;IAC5B,YAAY,EAAE,mBAAmB;IACjC,YAAY,EAAE,mBAAmB;IACjC,YAAY,EAAE,mBAAmB;IACjC,UAAU,EAAE,iBAAiB;IAC7B,UAAU,EAAE,iBAAiB;IAC7B,UAAU,EAAE,iBAAiB;IAC7B,UAAU,EAAE,iBAAiB;IAC7B,QAAQ,EAAE,eAAe;IACzB,OAAO,EAAE,cAAc;CACf,CAAC"}
package/modules/acl/models.d.ts CHANGED
@@ -17,3 +17,12 @@ export interface AclGrant<Id = string> {
17
17
  resourceId?: string;
18
18
  roles: string[];
19
19
  }
20
+ export interface AclResource {
21
+ resourceId?: string;
22
+ actions: string[];
23
+ friendlyName?: string;
24
+ }
25
+ export interface AclResourceGroup {
26
+ resourceBusinessId?: string;
27
+ resources: AclResource[];
28
+ }
package/modules/acl/repository/acl-action.repository.d.ts CHANGED
@@ -2,10 +2,20 @@ import { PaginationModel } from '../../../common';
2
2
  import { AclAction } from '../models';
3
3
  export declare abstract class AclActionRepository {
4
4
  abstract insert(model: AclAction): Promise<AclAction>;
5
+ abstract insertMany(models: AclAction[]): Promise<AclAction[]>;
5
6
  abstract findById(id: string): Promise<AclAction>;
6
7
  abstract findOne(filter: Record<string, any>): Promise<AclAction>;
8
+ abstract upsertById(id: string, model: Partial<AclAction>): Promise<AclAction>;
9
+ abstract upsertOne(filter: Record<string, any>, model: Partial<AclAction>): Promise<AclAction>;
7
10
  abstract updateById(id: string, model: Partial<AclAction>): Promise<AclAction>;
11
+ abstract updateOne(filter: Record<string, any>, model: Partial<AclAction>): Promise<AclAction>;
12
+ abstract mergeById(id: string, model: Partial<AclAction>): Promise<AclAction>;
13
+ abstract mergeOne(filter: Record<string, any>, model: Partial<AclAction>): Promise<AclAction>;
8
14
  abstract removeById(id: string): Promise<AclAction>;
15
+ abstract removeOne(filter: Record<string, any>): Promise<AclAction>;
16
+ abstract removeMany(filter: Record<string, any>): Promise<number>;
9
17
  abstract filter(filter: Record<string, any>): Promise<AclAction[]>;
10
18
  abstract filterPaginated(filter: Record<string, any>, page?: number, limit?: number): Promise<PaginationModel<AclAction>>;
19
+ abstract retrieveAll(): Promise<AclAction[]>;
20
+ abstract retrieveAllPaginated(page: number, limit: number): Promise<PaginationModel<AclAction>>;
11
21
  }
package/modules/acl/repository/acl-action.repository.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"acl-action.repository.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/repository/acl-action.repository.ts"],"names":[],"mappings":";;;AAOA,MAAsB,mBAAmB;CAQxC;AARD,kDAQC"}
1
+ {"version":3,"file":"acl-action.repository.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/repository/acl-action.repository.ts"],"names":[],"mappings":";;;AAQA,MAAsB,mBAAmB;CAoBxC;AApBD,kDAoBC"}
package/modules/acl/repository/acl-grant.repository.d.ts CHANGED
@@ -2,8 +2,12 @@ import { PaginationModel } from '../../../common';
2
2
  import { AclGrant } from '../models';
3
3
  export declare abstract class AclGrantRepository {
4
4
  abstract insert(model: AclGrant): Promise<AclGrant>;
5
+ abstract findById(id: string): Promise<AclGrant>;
5
6
  abstract findOne(filter: Record<string, any>): Promise<AclGrant>;
7
+ abstract updateById(id: string, model: Partial<AclGrant>): Promise<AclGrant>;
6
8
  abstract updateOne(filter: Record<string, any>, model: Partial<AclGrant>): Promise<AclGrant>;
9
+ abstract mergeById(id: string, model: Partial<AclGrant>): Promise<AclGrant>;
10
+ abstract removeById(id: string): Promise<AclGrant>;
7
11
  abstract removeOne(filter: Record<string, any>): Promise<AclGrant>;
8
12
  abstract filter(filter: Record<string, any>): Promise<AclGrant[]>;
9
13
  abstract filterPaginated(filter: Record<string, any>, page?: number, limit?: number): Promise<PaginationModel<AclGrant>>;
package/modules/acl/repository/acl-grant.repository.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"acl-grant.repository.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/repository/acl-grant.repository.ts"],"names":[],"mappings":";;;AAIA,MAAsB,kBAAkB;CAYvC;AAZD,gDAYC"}
1
+ {"version":3,"file":"acl-grant.repository.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/repository/acl-grant.repository.ts"],"names":[],"mappings":";;;AAOA,MAAsB,kBAAkB;CAiBvC;AAjBD,gDAiBC"}
package/modules/acl/repository/acl-role.repository.d.ts CHANGED
@@ -2,9 +2,19 @@ import { PaginationModel } from '../../../common';
2
2
  import { AclRole } from '../models';
3
3
  export declare abstract class AclRoleRepository {
4
4
  abstract insert(model: AclRole): Promise<AclRole>;
5
+ abstract insertMany(models: AclRole[]): Promise<AclRole[]>;
6
+ abstract findById(id: string): Promise<AclRole>;
5
7
  abstract findOne(filter: Record<string, any>): Promise<AclRole>;
8
+ abstract upsertById(id: string, model: Partial<AclRole>): Promise<AclRole>;
9
+ abstract upsertOne(filter: Record<string, any>, model: Partial<AclRole>): Promise<AclRole>;
10
+ abstract updateById(id: string, model: Partial<AclRole>): Promise<AclRole>;
6
11
  abstract updateOne(filter: Record<string, any>, model: Partial<AclRole>): Promise<AclRole>;
12
+ abstract mergeById(id: string, model: Partial<AclRole>): Promise<AclRole>;
13
+ abstract removeById(id: string): Promise<AclRole>;
7
14
  abstract removeOne(filter: Record<string, any>): Promise<AclRole>;
8
15
  abstract filter(filter: Record<string, any>): Promise<AclRole[]>;
9
16
  abstract filterPaginated(filter: Record<string, any>, page?: number, limit?: number): Promise<PaginationModel<AclRole>>;
17
+ abstract list(): Promise<AclRole[]>;
18
+ abstract listPaginated(page: number, limit: number): Promise<PaginationModel<AclRole>>;
19
+ abstract getActionsByNames(names: string[]): Promise<string[]>;
10
20
  }
package/modules/acl/repository/acl-role.repository.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"acl-role.repository.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/repository/acl-role.repository.ts"],"names":[],"mappings":";;;AAIA,MAAsB,iBAAiB;CAOtC;AAPD,8CAOC"}
1
+ {"version":3,"file":"acl-role.repository.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/repository/acl-role.repository.ts"],"names":[],"mappings":";;;AAQA,MAAsB,iBAAiB;CAmBtC;AAnBD,8CAmBC"}
package/modules/acl/services/acl-management.service.d.ts CHANGED
@@ -12,7 +12,8 @@ export declare class AclManagementService {
12
12
  private readonly logger;
13
13
  constructor(actions: AclActionRepository, roles: AclRoleRepository, grants: AclGrantRepository, cache: AclCacheService);
14
14
  grant(userId: string, roles: string[], resourceId?: string, resourceBusinessId?: string, friendlyName?: string): Promise<AclGrant>;
15
- revoke(userId: string, resourceId?: string): Promise<AclGrant>;
15
+ revoke(userId: string, resourceId?: string, roles?: string[]): Promise<AclGrant | null>;
16
+ private findGrant;
16
17
  createAction(name: string, description?: string): Promise<AclAction>;
17
18
  updateAction(id: string, model: Partial<AclAction>): Promise<AclAction>;
18
19
  deleteAction(id: string): Promise<AclAction>;
@@ -21,6 +22,8 @@ export declare class AclManagementService {
21
22
  updateRole(name: string, model: Partial<AclRole>): Promise<AclRole>;
22
23
  deleteRole(name: string): Promise<AclRole>;
23
24
  listRoles(page?: number, limit?: number): Promise<PaginationModel<AclRole>>;
25
+ getRole(name: string): Promise<AclRole>;
26
+ getActionsByNames(names: string[]): Promise<string[]>;
24
27
  private assertActionsExist;
25
28
  private assertRolesExist;
26
29
  }
package/modules/acl/services/acl-management.service.js CHANGED
@@ -36,16 +36,44 @@ let AclManagementService = AclManagementService_1 = class AclManagementService {
36
36
  if (!roles?.length)
37
37
  throw new common_2.BadRequestError('roles are required');
38
38
  await this.assertRolesExist(roles);
39
- const grant = await this.grants.insert({ userId, roles, resourceId, resourceBusinessId, friendlyName });
39
+ const existing = await this.findGrant(userId, resourceId);
40
+ let result;
41
+ if (existing) {
42
+ const merged = Array.from(new Set([...(existing.roles || []), ...roles]));
43
+ result = await this.grants.updateById(existing._id, {
44
+ roles: merged,
45
+ resourceBusinessId: resourceBusinessId ?? existing.resourceBusinessId,
46
+ friendlyName: friendlyName ?? existing.friendlyName,
47
+ });
48
+ }
49
+ else {
50
+ result = await this.grants.insert({ userId, roles: Array.from(new Set(roles)), resourceId, resourceBusinessId, friendlyName });
51
+ }
40
52
  await this.cache.invalidate(userId);
41
- return grant;
53
+ return result;
42
54
  }
43
- async revoke(userId, resourceId) {
55
+ async revoke(userId, resourceId, roles) {
44
56
  if (!userId)
45
57
  throw new common_2.BadRequestError('userId is required');
46
- const removed = await this.grants.removeOne({ userId, ...(resourceId !== undefined ? { resourceId } : {}) });
58
+ const existing = await this.findGrant(userId, resourceId);
59
+ if (!existing)
60
+ return null;
61
+ let result;
62
+ if (roles?.length) {
63
+ const remaining = (existing.roles || []).filter((r) => !roles.includes(r));
64
+ result = remaining.length
65
+ ? await this.grants.updateById(existing._id, { roles: remaining })
66
+ : await this.grants.removeById(existing._id);
67
+ }
68
+ else {
69
+ result = await this.grants.removeById(existing._id);
70
+ }
47
71
  await this.cache.invalidate(userId);
48
- return removed;
72
+ return result;
73
+ }
74
+ async findGrant(userId, resourceId) {
75
+ const all = await this.grants.filter({ userId });
76
+ return (all || []).find((g) => (g.resourceId ?? null) === (resourceId ?? null));
49
77
  }
50
78
  async createAction(name, description) {
51
79
  if (!name)
@@ -96,6 +124,14 @@ let AclManagementService = AclManagementService_1 = class AclManagementService {
96
124
  async listRoles(page, limit) {
97
125
  return this.roles.filterPaginated({}, Number(page) || 1, Number(limit) || 10);
98
126
  }
127
+ async getRole(name) {
128
+ if (!name)
129
+ throw new common_2.BadRequestError('name is required');
130
+ return this.roles.findOne({ name });
131
+ }
132
+ async getActionsByNames(names) {
133
+ return this.roles.getActionsByNames(names);
134
+ }
99
135
  async assertActionsExist(names) {
100
136
  const found = await this.actions.filter({ name: { $in: names } });
101
137
  const missing = names.filter((n) => !found.some((a) => a.name === n));
@@ -125,8 +161,9 @@ __decorate([
125
161
  (0, broker_1.BrokerAction)(const_1.ACL_TOPIC, const_1.ACL_ACTIONS.revoke, 'rpc'),
126
162
  __param(0, (0, broker_1.BrokerParam)('body', 'userId')),
127
163
  __param(1, (0, broker_1.BrokerParam)('body', 'resourceId')),
164
+ __param(2, (0, broker_1.BrokerParam)('body', 'roles')),
128
165
  __metadata("design:type", Function),
129
- __metadata("design:paramtypes", [String, String]),
166
+ __metadata("design:paramtypes", [String, String, Array]),
130
167
  __metadata("design:returntype", Promise)
131
168
  ], AclManagementService.prototype, "revoke", null);
132
169
  __decorate([
@@ -192,6 +229,13 @@ __decorate([
192
229
  __metadata("design:paramtypes", [Number, Number]),
193
230
  __metadata("design:returntype", Promise)
194
231
  ], AclManagementService.prototype, "listRoles", null);
232
+ __decorate([
233
+ (0, broker_1.BrokerAction)(const_1.ACL_TOPIC, const_1.ACL_ACTIONS.roleGet, 'rpc'),
234
+ __param(0, (0, broker_1.BrokerParam)('body', 'name')),
235
+ __metadata("design:type", Function),
236
+ __metadata("design:paramtypes", [String]),
237
+ __metadata("design:returntype", Promise)
238
+ ], AclManagementService.prototype, "getRole", null);
195
239
  exports.AclManagementService = AclManagementService = AclManagementService_1 = __decorate([
196
240
  (0, common_1.Injectable)(),
197
241
  __metadata("design:paramtypes", [acl_action_repository_1.AclActionRepository,
package/modules/acl/services/acl-management.service.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"acl-management.service.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/services/acl-management.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAAoD;AACpD,4CAAmE;AACnE,yCAAyD;AACzD,kEAA6D;AAC7D,oCAAkD;AAElD,+EAA0E;AAC1E,6EAAwE;AACxE,2EAAsE;AAG/D,IAAM,oBAAoB,4BAA1B,MAAM,oBAAoB;IAG/B,YACmB,OAA4B,EAC5B,KAAwB,EACxB,MAA0B,EAC1B,KAAsB;QAHtB,YAAO,GAAP,OAAO,CAAqB;QAC5B,UAAK,GAAL,KAAK,CAAmB;QACxB,WAAM,GAAN,MAAM,CAAoB;QAC1B,UAAK,GAAL,KAAK,CAAiB;QANxB,WAAM,GAAG,IAAI,eAAM,CAAC,sBAAoB,CAAC,IAAI,CAAC,CAAC;IAO5D,CAAC;IAKC,AAAN,KAAK,CAAC,KAAK,CACsB,MAAc,EACf,KAAe,EACV,UAAmB,EACX,kBAA2B,EACjC,YAAqB;QAE1D,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,oBAAoB,CAAC,CAAC;QAC7D,IAAI,CAAC,KAAK,EAAE,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,oBAAoB,CAAC,CAAC;QACpE,MAAM,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;QACnC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,kBAAkB,EAAE,YAAY,EAAE,CAAC,CAAC;QACxG,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACpC,OAAO,KAAK,CAAC;IACf,CAAC;IAGK,AAAN,KAAK,CAAC,MAAM,CACqB,MAAc,EACV,UAAmB;QAEtD,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,oBAAoB,CAAC,CAAC;QAC7D,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,GAAG,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QAC7G,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACpC,OAAO,OAAO,CAAC;IACjB,CAAC;IAKK,AAAN,KAAK,CAAC,YAAY,CACa,IAAY,EACL,WAAoB;QAExD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC;QACjE,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,OAAO,CAAC;IACjB,CAAC;IAGK,AAAN,KAAK,CAAC,YAAY,CACW,EAAU,EACX,KAAyB;QAEnD,IAAI,CAAC,EAAE;YAAE,MAAM,IAAI,wBAAe,CAAC,gBAAgB,CAAC,CAAC;QACrD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;QACzD,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,OAAO,CAAC;IACjB,CAAC;IAGK,AAAN,KAAK,CAAC,YAAY,CAA4B,EAAU;QACtD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;QAClD,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,OAAO,CAAC;IACjB,CAAC;IAGK,AAAN,KAAK,CAAC,WAAW,CACc,IAAa,EACZ,KAAc;QAE5C,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IAClF,CAAC;IAKK,AAAN,KAAK,CAAC,UAAU,CACe,IAAY,EACT,OAAiB,EACb,WAAoB;QAExD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,CAAC,CAAC;QACzD,IAAI,CAAC,OAAO,EAAE,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,sBAAsB,CAAC,CAAC;QACxE,MAAM,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;QACvC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;QACxE,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,OAAO,CAAC;IACjB,CAAC;IAGK,AAAN,KAAK,CAAC,UAAU,CACe,IAAY,EACf,KAAuB;QAEjD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,CAAC,CAAC;QACzD,IAAI,KAAK,EAAE,OAAO,EAAE,MAAM;YAAE,MAAM,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACzE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,EAAE,KAAK,CAAC,CAAC;QAC5D,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,OAAO,CAAC;IACjB,CAAC;IAGK,AAAN,KAAK,CAAC,UAAU,CAA8B,IAAY;QACxD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QACrD,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,OAAO,CAAC;IACjB,CAAC;IAGK,AAAN,KAAK,CAAC,SAAS,CACgB,IAAa,EACZ,KAAc;QAE5C,OAAO,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IAChF,CAAC;IAIO,KAAK,CAAC,kBAAkB,CAAC,KAAe;QAC9C,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;QAClE,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;QACtE,IAAI,OAAO,CAAC,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,oBAAoB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC1F,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAAC,KAAe;QAC5C,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;QAChE,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;QACtE,IAAI,OAAO,CAAC,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACxF,CAAC;CACF,CAAA;AAtIY,oDAAoB;AAazB;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,KAAK,EAAE,KAAK,CAAC;IAE/C,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAA;IAC7B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAC5B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,YAAY,CAAC,CAAA;IACjC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,oBAAoB,CAAC,CAAA;IACzC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,cAAc,CAAC,CAAA;;;;iDAQrC;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,MAAM,EAAE,KAAK,CAAC;IAEhD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAA;IAC7B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,YAAY,CAAC,CAAA;;;;kDAMnC;AAKK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,YAAY,EAAE,KAAK,CAAC;IAEtD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC3B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,aAAa,CAAC,CAAA;;;;wDAMpC;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,YAAY,EAAE,KAAK,CAAC;IAEtD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,IAAI,CAAC,CAAA;IACzB,WAAA,IAAA,oBAAW,EAAC,WAAW,CAAC,CAAA;;;;wDAM1B;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,YAAY,EAAE,KAAK,CAAC;IACrC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,IAAI,CAAC,CAAA;;;;wDAI5C;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,UAAU,EAAE,KAAK,CAAC;IAEpD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC3B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,OAAO,CAAC,CAAA;;;;uDAG9B;AAKK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,UAAU,EAAE,KAAK,CAAC;IAEpD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC3B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,SAAS,CAAC,CAAA;IAC9B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,aAAa,CAAC,CAAA;;;;sDAQpC;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,UAAU,EAAE,KAAK,CAAC;IAEpD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC3B,WAAA,IAAA,oBAAW,EAAC,WAAW,CAAC,CAAA;;;;sDAO1B;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,UAAU,EAAE,KAAK,CAAC;IACrC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;;;;sDAI5C;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,QAAQ,EAAE,KAAK,CAAC;IAElD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC3B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,OAAO,CAAC,CAAA;;;;qDAG9B;+BAvHU,oBAAoB;IADhC,IAAA,mBAAU,GAAE;qCAKiB,2CAAmB;QACrB,uCAAiB;QAChB,yCAAkB;QACnB,mCAAe;GAP9B,oBAAoB,CAsIhC"}
1
+ {"version":3,"file":"acl-management.service.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/services/acl-management.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAAoD;AACpD,4CAAmE;AACnE,yCAAyD;AACzD,kEAA6D;AAC7D,oCAAkD;AAElD,+EAA0E;AAC1E,6EAAwE;AACxE,2EAAsE;AAG/D,IAAM,oBAAoB,4BAA1B,MAAM,oBAAoB;IAG/B,YACmB,OAA4B,EAC5B,KAAwB,EACxB,MAA0B,EAC1B,KAAsB;QAHtB,YAAO,GAAP,OAAO,CAAqB;QAC5B,UAAK,GAAL,KAAK,CAAmB;QACxB,WAAM,GAAN,MAAM,CAAoB;QAC1B,UAAK,GAAL,KAAK,CAAiB;QANxB,WAAM,GAAG,IAAI,eAAM,CAAC,sBAAoB,CAAC,IAAI,CAAC,CAAC;IAO5D,CAAC;IAGC,AAAN,KAAK,CAAC,KAAK,CACsB,MAAc,EACf,KAAe,EACV,UAAmB,EACX,kBAA2B,EACjC,YAAqB;QAE1D,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,oBAAoB,CAAC,CAAC;QAC7D,IAAI,CAAC,KAAK,EAAE,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,oBAAoB,CAAC,CAAC;QACpE,MAAM,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;QAGnC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QAC1D,IAAI,MAAgB,CAAC;QACrB,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,IAAI,EAAE,CAAC,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAC1E,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAI,EAAE;gBACnD,KAAK,EAAE,MAAM;gBACb,kBAAkB,EAAE,kBAAkB,IAAI,QAAQ,CAAC,kBAAkB;gBACrE,YAAY,EAAE,YAAY,IAAI,QAAQ,CAAC,YAAY;aACpD,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,EAAE,kBAAkB,EAAE,YAAY,EAAE,CAAC,CAAC;QACjI,CAAC;QACD,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACpC,OAAO,MAAM,CAAC;IAChB,CAAC;IAGK,AAAN,KAAK,CAAC,MAAM,CACqB,MAAc,EACV,UAAmB,EACxB,KAAgB;QAE9C,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,oBAAoB,CAAC,CAAC;QAC7D,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QAC1D,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,CAAC;QAC3B,IAAI,MAAuB,CAAC;QAC5B,IAAI,KAAK,EAAE,MAAM,EAAE,CAAC;YAElB,MAAM,SAAS,GAAG,CAAC,QAAQ,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YAC3E,MAAM,GAAG,SAAS,CAAC,MAAM;gBACvB,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAI,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;gBACnE,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAI,CAAC,CAAC;QAClD,CAAC;aAAM,CAAC;YAEN,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAI,CAAC,CAAC;QACvD,CAAC;QACD,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACpC,OAAO,MAAM,CAAC;IAChB,CAAC;IAGO,KAAK,CAAC,SAAS,CAAC,MAAc,EAAE,UAAmB;QACzD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,IAAI,IAAI,CAAC,KAAK,CAAC,UAAU,IAAI,IAAI,CAAC,CAAC,CAAC;IAClF,CAAC;IAGK,AAAN,KAAK,CAAC,YAAY,CACa,IAAY,EACL,WAAoB;QAExD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC;QACjE,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,OAAO,CAAC;IACjB,CAAC;IAGK,AAAN,KAAK,CAAC,YAAY,CACW,EAAU,EACX,KAAyB;QAEnD,IAAI,CAAC,EAAE;YAAE,MAAM,IAAI,wBAAe,CAAC,gBAAgB,CAAC,CAAC;QACrD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;QACzD,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,OAAO,CAAC;IACjB,CAAC;IAGK,AAAN,KAAK,CAAC,YAAY,CAA4B,EAAU;QACtD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;QAClD,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,OAAO,CAAC;IACjB,CAAC;IAGK,AAAN,KAAK,CAAC,WAAW,CACc,IAAa,EACZ,KAAc;QAE5C,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IAClF,CAAC;IAGK,AAAN,KAAK,CAAC,UAAU,CACe,IAAY,EACT,OAAiB,EACb,WAAoB;QAExD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,CAAC,CAAC;QACzD,IAAI,CAAC,OAAO,EAAE,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,sBAAsB,CAAC,CAAC;QACxE,MAAM,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;QACvC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;QACxE,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,OAAO,CAAC;IACjB,CAAC;IAGK,AAAN,KAAK,CAAC,UAAU,CACe,IAAY,EACf,KAAuB;QAEjD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,CAAC,CAAC;QACzD,IAAI,KAAK,EAAE,OAAO,EAAE,MAAM;YAAE,MAAM,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACzE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,EAAE,KAAK,CAAC,CAAC;QAC5D,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,OAAO,CAAC;IACjB,CAAC;IAGK,AAAN,KAAK,CAAC,UAAU,CAA8B,IAAY;QACxD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QACrD,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,OAAO,CAAC;IACjB,CAAC;IAGK,AAAN,KAAK,CAAC,SAAS,CACgB,IAAa,EACZ,KAAc;QAE5C,OAAO,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IAChF,CAAC;IAGK,AAAN,KAAK,CAAC,OAAO,CAA8B,IAAY;QACrD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,CAAC,CAAC;QACzD,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;IACtC,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,KAAe;QACrC,OAAO,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;IAC7C,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAAC,KAAe;QAC9C,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;QAClE,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;QACtE,IAAI,OAAO,CAAC,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,oBAAoB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC1F,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAAC,KAAe;QAC5C,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;QAChE,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;QACtE,IAAI,OAAO,CAAC,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACxF,CAAC;CACF,CAAA;AAxKY,oDAAoB;AAWzB;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,KAAK,EAAE,KAAK,CAAC;IAE/C,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAA;IAC7B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAC5B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,YAAY,CAAC,CAAA;IACjC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,oBAAoB,CAAC,CAAA;IACzC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,cAAc,CAAC,CAAA;;;;iDAqBrC;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,MAAM,EAAE,KAAK,CAAC;IAEhD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAA;IAC7B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,YAAY,CAAC,CAAA;IACjC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,OAAO,CAAC,CAAA;;;;kDAkB9B;AASK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,YAAY,EAAE,KAAK,CAAC;IAEtD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC3B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,aAAa,CAAC,CAAA;;;;wDAMpC;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,YAAY,EAAE,KAAK,CAAC;IAEtD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,IAAI,CAAC,CAAA;IACzB,WAAA,IAAA,oBAAW,EAAC,WAAW,CAAC,CAAA;;;;wDAM1B;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,YAAY,EAAE,KAAK,CAAC;IACrC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,IAAI,CAAC,CAAA;;;;wDAI5C;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,UAAU,EAAE,KAAK,CAAC;IAEpD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC3B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,OAAO,CAAC,CAAA;;;;uDAG9B;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,UAAU,EAAE,KAAK,CAAC;IAEpD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC3B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,SAAS,CAAC,CAAA;IAC9B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,aAAa,CAAC,CAAA;;;;sDAQpC;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,UAAU,EAAE,KAAK,CAAC;IAEpD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC3B,WAAA,IAAA,oBAAW,EAAC,WAAW,CAAC,CAAA;;;;sDAO1B;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,UAAU,EAAE,KAAK,CAAC;IACrC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;;;;sDAI5C;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,QAAQ,EAAE,KAAK,CAAC;IAElD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC3B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,OAAO,CAAC,CAAA;;;;qDAG9B;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,OAAO,EAAE,KAAK,CAAC;IACrC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;;;;mDAGzC;+BAvJU,oBAAoB;IADhC,IAAA,mBAAU,GAAE;qCAKiB,2CAAmB;QACrB,uCAAiB;QAChB,yCAAkB;QACnB,mCAAe;GAP9B,oBAAoB,CAwKhC"}
package/modules/acl/services/acl.service.d.ts CHANGED
@@ -1,11 +1,20 @@
1
1
  import { IAclRoleService } from '../../proxy/services/acl.service';
2
2
  import { AclCacheService } from '../cache/acl-cache.service';
3
+ import { AclGrant, AclResourceGroup } from '../models';
3
4
  import { AclGrantRepository } from '../repository/acl-grant.repository';
5
+ import { AclRoleRepository } from '../repository/acl-role.repository';
4
6
  export declare class AclService implements IAclRoleService {
5
7
  private readonly grants;
8
+ private readonly roles;
6
9
  private readonly cache;
7
10
  private readonly logger;
8
- constructor(grants: AclGrantRepository, cache: AclCacheService);
9
- canUserDo(topic: string, action: string, userId: string): Promise<boolean>;
10
- handleCanUserDo(userId: string, action: string, topic?: string): Promise<boolean>;
11
+ constructor(grants: AclGrantRepository, roles: AclRoleRepository, cache: AclCacheService);
12
+ private toList;
13
+ canUserDoGtw(roles: string | string[], userId: string): Promise<boolean>;
14
+ canUserDo(roles: string | string[], userId: string, resourceId?: string): Promise<boolean>;
15
+ handleCanUserDoGtw(userId: string, roles?: string | string[]): Promise<boolean>;
16
+ handleCanUserDo(userId: string, resource: string, roles?: string | string[]): Promise<boolean>;
17
+ listResourcesByUser(userId: string): Promise<AclResourceGroup[]>;
18
+ listByUser(userId: string): Promise<AclGrant[]>;
19
+ verifyAccess(userId: string, resourceId: string, action: string, resourceBusinessId?: string, productId?: string): Promise<boolean>;
11
20
  }