@open-rlb/nestjs-amqp 2.0.2 → 2.0.3

package/README.md

@@ -268,8 +268,6 @@ auth-providers:
     headerPrefix: X-GTW-AUTH-                      # prefisso degli header propagati ai microservizi
     uidClaim: USERID                              # dest (uppercase) usato come user id per l'ACL
     usernameClaim: USERNAME
-    aclTopic: acl                                 # topic RPC interrogato per i ruoli
-    aclAction: can-user-do
 
   - name: gateway-jwt
     type: jwt
@@ -281,8 +279,6 @@ auth-providers:
     headerPrefix: X-GTW-AUTH-
     uidClaim: USERID
     usernameClaim: USERNAME
-    aclTopic: acl
-    aclAction: can-user-do
 
   - name: gateway-basic
     type: basic
@@ -298,7 +294,7 @@ auth-providers:
 
 Mapping dei claim: un token con `{ sub: "u_1", roles: [...] }` e `jwtMap: [sub:userId]`, `headerPrefix: X-GTW-AUTH-` produce l'header `X-GTW-AUTH-USERID = u_1` propagato al microservizio. Leggilo con `@BrokerParam('header', 'X-GTW-AUTH-USERID')`.
 
-> **Sicurezza dei provider**: `algorithms` è **obbligatorio** per `jwt`/`jwks` (se omesso la verifica è negata → previene l'algorithm-confusion); per `jwks` solo algoritmi asimmetrici (RS\*/ES\*/PS\*), `HS*`/`none` rifiutati. `str-compare` senza `secret` e `basic` senza `clientSecret` fanno **pass-through** (richiesta considerata autenticata — provider di fatto aperto/disabilitato; usalo consapevolmente). Senza `jwtMap` i claim vengono propagati non mappati: definiscilo sempre.
+> **Sicurezza dei provider**: `algorithms` è **obbligatorio** per `jwt`/`jwks` (se omesso la verifica è negata → previene l'algorithm-confusion); per `jwks` solo algoritmi asimmetrici (RS\*/ES\*/PS\*), `HS*`/`none` rifiutati. `str-compare` senza `secret` e `basic` senza `clientSecret` fanno **pass-through** (richiesta considerata autenticata — provider di fatto aperto/disabilitato; usalo consapevolmente). Senza `jwtMap` **nessun claim viene inoltrato** (il token resta accettato, `success:true`): il gateway fa fail-safe invece di propagare l'intero payload. Definiscilo sempre per inoltrare gli header identità (es. `X-GTW-AUTH-USERID`).
 
 ### `gateway`
 
@@ -574,8 +570,10 @@ import { AclModule, AclService, AclActionRepository, AclRoleRepository, AclGrant
 export class AppModule {}
 ```
 
-- I handler sono esposti su `BrokerService` con topic **`rlb-acl`** (costante `ACL_TOPIC`): `acl-can-user-do` (rpc), `acl-grant`/`acl-revoke`, `acl-action-*`, `acl-role-*`. Definisci nel tuo `broker.topics` un topic `rlb-acl` e imposta negli auth-provider `aclTopic: rlb-acl`, `aclAction: acl-can-user-do`.
-- `AclService.canUserDo(topic, action, userId)` serve dalla cache; sul miss interroga il DB (`checkActions`: i ruoli del grant devono coprire l'azione) e ripopola RAM+L2.
+- I handler sono esposti su `BrokerService` con topic **`rlb-acl`** (costante `ACL_TOPIC`): `acl-can-user-do` / `acl-can-user-do-gtw` (rpc), `acl-grant`/`acl-revoke`, `acl-action-*`, `acl-role-*`. Definisci nel tuo `broker.topics` un topic `rlb-acl`. (Il check ruoli del gateway è in-process via `IAclRoleService`, quindi gli auth-provider non richiedono più `aclTopic`/`aclAction`.)
+- **Due verifiche role-based** (servite dalla cache 2-tier, miss → DB → ripopola); input solo `userId` + `roles`, **niente topic/action**:
+  - `canUserDoGtw(roles, userId)` — **filtro primario del gateway** (role-based, OR): vero se l'utente ha almeno uno dei ruoli, resource-agnostico. È quello usato da `checkRoles` su `path.roles`. RPC `acl-can-user-do-gtw`.
+  - `canUserDo(roles, userId, resourceId)` — **lato microservizio**: vero se un grant **globale** (senza `resourceId`) **oppure** legato a quella risorsa dà all'utente il ruolo (`roles` accetta `string | string[]`). La risorsa è nota solo al ms, che chiama l'RPC `acl-can-user-do` con payload `{ userId, resource, roles }`.
 - **Invalidazione**: ogni mutazione (grant/role/action) svuota L1 e L2 → la prossima verifica pesca dal DB. Senza L2, la coerenza multi-istanza è limitata dal `ramTtlMs`.
 - **Cache L2 pluggable**: il consumer fornisce `{ provide: RLB_ACL_CACHE_STORE, useClass/useExisting }` che implementa `AclCacheStore` (`get/set/del/keys`). In `gateway-2` è `InMemoryAclStore` (mock in RAM, nessuna dipendenza esterna); in produzione plugga uno store condiviso (es. Redis).
 
@@ -660,7 +658,7 @@ Questi sono i punti che causano più frequentemente bug silenziosi. **Leggili pr
 
 ### Auth / ACL
 
-14. **`roles` su una path o evento richiede un `IAclRoleService`** registrato via `RLB_GTW_ACL_ROLE_SERVICE` in `ProxyModule.forRootAsync({ providers: [...] })`. L'auth-provider deve definire `aclTopic`, `aclAction`, `uidClaim`, `usernameClaim`, e `uidClaim` deve corrispondere a un `dest` del `jwtMap`. Mancante → throw. Nota: `authOptions`/`gatewayOptions` si passano a `ProxyModule`, non a `BrokerModule`.
+14. **`roles` su una path richiede un `IAclRoleService`** registrato via `RLB_GTW_ACL_ROLE_SERVICE` in `ProxyModule.forRootAsync({ providers: [...] })`. Il check del gateway è **role-based**: `path.roles` elenca **nomi di ruolo** e l'utente passa se ne possiede **almeno uno** (`canUserDoGtw(path.roles, userId)`, filtro primario resource-agnostico). L'auth-provider deve definire `uidClaim` (per estrarre lo userId) + `headerPrefix`. La verifica fine sulla risorsa va fatta sul microservizio con `canUserDo(roles, userId, resourceId)` (RPC `acl-can-user-do`). Nota: `authOptions`/`gatewayOptions` si passano a `ProxyModule`, non a `BrokerModule`.
 15. **Gli header propagati sono uppercase e prefissati** (`${headerPrefix}${DEST}`): leggi `X-GTW-AUTH-USERID`, non `userId`.
 
 ### WebSocket

package/common/errors.d.ts

@@ -9,5 +9,7 @@ export declare class ForbiddenError extends BrokerHttpError {
 }
 export declare class NotFoundError extends BrokerHttpError {
 }
+export declare class ConflictError extends BrokerHttpError {
+}
 export declare class InvalidParamsErrror extends BrokerHttpError {
 }

package/common/errors.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.InvalidParamsErrror = exports.NotFoundError = exports.ForbiddenError = exports.UnauthorizedError = exports.BadRequestError = exports.BrokerHttpError = void 0;
+exports.InvalidParamsErrror = exports.ConflictError = exports.NotFoundError = exports.ForbiddenError = exports.UnauthorizedError = exports.BadRequestError = exports.BrokerHttpError = void 0;
 class BrokerHttpError extends Error {
     constructor(message) {
         super(message);
@@ -20,6 +20,9 @@ exports.ForbiddenError = ForbiddenError;
 class NotFoundError extends BrokerHttpError {
 }
 exports.NotFoundError = NotFoundError;
+class ConflictError extends BrokerHttpError {
+}
+exports.ConflictError = ConflictError;
 class InvalidParamsErrror extends BrokerHttpError {
 }
 exports.InvalidParamsErrror = InvalidParamsErrror;

package/common/errors.js.map

@@ -1 +1 @@
-{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../libs/rlb-nestjs-amqp/src/common/errors.ts"],"names":[],"mappings":";;;AAKA,MAAa,eAAgB,SAAQ,KAAK;IACxC,YAAY,OAAgB;QAC1B,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC;IAC9B,CAAC;CACF;AALD,0CAKC;AAED,MAAa,eAAgB,SAAQ,eAAe;CAAI;AAAxD,0CAAwD;AACxD,MAAa,iBAAkB,SAAQ,eAAe;CAAI;AAA1D,8CAA0D;AAC1D,MAAa,cAAe,SAAQ,eAAe;CAAI;AAAvD,wCAAuD;AACvD,MAAa,aAAc,SAAQ,eAAe;CAAI;AAAtD,sCAAsD;AAEtD,MAAa,mBAAoB,SAAQ,eAAe;CAAI;AAA5D,kDAA4D"}
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../libs/rlb-nestjs-amqp/src/common/errors.ts"],"names":[],"mappings":";;;AAKA,MAAa,eAAgB,SAAQ,KAAK;IACxC,YAAY,OAAgB;QAC1B,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC;IAC9B,CAAC;CACF;AALD,0CAKC;AAED,MAAa,eAAgB,SAAQ,eAAe;CAAI;AAAxD,0CAAwD;AACxD,MAAa,iBAAkB,SAAQ,eAAe;CAAI;AAA1D,8CAA0D;AAC1D,MAAa,cAAe,SAAQ,eAAe;CAAI;AAAvD,wCAAuD;AACvD,MAAa,aAAc,SAAQ,eAAe;CAAI;AAAtD,sCAAsD;AACtD,MAAa,aAAc,SAAQ,eAAe;CAAI;AAAtD,sCAAsD;AAEtD,MAAa,mBAAoB,SAAQ,eAAe;CAAI;AAA5D,kDAA4D"}

package/index.d.ts

@@ -4,4 +4,3 @@ export * from './modules/broker/index';
 export * from './modules/broker/services/utils.service';
 export * from './modules/gateway-admin';
 export * from './modules/proxy/index';
-export * from './modules/remote-config/index';

package/index.js

@@ -20,5 +20,4 @@ __exportStar(require("./modules/broker/index"), exports);
 __exportStar(require("./modules/broker/services/utils.service"), exports);
 __exportStar(require("./modules/gateway-admin"), exports);
 __exportStar(require("./modules/proxy/index"), exports);
-__exportStar(require("./modules/remote-config/index"), exports);
 //# sourceMappingURL=index.js.map

package/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../libs/rlb-nestjs-amqp/src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAAyB;AACzB,gDAA8B;AAC9B,yDAAuC;AACvC,0EAAwD;AACxD,0DAAwC;AACxC,wDAAsC;AACtC,gEAA8C"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../libs/rlb-nestjs-amqp/src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAAyB;AACzB,gDAA8B;AAC9B,yDAAuC;AACvC,0EAAwD;AACxD,0DAAwC;AACxC,wDAAsC"}

package/modules/acl/cache/acl-cache.service.d.ts

@@ -8,8 +8,8 @@ export declare class AclCacheService {
     private readonly l2TtlSec;
     constructor(options: AclModuleOptions, store?: AclCacheStore);
     private key;
-    get(userId: string, topic: string, action: string): Promise<boolean | null>;
-    set(userId: string, topic: string, action: string, value: boolean): Promise<void>;
+    get(userId: string, action: string): Promise<boolean | null>;
+    set(userId: string, action: string, value: boolean): Promise<void>;
     invalidate(userId?: string): Promise<void>;
     invalidateLocalRam(userId?: string): void;
 }

package/modules/acl/cache/acl-cache.service.js

@@ -24,11 +24,11 @@ let AclCacheService = AclCacheService_1 = class AclCacheService {
         this.ramTtlMs = options.cache?.ramTtlMs ?? 30_000;
         this.l2TtlSec = options.cache?.l2TtlSec ?? 600;
     }
-    key(userId, topic, action) {
-        return `acl/${userId}/${topic}/${action}`;
+    key(userId, action) {
+        return `acl/${userId}/${action}`;
     }
-    async get(userId, topic, action) {
-        const key = this.key(userId, topic, action);
+    async get(userId, action) {
+        const key = this.key(userId, action);
         const local = this.ram.get(key);
         if (local && local.exp > Date.now())
             return local.v;
@@ -49,8 +49,8 @@ let AclCacheService = AclCacheService_1 = class AclCacheService {
         }
         return null;
     }
-    async set(userId, topic, action, value) {
-        const key = this.key(userId, topic, action);
+    async set(userId, action, value) {
+        const key = this.key(userId, action);
         this.ram.set(key, { v: value, exp: Date.now() + this.ramTtlMs });
         if (this.store) {
             try {

package/modules/acl/cache/acl-cache.service.js.map

@@ -1 +1 @@
-{"version":3,"file":"acl-cache.service.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/cache/acl-cache.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAAsE;AAEtE,oCAAgE;AAMzD,IAAM,eAAe,uBAArB,MAAM,eAAe;IAM1B,YAC2B,OAAyB,EACT,KAAsC;QAArB,UAAK,GAAL,KAAK,CAAgB;QAPhE,WAAM,GAAG,IAAI,eAAM,CAAC,iBAAe,CAAC,IAAI,CAAC,CAAC;QAC1C,QAAG,GAAG,IAAI,GAAG,EAAoB,CAAC;QAQjD,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,KAAK,EAAE,QAAQ,IAAI,MAAM,CAAC;QAClD,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,KAAK,EAAE,QAAQ,IAAI,GAAG,CAAC;IACjD,CAAC;IAEO,GAAG,CAAC,MAAc,EAAE,KAAa,EAAE,MAAc;QACvD,OAAO,OAAO,MAAM,IAAI,KAAK,IAAI,MAAM,EAAE,CAAC;IAC5C,CAAC;IAGD,KAAK,CAAC,GAAG,CAAC,MAAc,EAAE,KAAa,EAAE,MAAc;QACrD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QAC5C,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,KAAK,IAAI,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE;YAAE,OAAO,KAAK,CAAC,CAAC,CAAC;QACpD,IAAI,KAAK;YAAE,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBACzC,IAAI,MAAM,KAAK,GAAG,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;oBACrC,MAAM,KAAK,GAAG,MAAM,KAAK,GAAG,CAAC;oBAC7B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;oBACjE,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gCAAgC,GAAG,KAAK,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;YAC7E,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,MAAc,EAAE,KAAa,EAAE,MAAc,EAAE,KAAc;QACrE,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QAC5C,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QACjE,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC9D,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,iCAAiC,GAAG,KAAK,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;YAC9E,CAAC;QACH,CAAC;IACH,CAAC;IAGD,KAAK,CAAC,UAAU,CAAC,MAAe;QAC9B,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAChC,IAAI,CAAC,IAAI,CAAC,KAAK;YAAE,OAAO;QACxB,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,OAAO,MAAM,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC;QACrD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC5C,IAAI,IAAI,CAAC,MAAM;gBAAE,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC9C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,wCAAwC,OAAO,KAAK,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;QACzF,CAAC;IACH,CAAC;IAGD,kBAAkB,CAAC,MAAe;QAChC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;YACjB,OAAO;QACT,CAAC;QACD,MAAM,MAAM,GAAG,OAAO,MAAM,GAAG,CAAC;QAChC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC;YAClC,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC;gBAAE,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;CACF,CAAA;AA3EY,0CAAe;0BAAf,eAAe;IAD3B,IAAA,mBAAU,GAAE;IAQR,WAAA,IAAA,eAAM,EAAC,uBAAe,CAAC,CAAA;IACvB,WAAA,IAAA,iBAAQ,GAAE,CAAA;IAAE,WAAA,IAAA,eAAM,EAAC,2BAAmB,CAAC,CAAA;;GAR/B,eAAe,CA2E3B"}
+{"version":3,"file":"acl-cache.service.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/cache/acl-cache.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAAsE;AAEtE,oCAAgE;AAMzD,IAAM,eAAe,uBAArB,MAAM,eAAe;IAM1B,YAC2B,OAAyB,EACT,KAAsC;QAArB,UAAK,GAAL,KAAK,CAAgB;QAPhE,WAAM,GAAG,IAAI,eAAM,CAAC,iBAAe,CAAC,IAAI,CAAC,CAAC;QAC1C,QAAG,GAAG,IAAI,GAAG,EAAoB,CAAC;QAQjD,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,KAAK,EAAE,QAAQ,IAAI,MAAM,CAAC;QAClD,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,KAAK,EAAE,QAAQ,IAAI,GAAG,CAAC;IACjD,CAAC;IAEO,GAAG,CAAC,MAAc,EAAE,MAAc;QACxC,OAAO,OAAO,MAAM,IAAI,MAAM,EAAE,CAAC;IACnC,CAAC;IAGD,KAAK,CAAC,GAAG,CAAC,MAAc,EAAE,MAAc;QACtC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACrC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,KAAK,IAAI,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE;YAAE,OAAO,KAAK,CAAC,CAAC,CAAC;QACpD,IAAI,KAAK;YAAE,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBACzC,IAAI,MAAM,KAAK,GAAG,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;oBACrC,MAAM,KAAK,GAAG,MAAM,KAAK,GAAG,CAAC;oBAC7B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;oBACjE,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gCAAgC,GAAG,KAAK,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;YAC7E,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,MAAc,EAAE,MAAc,EAAE,KAAc;QACtD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACrC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QACjE,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC9D,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,iCAAiC,GAAG,KAAK,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;YAC9E,CAAC;QACH,CAAC;IACH,CAAC;IAGD,KAAK,CAAC,UAAU,CAAC,MAAe;QAC9B,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAChC,IAAI,CAAC,IAAI,CAAC,KAAK;YAAE,OAAO;QACxB,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,OAAO,MAAM,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC;QACrD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC5C,IAAI,IAAI,CAAC,MAAM;gBAAE,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC9C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,wCAAwC,OAAO,KAAK,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;QACzF,CAAC;IACH,CAAC;IAGD,kBAAkB,CAAC,MAAe;QAChC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;YACjB,OAAO;QACT,CAAC;QACD,MAAM,MAAM,GAAG,OAAO,MAAM,GAAG,CAAC;QAChC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC;YAClC,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC;gBAAE,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;CACF,CAAA;AA3EY,0CAAe;0BAAf,eAAe;IAD3B,IAAA,mBAAU,GAAE;IAQR,WAAA,IAAA,eAAM,EAAC,uBAAe,CAAC,CAAA;IACvB,WAAA,IAAA,iBAAQ,GAAE,CAAA;IAAE,WAAA,IAAA,eAAM,EAAC,2BAAmB,CAAC,CAAA;;GAR/B,eAAe,CA2E3B"}

package/modules/acl/config/acl.config.d.ts

@@ -4,5 +4,4 @@ export interface AclCacheOptions {
 }
 export interface AclModuleOptions {
     cache?: AclCacheOptions;
-    topic?: string;
 }

package/modules/acl/const.d.ts

@@ -3,6 +3,10 @@ export declare const RLB_ACL_OPTIONS = "RLB_ACL_OPTIONS";
 export declare const RLB_ACL_CACHE_STORE = "RLB_ACL_CACHE_STORE";
 export declare const ACL_ACTIONS: {
     readonly canUserDo: "acl-can-user-do";
+    readonly canUserDoGtw: "acl-can-user-do-gtw";
+    readonly listResourcesByUser: "acl-list-resources-by-user";
+    readonly listByUser: "acl-list-by-user";
+    readonly verifyAccess: "acl-verify-access";
     readonly grant: "acl-grant";
     readonly revoke: "acl-revoke";
     readonly invalidate: "acl-invalidate";
@@ -14,4 +18,5 @@ export declare const ACL_ACTIONS: {
     readonly roleUpdate: "acl-role-update";
     readonly roleDelete: "acl-role-delete";
     readonly roleList: "acl-role-list";
+    readonly roleGet: "acl-role-get";
 };

package/modules/acl/const.js

@@ -6,6 +6,10 @@ exports.RLB_ACL_OPTIONS = 'RLB_ACL_OPTIONS';
 exports.RLB_ACL_CACHE_STORE = 'RLB_ACL_CACHE_STORE';
 exports.ACL_ACTIONS = {
     canUserDo: 'acl-can-user-do',
+    canUserDoGtw: 'acl-can-user-do-gtw',
+    listResourcesByUser: 'acl-list-resources-by-user',
+    listByUser: 'acl-list-by-user',
+    verifyAccess: 'acl-verify-access',
     grant: 'acl-grant',
     revoke: 'acl-revoke',
     invalidate: 'acl-invalidate',
@@ -17,5 +21,6 @@ exports.ACL_ACTIONS = {
     roleUpdate: 'acl-role-update',
     roleDelete: 'acl-role-delete',
     roleList: 'acl-role-list',
+    roleGet: 'acl-role-get',
 };
 //# sourceMappingURL=const.js.map

package/modules/acl/const.js.map

@@ -1 +1 @@
-{"version":3,"file":"const.js","sourceRoot":"","sources":["../../../libs/rlb-nestjs-amqp/src/modules/acl/const.ts"],"names":[],"mappings":";;;AAEa,QAAA,SAAS,GAAG,SAAS,CAAC;AAEtB,QAAA,eAAe,GAAG,iBAAiB,CAAC;AAEpC,QAAA,mBAAmB,GAAG,qBAAqB,CAAC;AAG5C,QAAA,WAAW,GAAG;IACzB,SAAS,EAAE,iBAAiB;IAC5B,KAAK,EAAE,WAAW;IAClB,MAAM,EAAE,YAAY;IACpB,UAAU,EAAE,gBAAgB;IAC5B,YAAY,EAAE,mBAAmB;IACjC,YAAY,EAAE,mBAAmB;IACjC,YAAY,EAAE,mBAAmB;IACjC,UAAU,EAAE,iBAAiB;IAC7B,UAAU,EAAE,iBAAiB;IAC7B,UAAU,EAAE,iBAAiB;IAC7B,UAAU,EAAE,iBAAiB;IAC7B,QAAQ,EAAE,eAAe;CACjB,CAAC"}
+{"version":3,"file":"const.js","sourceRoot":"","sources":["../../../libs/rlb-nestjs-amqp/src/modules/acl/const.ts"],"names":[],"mappings":";;;AAGa,QAAA,SAAS,GAAG,SAAS,CAAC;AAEtB,QAAA,eAAe,GAAG,iBAAiB,CAAC;AAEpC,QAAA,mBAAmB,GAAG,qBAAqB,CAAC;AAG5C,QAAA,WAAW,GAAG;IAEzB,SAAS,EAAE,iBAAiB;IAE5B,YAAY,EAAE,qBAAqB;IAEnC,mBAAmB,EAAE,4BAA4B;IAEjD,UAAU,EAAE,kBAAkB;IAE9B,YAAY,EAAE,mBAAmB;IACjC,KAAK,EAAE,WAAW;IAClB,MAAM,EAAE,YAAY;IACpB,UAAU,EAAE,gBAAgB;IAC5B,YAAY,EAAE,mBAAmB;IACjC,YAAY,EAAE,mBAAmB;IACjC,YAAY,EAAE,mBAAmB;IACjC,UAAU,EAAE,iBAAiB;IAC7B,UAAU,EAAE,iBAAiB;IAC7B,UAAU,EAAE,iBAAiB;IAC7B,UAAU,EAAE,iBAAiB;IAC7B,QAAQ,EAAE,eAAe;IACzB,OAAO,EAAE,cAAc;CACf,CAAC"}

package/modules/acl/models.d.ts

@@ -17,3 +17,12 @@ export interface AclGrant<Id = string> {
     resourceId?: string;
     roles: string[];
 }
+export interface AclResource {
+    resourceId?: string;
+    actions: string[];
+    friendlyName?: string;
+}
+export interface AclResourceGroup {
+    resourceBusinessId?: string;
+    resources: AclResource[];
+}

package/modules/acl/repository/acl-action.repository.d.ts

@@ -2,10 +2,20 @@ import { PaginationModel } from '../../../common';
 import { AclAction } from '../models';
 export declare abstract class AclActionRepository {
     abstract insert(model: AclAction): Promise<AclAction>;
+    abstract insertMany(models: AclAction[]): Promise<AclAction[]>;
     abstract findById(id: string): Promise<AclAction>;
     abstract findOne(filter: Record<string, any>): Promise<AclAction>;
+    abstract upsertById(id: string, model: Partial<AclAction>): Promise<AclAction>;
+    abstract upsertOne(filter: Record<string, any>, model: Partial<AclAction>): Promise<AclAction>;
     abstract updateById(id: string, model: Partial<AclAction>): Promise<AclAction>;
+    abstract updateOne(filter: Record<string, any>, model: Partial<AclAction>): Promise<AclAction>;
+    abstract mergeById(id: string, model: Partial<AclAction>): Promise<AclAction>;
+    abstract mergeOne(filter: Record<string, any>, model: Partial<AclAction>): Promise<AclAction>;
     abstract removeById(id: string): Promise<AclAction>;
+    abstract removeOne(filter: Record<string, any>): Promise<AclAction>;
+    abstract removeMany(filter: Record<string, any>): Promise<number>;
     abstract filter(filter: Record<string, any>): Promise<AclAction[]>;
     abstract filterPaginated(filter: Record<string, any>, page?: number, limit?: number): Promise<PaginationModel<AclAction>>;
+    abstract retrieveAll(): Promise<AclAction[]>;
+    abstract retrieveAllPaginated(page: number, limit: number): Promise<PaginationModel<AclAction>>;
 }

package/modules/acl/repository/acl-action.repository.js.map

@@ -1 +1 @@
-{"version":3,"file":"acl-action.repository.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/repository/acl-action.repository.ts"],"names":[],"mappings":";;;AAOA,MAAsB,mBAAmB;CAQxC;AARD,kDAQC"}
+{"version":3,"file":"acl-action.repository.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/repository/acl-action.repository.ts"],"names":[],"mappings":";;;AAQA,MAAsB,mBAAmB;CAoBxC;AApBD,kDAoBC"}

package/modules/acl/repository/acl-grant.repository.d.ts

@@ -2,8 +2,12 @@ import { PaginationModel } from '../../../common';
 import { AclGrant } from '../models';
 export declare abstract class AclGrantRepository {
     abstract insert(model: AclGrant): Promise<AclGrant>;
+    abstract findById(id: string): Promise<AclGrant>;
     abstract findOne(filter: Record<string, any>): Promise<AclGrant>;
+    abstract updateById(id: string, model: Partial<AclGrant>): Promise<AclGrant>;
     abstract updateOne(filter: Record<string, any>, model: Partial<AclGrant>): Promise<AclGrant>;
+    abstract mergeById(id: string, model: Partial<AclGrant>): Promise<AclGrant>;
+    abstract removeById(id: string): Promise<AclGrant>;
     abstract removeOne(filter: Record<string, any>): Promise<AclGrant>;
     abstract filter(filter: Record<string, any>): Promise<AclGrant[]>;
     abstract filterPaginated(filter: Record<string, any>, page?: number, limit?: number): Promise<PaginationModel<AclGrant>>;

package/modules/acl/repository/acl-grant.repository.js.map

@@ -1 +1 @@
-{"version":3,"file":"acl-grant.repository.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/repository/acl-grant.repository.ts"],"names":[],"mappings":";;;AAIA,MAAsB,kBAAkB;CAYvC;AAZD,gDAYC"}
+{"version":3,"file":"acl-grant.repository.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/repository/acl-grant.repository.ts"],"names":[],"mappings":";;;AAOA,MAAsB,kBAAkB;CAiBvC;AAjBD,gDAiBC"}

package/modules/acl/repository/acl-role.repository.d.ts

@@ -2,9 +2,19 @@ import { PaginationModel } from '../../../common';
 import { AclRole } from '../models';
 export declare abstract class AclRoleRepository {
     abstract insert(model: AclRole): Promise<AclRole>;
+    abstract insertMany(models: AclRole[]): Promise<AclRole[]>;
+    abstract findById(id: string): Promise<AclRole>;
     abstract findOne(filter: Record<string, any>): Promise<AclRole>;
+    abstract upsertById(id: string, model: Partial<AclRole>): Promise<AclRole>;
+    abstract upsertOne(filter: Record<string, any>, model: Partial<AclRole>): Promise<AclRole>;
+    abstract updateById(id: string, model: Partial<AclRole>): Promise<AclRole>;
     abstract updateOne(filter: Record<string, any>, model: Partial<AclRole>): Promise<AclRole>;
+    abstract mergeById(id: string, model: Partial<AclRole>): Promise<AclRole>;
+    abstract removeById(id: string): Promise<AclRole>;
     abstract removeOne(filter: Record<string, any>): Promise<AclRole>;
     abstract filter(filter: Record<string, any>): Promise<AclRole[]>;
     abstract filterPaginated(filter: Record<string, any>, page?: number, limit?: number): Promise<PaginationModel<AclRole>>;
+    abstract list(): Promise<AclRole[]>;
+    abstract listPaginated(page: number, limit: number): Promise<PaginationModel<AclRole>>;
+    abstract getActionsByNames(names: string[]): Promise<string[]>;
 }

package/modules/acl/repository/acl-role.repository.js.map

@@ -1 +1 @@
-{"version":3,"file":"acl-role.repository.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/repository/acl-role.repository.ts"],"names":[],"mappings":";;;AAIA,MAAsB,iBAAiB;CAOtC;AAPD,8CAOC"}
+{"version":3,"file":"acl-role.repository.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/repository/acl-role.repository.ts"],"names":[],"mappings":";;;AAQA,MAAsB,iBAAiB;CAmBtC;AAnBD,8CAmBC"}

package/modules/acl/services/acl-management.service.d.ts

@@ -12,7 +12,8 @@ export declare class AclManagementService {
     private readonly logger;
     constructor(actions: AclActionRepository, roles: AclRoleRepository, grants: AclGrantRepository, cache: AclCacheService);
     grant(userId: string, roles: string[], resourceId?: string, resourceBusinessId?: string, friendlyName?: string): Promise<AclGrant>;
-    revoke(userId: string, resourceId?: string): Promise<AclGrant>;
+    revoke(userId: string, resourceId?: string, roles?: string[]): Promise<AclGrant | null>;
+    private findGrant;
     createAction(name: string, description?: string): Promise<AclAction>;
     updateAction(id: string, model: Partial<AclAction>): Promise<AclAction>;
     deleteAction(id: string): Promise<AclAction>;
@@ -21,6 +22,8 @@ export declare class AclManagementService {
     updateRole(name: string, model: Partial<AclRole>): Promise<AclRole>;
     deleteRole(name: string): Promise<AclRole>;
     listRoles(page?: number, limit?: number): Promise<PaginationModel<AclRole>>;
+    getRole(name: string): Promise<AclRole>;
+    getActionsByNames(names: string[]): Promise<string[]>;
     private assertActionsExist;
     private assertRolesExist;
 }

package/modules/acl/services/acl-management.service.js

@@ -36,16 +36,44 @@ let AclManagementService = AclManagementService_1 = class AclManagementService {
         if (!roles?.length)
             throw new common_2.BadRequestError('roles are required');
         await this.assertRolesExist(roles);
-        const grant = await this.grants.insert({ userId, roles, resourceId, resourceBusinessId, friendlyName });
+        const existing = await this.findGrant(userId, resourceId);
+        let result;
+        if (existing) {
+            const merged = Array.from(new Set([...(existing.roles || []), ...roles]));
+            result = await this.grants.updateById(existing._id, {
+                roles: merged,
+                resourceBusinessId: resourceBusinessId ?? existing.resourceBusinessId,
+                friendlyName: friendlyName ?? existing.friendlyName,
+            });
+        }
+        else {
+            result = await this.grants.insert({ userId, roles: Array.from(new Set(roles)), resourceId, resourceBusinessId, friendlyName });
+        }
         await this.cache.invalidate(userId);
-        return grant;
+        return result;
     }
-    async revoke(userId, resourceId) {
+    async revoke(userId, resourceId, roles) {
         if (!userId)
             throw new common_2.BadRequestError('userId is required');
-        const removed = await this.grants.removeOne({ userId, ...(resourceId !== undefined ? { resourceId } : {}) });
+        const existing = await this.findGrant(userId, resourceId);
+        if (!existing)
+            return null;
+        let result;
+        if (roles?.length) {
+            const remaining = (existing.roles || []).filter((r) => !roles.includes(r));
+            result = remaining.length
+                ? await this.grants.updateById(existing._id, { roles: remaining })
+                : await this.grants.removeById(existing._id);
+        }
+        else {
+            result = await this.grants.removeById(existing._id);
+        }
         await this.cache.invalidate(userId);
-        return removed;
+        return result;
+    }
+    async findGrant(userId, resourceId) {
+        const all = await this.grants.filter({ userId });
+        return (all || []).find((g) => (g.resourceId ?? null) === (resourceId ?? null));
     }
     async createAction(name, description) {
         if (!name)
@@ -96,6 +124,14 @@ let AclManagementService = AclManagementService_1 = class AclManagementService {
     async listRoles(page, limit) {
         return this.roles.filterPaginated({}, Number(page) || 1, Number(limit) || 10);
     }
+    async getRole(name) {
+        if (!name)
+            throw new common_2.BadRequestError('name is required');
+        return this.roles.findOne({ name });
+    }
+    async getActionsByNames(names) {
+        return this.roles.getActionsByNames(names);
+    }
     async assertActionsExist(names) {
         const found = await this.actions.filter({ name: { $in: names } });
         const missing = names.filter((n) => !found.some((a) => a.name === n));
@@ -125,8 +161,9 @@ __decorate([
     (0, broker_1.BrokerAction)(const_1.ACL_TOPIC, const_1.ACL_ACTIONS.revoke, 'rpc'),
     __param(0, (0, broker_1.BrokerParam)('body', 'userId')),
     __param(1, (0, broker_1.BrokerParam)('body', 'resourceId')),
+    __param(2, (0, broker_1.BrokerParam)('body', 'roles')),
     __metadata("design:type", Function),
-    __metadata("design:paramtypes", [String, String]),
+    __metadata("design:paramtypes", [String, String, Array]),
     __metadata("design:returntype", Promise)
 ], AclManagementService.prototype, "revoke", null);
 __decorate([
@@ -192,6 +229,13 @@ __decorate([
     __metadata("design:paramtypes", [Number, Number]),
     __metadata("design:returntype", Promise)
 ], AclManagementService.prototype, "listRoles", null);
+__decorate([
+    (0, broker_1.BrokerAction)(const_1.ACL_TOPIC, const_1.ACL_ACTIONS.roleGet, 'rpc'),
+    __param(0, (0, broker_1.BrokerParam)('body', 'name')),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String]),
+    __metadata("design:returntype", Promise)
+], AclManagementService.prototype, "getRole", null);
 exports.AclManagementService = AclManagementService = AclManagementService_1 = __decorate([
     (0, common_1.Injectable)(),
     __metadata("design:paramtypes", [acl_action_repository_1.AclActionRepository,

package/modules/acl/services/acl-management.service.js.map

@@ -1 +1 @@
-{"version":3,"file":"acl-management.service.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/services/acl-management.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAAoD;AACpD,4CAAmE;AACnE,yCAAyD;AACzD,kEAA6D;AAC7D,oCAAkD;AAElD,+EAA0E;AAC1E,6EAAwE;AACxE,2EAAsE;AAG/D,IAAM,oBAAoB,4BAA1B,MAAM,oBAAoB;IAG/B,YACmB,OAA4B,EAC5B,KAAwB,EACxB,MAA0B,EAC1B,KAAsB;QAHtB,YAAO,GAAP,OAAO,CAAqB;QAC5B,UAAK,GAAL,KAAK,CAAmB;QACxB,WAAM,GAAN,MAAM,CAAoB;QAC1B,UAAK,GAAL,KAAK,CAAiB;QANxB,WAAM,GAAG,IAAI,eAAM,CAAC,sBAAoB,CAAC,IAAI,CAAC,CAAC;IAO5D,CAAC;IAKC,AAAN,KAAK,CAAC,KAAK,CACsB,MAAc,EACf,KAAe,EACV,UAAmB,EACX,kBAA2B,EACjC,YAAqB;QAE1D,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,oBAAoB,CAAC,CAAC;QAC7D,IAAI,CAAC,KAAK,EAAE,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,oBAAoB,CAAC,CAAC;QACpE,MAAM,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;QACnC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,kBAAkB,EAAE,YAAY,EAAE,CAAC,CAAC;QACxG,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACpC,OAAO,KAAK,CAAC;IACf,CAAC;IAGK,AAAN,KAAK,CAAC,MAAM,CACqB,MAAc,EACV,UAAmB;QAEtD,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,oBAAoB,CAAC,CAAC;QAC7D,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,GAAG,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QAC7G,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACpC,OAAO,OAAO,CAAC;IACjB,CAAC;IAKK,AAAN,KAAK,CAAC,YAAY,CACa,IAAY,EACL,WAAoB;QAExD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC;QACjE,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,OAAO,CAAC;IACjB,CAAC;IAGK,AAAN,KAAK,CAAC,YAAY,CACW,EAAU,EACX,KAAyB;QAEnD,IAAI,CAAC,EAAE;YAAE,MAAM,IAAI,wBAAe,CAAC,gBAAgB,CAAC,CAAC;QACrD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;QACzD,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,OAAO,CAAC;IACjB,CAAC;IAGK,AAAN,KAAK,CAAC,YAAY,CAA4B,EAAU;QACtD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;QAClD,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,OAAO,CAAC;IACjB,CAAC;IAGK,AAAN,KAAK,CAAC,WAAW,CACc,IAAa,EACZ,KAAc;QAE5C,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IAClF,CAAC;IAKK,AAAN,KAAK,CAAC,UAAU,CACe,IAAY,EACT,OAAiB,EACb,WAAoB;QAExD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,CAAC,CAAC;QACzD,IAAI,CAAC,OAAO,EAAE,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,sBAAsB,CAAC,CAAC;QACxE,MAAM,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;QACvC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;QACxE,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,OAAO,CAAC;IACjB,CAAC;IAGK,AAAN,KAAK,CAAC,UAAU,CACe,IAAY,EACf,KAAuB;QAEjD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,CAAC,CAAC;QACzD,IAAI,KAAK,EAAE,OAAO,EAAE,MAAM;YAAE,MAAM,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACzE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,EAAE,KAAK,CAAC,CAAC;QAC5D,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,OAAO,CAAC;IACjB,CAAC;IAGK,AAAN,KAAK,CAAC,UAAU,CAA8B,IAAY;QACxD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QACrD,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,OAAO,CAAC;IACjB,CAAC;IAGK,AAAN,KAAK,CAAC,SAAS,CACgB,IAAa,EACZ,KAAc;QAE5C,OAAO,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IAChF,CAAC;IAIO,KAAK,CAAC,kBAAkB,CAAC,KAAe;QAC9C,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;QAClE,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;QACtE,IAAI,OAAO,CAAC,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,oBAAoB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC1F,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAAC,KAAe;QAC5C,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;QAChE,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;QACtE,IAAI,OAAO,CAAC,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACxF,CAAC;CACF,CAAA;AAtIY,oDAAoB;AAazB;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,KAAK,EAAE,KAAK,CAAC;IAE/C,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAA;IAC7B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAC5B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,YAAY,CAAC,CAAA;IACjC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,oBAAoB,CAAC,CAAA;IACzC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,cAAc,CAAC,CAAA;;;;iDAQrC;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,MAAM,EAAE,KAAK,CAAC;IAEhD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAA;IAC7B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,YAAY,CAAC,CAAA;;;;kDAMnC;AAKK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,YAAY,EAAE,KAAK,CAAC;IAEtD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC3B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,aAAa,CAAC,CAAA;;;;wDAMpC;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,YAAY,EAAE,KAAK,CAAC;IAEtD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,IAAI,CAAC,CAAA;IACzB,WAAA,IAAA,oBAAW,EAAC,WAAW,CAAC,CAAA;;;;wDAM1B;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,YAAY,EAAE,KAAK,CAAC;IACrC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,IAAI,CAAC,CAAA;;;;wDAI5C;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,UAAU,EAAE,KAAK,CAAC;IAEpD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC3B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,OAAO,CAAC,CAAA;;;;uDAG9B;AAKK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,UAAU,EAAE,KAAK,CAAC;IAEpD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC3B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,SAAS,CAAC,CAAA;IAC9B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,aAAa,CAAC,CAAA;;;;sDAQpC;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,UAAU,EAAE,KAAK,CAAC;IAEpD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC3B,WAAA,IAAA,oBAAW,EAAC,WAAW,CAAC,CAAA;;;;sDAO1B;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,UAAU,EAAE,KAAK,CAAC;IACrC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;;;;sDAI5C;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,QAAQ,EAAE,KAAK,CAAC;IAElD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC3B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,OAAO,CAAC,CAAA;;;;qDAG9B;+BAvHU,oBAAoB;IADhC,IAAA,mBAAU,GAAE;qCAKiB,2CAAmB;QACrB,uCAAiB;QAChB,yCAAkB;QACnB,mCAAe;GAP9B,oBAAoB,CAsIhC"}
+{"version":3,"file":"acl-management.service.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/services/acl-management.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAAoD;AACpD,4CAAmE;AACnE,yCAAyD;AACzD,kEAA6D;AAC7D,oCAAkD;AAElD,+EAA0E;AAC1E,6EAAwE;AACxE,2EAAsE;AAG/D,IAAM,oBAAoB,4BAA1B,MAAM,oBAAoB;IAG/B,YACmB,OAA4B,EAC5B,KAAwB,EACxB,MAA0B,EAC1B,KAAsB;QAHtB,YAAO,GAAP,OAAO,CAAqB;QAC5B,UAAK,GAAL,KAAK,CAAmB;QACxB,WAAM,GAAN,MAAM,CAAoB;QAC1B,UAAK,GAAL,KAAK,CAAiB;QANxB,WAAM,GAAG,IAAI,eAAM,CAAC,sBAAoB,CAAC,IAAI,CAAC,CAAC;IAO5D,CAAC;IAGC,AAAN,KAAK,CAAC,KAAK,CACsB,MAAc,EACf,KAAe,EACV,UAAmB,EACX,kBAA2B,EACjC,YAAqB;QAE1D,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,oBAAoB,CAAC,CAAC;QAC7D,IAAI,CAAC,KAAK,EAAE,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,oBAAoB,CAAC,CAAC;QACpE,MAAM,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;QAGnC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QAC1D,IAAI,MAAgB,CAAC;QACrB,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,IAAI,EAAE,CAAC,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAC1E,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAI,EAAE;gBACnD,KAAK,EAAE,MAAM;gBACb,kBAAkB,EAAE,kBAAkB,IAAI,QAAQ,CAAC,kBAAkB;gBACrE,YAAY,EAAE,YAAY,IAAI,QAAQ,CAAC,YAAY;aACpD,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,EAAE,kBAAkB,EAAE,YAAY,EAAE,CAAC,CAAC;QACjI,CAAC;QACD,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACpC,OAAO,MAAM,CAAC;IAChB,CAAC;IAGK,AAAN,KAAK,CAAC,MAAM,CACqB,MAAc,EACV,UAAmB,EACxB,KAAgB;QAE9C,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,oBAAoB,CAAC,CAAC;QAC7D,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QAC1D,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,CAAC;QAC3B,IAAI,MAAuB,CAAC;QAC5B,IAAI,KAAK,EAAE,MAAM,EAAE,CAAC;YAElB,MAAM,SAAS,GAAG,CAAC,QAAQ,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YAC3E,MAAM,GAAG,SAAS,CAAC,MAAM;gBACvB,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAI,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;gBACnE,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAI,CAAC,CAAC;QAClD,CAAC;aAAM,CAAC;YAEN,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAI,CAAC,CAAC;QACvD,CAAC;QACD,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACpC,OAAO,MAAM,CAAC;IAChB,CAAC;IAGO,KAAK,CAAC,SAAS,CAAC,MAAc,EAAE,UAAmB;QACzD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,IAAI,IAAI,CAAC,KAAK,CAAC,UAAU,IAAI,IAAI,CAAC,CAAC,CAAC;IAClF,CAAC;IAGK,AAAN,KAAK,CAAC,YAAY,CACa,IAAY,EACL,WAAoB;QAExD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC;QACjE,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,OAAO,CAAC;IACjB,CAAC;IAGK,AAAN,KAAK,CAAC,YAAY,CACW,EAAU,EACX,KAAyB;QAEnD,IAAI,CAAC,EAAE;YAAE,MAAM,IAAI,wBAAe,CAAC,gBAAgB,CAAC,CAAC;QACrD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;QACzD,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,OAAO,CAAC;IACjB,CAAC;IAGK,AAAN,KAAK,CAAC,YAAY,CAA4B,EAAU;QACtD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;QAClD,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,OAAO,CAAC;IACjB,CAAC;IAGK,AAAN,KAAK,CAAC,WAAW,CACc,IAAa,EACZ,KAAc;QAE5C,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IAClF,CAAC;IAGK,AAAN,KAAK,CAAC,UAAU,CACe,IAAY,EACT,OAAiB,EACb,WAAoB;QAExD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,CAAC,CAAC;QACzD,IAAI,CAAC,OAAO,EAAE,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,sBAAsB,CAAC,CAAC;QACxE,MAAM,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;QACvC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;QACxE,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,OAAO,CAAC;IACjB,CAAC;IAGK,AAAN,KAAK,CAAC,UAAU,CACe,IAAY,EACf,KAAuB;QAEjD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,CAAC,CAAC;QACzD,IAAI,KAAK,EAAE,OAAO,EAAE,MAAM;YAAE,MAAM,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACzE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,EAAE,KAAK,CAAC,CAAC;QAC5D,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,OAAO,CAAC;IACjB,CAAC;IAGK,AAAN,KAAK,CAAC,UAAU,CAA8B,IAAY;QACxD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QACrD,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,OAAO,CAAC;IACjB,CAAC;IAGK,AAAN,KAAK,CAAC,SAAS,CACgB,IAAa,EACZ,KAAc;QAE5C,OAAO,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IAChF,CAAC;IAGK,AAAN,KAAK,CAAC,OAAO,CAA8B,IAAY;QACrD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,CAAC,CAAC;QACzD,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;IACtC,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,KAAe;QACrC,OAAO,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;IAC7C,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAAC,KAAe;QAC9C,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;QAClE,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;QACtE,IAAI,OAAO,CAAC,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,oBAAoB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC1F,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAAC,KAAe;QAC5C,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;QAChE,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;QACtE,IAAI,OAAO,CAAC,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACxF,CAAC;CACF,CAAA;AAxKY,oDAAoB;AAWzB;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,KAAK,EAAE,KAAK,CAAC;IAE/C,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAA;IAC7B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAC5B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,YAAY,CAAC,CAAA;IACjC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,oBAAoB,CAAC,CAAA;IACzC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,cAAc,CAAC,CAAA;;;;iDAqBrC;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,MAAM,EAAE,KAAK,CAAC;IAEhD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAA;IAC7B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,YAAY,CAAC,CAAA;IACjC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,OAAO,CAAC,CAAA;;;;kDAkB9B;AASK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,YAAY,EAAE,KAAK,CAAC;IAEtD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC3B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,aAAa,CAAC,CAAA;;;;wDAMpC;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,YAAY,EAAE,KAAK,CAAC;IAEtD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,IAAI,CAAC,CAAA;IACzB,WAAA,IAAA,oBAAW,EAAC,WAAW,CAAC,CAAA;;;;wDAM1B;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,YAAY,EAAE,KAAK,CAAC;IACrC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,IAAI,CAAC,CAAA;;;;wDAI5C;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,UAAU,EAAE,KAAK,CAAC;IAEpD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC3B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,OAAO,CAAC,CAAA;;;;uDAG9B;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,UAAU,EAAE,KAAK,CAAC;IAEpD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC3B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,SAAS,CAAC,CAAA;IAC9B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,aAAa,CAAC,CAAA;;;;sDAQpC;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,UAAU,EAAE,KAAK,CAAC;IAEpD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC3B,WAAA,IAAA,oBAAW,EAAC,WAAW,CAAC,CAAA;;;;sDAO1B;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,UAAU,EAAE,KAAK,CAAC;IACrC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;;;;sDAI5C;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,QAAQ,EAAE,KAAK,CAAC;IAElD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC3B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,OAAO,CAAC,CAAA;;;;qDAG9B;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,OAAO,EAAE,KAAK,CAAC;IACrC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;;;;mDAGzC;+BAvJU,oBAAoB;IADhC,IAAA,mBAAU,GAAE;qCAKiB,2CAAmB;QACrB,uCAAiB;QAChB,yCAAkB;QACnB,mCAAe;GAP9B,oBAAoB,CAwKhC"}

package/modules/acl/services/acl.service.d.ts

@@ -1,11 +1,20 @@
 import { IAclRoleService } from '../../proxy/services/acl.service';
 import { AclCacheService } from '../cache/acl-cache.service';
+import { AclGrant, AclResourceGroup } from '../models';
 import { AclGrantRepository } from '../repository/acl-grant.repository';
+import { AclRoleRepository } from '../repository/acl-role.repository';
 export declare class AclService implements IAclRoleService {
     private readonly grants;
+    private readonly roles;
     private readonly cache;
     private readonly logger;
-    constructor(grants: AclGrantRepository, cache: AclCacheService);
-    canUserDo(topic: string, action: string, userId: string): Promise<boolean>;
-    handleCanUserDo(userId: string, action: string, topic?: string): Promise<boolean>;
+    constructor(grants: AclGrantRepository, roles: AclRoleRepository, cache: AclCacheService);
+    private toList;
+    canUserDoGtw(roles: string | string[], userId: string): Promise<boolean>;
+    canUserDo(roles: string | string[], userId: string, resourceId?: string): Promise<boolean>;
+    handleCanUserDoGtw(userId: string, roles?: string | string[]): Promise<boolean>;
+    handleCanUserDo(userId: string, resource: string, roles?: string | string[]): Promise<boolean>;
+    listResourcesByUser(userId: string): Promise<AclResourceGroup[]>;
+    listByUser(userId: string): Promise<AclGrant[]>;
+    verifyAccess(userId: string, resourceId: string, action: string, resourceBusinessId?: string, productId?: string): Promise<boolean>;
 }