@open-rlb/nestjs-amqp 2.0.2 → 2.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +6 -8
- package/common/errors.d.ts +2 -0
- package/common/errors.js +4 -1
- package/common/errors.js.map +1 -1
- package/index.d.ts +0 -1
- package/index.js +0 -1
- package/index.js.map +1 -1
- package/modules/acl/cache/acl-cache.service.d.ts +2 -2
- package/modules/acl/cache/acl-cache.service.js +6 -6
- package/modules/acl/cache/acl-cache.service.js.map +1 -1
- package/modules/acl/config/acl.config.d.ts +0 -1
- package/modules/acl/const.d.ts +5 -2
- package/modules/acl/const.js +5 -2
- package/modules/acl/const.js.map +1 -1
- package/modules/acl/models.d.ts +9 -0
- package/modules/acl/repository/acl-action.repository.d.ts +10 -0
- package/modules/acl/repository/acl-action.repository.js.map +1 -1
- package/modules/acl/repository/acl-grant.repository.d.ts +4 -1
- package/modules/acl/repository/acl-grant.repository.js.map +1 -1
- package/modules/acl/repository/acl-role.repository.d.ts +10 -0
- package/modules/acl/repository/acl-role.repository.js.map +1 -1
- package/modules/acl/services/acl-management.service.d.ts +8 -6
- package/modules/acl/services/acl-management.service.js +78 -48
- package/modules/acl/services/acl-management.service.js.map +1 -1
- package/modules/acl/services/acl.service.d.ts +11 -3
- package/modules/acl/services/acl.service.js +103 -11
- package/modules/acl/services/acl.service.js.map +1 -1
- package/modules/broker/broker.module.d.ts +4 -1
- package/modules/broker/broker.module.js +17 -1
- package/modules/broker/broker.module.js.map +1 -1
- package/modules/broker/config/decorator-paths.d.ts +1 -0
- package/modules/broker/config/decorator-paths.js +35 -0
- package/modules/broker/config/decorator-paths.js.map +1 -0
- package/modules/broker/config/handler-auth.config.d.ts +2 -2
- package/modules/broker/config/route-discovery.config.d.ts +8 -0
- package/modules/broker/config/route-discovery.config.js +3 -0
- package/modules/broker/config/route-discovery.config.js.map +1 -0
- package/modules/broker/const.d.ts +3 -0
- package/modules/broker/const.js +4 -1
- package/modules/broker/const.js.map +1 -1
- package/modules/broker/decorators/broker-action.decorator.d.ts +15 -2
- package/modules/broker/decorators/broker-action.decorator.js +4 -4
- package/modules/broker/decorators/broker-action.decorator.js.map +1 -1
- package/modules/broker/index.d.ts +3 -0
- package/modules/broker/index.js +3 -0
- package/modules/broker/index.js.map +1 -1
- package/modules/broker/services/metadata-scanner.service.d.ts +1 -0
- package/modules/broker/services/metadata-scanner.service.js +28 -4
- package/modules/broker/services/metadata-scanner.service.js.map +1 -1
- package/modules/broker/services/route-discovery-publisher.service.d.ts +13 -0
- package/modules/broker/services/route-discovery-publisher.service.js +64 -0
- package/modules/broker/services/route-discovery-publisher.service.js.map +1 -0
- package/modules/gateway-admin/const.d.ts +2 -0
- package/modules/gateway-admin/const.js +2 -0
- package/modules/gateway-admin/const.js.map +1 -1
- package/modules/gateway-admin/gateway-admin.module.js +2 -1
- package/modules/gateway-admin/gateway-admin.module.js.map +1 -1
- package/modules/gateway-admin/index.d.ts +4 -0
- package/modules/gateway-admin/index.js +4 -0
- package/modules/gateway-admin/index.js.map +1 -1
- package/modules/gateway-admin/models.d.ts +49 -0
- package/modules/gateway-admin/repository/http-metric.repository.d.ts +4 -1
- package/modules/gateway-admin/repository/http-metric.repository.js.map +1 -1
- package/modules/gateway-admin/repository/http-path.repository.d.ts +5 -0
- package/modules/gateway-admin/repository/http-path.repository.js +6 -0
- package/modules/gateway-admin/repository/http-path.repository.js.map +1 -1
- package/modules/gateway-admin/repository/route-sync-log.repository.d.ts +5 -0
- package/modules/gateway-admin/repository/route-sync-log.repository.js +7 -0
- package/modules/gateway-admin/repository/route-sync-log.repository.js.map +1 -0
- package/modules/gateway-admin/services/gateway-metrics.service.d.ts +3 -1
- package/modules/gateway-admin/services/gateway-metrics.service.js +53 -0
- package/modules/gateway-admin/services/gateway-metrics.service.js.map +1 -1
- package/modules/gateway-admin/services/gateway-path.service.d.ts +1 -0
- package/modules/gateway-admin/services/gateway-path.service.js +16 -1
- package/modules/gateway-admin/services/gateway-path.service.js.map +1 -1
- package/modules/gateway-admin/services/route-sync.service.d.ts +19 -0
- package/modules/gateway-admin/services/route-sync.service.js +137 -0
- package/modules/gateway-admin/services/route-sync.service.js.map +1 -0
- package/modules/gateway-admin/util/route-diff.d.ts +27 -0
- package/modules/gateway-admin/util/route-diff.js +44 -0
- package/modules/gateway-admin/util/route-diff.js.map +1 -0
- package/modules/gateway-admin/util/route-manifest.d.ts +7 -0
- package/modules/gateway-admin/util/route-manifest.js +34 -0
- package/modules/gateway-admin/util/route-manifest.js.map +1 -0
- package/modules/proxy/index.d.ts +1 -0
- package/modules/proxy/index.js +1 -0
- package/modules/proxy/index.js.map +1 -1
- package/modules/proxy/services/acl.service.d.ts +2 -1
- package/modules/proxy/services/http-auth-handler.service.d.ts +1 -1
- package/modules/proxy/services/http-auth-handler.service.js +29 -34
- package/modules/proxy/services/http-auth-handler.service.js.map +1 -1
- package/modules/proxy/services/http-handler.service.d.ts +3 -1
- package/modules/proxy/services/http-handler.service.js +50 -19
- package/modules/proxy/services/http-handler.service.js.map +1 -1
- package/modules/proxy/services/metrics-hook.d.ts +15 -0
- package/modules/proxy/services/metrics-hook.js +5 -0
- package/modules/proxy/services/metrics-hook.js.map +1 -0
- package/modules/proxy/services/websocket.service.js +4 -1
- package/modules/proxy/services/websocket.service.js.map +1 -1
- package/package.json +1 -1
- package/schematics/nest-add/files/skills/rlb-amqp/references/config-schema.md +4 -3
- package/schematics/nest-add/files/skills/rlb-amqp/references/gotchas.md +14 -5
- package/schematics/nest-add/files/skills/rlb-amqp-add-route/SKILL.md +5 -2
- package/modules/remote-config/index.d.ts +0 -2
- package/modules/remote-config/index.js +0 -19
- package/modules/remote-config/index.js.map +0 -1
- package/modules/remote-config/remote-config.module.d.ts +0 -2
- package/modules/remote-config/remote-config.module.js +0 -22
- package/modules/remote-config/remote-config.module.js.map +0 -1
- package/modules/remote-config/remote-config.service.d.ts +0 -12
- package/modules/remote-config/remote-config.service.js +0 -68
- package/modules/remote-config/remote-config.service.js.map +0 -1
package/README.md
CHANGED
|
@@ -268,8 +268,6 @@ auth-providers:
|
|
|
268
268
|
headerPrefix: X-GTW-AUTH- # prefisso degli header propagati ai microservizi
|
|
269
269
|
uidClaim: USERID # dest (uppercase) usato come user id per l'ACL
|
|
270
270
|
usernameClaim: USERNAME
|
|
271
|
-
aclTopic: acl # topic RPC interrogato per i ruoli
|
|
272
|
-
aclAction: can-user-do
|
|
273
271
|
|
|
274
272
|
- name: gateway-jwt
|
|
275
273
|
type: jwt
|
|
@@ -281,8 +279,6 @@ auth-providers:
|
|
|
281
279
|
headerPrefix: X-GTW-AUTH-
|
|
282
280
|
uidClaim: USERID
|
|
283
281
|
usernameClaim: USERNAME
|
|
284
|
-
aclTopic: acl
|
|
285
|
-
aclAction: can-user-do
|
|
286
282
|
|
|
287
283
|
- name: gateway-basic
|
|
288
284
|
type: basic
|
|
@@ -298,7 +294,7 @@ auth-providers:
|
|
|
298
294
|
|
|
299
295
|
Mapping dei claim: un token con `{ sub: "u_1", roles: [...] }` e `jwtMap: [sub:userId]`, `headerPrefix: X-GTW-AUTH-` produce l'header `X-GTW-AUTH-USERID = u_1` propagato al microservizio. Leggilo con `@BrokerParam('header', 'X-GTW-AUTH-USERID')`.
|
|
300
296
|
|
|
301
|
-
> **Sicurezza dei provider**: `algorithms` è **obbligatorio** per `jwt`/`jwks` (se omesso la verifica è negata → previene l'algorithm-confusion); per `jwks` solo algoritmi asimmetrici (RS\*/ES\*/PS\*), `HS*`/`none` rifiutati. `str-compare` senza `secret` e `basic` senza `clientSecret` fanno **pass-through** (richiesta considerata autenticata — provider di fatto aperto/disabilitato; usalo consapevolmente). Senza `jwtMap`
|
|
297
|
+
> **Sicurezza dei provider**: `algorithms` è **obbligatorio** per `jwt`/`jwks` (se omesso la verifica è negata → previene l'algorithm-confusion); per `jwks` solo algoritmi asimmetrici (RS\*/ES\*/PS\*), `HS*`/`none` rifiutati. `str-compare` senza `secret` e `basic` senza `clientSecret` fanno **pass-through** (richiesta considerata autenticata — provider di fatto aperto/disabilitato; usalo consapevolmente). Senza `jwtMap` **nessun claim viene inoltrato** (il token resta accettato, `success:true`): il gateway fa fail-safe invece di propagare l'intero payload. Definiscilo sempre per inoltrare gli header identità (es. `X-GTW-AUTH-USERID`).
|
|
302
298
|
|
|
303
299
|
### `gateway`
|
|
304
300
|
|
|
@@ -574,8 +570,10 @@ import { AclModule, AclService, AclActionRepository, AclRoleRepository, AclGrant
|
|
|
574
570
|
export class AppModule {}
|
|
575
571
|
```
|
|
576
572
|
|
|
577
|
-
- I handler sono esposti su `BrokerService` con topic **`rlb-acl`** (costante `ACL_TOPIC`): `acl-can-user-do` (rpc), `acl-grant`/`acl-revoke`, `acl-action-*`, `acl-role-*`. Definisci nel tuo `broker.topics` un topic `rlb-acl
|
|
578
|
-
-
|
|
573
|
+
- I handler sono esposti su `BrokerService` con topic **`rlb-acl`** (costante `ACL_TOPIC`): `acl-can-user-do` / `acl-can-user-do-gtw` (rpc), `acl-grant`/`acl-revoke`, `acl-action-*`, `acl-role-*`. Definisci nel tuo `broker.topics` un topic `rlb-acl`. (Il check ruoli del gateway è in-process via `IAclRoleService`, quindi gli auth-provider non richiedono più `aclTopic`/`aclAction`.)
|
|
574
|
+
- **Due verifiche role-based** (servite dalla cache 2-tier, miss → DB → ripopola); input solo `userId` + `roles`, **niente topic/action**:
|
|
575
|
+
- `canUserDoGtw(roles, userId)` — **filtro primario del gateway** (role-based, OR): vero se l'utente ha almeno uno dei ruoli, resource-agnostico. È quello usato da `checkRoles` su `path.roles`. RPC `acl-can-user-do-gtw`.
|
|
576
|
+
- `canUserDo(roles, userId, resourceId)` — **lato microservizio**: vero se un grant **globale** (senza `resourceId`) **oppure** legato a quella risorsa dà all'utente il ruolo (`roles` accetta `string | string[]`). La risorsa è nota solo al ms, che chiama l'RPC `acl-can-user-do` con payload `{ userId, resource, roles }`.
|
|
579
577
|
- **Invalidazione**: ogni mutazione (grant/role/action) svuota L1 e L2 → la prossima verifica pesca dal DB. Senza L2, la coerenza multi-istanza è limitata dal `ramTtlMs`.
|
|
580
578
|
- **Cache L2 pluggable**: il consumer fornisce `{ provide: RLB_ACL_CACHE_STORE, useClass/useExisting }` che implementa `AclCacheStore` (`get/set/del/keys`). In `gateway-2` è `InMemoryAclStore` (mock in RAM, nessuna dipendenza esterna); in produzione plugga uno store condiviso (es. Redis).
|
|
581
579
|
|
|
@@ -660,7 +658,7 @@ Questi sono i punti che causano più frequentemente bug silenziosi. **Leggili pr
|
|
|
660
658
|
|
|
661
659
|
### Auth / ACL
|
|
662
660
|
|
|
663
|
-
14. **`roles` su una path
|
|
661
|
+
14. **`roles` su una path richiede un `IAclRoleService`** registrato via `RLB_GTW_ACL_ROLE_SERVICE` in `ProxyModule.forRootAsync({ providers: [...] })`. Il check del gateway è **role-based**: `path.roles` elenca **nomi di ruolo** e l'utente passa se ne possiede **almeno uno** (`canUserDoGtw(path.roles, userId)`, filtro primario resource-agnostico). L'auth-provider deve definire `uidClaim` (per estrarre lo userId) + `headerPrefix`. La verifica fine sulla risorsa va fatta sul microservizio con `canUserDo(roles, userId, resourceId)` (RPC `acl-can-user-do`). Nota: `authOptions`/`gatewayOptions` si passano a `ProxyModule`, non a `BrokerModule`.
|
|
664
662
|
15. **Gli header propagati sono uppercase e prefissati** (`${headerPrefix}${DEST}`): leggi `X-GTW-AUTH-USERID`, non `userId`.
|
|
665
663
|
|
|
666
664
|
### WebSocket
|
package/common/errors.d.ts
CHANGED
|
@@ -9,5 +9,7 @@ export declare class ForbiddenError extends BrokerHttpError {
|
|
|
9
9
|
}
|
|
10
10
|
export declare class NotFoundError extends BrokerHttpError {
|
|
11
11
|
}
|
|
12
|
+
export declare class ConflictError extends BrokerHttpError {
|
|
13
|
+
}
|
|
12
14
|
export declare class InvalidParamsErrror extends BrokerHttpError {
|
|
13
15
|
}
|
package/common/errors.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.InvalidParamsErrror = exports.NotFoundError = exports.ForbiddenError = exports.UnauthorizedError = exports.BadRequestError = exports.BrokerHttpError = void 0;
|
|
3
|
+
exports.InvalidParamsErrror = exports.ConflictError = exports.NotFoundError = exports.ForbiddenError = exports.UnauthorizedError = exports.BadRequestError = exports.BrokerHttpError = void 0;
|
|
4
4
|
class BrokerHttpError extends Error {
|
|
5
5
|
constructor(message) {
|
|
6
6
|
super(message);
|
|
@@ -20,6 +20,9 @@ exports.ForbiddenError = ForbiddenError;
|
|
|
20
20
|
class NotFoundError extends BrokerHttpError {
|
|
21
21
|
}
|
|
22
22
|
exports.NotFoundError = NotFoundError;
|
|
23
|
+
class ConflictError extends BrokerHttpError {
|
|
24
|
+
}
|
|
25
|
+
exports.ConflictError = ConflictError;
|
|
23
26
|
class InvalidParamsErrror extends BrokerHttpError {
|
|
24
27
|
}
|
|
25
28
|
exports.InvalidParamsErrror = InvalidParamsErrror;
|
package/common/errors.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../libs/rlb-nestjs-amqp/src/common/errors.ts"],"names":[],"mappings":";;;AAKA,MAAa,eAAgB,SAAQ,KAAK;IACxC,YAAY,OAAgB;QAC1B,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC;IAC9B,CAAC;CACF;AALD,0CAKC;AAED,MAAa,eAAgB,SAAQ,eAAe;CAAI;AAAxD,0CAAwD;AACxD,MAAa,iBAAkB,SAAQ,eAAe;CAAI;AAA1D,8CAA0D;AAC1D,MAAa,cAAe,SAAQ,eAAe;CAAI;AAAvD,wCAAuD;AACvD,MAAa,aAAc,SAAQ,eAAe;CAAI;AAAtD,sCAAsD;AAEtD,MAAa,mBAAoB,SAAQ,eAAe;CAAI;AAA5D,kDAA4D"}
|
|
1
|
+
{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../libs/rlb-nestjs-amqp/src/common/errors.ts"],"names":[],"mappings":";;;AAKA,MAAa,eAAgB,SAAQ,KAAK;IACxC,YAAY,OAAgB;QAC1B,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC;IAC9B,CAAC;CACF;AALD,0CAKC;AAED,MAAa,eAAgB,SAAQ,eAAe;CAAI;AAAxD,0CAAwD;AACxD,MAAa,iBAAkB,SAAQ,eAAe;CAAI;AAA1D,8CAA0D;AAC1D,MAAa,cAAe,SAAQ,eAAe;CAAI;AAAvD,wCAAuD;AACvD,MAAa,aAAc,SAAQ,eAAe;CAAI;AAAtD,sCAAsD;AACtD,MAAa,aAAc,SAAQ,eAAe;CAAI;AAAtD,sCAAsD;AAEtD,MAAa,mBAAoB,SAAQ,eAAe;CAAI;AAA5D,kDAA4D"}
|
package/index.d.ts
CHANGED
package/index.js
CHANGED
|
@@ -20,5 +20,4 @@ __exportStar(require("./modules/broker/index"), exports);
|
|
|
20
20
|
__exportStar(require("./modules/broker/services/utils.service"), exports);
|
|
21
21
|
__exportStar(require("./modules/gateway-admin"), exports);
|
|
22
22
|
__exportStar(require("./modules/proxy/index"), exports);
|
|
23
|
-
__exportStar(require("./modules/remote-config/index"), exports);
|
|
24
23
|
//# sourceMappingURL=index.js.map
|
package/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../libs/rlb-nestjs-amqp/src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAAyB;AACzB,gDAA8B;AAC9B,yDAAuC;AACvC,0EAAwD;AACxD,0DAAwC;AACxC,wDAAsC
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../libs/rlb-nestjs-amqp/src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAAyB;AACzB,gDAA8B;AAC9B,yDAAuC;AACvC,0EAAwD;AACxD,0DAAwC;AACxC,wDAAsC"}
|
|
@@ -8,8 +8,8 @@ export declare class AclCacheService {
|
|
|
8
8
|
private readonly l2TtlSec;
|
|
9
9
|
constructor(options: AclModuleOptions, store?: AclCacheStore);
|
|
10
10
|
private key;
|
|
11
|
-
get(userId: string,
|
|
12
|
-
set(userId: string,
|
|
11
|
+
get(userId: string, action: string): Promise<boolean | null>;
|
|
12
|
+
set(userId: string, action: string, value: boolean): Promise<void>;
|
|
13
13
|
invalidate(userId?: string): Promise<void>;
|
|
14
14
|
invalidateLocalRam(userId?: string): void;
|
|
15
15
|
}
|
|
@@ -24,11 +24,11 @@ let AclCacheService = AclCacheService_1 = class AclCacheService {
|
|
|
24
24
|
this.ramTtlMs = options.cache?.ramTtlMs ?? 30_000;
|
|
25
25
|
this.l2TtlSec = options.cache?.l2TtlSec ?? 600;
|
|
26
26
|
}
|
|
27
|
-
key(userId,
|
|
28
|
-
return `acl/${userId}/${
|
|
27
|
+
key(userId, action) {
|
|
28
|
+
return `acl/${userId}/${action}`;
|
|
29
29
|
}
|
|
30
|
-
async get(userId,
|
|
31
|
-
const key = this.key(userId,
|
|
30
|
+
async get(userId, action) {
|
|
31
|
+
const key = this.key(userId, action);
|
|
32
32
|
const local = this.ram.get(key);
|
|
33
33
|
if (local && local.exp > Date.now())
|
|
34
34
|
return local.v;
|
|
@@ -49,8 +49,8 @@ let AclCacheService = AclCacheService_1 = class AclCacheService {
|
|
|
49
49
|
}
|
|
50
50
|
return null;
|
|
51
51
|
}
|
|
52
|
-
async set(userId,
|
|
53
|
-
const key = this.key(userId,
|
|
52
|
+
async set(userId, action, value) {
|
|
53
|
+
const key = this.key(userId, action);
|
|
54
54
|
this.ram.set(key, { v: value, exp: Date.now() + this.ramTtlMs });
|
|
55
55
|
if (this.store) {
|
|
56
56
|
try {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"acl-cache.service.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/cache/acl-cache.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAAsE;AAEtE,oCAAgE;AAMzD,IAAM,eAAe,uBAArB,MAAM,eAAe;IAM1B,YAC2B,OAAyB,EACT,KAAsC;QAArB,UAAK,GAAL,KAAK,CAAgB;QAPhE,WAAM,GAAG,IAAI,eAAM,CAAC,iBAAe,CAAC,IAAI,CAAC,CAAC;QAC1C,QAAG,GAAG,IAAI,GAAG,EAAoB,CAAC;QAQjD,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,KAAK,EAAE,QAAQ,IAAI,MAAM,CAAC;QAClD,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,KAAK,EAAE,QAAQ,IAAI,GAAG,CAAC;IACjD,CAAC;IAEO,GAAG,CAAC,MAAc,EAAE,
|
|
1
|
+
{"version":3,"file":"acl-cache.service.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/cache/acl-cache.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAAsE;AAEtE,oCAAgE;AAMzD,IAAM,eAAe,uBAArB,MAAM,eAAe;IAM1B,YAC2B,OAAyB,EACT,KAAsC;QAArB,UAAK,GAAL,KAAK,CAAgB;QAPhE,WAAM,GAAG,IAAI,eAAM,CAAC,iBAAe,CAAC,IAAI,CAAC,CAAC;QAC1C,QAAG,GAAG,IAAI,GAAG,EAAoB,CAAC;QAQjD,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,KAAK,EAAE,QAAQ,IAAI,MAAM,CAAC;QAClD,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,KAAK,EAAE,QAAQ,IAAI,GAAG,CAAC;IACjD,CAAC;IAEO,GAAG,CAAC,MAAc,EAAE,MAAc;QACxC,OAAO,OAAO,MAAM,IAAI,MAAM,EAAE,CAAC;IACnC,CAAC;IAGD,KAAK,CAAC,GAAG,CAAC,MAAc,EAAE,MAAc;QACtC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACrC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,KAAK,IAAI,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE;YAAE,OAAO,KAAK,CAAC,CAAC,CAAC;QACpD,IAAI,KAAK;YAAE,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBACzC,IAAI,MAAM,KAAK,GAAG,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;oBACrC,MAAM,KAAK,GAAG,MAAM,KAAK,GAAG,CAAC;oBAC7B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;oBACjE,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gCAAgC,GAAG,KAAK,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;YAC7E,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,MAAc,EAAE,MAAc,EAAE,KAAc;QACtD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACrC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QACjE,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC9D,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,iCAAiC,GAAG,KAAK,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;YAC9E,CAAC;QACH,CAAC;IACH,CAAC;IAGD,KAAK,CAAC,UAAU,CAAC,MAAe;QAC9B,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAChC,IAAI,CAAC,IAAI,CAAC,KAAK;YAAE,OAAO;QACxB,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,OAAO,MAAM,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC;QACrD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC5C,IAAI,IAAI,CAAC,MAAM;gBAAE,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC9C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,wCAAwC,OAAO,KAAK,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;QACzF,CAAC;IACH,CAAC;IAGD,kBAAkB,CAAC,MAAe;QAChC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;YACjB,OAAO;QACT,CAAC;QACD,MAAM,MAAM,GAAG,OAAO,MAAM,GAAG,CAAC;QAChC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC;YAClC,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC;gBAAE,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;CACF,CAAA;AA3EY,0CAAe;0BAAf,eAAe;IAD3B,IAAA,mBAAU,GAAE;IAQR,WAAA,IAAA,eAAM,EAAC,uBAAe,CAAC,CAAA;IACvB,WAAA,IAAA,iBAAQ,GAAE,CAAA;IAAE,WAAA,IAAA,eAAM,EAAC,2BAAmB,CAAC,CAAA;;GAR/B,eAAe,CA2E3B"}
|
package/modules/acl/const.d.ts
CHANGED
|
@@ -3,15 +3,18 @@ export declare const RLB_ACL_OPTIONS = "RLB_ACL_OPTIONS";
|
|
|
3
3
|
export declare const RLB_ACL_CACHE_STORE = "RLB_ACL_CACHE_STORE";
|
|
4
4
|
export declare const ACL_ACTIONS: {
|
|
5
5
|
readonly canUserDo: "acl-can-user-do";
|
|
6
|
+
readonly canUserDoGtw: "acl-can-user-do-gtw";
|
|
7
|
+
readonly listResourcesByUser: "acl-list-resources-by-user";
|
|
8
|
+
readonly listByUser: "acl-list-by-user";
|
|
6
9
|
readonly grant: "acl-grant";
|
|
7
10
|
readonly revoke: "acl-revoke";
|
|
8
11
|
readonly invalidate: "acl-invalidate";
|
|
9
|
-
readonly actionCreate: "acl-action-create";
|
|
10
12
|
readonly actionUpdate: "acl-action-update";
|
|
11
13
|
readonly actionDelete: "acl-action-delete";
|
|
12
14
|
readonly actionList: "acl-action-list";
|
|
13
|
-
readonly
|
|
15
|
+
readonly actionGet: "acl-action-get";
|
|
14
16
|
readonly roleUpdate: "acl-role-update";
|
|
15
17
|
readonly roleDelete: "acl-role-delete";
|
|
16
18
|
readonly roleList: "acl-role-list";
|
|
19
|
+
readonly roleGet: "acl-role-get";
|
|
17
20
|
};
|
package/modules/acl/const.js
CHANGED
|
@@ -6,16 +6,19 @@ exports.RLB_ACL_OPTIONS = 'RLB_ACL_OPTIONS';
|
|
|
6
6
|
exports.RLB_ACL_CACHE_STORE = 'RLB_ACL_CACHE_STORE';
|
|
7
7
|
exports.ACL_ACTIONS = {
|
|
8
8
|
canUserDo: 'acl-can-user-do',
|
|
9
|
+
canUserDoGtw: 'acl-can-user-do-gtw',
|
|
10
|
+
listResourcesByUser: 'acl-list-resources-by-user',
|
|
11
|
+
listByUser: 'acl-list-by-user',
|
|
9
12
|
grant: 'acl-grant',
|
|
10
13
|
revoke: 'acl-revoke',
|
|
11
14
|
invalidate: 'acl-invalidate',
|
|
12
|
-
actionCreate: 'acl-action-create',
|
|
13
15
|
actionUpdate: 'acl-action-update',
|
|
14
16
|
actionDelete: 'acl-action-delete',
|
|
15
17
|
actionList: 'acl-action-list',
|
|
16
|
-
|
|
18
|
+
actionGet: 'acl-action-get',
|
|
17
19
|
roleUpdate: 'acl-role-update',
|
|
18
20
|
roleDelete: 'acl-role-delete',
|
|
19
21
|
roleList: 'acl-role-list',
|
|
22
|
+
roleGet: 'acl-role-get',
|
|
20
23
|
};
|
|
21
24
|
//# sourceMappingURL=const.js.map
|
package/modules/acl/const.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"const.js","sourceRoot":"","sources":["../../../libs/rlb-nestjs-amqp/src/modules/acl/const.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"const.js","sourceRoot":"","sources":["../../../libs/rlb-nestjs-amqp/src/modules/acl/const.ts"],"names":[],"mappings":";;;AAGa,QAAA,SAAS,GAAG,SAAS,CAAC;AAEtB,QAAA,eAAe,GAAG,iBAAiB,CAAC;AAEpC,QAAA,mBAAmB,GAAG,qBAAqB,CAAC;AAG5C,QAAA,WAAW,GAAG;IAEzB,SAAS,EAAE,iBAAiB;IAE5B,YAAY,EAAE,qBAAqB;IAEnC,mBAAmB,EAAE,4BAA4B;IAEjD,UAAU,EAAE,kBAAkB;IAC9B,KAAK,EAAE,WAAW;IAClB,MAAM,EAAE,YAAY;IACpB,UAAU,EAAE,gBAAgB;IAE5B,YAAY,EAAE,mBAAmB;IACjC,YAAY,EAAE,mBAAmB;IACjC,UAAU,EAAE,iBAAiB;IAC7B,SAAS,EAAE,gBAAgB;IAC3B,UAAU,EAAE,iBAAiB;IAC7B,UAAU,EAAE,iBAAiB;IAC7B,QAAQ,EAAE,eAAe;IACzB,OAAO,EAAE,cAAc;CACf,CAAC"}
|
package/modules/acl/models.d.ts
CHANGED
|
@@ -17,3 +17,12 @@ export interface AclGrant<Id = string> {
|
|
|
17
17
|
resourceId?: string;
|
|
18
18
|
roles: string[];
|
|
19
19
|
}
|
|
20
|
+
export interface AclResource {
|
|
21
|
+
resourceId?: string;
|
|
22
|
+
actions: string[];
|
|
23
|
+
friendlyName?: string;
|
|
24
|
+
}
|
|
25
|
+
export interface AclResourceGroup {
|
|
26
|
+
resourceBusinessId?: string;
|
|
27
|
+
resources: AclResource[];
|
|
28
|
+
}
|
|
@@ -2,10 +2,20 @@ import { PaginationModel } from '../../../common';
|
|
|
2
2
|
import { AclAction } from '../models';
|
|
3
3
|
export declare abstract class AclActionRepository {
|
|
4
4
|
abstract insert(model: AclAction): Promise<AclAction>;
|
|
5
|
+
abstract insertMany(models: AclAction[]): Promise<AclAction[]>;
|
|
5
6
|
abstract findById(id: string): Promise<AclAction>;
|
|
6
7
|
abstract findOne(filter: Record<string, any>): Promise<AclAction>;
|
|
8
|
+
abstract upsertById(id: string, model: Partial<AclAction>): Promise<AclAction>;
|
|
9
|
+
abstract upsertOne(filter: Record<string, any>, model: Partial<AclAction>): Promise<AclAction>;
|
|
7
10
|
abstract updateById(id: string, model: Partial<AclAction>): Promise<AclAction>;
|
|
11
|
+
abstract updateOne(filter: Record<string, any>, model: Partial<AclAction>): Promise<AclAction>;
|
|
12
|
+
abstract mergeById(id: string, model: Partial<AclAction>): Promise<AclAction>;
|
|
13
|
+
abstract mergeOne(filter: Record<string, any>, model: Partial<AclAction>): Promise<AclAction>;
|
|
8
14
|
abstract removeById(id: string): Promise<AclAction>;
|
|
15
|
+
abstract removeOne(filter: Record<string, any>): Promise<AclAction>;
|
|
16
|
+
abstract removeMany(filter: Record<string, any>): Promise<number>;
|
|
9
17
|
abstract filter(filter: Record<string, any>): Promise<AclAction[]>;
|
|
10
18
|
abstract filterPaginated(filter: Record<string, any>, page?: number, limit?: number): Promise<PaginationModel<AclAction>>;
|
|
19
|
+
abstract retrieveAll(): Promise<AclAction[]>;
|
|
20
|
+
abstract retrieveAllPaginated(page: number, limit: number): Promise<PaginationModel<AclAction>>;
|
|
11
21
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"acl-action.repository.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/repository/acl-action.repository.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"acl-action.repository.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/repository/acl-action.repository.ts"],"names":[],"mappings":";;;AAQA,MAAsB,mBAAmB;CAoBxC;AApBD,kDAoBC"}
|
|
@@ -2,10 +2,13 @@ import { PaginationModel } from '../../../common';
|
|
|
2
2
|
import { AclGrant } from '../models';
|
|
3
3
|
export declare abstract class AclGrantRepository {
|
|
4
4
|
abstract insert(model: AclGrant): Promise<AclGrant>;
|
|
5
|
+
abstract findById(id: string): Promise<AclGrant>;
|
|
5
6
|
abstract findOne(filter: Record<string, any>): Promise<AclGrant>;
|
|
7
|
+
abstract updateById(id: string, model: Partial<AclGrant>): Promise<AclGrant>;
|
|
6
8
|
abstract updateOne(filter: Record<string, any>, model: Partial<AclGrant>): Promise<AclGrant>;
|
|
9
|
+
abstract mergeById(id: string, model: Partial<AclGrant>): Promise<AclGrant>;
|
|
10
|
+
abstract removeById(id: string): Promise<AclGrant>;
|
|
7
11
|
abstract removeOne(filter: Record<string, any>): Promise<AclGrant>;
|
|
8
12
|
abstract filter(filter: Record<string, any>): Promise<AclGrant[]>;
|
|
9
13
|
abstract filterPaginated(filter: Record<string, any>, page?: number, limit?: number): Promise<PaginationModel<AclGrant>>;
|
|
10
|
-
abstract checkActions(filter: Record<string, any>, actions: string | string[]): Promise<boolean>;
|
|
11
14
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"acl-grant.repository.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/repository/acl-grant.repository.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"acl-grant.repository.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/repository/acl-grant.repository.ts"],"names":[],"mappings":";;;AAOA,MAAsB,kBAAkB;CAYvC;AAZD,gDAYC"}
|
|
@@ -2,9 +2,19 @@ import { PaginationModel } from '../../../common';
|
|
|
2
2
|
import { AclRole } from '../models';
|
|
3
3
|
export declare abstract class AclRoleRepository {
|
|
4
4
|
abstract insert(model: AclRole): Promise<AclRole>;
|
|
5
|
+
abstract insertMany(models: AclRole[]): Promise<AclRole[]>;
|
|
6
|
+
abstract findById(id: string): Promise<AclRole>;
|
|
5
7
|
abstract findOne(filter: Record<string, any>): Promise<AclRole>;
|
|
8
|
+
abstract upsertById(id: string, model: Partial<AclRole>): Promise<AclRole>;
|
|
9
|
+
abstract upsertOne(filter: Record<string, any>, model: Partial<AclRole>): Promise<AclRole>;
|
|
10
|
+
abstract updateById(id: string, model: Partial<AclRole>): Promise<AclRole>;
|
|
6
11
|
abstract updateOne(filter: Record<string, any>, model: Partial<AclRole>): Promise<AclRole>;
|
|
12
|
+
abstract mergeById(id: string, model: Partial<AclRole>): Promise<AclRole>;
|
|
13
|
+
abstract removeById(id: string): Promise<AclRole>;
|
|
7
14
|
abstract removeOne(filter: Record<string, any>): Promise<AclRole>;
|
|
8
15
|
abstract filter(filter: Record<string, any>): Promise<AclRole[]>;
|
|
9
16
|
abstract filterPaginated(filter: Record<string, any>, page?: number, limit?: number): Promise<PaginationModel<AclRole>>;
|
|
17
|
+
abstract list(): Promise<AclRole[]>;
|
|
18
|
+
abstract listPaginated(page: number, limit: number): Promise<PaginationModel<AclRole>>;
|
|
19
|
+
abstract getActionsByNames(names: string[]): Promise<string[]>;
|
|
10
20
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"acl-role.repository.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/repository/acl-role.repository.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"acl-role.repository.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/repository/acl-role.repository.ts"],"names":[],"mappings":";;;AAQA,MAAsB,iBAAiB;CAmBtC;AAnBD,8CAmBC"}
|
|
@@ -12,15 +12,17 @@ export declare class AclManagementService {
|
|
|
12
12
|
private readonly logger;
|
|
13
13
|
constructor(actions: AclActionRepository, roles: AclRoleRepository, grants: AclGrantRepository, cache: AclCacheService);
|
|
14
14
|
grant(userId: string, roles: string[], resourceId?: string, resourceBusinessId?: string, friendlyName?: string): Promise<AclGrant>;
|
|
15
|
-
revoke(userId: string, resourceId?: string): Promise<AclGrant>;
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
deleteAction(
|
|
15
|
+
revoke(userId: string, resourceId?: string, roles?: string[]): Promise<AclGrant | null>;
|
|
16
|
+
private findGrant;
|
|
17
|
+
upsertAction(name: string, description?: string): Promise<AclAction>;
|
|
18
|
+
deleteAction(name: string): Promise<AclAction>;
|
|
19
19
|
listActions(page?: number, limit?: number): Promise<PaginationModel<AclAction>>;
|
|
20
|
-
|
|
21
|
-
|
|
20
|
+
getAction(name: string): Promise<AclAction>;
|
|
21
|
+
upsertRole(name: string, actions: string[], description?: string): Promise<AclRole>;
|
|
22
22
|
deleteRole(name: string): Promise<AclRole>;
|
|
23
23
|
listRoles(page?: number, limit?: number): Promise<PaginationModel<AclRole>>;
|
|
24
|
+
getRole(name: string): Promise<AclRole>;
|
|
25
|
+
getActionsByNames(names: string[]): Promise<string[]>;
|
|
24
26
|
private assertActionsExist;
|
|
25
27
|
private assertRolesExist;
|
|
26
28
|
}
|
|
@@ -36,59 +36,82 @@ let AclManagementService = AclManagementService_1 = class AclManagementService {
|
|
|
36
36
|
if (!roles?.length)
|
|
37
37
|
throw new common_2.BadRequestError('roles are required');
|
|
38
38
|
await this.assertRolesExist(roles);
|
|
39
|
-
const
|
|
39
|
+
const existing = await this.findGrant(userId, resourceId);
|
|
40
|
+
let result;
|
|
41
|
+
if (existing) {
|
|
42
|
+
const merged = Array.from(new Set([...(existing.roles || []), ...roles]));
|
|
43
|
+
result = await this.grants.updateById(existing._id, {
|
|
44
|
+
roles: merged,
|
|
45
|
+
resourceBusinessId: resourceBusinessId ?? existing.resourceBusinessId,
|
|
46
|
+
friendlyName: friendlyName ?? existing.friendlyName,
|
|
47
|
+
});
|
|
48
|
+
}
|
|
49
|
+
else {
|
|
50
|
+
result = await this.grants.insert({ userId, roles: Array.from(new Set(roles)), resourceId, resourceBusinessId, friendlyName });
|
|
51
|
+
}
|
|
40
52
|
await this.cache.invalidate(userId);
|
|
41
|
-
return
|
|
53
|
+
return result;
|
|
42
54
|
}
|
|
43
|
-
async revoke(userId, resourceId) {
|
|
55
|
+
async revoke(userId, resourceId, roles) {
|
|
44
56
|
if (!userId)
|
|
45
57
|
throw new common_2.BadRequestError('userId is required');
|
|
46
|
-
const
|
|
58
|
+
const existing = await this.findGrant(userId, resourceId);
|
|
59
|
+
if (!existing)
|
|
60
|
+
return null;
|
|
61
|
+
let result;
|
|
62
|
+
if (roles?.length) {
|
|
63
|
+
const remaining = (existing.roles || []).filter((r) => !roles.includes(r));
|
|
64
|
+
result = remaining.length
|
|
65
|
+
? await this.grants.updateById(existing._id, { roles: remaining })
|
|
66
|
+
: await this.grants.removeById(existing._id);
|
|
67
|
+
}
|
|
68
|
+
else {
|
|
69
|
+
result = await this.grants.removeById(existing._id);
|
|
70
|
+
}
|
|
47
71
|
await this.cache.invalidate(userId);
|
|
48
|
-
return
|
|
72
|
+
return result;
|
|
73
|
+
}
|
|
74
|
+
async findGrant(userId, resourceId) {
|
|
75
|
+
const all = await this.grants.filter({ userId });
|
|
76
|
+
return (all || []).find((g) => (g.resourceId ?? null) === (resourceId ?? null));
|
|
49
77
|
}
|
|
50
|
-
async
|
|
78
|
+
async upsertAction(name, description) {
|
|
51
79
|
if (!name)
|
|
52
80
|
throw new common_2.BadRequestError('name is required');
|
|
53
|
-
const
|
|
81
|
+
const model = { name, ...(description !== undefined ? { description } : {}) };
|
|
82
|
+
const result = await this.actions.upsertOne({ name }, model);
|
|
54
83
|
await this.cache.invalidate();
|
|
55
|
-
return
|
|
84
|
+
return result;
|
|
56
85
|
}
|
|
57
|
-
async
|
|
58
|
-
if (!
|
|
59
|
-
throw new common_2.BadRequestError('
|
|
60
|
-
const
|
|
61
|
-
await this.cache.invalidate();
|
|
62
|
-
return updated;
|
|
63
|
-
}
|
|
64
|
-
async deleteAction(id) {
|
|
65
|
-
const removed = await this.actions.removeById(id);
|
|
86
|
+
async deleteAction(name) {
|
|
87
|
+
if (!name)
|
|
88
|
+
throw new common_2.BadRequestError('name is required');
|
|
89
|
+
const removed = await this.actions.removeOne({ name });
|
|
66
90
|
await this.cache.invalidate();
|
|
67
91
|
return removed;
|
|
68
92
|
}
|
|
69
93
|
async listActions(page, limit) {
|
|
70
94
|
return this.actions.filterPaginated({}, Number(page) || 1, Number(limit) || 10);
|
|
71
95
|
}
|
|
72
|
-
async
|
|
96
|
+
async getAction(name) {
|
|
97
|
+
if (!name)
|
|
98
|
+
throw new common_2.BadRequestError('name is required');
|
|
99
|
+
return this.actions.findOne({ name });
|
|
100
|
+
}
|
|
101
|
+
async upsertRole(name, actions, description) {
|
|
73
102
|
if (!name)
|
|
74
103
|
throw new common_2.BadRequestError('name is required');
|
|
75
104
|
if (!actions?.length)
|
|
76
105
|
throw new common_2.BadRequestError('actions are required');
|
|
77
106
|
await this.assertActionsExist(actions);
|
|
78
|
-
const
|
|
107
|
+
const model = { name, actions, ...(description !== undefined ? { description } : {}) };
|
|
108
|
+
const result = await this.roles.upsertOne({ name }, model);
|
|
79
109
|
await this.cache.invalidate();
|
|
80
|
-
return
|
|
110
|
+
return result;
|
|
81
111
|
}
|
|
82
|
-
async
|
|
112
|
+
async deleteRole(name) {
|
|
83
113
|
if (!name)
|
|
84
114
|
throw new common_2.BadRequestError('name is required');
|
|
85
|
-
if (model?.actions?.length)
|
|
86
|
-
await this.assertActionsExist(model.actions);
|
|
87
|
-
const updated = await this.roles.updateOne({ name }, model);
|
|
88
|
-
await this.cache.invalidate();
|
|
89
|
-
return updated;
|
|
90
|
-
}
|
|
91
|
-
async deleteRole(name) {
|
|
92
115
|
const removed = await this.roles.removeOne({ name });
|
|
93
116
|
await this.cache.invalidate();
|
|
94
117
|
return removed;
|
|
@@ -96,6 +119,14 @@ let AclManagementService = AclManagementService_1 = class AclManagementService {
|
|
|
96
119
|
async listRoles(page, limit) {
|
|
97
120
|
return this.roles.filterPaginated({}, Number(page) || 1, Number(limit) || 10);
|
|
98
121
|
}
|
|
122
|
+
async getRole(name) {
|
|
123
|
+
if (!name)
|
|
124
|
+
throw new common_2.BadRequestError('name is required');
|
|
125
|
+
return this.roles.findOne({ name });
|
|
126
|
+
}
|
|
127
|
+
async getActionsByNames(names) {
|
|
128
|
+
return this.roles.getActionsByNames(names);
|
|
129
|
+
}
|
|
99
130
|
async assertActionsExist(names) {
|
|
100
131
|
const found = await this.actions.filter({ name: { $in: names } });
|
|
101
132
|
const missing = names.filter((n) => !found.some((a) => a.name === n));
|
|
@@ -125,29 +156,22 @@ __decorate([
|
|
|
125
156
|
(0, broker_1.BrokerAction)(const_1.ACL_TOPIC, const_1.ACL_ACTIONS.revoke, 'rpc'),
|
|
126
157
|
__param(0, (0, broker_1.BrokerParam)('body', 'userId')),
|
|
127
158
|
__param(1, (0, broker_1.BrokerParam)('body', 'resourceId')),
|
|
159
|
+
__param(2, (0, broker_1.BrokerParam)('body', 'roles')),
|
|
128
160
|
__metadata("design:type", Function),
|
|
129
|
-
__metadata("design:paramtypes", [String, String]),
|
|
161
|
+
__metadata("design:paramtypes", [String, String, Array]),
|
|
130
162
|
__metadata("design:returntype", Promise)
|
|
131
163
|
], AclManagementService.prototype, "revoke", null);
|
|
132
164
|
__decorate([
|
|
133
|
-
(0, broker_1.BrokerAction)(const_1.ACL_TOPIC, const_1.ACL_ACTIONS.
|
|
165
|
+
(0, broker_1.BrokerAction)(const_1.ACL_TOPIC, const_1.ACL_ACTIONS.actionUpdate, 'rpc'),
|
|
134
166
|
__param(0, (0, broker_1.BrokerParam)('body', 'name')),
|
|
135
167
|
__param(1, (0, broker_1.BrokerParam)('body', 'description')),
|
|
136
168
|
__metadata("design:type", Function),
|
|
137
169
|
__metadata("design:paramtypes", [String, String]),
|
|
138
170
|
__metadata("design:returntype", Promise)
|
|
139
|
-
], AclManagementService.prototype, "
|
|
140
|
-
__decorate([
|
|
141
|
-
(0, broker_1.BrokerAction)(const_1.ACL_TOPIC, const_1.ACL_ACTIONS.actionUpdate, 'rpc'),
|
|
142
|
-
__param(0, (0, broker_1.BrokerParam)('body', 'id')),
|
|
143
|
-
__param(1, (0, broker_1.BrokerParam)('body-full')),
|
|
144
|
-
__metadata("design:type", Function),
|
|
145
|
-
__metadata("design:paramtypes", [String, Object]),
|
|
146
|
-
__metadata("design:returntype", Promise)
|
|
147
|
-
], AclManagementService.prototype, "updateAction", null);
|
|
171
|
+
], AclManagementService.prototype, "upsertAction", null);
|
|
148
172
|
__decorate([
|
|
149
173
|
(0, broker_1.BrokerAction)(const_1.ACL_TOPIC, const_1.ACL_ACTIONS.actionDelete, 'rpc'),
|
|
150
|
-
__param(0, (0, broker_1.BrokerParam)('body', '
|
|
174
|
+
__param(0, (0, broker_1.BrokerParam)('body', 'name')),
|
|
151
175
|
__metadata("design:type", Function),
|
|
152
176
|
__metadata("design:paramtypes", [String]),
|
|
153
177
|
__metadata("design:returntype", Promise)
|
|
@@ -161,22 +185,21 @@ __decorate([
|
|
|
161
185
|
__metadata("design:returntype", Promise)
|
|
162
186
|
], AclManagementService.prototype, "listActions", null);
|
|
163
187
|
__decorate([
|
|
164
|
-
(0, broker_1.BrokerAction)(const_1.ACL_TOPIC, const_1.ACL_ACTIONS.
|
|
188
|
+
(0, broker_1.BrokerAction)(const_1.ACL_TOPIC, const_1.ACL_ACTIONS.actionGet, 'rpc'),
|
|
165
189
|
__param(0, (0, broker_1.BrokerParam)('body', 'name')),
|
|
166
|
-
__param(1, (0, broker_1.BrokerParam)('body', 'actions')),
|
|
167
|
-
__param(2, (0, broker_1.BrokerParam)('body', 'description')),
|
|
168
190
|
__metadata("design:type", Function),
|
|
169
|
-
__metadata("design:paramtypes", [String
|
|
191
|
+
__metadata("design:paramtypes", [String]),
|
|
170
192
|
__metadata("design:returntype", Promise)
|
|
171
|
-
], AclManagementService.prototype, "
|
|
193
|
+
], AclManagementService.prototype, "getAction", null);
|
|
172
194
|
__decorate([
|
|
173
195
|
(0, broker_1.BrokerAction)(const_1.ACL_TOPIC, const_1.ACL_ACTIONS.roleUpdate, 'rpc'),
|
|
174
196
|
__param(0, (0, broker_1.BrokerParam)('body', 'name')),
|
|
175
|
-
__param(1, (0, broker_1.BrokerParam)('body
|
|
197
|
+
__param(1, (0, broker_1.BrokerParam)('body', 'actions')),
|
|
198
|
+
__param(2, (0, broker_1.BrokerParam)('body', 'description')),
|
|
176
199
|
__metadata("design:type", Function),
|
|
177
|
-
__metadata("design:paramtypes", [String,
|
|
200
|
+
__metadata("design:paramtypes", [String, Array, String]),
|
|
178
201
|
__metadata("design:returntype", Promise)
|
|
179
|
-
], AclManagementService.prototype, "
|
|
202
|
+
], AclManagementService.prototype, "upsertRole", null);
|
|
180
203
|
__decorate([
|
|
181
204
|
(0, broker_1.BrokerAction)(const_1.ACL_TOPIC, const_1.ACL_ACTIONS.roleDelete, 'rpc'),
|
|
182
205
|
__param(0, (0, broker_1.BrokerParam)('body', 'name')),
|
|
@@ -192,6 +215,13 @@ __decorate([
|
|
|
192
215
|
__metadata("design:paramtypes", [Number, Number]),
|
|
193
216
|
__metadata("design:returntype", Promise)
|
|
194
217
|
], AclManagementService.prototype, "listRoles", null);
|
|
218
|
+
__decorate([
|
|
219
|
+
(0, broker_1.BrokerAction)(const_1.ACL_TOPIC, const_1.ACL_ACTIONS.roleGet, 'rpc'),
|
|
220
|
+
__param(0, (0, broker_1.BrokerParam)('body', 'name')),
|
|
221
|
+
__metadata("design:type", Function),
|
|
222
|
+
__metadata("design:paramtypes", [String]),
|
|
223
|
+
__metadata("design:returntype", Promise)
|
|
224
|
+
], AclManagementService.prototype, "getRole", null);
|
|
195
225
|
exports.AclManagementService = AclManagementService = AclManagementService_1 = __decorate([
|
|
196
226
|
(0, common_1.Injectable)(),
|
|
197
227
|
__metadata("design:paramtypes", [acl_action_repository_1.AclActionRepository,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"acl-management.service.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/services/acl-management.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAAoD;AACpD,4CAAmE;AACnE,yCAAyD;AACzD,kEAA6D;AAC7D,oCAAkD;AAElD,+EAA0E;AAC1E,6EAAwE;AACxE,2EAAsE;AAG/D,IAAM,oBAAoB,4BAA1B,MAAM,oBAAoB;IAG/B,YACmB,OAA4B,EAC5B,KAAwB,EACxB,MAA0B,EAC1B,KAAsB;QAHtB,YAAO,GAAP,OAAO,CAAqB;QAC5B,UAAK,GAAL,KAAK,CAAmB;QACxB,WAAM,GAAN,MAAM,CAAoB;QAC1B,UAAK,GAAL,KAAK,CAAiB;QANxB,WAAM,GAAG,IAAI,eAAM,CAAC,sBAAoB,CAAC,IAAI,CAAC,CAAC;IAO5D,CAAC;
|
|
1
|
+
{"version":3,"file":"acl-management.service.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/services/acl-management.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAAoD;AACpD,4CAAmE;AACnE,yCAAyD;AACzD,kEAA6D;AAC7D,oCAAkD;AAElD,+EAA0E;AAC1E,6EAAwE;AACxE,2EAAsE;AAG/D,IAAM,oBAAoB,4BAA1B,MAAM,oBAAoB;IAG/B,YACmB,OAA4B,EAC5B,KAAwB,EACxB,MAA0B,EAC1B,KAAsB;QAHtB,YAAO,GAAP,OAAO,CAAqB;QAC5B,UAAK,GAAL,KAAK,CAAmB;QACxB,WAAM,GAAN,MAAM,CAAoB;QAC1B,UAAK,GAAL,KAAK,CAAiB;QANxB,WAAM,GAAG,IAAI,eAAM,CAAC,sBAAoB,CAAC,IAAI,CAAC,CAAC;IAO5D,CAAC;IAGC,AAAN,KAAK,CAAC,KAAK,CACsB,MAAc,EACf,KAAe,EACV,UAAmB,EACX,kBAA2B,EACjC,YAAqB;QAE1D,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,oBAAoB,CAAC,CAAC;QAC7D,IAAI,CAAC,KAAK,EAAE,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,oBAAoB,CAAC,CAAC;QACpE,MAAM,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;QAGnC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QAC1D,IAAI,MAAgB,CAAC;QACrB,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,IAAI,EAAE,CAAC,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAC1E,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAI,EAAE;gBACnD,KAAK,EAAE,MAAM;gBACb,kBAAkB,EAAE,kBAAkB,IAAI,QAAQ,CAAC,kBAAkB;gBACrE,YAAY,EAAE,YAAY,IAAI,QAAQ,CAAC,YAAY;aACpD,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,EAAE,kBAAkB,EAAE,YAAY,EAAE,CAAC,CAAC;QACjI,CAAC;QACD,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACpC,OAAO,MAAM,CAAC;IAChB,CAAC;IAGK,AAAN,KAAK,CAAC,MAAM,CACqB,MAAc,EACV,UAAmB,EACxB,KAAgB;QAE9C,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,oBAAoB,CAAC,CAAC;QAC7D,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QAC1D,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,CAAC;QAC3B,IAAI,MAAuB,CAAC;QAC5B,IAAI,KAAK,EAAE,MAAM,EAAE,CAAC;YAElB,MAAM,SAAS,GAAG,CAAC,QAAQ,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YAC3E,MAAM,GAAG,SAAS,CAAC,MAAM;gBACvB,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAI,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;gBACnE,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAI,CAAC,CAAC;QAClD,CAAC;aAAM,CAAC;YAEN,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAI,CAAC,CAAC;QACvD,CAAC;QACD,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACpC,OAAO,MAAM,CAAC;IAChB,CAAC;IAGO,KAAK,CAAC,SAAS,CAAC,MAAc,EAAE,UAAmB;QACzD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,IAAI,IAAI,CAAC,KAAK,CAAC,UAAU,IAAI,IAAI,CAAC,CAAC,CAAC;IAClF,CAAC;IAKK,AAAN,KAAK,CAAC,YAAY,CACa,IAAY,EACL,WAAoB;QAExD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,CAAC,CAAC;QACzD,MAAM,KAAK,GAAuB,EAAE,IAAI,EAAE,GAAG,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;QAClG,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,EAAE,KAAK,CAAC,CAAC;QAC7D,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,MAAM,CAAC;IAChB,CAAC;IAGK,AAAN,KAAK,CAAC,YAAY,CAA8B,IAAY;QAC1D,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QACvD,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,OAAO,CAAC;IACjB,CAAC;IAGK,AAAN,KAAK,CAAC,WAAW,CACc,IAAa,EACZ,KAAc;QAE5C,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IAClF,CAAC;IAGK,AAAN,KAAK,CAAC,SAAS,CAA8B,IAAY;QACvD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,CAAC,CAAC;QACzD,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;IACxC,CAAC;IAKK,AAAN,KAAK,CAAC,UAAU,CACe,IAAY,EACT,OAAiB,EACb,WAAoB;QAExD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,CAAC,CAAC;QACzD,IAAI,CAAC,OAAO,EAAE,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,sBAAsB,CAAC,CAAC;QACxE,MAAM,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;QACvC,MAAM,KAAK,GAAqB,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;QACzG,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,EAAE,KAAK,CAAC,CAAC;QAC3D,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,MAAM,CAAC;IAChB,CAAC;IAGK,AAAN,KAAK,CAAC,UAAU,CAA8B,IAAY;QAGxD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QACrD,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,OAAO,CAAC;IACjB,CAAC;IAGK,AAAN,KAAK,CAAC,SAAS,CACgB,IAAa,EACZ,KAAc;QAE5C,OAAO,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IAChF,CAAC;IAGK,AAAN,KAAK,CAAC,OAAO,CAA8B,IAAY;QACrD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,CAAC,CAAC;QACzD,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;IACtC,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,KAAe;QACrC,OAAO,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;IAC7C,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAAC,KAAe;QAC9C,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;QAClE,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;QACtE,IAAI,OAAO,CAAC,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,oBAAoB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC1F,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAAC,KAAe;QAC5C,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;QAChE,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;QACtE,IAAI,OAAO,CAAC,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACxF,CAAC;CACF,CAAA;AAjKY,oDAAoB;AAWzB;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,KAAK,EAAE,KAAK,CAAC;IAE/C,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAA;IAC7B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAC5B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,YAAY,CAAC,CAAA;IACjC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,oBAAoB,CAAC,CAAA;IACzC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,cAAc,CAAC,CAAA;;;;iDAqBrC;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,MAAM,EAAE,KAAK,CAAC;IAEhD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAA;IAC7B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,YAAY,CAAC,CAAA;IACjC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,OAAO,CAAC,CAAA;;;;kDAkB9B;AAWK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,YAAY,EAAE,KAAK,CAAC;IAEtD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC3B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,aAAa,CAAC,CAAA;;;;wDAOpC;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,YAAY,EAAE,KAAK,CAAC;IACrC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;;;;wDAK9C;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,UAAU,EAAE,KAAK,CAAC;IAEpD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC3B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,OAAO,CAAC,CAAA;;;;uDAG9B;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,SAAS,EAAE,KAAK,CAAC;IACrC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;;;;qDAG3C;AAKK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,UAAU,EAAE,KAAK,CAAC;IAEpD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC3B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,SAAS,CAAC,CAAA;IAC9B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,aAAa,CAAC,CAAA;;;;sDASpC;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,UAAU,EAAE,KAAK,CAAC;IACrC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;;;;sDAO5C;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,QAAQ,EAAE,KAAK,CAAC;IAElD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC3B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,OAAO,CAAC,CAAA;;;;qDAG9B;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,OAAO,EAAE,KAAK,CAAC;IACrC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;;;;mDAGzC;+BAhJU,oBAAoB;IADhC,IAAA,mBAAU,GAAE;qCAKiB,2CAAmB;QACrB,uCAAiB;QAChB,yCAAkB;QACnB,mCAAe;GAP9B,oBAAoB,CAiKhC"}
|
|
@@ -1,11 +1,19 @@
|
|
|
1
1
|
import { IAclRoleService } from '../../proxy/services/acl.service';
|
|
2
2
|
import { AclCacheService } from '../cache/acl-cache.service';
|
|
3
|
+
import { AclGrant, AclResourceGroup } from '../models';
|
|
3
4
|
import { AclGrantRepository } from '../repository/acl-grant.repository';
|
|
5
|
+
import { AclRoleRepository } from '../repository/acl-role.repository';
|
|
4
6
|
export declare class AclService implements IAclRoleService {
|
|
5
7
|
private readonly grants;
|
|
8
|
+
private readonly roles;
|
|
6
9
|
private readonly cache;
|
|
7
10
|
private readonly logger;
|
|
8
|
-
constructor(grants: AclGrantRepository, cache: AclCacheService);
|
|
9
|
-
|
|
10
|
-
|
|
11
|
+
constructor(grants: AclGrantRepository, roles: AclRoleRepository, cache: AclCacheService);
|
|
12
|
+
private toList;
|
|
13
|
+
canUserDoGtw(roles: string | string[], userId: string): Promise<boolean>;
|
|
14
|
+
canUserDo(roles: string | string[], userId: string, resourceId?: string): Promise<boolean>;
|
|
15
|
+
handleCanUserDoGtw(userId: string, roles?: string | string[]): Promise<boolean>;
|
|
16
|
+
handleCanUserDo(userId: string, resource: string, roles?: string | string[]): Promise<boolean>;
|
|
17
|
+
listResourcesByUser(userId: string): Promise<AclResourceGroup[]>;
|
|
18
|
+
listByUser(userId: string): Promise<AclGrant[]>;
|
|
11
19
|
}
|