@open-rlb/nestjs-amqp 2.0.8 → 2.0.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +44 -45
- package/modules/acl/auth-match.d.ts +6 -0
- package/modules/acl/auth-match.js +10 -0
- package/modules/acl/auth-match.js.map +1 -0
- package/modules/acl/config/acl.config.d.ts +1 -0
- package/modules/acl/const.d.ts +5 -2
- package/modules/acl/const.js +6 -3
- package/modules/acl/const.js.map +1 -1
- package/modules/acl/index.d.ts +1 -0
- package/modules/acl/index.js +1 -0
- package/modules/acl/index.js.map +1 -1
- package/modules/acl/repository/acl-action.repository.d.ts +1 -0
- package/modules/acl/repository/acl-action.repository.js.map +1 -1
- package/modules/acl/repository/acl-grant.repository.d.ts +1 -0
- package/modules/acl/repository/acl-grant.repository.js.map +1 -1
- package/modules/acl/repository/acl-role.repository.d.ts +1 -0
- package/modules/acl/repository/acl-role.repository.js.map +1 -1
- package/modules/acl/services/acl-management.service.d.ts +10 -3
- package/modules/acl/services/acl-management.service.js +60 -10
- package/modules/acl/services/acl-management.service.js.map +1 -1
- package/modules/acl/services/acl.service.d.ts +3 -4
- package/modules/acl/services/acl.service.js +24 -46
- package/modules/acl/services/acl.service.js.map +1 -1
- package/modules/broker/config/decorator-paths.js +2 -2
- package/modules/broker/config/decorator-paths.js.map +1 -1
- package/modules/broker/decorators/broker-action.decorator.d.ts +1 -1
- package/modules/broker/decorators/broker-action.decorator.js +2 -2
- package/modules/broker/decorators/broker-action.decorator.js.map +1 -1
- package/modules/broker/services/shutdown-state.service.d.ts +1 -0
- package/modules/broker/services/shutdown-state.service.js +12 -12
- package/modules/broker/services/shutdown-state.service.js.map +1 -1
- package/modules/gateway-admin/config/gateway-admin.config.d.ts +2 -0
- package/modules/gateway-admin/const.d.ts +7 -0
- package/modules/gateway-admin/const.js +7 -0
- package/modules/gateway-admin/const.js.map +1 -1
- package/modules/gateway-admin/gateway-admin.module.js +4 -1
- package/modules/gateway-admin/gateway-admin.module.js.map +1 -1
- package/modules/gateway-admin/health.d.ts +14 -0
- package/modules/gateway-admin/health.js +5 -0
- package/modules/gateway-admin/health.js.map +1 -0
- package/modules/gateway-admin/index.d.ts +5 -0
- package/modules/gateway-admin/index.js +5 -0
- package/modules/gateway-admin/index.js.map +1 -1
- package/modules/gateway-admin/models.d.ts +61 -0
- package/modules/gateway-admin/repository/auth-provider.repository.d.ts +1 -0
- package/modules/gateway-admin/repository/auth-provider.repository.js.map +1 -1
- package/modules/gateway-admin/repository/http-metric.repository.d.ts +6 -2
- package/modules/gateway-admin/repository/http-metric.repository.js.map +1 -1
- package/modules/gateway-admin/repository/http-path.repository.d.ts +3 -0
- package/modules/gateway-admin/repository/http-path.repository.js.map +1 -1
- package/modules/gateway-admin/repository/route-sync-log.repository.d.ts +4 -1
- package/modules/gateway-admin/repository/route-sync-log.repository.js.map +1 -1
- package/modules/gateway-admin/services/gateway-auth.service.d.ts +1 -0
- package/modules/gateway-admin/services/gateway-auth.service.js +12 -0
- package/modules/gateway-admin/services/gateway-auth.service.js.map +1 -1
- package/modules/gateway-admin/services/gateway-health.service.d.ts +10 -0
- package/modules/gateway-admin/services/gateway-health.service.js +64 -0
- package/modules/gateway-admin/services/gateway-health.service.js.map +1 -0
- package/modules/gateway-admin/services/gateway-metrics-rollup.service.d.ts +13 -0
- package/modules/gateway-admin/services/gateway-metrics-rollup.service.js +63 -0
- package/modules/gateway-admin/services/gateway-metrics-rollup.service.js.map +1 -0
- package/modules/gateway-admin/services/gateway-metrics.service.d.ts +5 -4
- package/modules/gateway-admin/services/gateway-metrics.service.js +56 -17
- package/modules/gateway-admin/services/gateway-metrics.service.js.map +1 -1
- package/modules/gateway-admin/services/gateway-path.service.d.ts +11 -4
- package/modules/gateway-admin/services/gateway-path.service.js +79 -11
- package/modules/gateway-admin/services/gateway-path.service.js.map +1 -1
- package/modules/gateway-admin/services/gateway-retention.service.d.ts +16 -0
- package/modules/gateway-admin/services/gateway-retention.service.js +71 -0
- package/modules/gateway-admin/services/gateway-retention.service.js.map +1 -0
- package/modules/gateway-admin/services/route-sync.service.js +12 -5
- package/modules/gateway-admin/services/route-sync.service.js.map +1 -1
- package/modules/gateway-admin/util/metrics.d.ts +10 -0
- package/modules/gateway-admin/util/metrics.js +170 -0
- package/modules/gateway-admin/util/metrics.js.map +1 -0
- package/modules/gateway-admin/util/route-diff.d.ts +7 -0
- package/modules/gateway-admin/util/route-diff.js +7 -2
- package/modules/gateway-admin/util/route-diff.js.map +1 -1
- package/modules/gateway-admin/util/route-manifest.d.ts +3 -0
- package/modules/gateway-admin/util/route-manifest.js +36 -1
- package/modules/gateway-admin/util/route-manifest.js.map +1 -1
- package/modules/proxy/config/path-definition.config.d.ts +2 -2
- package/modules/proxy/services/acl.service.d.ts +2 -2
- package/modules/proxy/services/acl.service.js.map +1 -1
- package/modules/proxy/services/http-auth-handler.service.d.ts +6 -4
- package/modules/proxy/services/http-auth-handler.service.js +15 -9
- package/modules/proxy/services/http-auth-handler.service.js.map +1 -1
- package/modules/proxy/services/http-handler.service.d.ts +1 -0
- package/modules/proxy/services/http-handler.service.js +28 -35
- package/modules/proxy/services/http-handler.service.js.map +1 -1
- package/modules/proxy/services/metrics-hook.d.ts +1 -0
- package/modules/proxy/services/websocket.service.js +5 -5
- package/modules/proxy/services/websocket.service.js.map +1 -1
- package/package.json +1 -1
- package/schematics/nest-add/files/acl/src/modules/database/repository/acl.repository.ts +3 -0
- package/schematics/nest-add/files/db-core/src/modules/database/repository/in-memory-collection.ts +29 -0
- package/schematics/nest-add/files/gateway-admin/src/modules/database/repository/gateway.repository.ts +48 -20
- package/schematics/nest-add/files/gateway-admin/src/modules/database/repository/route-sync.repository.ts +24 -1
- package/schematics/nest-add/files/skills/rlb-amqp/SKILL.md +3 -3
- package/schematics/nest-add/files/skills/rlb-amqp/references/config-schema.md +18 -14
- package/schematics/nest-add/files/skills/rlb-amqp/references/gotchas.md +42 -17
- package/schematics/nest-add/files/skills/rlb-amqp-acl/SKILL.md +57 -39
- package/schematics/nest-add/files/skills/rlb-amqp-add-action/SKILL.md +4 -3
- package/schematics/nest-add/files/skills/rlb-amqp-add-route/SKILL.md +20 -14
- package/schematics/nest-add/files/skills/rlb-amqp-add-ws-event/SKILL.md +7 -6
- package/schematics/nest-add/files/skills/rlb-amqp-gateway-admin/SKILL.md +49 -9
- package/schematics/nest-add/files/skills/rlb-amqp-scaffold/SKILL.md +4 -4
- package/schematics/nest-add/index.js +78 -9
- package/schematics/nest-add/index.js.map +1 -1
- package/schematics/nest-add/index.ts +78 -9
package/README.md
CHANGED
|
@@ -44,10 +44,10 @@ Con `--gateway=false` la factory passa a `BrokerModule` solo `{ options, topics,
|
|
|
44
44
|
|
|
45
45
|
Monorepo NestJS (vedi `nest-cli.json`):
|
|
46
46
|
|
|
47
|
-
| Progetto
|
|
48
|
-
|
|
|
49
|
-
| `libs/rlb-nestjs-amqp`
|
|
50
|
-
| `apps/gateway`
|
|
47
|
+
| Progetto | Tipo | Descrizione |
|
|
48
|
+
| ---------------------- | ----------- | ---------------------------------------------- |
|
|
49
|
+
| `libs/rlb-nestjs-amqp` | library | La libreria vera e propria (il prodotto npm) |
|
|
50
|
+
| `apps/gateway` | application | App di esempio/riferimento che usa la libreria |
|
|
51
51
|
|
|
52
52
|
```
|
|
53
53
|
┌─────────────────────────────────────────────────────────┐
|
|
@@ -56,7 +56,7 @@ Monorepo NestJS (vedi `nest-cli.json`):
|
|
|
56
56
|
│
|
|
57
57
|
┌───────▼────────┐ modules/proxy ── Gateway
|
|
58
58
|
│ HttpHandler │ - registra route HTTP dinamiche
|
|
59
|
-
│ WebSocketSvc │ - auth (jwt/jwks/basic/str-compare) + ACL/
|
|
59
|
+
│ WebSocketSvc │ - auth (jwt/jwks/basic/str-compare) + ACL/azioni
|
|
60
60
|
│ JwtService │ - traduce HTTP/WS → messaggi broker
|
|
61
61
|
└───────┬────────┘
|
|
62
62
|
│
|
|
@@ -80,7 +80,7 @@ Monorepo NestJS (vedi `nest-cli.json`):
|
|
|
80
80
|
|
|
81
81
|
1. **`amqp-lib`** — driver a basso livello (`AmqpConnection`): connessione resiliente (`amqp-connection-manager`), canali gestiti, setup di exchange/queue/binding al boot, RPC con `correlationId` + *direct-reply-to*, consumer con gestione errori (`Nack` → ack/reject/requeue), graceful shutdown.
|
|
82
82
|
2. **`modules/broker`** — astrazione di business: `BrokerService`, decoratori `@BrokerAction`/`@BrokerParam`, `MetadataScannerService` (auto-discovery dei metodi decorati e registrazione automatica dei consumer).
|
|
83
|
-
3. **`modules/proxy`** — gateway HTTP/WebSocket: registrazione dinamica di route Express, auth pluggable, ACL/
|
|
83
|
+
3. **`modules/proxy`** — gateway HTTP/WebSocket: registrazione dinamica di route Express, auth pluggable, ACL/azioni, WebSocket sicuro e scalabile, forwarding webhook.
|
|
84
84
|
|
|
85
85
|
### Flusso di una richiesta
|
|
86
86
|
|
|
@@ -126,7 +126,7 @@ import yamlConfig from './config/config.loader';
|
|
|
126
126
|
gatewayOptions: config.get<GatewayConfig>('gateway'),
|
|
127
127
|
}),
|
|
128
128
|
providers: [
|
|
129
|
-
// { provide: RLB_GTW_ACL_ROLE_SERVICE,
|
|
129
|
+
// { provide: RLB_GTW_ACL_ROLE_SERVICE, useExisting: AclService }, // solo se usi `actions`
|
|
130
130
|
],
|
|
131
131
|
}),
|
|
132
132
|
],
|
|
@@ -222,12 +222,12 @@ broker:
|
|
|
222
222
|
|
|
223
223
|
Un topic mappa un nome logico (azione/microservizio) su un percorso AMQP. Il `mode` decide la semantica.
|
|
224
224
|
|
|
225
|
-
| `mode` | Quando usarlo
|
|
226
|
-
| ----------- |
|
|
227
|
-
| `rpc` | request/response
|
|
228
|
-
| `handle` | worker su una coda
|
|
229
|
-
| `broadcast` | un messaggio a molti consumer
|
|
230
|
-
| `event` | publish senza risposta
|
|
225
|
+
| `mode` | Quando usarlo | Campi richiesti | Semantica |
|
|
226
|
+
| ----------- | ----------------------------- | -------------------------------------------------- | ---------------------------------------- |
|
|
227
|
+
| `rpc` | request/response | `name`, `queue` (o `exchange`+`routingKey`) | risposta immediata + timeout |
|
|
228
|
+
| `handle` | worker su una coda | `name`, `queue` | consumer di coda semplice |
|
|
229
|
+
| `broadcast` | un messaggio a molti consumer | `name`, `exchange`, `routingKey` | fanout/topic; richiede `connection_name` |
|
|
230
|
+
| `event` | publish senza risposta | `name`, `queue` **oppure** `exchange`+`routingKey` | fire-and-forget |
|
|
231
231
|
|
|
232
232
|
```yaml
|
|
233
233
|
topics:
|
|
@@ -348,14 +348,14 @@ Registra il servizio come provider in un modulo NestJS qualunque: il `MetadataSc
|
|
|
348
348
|
|
|
349
349
|
#### Sorgenti `@BrokerParam(source, name?)`
|
|
350
350
|
|
|
351
|
-
| Source | Valore iniettato
|
|
352
|
-
| ----------- |
|
|
353
|
-
| `body` | `payload[name ?? nomeParametro]`
|
|
354
|
-
| `body-full` | payload completo
|
|
355
|
-
| `header` | `headers[name ?? nomeParametro]`
|
|
356
|
-
| `tag` | consumer tag AMQP
|
|
357
|
-
| `action` | action del messaggio
|
|
358
|
-
| `topic` | topic corrente
|
|
351
|
+
| Source | Valore iniettato |
|
|
352
|
+
| ----------- | -------------------------------- |
|
|
353
|
+
| `body` | `payload[name ?? nomeParametro]` |
|
|
354
|
+
| `body-full` | payload completo |
|
|
355
|
+
| `header` | `headers[name ?? nomeParametro]` |
|
|
356
|
+
| `tag` | consumer tag AMQP |
|
|
357
|
+
| `action` | action del messaggio |
|
|
358
|
+
| `topic` | topic corrente |
|
|
359
359
|
|
|
360
360
|
> Se ometti `@BrokerParam` su un parametro, il default è `{ source: 'body' }` con chiave = nome del parametro.
|
|
361
361
|
|
|
@@ -363,9 +363,9 @@ Registra il servizio come provider in un modulo NestJS qualunque: il `MetadataSc
|
|
|
363
363
|
|
|
364
364
|
Ogni `@BrokerAction` è eseguibile **sia in RPC sia in event**, senza modifiche al servizio. Cambia solo cosa attende il chiamante.
|
|
365
365
|
|
|
366
|
-
| Modalità | Come si invoca | Cosa si attende
|
|
367
|
-
| -------- | ------------------------------------------------- |
|
|
368
|
-
| `rpc` | `broker.requestData(...)` / path `mode: rpc` | la **risposta** del metodo (request/response)
|
|
366
|
+
| Modalità | Come si invoca | Cosa si attende |
|
|
367
|
+
| -------- | ------------------------------------------------- | ----------------------------------------------------------- |
|
|
368
|
+
| `rpc` | `broker.requestData(...)` / path `mode: rpc` | la **risposta** del metodo (request/response) |
|
|
369
369
|
| `event` | `broker.publishMessage(...)` / path `mode: event` | solo che il **broker prenda in carico** (publisher confirm) |
|
|
370
370
|
|
|
371
371
|
`publishMessage` è `async` e si risolve solo al publisher confirm (rigetta su nack/errore). Sul gateway, una path `mode: event` risponde `202` **dopo** il confirm e `503` se il broker non accetta.
|
|
@@ -516,7 +516,7 @@ ws.send(JSON.stringify({ action: 'unsubscribe', topic: 'orders' }));
|
|
|
516
516
|
### Sicurezza e scalabilità
|
|
517
517
|
|
|
518
518
|
- **Auth per evento**: `events[].auth` indica il provider che verifica il token e mappa i claim per quell'evento; `requireAuth: false` rende l'auth opzionale (anonimi ammessi, claim mappati se il token c'è). Subscribe negato (`onError: unauthorized`) se l'auth è richiesta e il token non è valido.
|
|
519
|
-
- **
|
|
519
|
+
- **auth per evento**: `roles` (ACL via `IAclRoleService`) sull'identità ricavata da `auth`.
|
|
520
520
|
- **Scoping per-utente**: `scopeClaim` + `payloadKey` impediscono a un client di ricevere dati altrui tramite un `select` arbitrario (il filtro server-side è intersecato con quello del client, mai allargato). Se `scopeClaim` è impostato senza `payloadKey`, **nega tutto** (safe default).
|
|
521
521
|
- **Sessione limitata dalla scadenza del token**: l'`exp` del JWT viene catturato alla prima verifica e la connessione viene chiusa (`1008 token expired`) appena scade — niente consegne dopo la scadenza.
|
|
522
522
|
- **Origin allowlist**: `gateway.ws.allowedOrigins` rifiuta gli handshake cross-site (se omessa, tutte le origin sono accettate e lo si segnala a boot).
|
|
@@ -537,7 +537,7 @@ Due moduli **opzionali** per gestire ACL e configurazione gateway a database. **
|
|
|
537
537
|
|
|
538
538
|
### `AclModule` — ACL DB-backed con cache 2-livelli
|
|
539
539
|
|
|
540
|
-
ACL (azioni → ruoli → grant per-utente) con `
|
|
540
|
+
ACL (azioni → ruoli → grant per-utente) con un'unica primitiva `checkAction` (action-based, match **esatto** su `(companyId, resourceId)`, niente wildcard) e **cache RAM + L2 pluggable** (TTL diversi) e invalidazione che forza il DB.
|
|
541
541
|
|
|
542
542
|
```ts
|
|
543
543
|
import { AclModule, AclService, AclActionRepository, AclRoleRepository, AclGrantRepository,
|
|
@@ -572,10 +572,9 @@ import { AclModule, AclService, AclActionRepository, AclRoleRepository, AclGrant
|
|
|
572
572
|
export class AppModule {}
|
|
573
573
|
```
|
|
574
574
|
|
|
575
|
-
- I handler sono esposti su `BrokerService` con topic **`rlb-acl`** (costante `ACL_TOPIC`): `acl-
|
|
576
|
-
- **
|
|
577
|
-
|
|
578
|
-
- `canUserDo(roles, userId, resourceId)` — **lato microservizio**: vero se un grant **globale** (senza `resourceId`) **oppure** legato a quella risorsa dà all'utente il ruolo (`roles` accetta `string | string[]`). La risorsa è nota solo al ms, che chiama l'RPC `acl-can-user-do` con payload `{ userId, resource, roles }`.
|
|
575
|
+
- I handler sono esposti su `BrokerService` con topic **`rlb-acl`** (costante `ACL_TOPIC`): `acl-check-action` (rpc), `acl-grant`/`acl-revoke`, `acl-list-resources-by-user`, `acl-action-*`, `acl-role-*`. Definisci nel tuo `broker.topics` un topic `rlb-acl`. (Il check del gateway è in-process via `IAclRoleService`, quindi gli auth-provider non richiedono più `aclTopic`/`aclAction`.)
|
|
576
|
+
- **Verifica unica action-based** (servita dalla cache 2-tier, miss → DB → ripopola): `checkAction(userId, { companyId?, resourceId? }, action)` — vero se l'utente ha l'`action` (`string | string[]`, semantica OR) tramite un qualsiasi ruolo, su quella **esatta** coppia `(companyId, resourceId)`. Match: `grant.companyId === companyId && grant.resourceId === resourceId` (undefined/null/'' = assenti); unica deroga: entrambi assenti su richiesta **e** grant (grant globale). **Niente wildcard**; `companyId` è parte della decisione. Il gateway la usa in-process via `IAclRoleService.checkAction` su `path.actions`; è esposta anche come RPC `acl-check-action` (`{ userId, action, companyId?, resourceId? }`) per gli altri ms.
|
|
577
|
+
- **grant/revoke sono gated**: il chiamante (header `X-GTW-AUTH-USERID`) deve avere l'azione `role-management` sulla risorsa target `(companyId, resourceId)`, altrimenti `403`. Il record grant è univoco per `(userId, companyId, resourceId)`; il primo `role-management` si fa **seed diretto a DB** (nessun bypass nella lib; azione del gate configurabile con `AclModuleOptions.roleManagementAction`).
|
|
579
578
|
- **Invalidazione**: ogni mutazione (grant/role/action) svuota L1 e L2 → la prossima verifica pesca dal DB. Senza L2, la coerenza multi-istanza è limitata dal `ramTtlMs`.
|
|
580
579
|
- **Cache L2 pluggable**: il consumer fornisce `{ provide: RLB_ACL_CACHE_STORE, useClass/useExisting }` che implementa `AclCacheStore` (`get/set/del/keys`). In `gateway-in-memory` è `InMemoryAclStore` (mock in RAM, nessuna dipendenza esterna); in produzione plugga uno store condiviso (es. Redis).
|
|
581
580
|
|
|
@@ -605,23 +604,23 @@ Handler su topic **`rlb-gateway-admin`** (`GATEWAY_ADMIN_TOPIC`):
|
|
|
605
604
|
|
|
606
605
|
## API `BrokerService`
|
|
607
606
|
|
|
608
|
-
| Metodo
|
|
609
|
-
|
|
|
610
|
-
| `requestData(topic, action, payload?, headers?, timeout?)`
|
|
611
|
-
| `publishMessage(topic, action, payload, headers?)` → `Promise<boolean>` | event fire-and-forget con publisher confirm
|
|
612
|
-
| `registerRpc(topic, handler)`
|
|
613
|
-
| `registerHandler(topic, handler)`
|
|
614
|
-
| `getRpc(topic)` / `getHandler(topic)`
|
|
615
|
-
| `events$` / `getEvents$<T>()`
|
|
607
|
+
| Metodo | Uso |
|
|
608
|
+
| ----------------------------------------------------------------------- | ------------------------------------------------ |
|
|
609
|
+
| `requestData(topic, action, payload?, headers?, timeout?)` | RPC request/response (attende la risposta) |
|
|
610
|
+
| `publishMessage(topic, action, payload, headers?)` → `Promise<boolean>` | event fire-and-forget con publisher confirm |
|
|
611
|
+
| `registerRpc(topic, handler)` | consumer RPC manuale |
|
|
612
|
+
| `registerHandler(topic, handler)` | consumer `handle` / `broadcast` (ritorna void) |
|
|
613
|
+
| `getRpc(topic)` / `getHandler(topic)` | recupera l'handler registrato |
|
|
614
|
+
| `events$` / `getEvents$<T>()` | Observable degli eventi dei topic `toObservable` |
|
|
616
615
|
|
|
617
616
|
### Decoratori
|
|
618
617
|
|
|
619
|
-
| Decoratore | Uso
|
|
620
|
-
| ------------------------------------------------------------- |
|
|
621
|
-
| `@BrokerAction(topic, action, type?)` | lega un metodo a topic/action
|
|
622
|
-
| `@BrokerParam(source, name?)` | mappa i parametri dai dati messaggio
|
|
618
|
+
| Decoratore | Uso |
|
|
619
|
+
| ------------------------------------------------------------- | -------------------------------------- |
|
|
620
|
+
| `@BrokerAction(topic, action, type?)` | lega un metodo a topic/action |
|
|
621
|
+
| `@BrokerParam(source, name?)` | mappa i parametri dai dati messaggio |
|
|
623
622
|
| `@BrokerAuth(authName, allowAnonymous?, roles?)` | metadati di auth (usati dallo scanner) |
|
|
624
|
-
| `@BrokerHTTP(method, path, dataSource?, timeout?, parseRaw?)` | metadati HTTP (usati dallo scanner)
|
|
623
|
+
| `@BrokerHTTP(method, path, dataSource?, timeout?, parseRaw?)` | metadati HTTP (usati dallo scanner) |
|
|
625
624
|
|
|
626
625
|
### Pipe utility
|
|
627
626
|
|
|
@@ -660,7 +659,7 @@ Questi sono i punti che causano più frequentemente bug silenziosi. **Leggili pr
|
|
|
660
659
|
|
|
661
660
|
### Auth / ACL
|
|
662
661
|
|
|
663
|
-
14. **`
|
|
662
|
+
14. **`actions` su una path richiede un `IAclRoleService`** registrato via `RLB_GTW_ACL_ROLE_SERVICE` in `ProxyModule.forRootAsync({ providers: [...] })`. Il check del gateway è **action-based**: `path.actions` elenca **nomi di azione** e l'utente passa se ne possiede **almeno una** sulla **esatta** coppia `(companyId, resourceId)` della richiesta (`checkAction(userId, ctx, path.actions)`). Il gateway estrae i campi canonici `companyId`/`resourceId` dalla richiesta (precedenza params→query→body) e li confronta in modo esatto. L'auth-provider deve definire `uidClaim` (per estrarre lo userId) + `headerPrefix`. Nota: `authOptions`/`gatewayOptions` si passano a `ProxyModule`, non a `BrokerModule`.
|
|
664
663
|
15. **Gli header propagati sono uppercase e prefissati** (`${headerPrefix}${DEST}`): leggi `X-GTW-AUTH-USERID`, non `userId`.
|
|
665
664
|
|
|
666
665
|
### WebSocket
|
|
@@ -687,7 +686,7 @@ Questi sono i punti che causano più frequentemente bug silenziosi. **Leggili pr
|
|
|
687
686
|
- `Queue <name> has no routing key`: l'exchange è di tipo `topic` ma il queue non ha `routingKey`.
|
|
688
687
|
- `Client name is required ...`: manca `connection_name` (richiesto da broadcast e WebSocket).
|
|
689
688
|
- `ACL Role Service not found`: stai usando `roles` senza aver registrato `RLB_GTW_ACL_ROLE_SERVICE`.
|
|
690
|
-
- `401/403` dal gateway: controlla `auth`, `auth-providers[]`, e l'ACL service quando usi `
|
|
689
|
+
- `401/403` dal gateway: controlla `auth`, `auth-providers[]`, e l'ACL service quando usi `actions`.
|
|
691
690
|
- Timeout RPC: `replyQueues` errato, `action` non gestita da alcun servizio, o handler troppo lento (`timeout`).
|
|
692
691
|
|
|
693
692
|
---
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.grantMatchesResource = grantMatchesResource;
|
|
4
|
+
function norm(v) {
|
|
5
|
+
return v === undefined || v === null || v === '' ? null : String(v);
|
|
6
|
+
}
|
|
7
|
+
function grantMatchesResource(grant, ctx) {
|
|
8
|
+
return norm(grant?.companyId) === norm(ctx?.companyId) && norm(grant?.resourceId) === norm(ctx?.resourceId);
|
|
9
|
+
}
|
|
10
|
+
//# sourceMappingURL=auth-match.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-match.js","sourceRoot":"","sources":["../../../libs/rlb-nestjs-amqp/src/modules/acl/auth-match.ts"],"names":[],"mappings":";;AAkBA,oDAEC;AAXD,SAAS,IAAI,CAAC,CAAU;IACtB,OAAO,CAAC,KAAK,SAAS,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;AACtE,CAAC;AAOD,SAAgB,oBAAoB,CAAC,KAAe,EAAE,GAAwB;IAC5E,OAAO,IAAI,CAAC,KAAK,EAAE,SAAS,CAAC,KAAK,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,UAAU,CAAC,KAAK,IAAI,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;AAC9G,CAAC"}
|
package/modules/acl/const.d.ts
CHANGED
|
@@ -1,19 +1,22 @@
|
|
|
1
1
|
export declare const ACL_TOPIC = "rlb-acl";
|
|
2
2
|
export declare const RLB_ACL_OPTIONS = "RLB_ACL_OPTIONS";
|
|
3
3
|
export declare const RLB_ACL_CACHE_STORE = "RLB_ACL_CACHE_STORE";
|
|
4
|
+
export declare const ACL_DEFAULT_ROLE_MANAGEMENT_ACTION = "role-management";
|
|
4
5
|
export declare const ACL_ACTIONS: {
|
|
5
|
-
readonly
|
|
6
|
-
readonly canUserDoGtw: "acl-can-user-do-gtw";
|
|
6
|
+
readonly checkAction: "acl-check-action";
|
|
7
7
|
readonly listResourcesByUser: "acl-list-resources-by-user";
|
|
8
8
|
readonly grant: "acl-grant";
|
|
9
9
|
readonly revoke: "acl-revoke";
|
|
10
|
+
readonly grantSearch: "acl-grant-search";
|
|
10
11
|
readonly invalidate: "acl-invalidate";
|
|
11
12
|
readonly actionUpdate: "acl-action-update";
|
|
12
13
|
readonly actionDelete: "acl-action-delete";
|
|
13
14
|
readonly actionList: "acl-action-list";
|
|
14
15
|
readonly actionGet: "acl-action-get";
|
|
16
|
+
readonly actionSearch: "acl-action-search";
|
|
15
17
|
readonly roleUpdate: "acl-role-update";
|
|
16
18
|
readonly roleDelete: "acl-role-delete";
|
|
17
19
|
readonly roleList: "acl-role-list";
|
|
18
20
|
readonly roleGet: "acl-role-get";
|
|
21
|
+
readonly roleSearch: "acl-role-search";
|
|
19
22
|
};
|
package/modules/acl/const.js
CHANGED
|
@@ -1,23 +1,26 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.ACL_ACTIONS = exports.RLB_ACL_CACHE_STORE = exports.RLB_ACL_OPTIONS = exports.ACL_TOPIC = void 0;
|
|
3
|
+
exports.ACL_ACTIONS = exports.ACL_DEFAULT_ROLE_MANAGEMENT_ACTION = exports.RLB_ACL_CACHE_STORE = exports.RLB_ACL_OPTIONS = exports.ACL_TOPIC = void 0;
|
|
4
4
|
exports.ACL_TOPIC = 'rlb-acl';
|
|
5
5
|
exports.RLB_ACL_OPTIONS = 'RLB_ACL_OPTIONS';
|
|
6
6
|
exports.RLB_ACL_CACHE_STORE = 'RLB_ACL_CACHE_STORE';
|
|
7
|
+
exports.ACL_DEFAULT_ROLE_MANAGEMENT_ACTION = 'role-management';
|
|
7
8
|
exports.ACL_ACTIONS = {
|
|
8
|
-
|
|
9
|
-
canUserDoGtw: 'acl-can-user-do-gtw',
|
|
9
|
+
checkAction: 'acl-check-action',
|
|
10
10
|
listResourcesByUser: 'acl-list-resources-by-user',
|
|
11
11
|
grant: 'acl-grant',
|
|
12
12
|
revoke: 'acl-revoke',
|
|
13
|
+
grantSearch: 'acl-grant-search',
|
|
13
14
|
invalidate: 'acl-invalidate',
|
|
14
15
|
actionUpdate: 'acl-action-update',
|
|
15
16
|
actionDelete: 'acl-action-delete',
|
|
16
17
|
actionList: 'acl-action-list',
|
|
17
18
|
actionGet: 'acl-action-get',
|
|
19
|
+
actionSearch: 'acl-action-search',
|
|
18
20
|
roleUpdate: 'acl-role-update',
|
|
19
21
|
roleDelete: 'acl-role-delete',
|
|
20
22
|
roleList: 'acl-role-list',
|
|
21
23
|
roleGet: 'acl-role-get',
|
|
24
|
+
roleSearch: 'acl-role-search',
|
|
22
25
|
};
|
|
23
26
|
//# sourceMappingURL=const.js.map
|
package/modules/acl/const.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"const.js","sourceRoot":"","sources":["../../../libs/rlb-nestjs-amqp/src/modules/acl/const.ts"],"names":[],"mappings":";;;AAGa,QAAA,SAAS,GAAG,SAAS,CAAC;AAEtB,QAAA,eAAe,GAAG,iBAAiB,CAAC;AAEpC,QAAA,mBAAmB,GAAG,qBAAqB,CAAC;
|
|
1
|
+
{"version":3,"file":"const.js","sourceRoot":"","sources":["../../../libs/rlb-nestjs-amqp/src/modules/acl/const.ts"],"names":[],"mappings":";;;AAGa,QAAA,SAAS,GAAG,SAAS,CAAC;AAEtB,QAAA,eAAe,GAAG,iBAAiB,CAAC;AAEpC,QAAA,mBAAmB,GAAG,qBAAqB,CAAC;AAI5C,QAAA,kCAAkC,GAAG,iBAAiB,CAAC;AAGvD,QAAA,WAAW,GAAG;IAGzB,WAAW,EAAE,kBAAkB;IAE/B,mBAAmB,EAAE,4BAA4B;IACjD,KAAK,EAAE,WAAW;IAClB,MAAM,EAAE,YAAY;IACpB,WAAW,EAAE,kBAAkB;IAC/B,UAAU,EAAE,gBAAgB;IAE5B,YAAY,EAAE,mBAAmB;IACjC,YAAY,EAAE,mBAAmB;IACjC,UAAU,EAAE,iBAAiB;IAC7B,SAAS,EAAE,gBAAgB;IAC3B,YAAY,EAAE,mBAAmB;IACjC,UAAU,EAAE,iBAAiB;IAC7B,UAAU,EAAE,iBAAiB;IAC7B,QAAQ,EAAE,eAAe;IACzB,OAAO,EAAE,cAAc;IACvB,UAAU,EAAE,iBAAiB;CACrB,CAAC"}
|
package/modules/acl/index.d.ts
CHANGED
package/modules/acl/index.js
CHANGED
|
@@ -15,6 +15,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
15
15
|
};
|
|
16
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
17
|
__exportStar(require("./acl.module"), exports);
|
|
18
|
+
__exportStar(require("./auth-match"), exports);
|
|
18
19
|
__exportStar(require("./cache/acl-cache.service"), exports);
|
|
19
20
|
__exportStar(require("./cache/cache-store"), exports);
|
|
20
21
|
__exportStar(require("./config/acl.config"), exports);
|
package/modules/acl/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../libs/rlb-nestjs-amqp/src/modules/acl/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,+CAA6B;AAC7B,4DAA0C;AAC1C,sDAAoC;AACpC,sDAAoC;AACpC,0CAAwB;AACxB,2CAAyB;AACzB,qEAAmD;AACnD,oEAAkD;AAClD,mEAAiD;AACjD,oEAAkD;AAClD,yDAAuC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../libs/rlb-nestjs-amqp/src/modules/acl/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,+CAA6B;AAC7B,+CAA6B;AAC7B,4DAA0C;AAC1C,sDAAoC;AACpC,sDAAoC;AACpC,0CAAwB;AACxB,2CAAyB;AACzB,qEAAmD;AACnD,oEAAkD;AAClD,mEAAiD;AACjD,oEAAkD;AAClD,yDAAuC"}
|
|
@@ -14,4 +14,5 @@ export declare abstract class AclActionRepository {
|
|
|
14
14
|
abstract filterPaginated(filter: Record<string, any>, page?: number, limit?: number): Promise<PaginationModel<AclAction>>;
|
|
15
15
|
abstract retrieveAll(): Promise<AclAction[]>;
|
|
16
16
|
abstract retrieveAllPaginated(page: number, limit: number): Promise<PaginationModel<AclAction>>;
|
|
17
|
+
abstract search(q?: string, page?: number, limit?: number): Promise<PaginationModel<AclAction>>;
|
|
17
18
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"acl-action.repository.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/repository/acl-action.repository.ts"],"names":[],"mappings":";;;AAQA,MAAsB,mBAAmB;
|
|
1
|
+
{"version":3,"file":"acl-action.repository.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/repository/acl-action.repository.ts"],"names":[],"mappings":";;;AAQA,MAAsB,mBAAmB;CAmBxC;AAnBD,kDAmBC"}
|
|
@@ -11,4 +11,5 @@ export declare abstract class AclGrantRepository {
|
|
|
11
11
|
abstract removeOne(filter: Record<string, any>): Promise<AclGrant>;
|
|
12
12
|
abstract filter(filter: Record<string, any>): Promise<AclGrant[]>;
|
|
13
13
|
abstract filterPaginated(filter: Record<string, any>, page?: number, limit?: number): Promise<PaginationModel<AclGrant>>;
|
|
14
|
+
abstract search(q?: string, page?: number, limit?: number): Promise<PaginationModel<AclGrant>>;
|
|
14
15
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"acl-grant.repository.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/repository/acl-grant.repository.ts"],"names":[],"mappings":";;;AAOA,MAAsB,kBAAkB;
|
|
1
|
+
{"version":3,"file":"acl-grant.repository.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/repository/acl-grant.repository.ts"],"names":[],"mappings":";;;AAOA,MAAsB,kBAAkB;CAevC;AAfD,gDAeC"}
|
|
@@ -13,4 +13,5 @@ export declare abstract class AclRoleRepository {
|
|
|
13
13
|
abstract list(): Promise<AclRole[]>;
|
|
14
14
|
abstract listPaginated(page: number, limit: number): Promise<PaginationModel<AclRole>>;
|
|
15
15
|
abstract getActionsByNames(names: string[]): Promise<string[]>;
|
|
16
|
+
abstract search(q?: string, page?: number, limit?: number): Promise<PaginationModel<AclRole>>;
|
|
16
17
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"acl-role.repository.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/repository/acl-role.repository.ts"],"names":[],"mappings":";;;AAQA,MAAsB,iBAAiB;
|
|
1
|
+
{"version":3,"file":"acl-role.repository.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/repository/acl-role.repository.ts"],"names":[],"mappings":";;;AAQA,MAAsB,iBAAiB;CAkBtC;AAlBD,8CAkBC"}
|
|
@@ -1,18 +1,22 @@
|
|
|
1
1
|
import { PaginationModel } from '../../../common';
|
|
2
2
|
import { AclCacheService } from '../cache/acl-cache.service';
|
|
3
|
+
import { AclModuleOptions } from '../config/acl.config';
|
|
3
4
|
import { AclAction, AclGrant, AclRole } from '../models';
|
|
4
5
|
import { AclActionRepository } from '../repository/acl-action.repository';
|
|
5
6
|
import { AclGrantRepository } from '../repository/acl-grant.repository';
|
|
6
7
|
import { AclRoleRepository } from '../repository/acl-role.repository';
|
|
8
|
+
import { AclService } from './acl.service';
|
|
7
9
|
export declare class AclManagementService {
|
|
8
10
|
private readonly actions;
|
|
9
11
|
private readonly roles;
|
|
10
12
|
private readonly grants;
|
|
11
13
|
private readonly cache;
|
|
14
|
+
private readonly acl;
|
|
12
15
|
private readonly logger;
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
+
private readonly roleMgmtAction;
|
|
17
|
+
constructor(actions: AclActionRepository, roles: AclRoleRepository, grants: AclGrantRepository, cache: AclCacheService, acl: AclService, options: AclModuleOptions);
|
|
18
|
+
grant(userId: string, roles: string[], resourceId?: string, companyId?: string, friendlyName?: string, currentUser?: string): Promise<AclGrant>;
|
|
19
|
+
revoke(userId: string, roles: string[], resourceId?: string, companyId?: string, currentUser?: string): Promise<AclGrant | null>;
|
|
16
20
|
private findGrant;
|
|
17
21
|
upsertAction(name: string, description?: string): Promise<AclAction>;
|
|
18
22
|
deleteAction(name: string): Promise<AclAction>;
|
|
@@ -22,6 +26,9 @@ export declare class AclManagementService {
|
|
|
22
26
|
deleteRole(name: string): Promise<AclRole>;
|
|
23
27
|
listRoles(page?: number, limit?: number): Promise<PaginationModel<AclRole>>;
|
|
24
28
|
getRole(name: string): Promise<AclRole>;
|
|
29
|
+
searchActions(q?: string, page?: number, limit?: number): Promise<PaginationModel<AclAction>>;
|
|
30
|
+
searchRoles(q?: string, page?: number, limit?: number): Promise<PaginationModel<AclRole>>;
|
|
31
|
+
searchGrants(q?: string, page?: number, limit?: number): Promise<PaginationModel<AclGrant>>;
|
|
25
32
|
getActionsByNames(names: string[]): Promise<string[]>;
|
|
26
33
|
private assertActionsExist;
|
|
27
34
|
private assertRolesExist;
|
|
@@ -17,26 +17,33 @@ exports.AclManagementService = void 0;
|
|
|
17
17
|
const common_1 = require("@nestjs/common");
|
|
18
18
|
const common_2 = require("../../../common");
|
|
19
19
|
const broker_1 = require("../../broker");
|
|
20
|
+
const auth_match_1 = require("../auth-match");
|
|
20
21
|
const acl_cache_service_1 = require("../cache/acl-cache.service");
|
|
21
22
|
const const_1 = require("../const");
|
|
22
23
|
const acl_action_repository_1 = require("../repository/acl-action.repository");
|
|
23
24
|
const acl_grant_repository_1 = require("../repository/acl-grant.repository");
|
|
24
25
|
const acl_role_repository_1 = require("../repository/acl-role.repository");
|
|
26
|
+
const acl_service_1 = require("./acl.service");
|
|
25
27
|
let AclManagementService = AclManagementService_1 = class AclManagementService {
|
|
26
|
-
constructor(actions, roles, grants, cache) {
|
|
28
|
+
constructor(actions, roles, grants, cache, acl, options) {
|
|
27
29
|
this.actions = actions;
|
|
28
30
|
this.roles = roles;
|
|
29
31
|
this.grants = grants;
|
|
30
32
|
this.cache = cache;
|
|
33
|
+
this.acl = acl;
|
|
31
34
|
this.logger = new common_1.Logger(AclManagementService_1.name);
|
|
35
|
+
this.roleMgmtAction = options.roleManagementAction ?? const_1.ACL_DEFAULT_ROLE_MANAGEMENT_ACTION;
|
|
32
36
|
}
|
|
33
|
-
async grant(userId, roles, resourceId, companyId, friendlyName) {
|
|
37
|
+
async grant(userId, roles, resourceId, companyId, friendlyName, currentUser) {
|
|
34
38
|
if (!userId)
|
|
35
39
|
throw new common_2.BadRequestError('userId is required');
|
|
36
40
|
if (!roles?.length)
|
|
37
41
|
throw new common_2.BadRequestError('roles are required');
|
|
42
|
+
if (!(await this.acl.checkAction(currentUser ?? '', { companyId, resourceId }, this.roleMgmtAction))) {
|
|
43
|
+
throw new common_2.ForbiddenError(`'${this.roleMgmtAction}' is required on the target resource to grant`);
|
|
44
|
+
}
|
|
38
45
|
await this.assertRolesExist(roles);
|
|
39
|
-
const existing = await this.findGrant(userId, resourceId);
|
|
46
|
+
const existing = await this.findGrant(userId, companyId, resourceId);
|
|
40
47
|
let result;
|
|
41
48
|
if (existing) {
|
|
42
49
|
const merged = Array.from(new Set([...(existing.roles || []), ...roles]));
|
|
@@ -52,12 +59,15 @@ let AclManagementService = AclManagementService_1 = class AclManagementService {
|
|
|
52
59
|
await this.cache.invalidate(userId);
|
|
53
60
|
return result;
|
|
54
61
|
}
|
|
55
|
-
async revoke(userId, roles, resourceId, companyId) {
|
|
62
|
+
async revoke(userId, roles, resourceId, companyId, currentUser) {
|
|
56
63
|
if (!userId)
|
|
57
64
|
throw new common_2.BadRequestError('userId is required');
|
|
58
65
|
if (!roles?.length)
|
|
59
66
|
throw new common_2.BadRequestError('roles are required');
|
|
60
|
-
|
|
67
|
+
if (!(await this.acl.checkAction(currentUser ?? '', { companyId, resourceId }, this.roleMgmtAction))) {
|
|
68
|
+
throw new common_2.ForbiddenError(`'${this.roleMgmtAction}' is required on the target resource to revoke`);
|
|
69
|
+
}
|
|
70
|
+
const existing = await this.findGrant(userId, companyId, resourceId);
|
|
61
71
|
if (!existing)
|
|
62
72
|
return null;
|
|
63
73
|
const remaining = (existing.roles || []).filter((r) => !roles.includes(r));
|
|
@@ -67,9 +77,9 @@ let AclManagementService = AclManagementService_1 = class AclManagementService {
|
|
|
67
77
|
await this.cache.invalidate(userId);
|
|
68
78
|
return result;
|
|
69
79
|
}
|
|
70
|
-
async findGrant(userId, resourceId) {
|
|
80
|
+
async findGrant(userId, companyId, resourceId) {
|
|
71
81
|
const all = await this.grants.filter({ userId });
|
|
72
|
-
return (all || []).find((g) => (g
|
|
82
|
+
return (all || []).find((g) => (0, auth_match_1.grantMatchesResource)(g, { companyId, resourceId }));
|
|
73
83
|
}
|
|
74
84
|
async upsertAction(name, description) {
|
|
75
85
|
if (!name)
|
|
@@ -120,6 +130,15 @@ let AclManagementService = AclManagementService_1 = class AclManagementService {
|
|
|
120
130
|
throw new common_2.BadRequestError('name is required');
|
|
121
131
|
return this.roles.findByName(name);
|
|
122
132
|
}
|
|
133
|
+
async searchActions(q, page, limit) {
|
|
134
|
+
return this.actions.search(q, Number(page) || 1, Number(limit) || 10);
|
|
135
|
+
}
|
|
136
|
+
async searchRoles(q, page, limit) {
|
|
137
|
+
return this.roles.search(q, Number(page) || 1, Number(limit) || 10);
|
|
138
|
+
}
|
|
139
|
+
async searchGrants(q, page, limit) {
|
|
140
|
+
return this.grants.search(q, Number(page) || 1, Number(limit) || 10);
|
|
141
|
+
}
|
|
123
142
|
async getActionsByNames(names) {
|
|
124
143
|
return this.roles.getActionsByNames(names);
|
|
125
144
|
}
|
|
@@ -144,8 +163,9 @@ __decorate([
|
|
|
144
163
|
__param(2, (0, broker_1.BrokerParam)('body', 'resourceId')),
|
|
145
164
|
__param(3, (0, broker_1.BrokerParam)('body', 'companyId')),
|
|
146
165
|
__param(4, (0, broker_1.BrokerParam)('body', 'friendlyName')),
|
|
166
|
+
__param(5, (0, broker_1.BrokerParam)('header', 'X-GTW-AUTH-USERID')),
|
|
147
167
|
__metadata("design:type", Function),
|
|
148
|
-
__metadata("design:paramtypes", [String, Array, String, String, String]),
|
|
168
|
+
__metadata("design:paramtypes", [String, Array, String, String, String, String]),
|
|
149
169
|
__metadata("design:returntype", Promise)
|
|
150
170
|
], AclManagementService.prototype, "grant", null);
|
|
151
171
|
__decorate([
|
|
@@ -154,8 +174,9 @@ __decorate([
|
|
|
154
174
|
__param(1, (0, broker_1.BrokerParam)('body', 'roles')),
|
|
155
175
|
__param(2, (0, broker_1.BrokerParam)('body', 'resourceId')),
|
|
156
176
|
__param(3, (0, broker_1.BrokerParam)('body', 'companyId')),
|
|
177
|
+
__param(4, (0, broker_1.BrokerParam)('header', 'X-GTW-AUTH-USERID')),
|
|
157
178
|
__metadata("design:type", Function),
|
|
158
|
-
__metadata("design:paramtypes", [String, Array, String, String]),
|
|
179
|
+
__metadata("design:paramtypes", [String, Array, String, String, String]),
|
|
159
180
|
__metadata("design:returntype", Promise)
|
|
160
181
|
], AclManagementService.prototype, "revoke", null);
|
|
161
182
|
__decorate([
|
|
@@ -219,11 +240,40 @@ __decorate([
|
|
|
219
240
|
__metadata("design:paramtypes", [String]),
|
|
220
241
|
__metadata("design:returntype", Promise)
|
|
221
242
|
], AclManagementService.prototype, "getRole", null);
|
|
243
|
+
__decorate([
|
|
244
|
+
(0, broker_1.BrokerAction)(const_1.ACL_TOPIC, const_1.ACL_ACTIONS.actionSearch, 'rpc'),
|
|
245
|
+
__param(0, (0, broker_1.BrokerParam)('body', 'q')),
|
|
246
|
+
__param(1, (0, broker_1.BrokerParam)('body', 'page')),
|
|
247
|
+
__param(2, (0, broker_1.BrokerParam)('body', 'limit')),
|
|
248
|
+
__metadata("design:type", Function),
|
|
249
|
+
__metadata("design:paramtypes", [String, Number, Number]),
|
|
250
|
+
__metadata("design:returntype", Promise)
|
|
251
|
+
], AclManagementService.prototype, "searchActions", null);
|
|
252
|
+
__decorate([
|
|
253
|
+
(0, broker_1.BrokerAction)(const_1.ACL_TOPIC, const_1.ACL_ACTIONS.roleSearch, 'rpc'),
|
|
254
|
+
__param(0, (0, broker_1.BrokerParam)('body', 'q')),
|
|
255
|
+
__param(1, (0, broker_1.BrokerParam)('body', 'page')),
|
|
256
|
+
__param(2, (0, broker_1.BrokerParam)('body', 'limit')),
|
|
257
|
+
__metadata("design:type", Function),
|
|
258
|
+
__metadata("design:paramtypes", [String, Number, Number]),
|
|
259
|
+
__metadata("design:returntype", Promise)
|
|
260
|
+
], AclManagementService.prototype, "searchRoles", null);
|
|
261
|
+
__decorate([
|
|
262
|
+
(0, broker_1.BrokerAction)(const_1.ACL_TOPIC, const_1.ACL_ACTIONS.grantSearch, 'rpc'),
|
|
263
|
+
__param(0, (0, broker_1.BrokerParam)('body', 'q')),
|
|
264
|
+
__param(1, (0, broker_1.BrokerParam)('body', 'page')),
|
|
265
|
+
__param(2, (0, broker_1.BrokerParam)('body', 'limit')),
|
|
266
|
+
__metadata("design:type", Function),
|
|
267
|
+
__metadata("design:paramtypes", [String, Number, Number]),
|
|
268
|
+
__metadata("design:returntype", Promise)
|
|
269
|
+
], AclManagementService.prototype, "searchGrants", null);
|
|
222
270
|
exports.AclManagementService = AclManagementService = AclManagementService_1 = __decorate([
|
|
223
271
|
(0, common_1.Injectable)(),
|
|
272
|
+
__param(5, (0, common_1.Inject)(const_1.RLB_ACL_OPTIONS)),
|
|
224
273
|
__metadata("design:paramtypes", [acl_action_repository_1.AclActionRepository,
|
|
225
274
|
acl_role_repository_1.AclRoleRepository,
|
|
226
275
|
acl_grant_repository_1.AclGrantRepository,
|
|
227
|
-
acl_cache_service_1.AclCacheService
|
|
276
|
+
acl_cache_service_1.AclCacheService,
|
|
277
|
+
acl_service_1.AclService, Object])
|
|
228
278
|
], AclManagementService);
|
|
229
279
|
//# sourceMappingURL=acl-management.service.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"acl-management.service.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/services/acl-management.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,
|
|
1
|
+
{"version":3,"file":"acl-management.service.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/services/acl-management.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAA4D;AAC5D,4CAAmF;AACnF,yCAAyD;AACzD,8CAAqD;AACrD,kEAA6D;AAE7D,oCAAuG;AAEvG,+EAA0E;AAC1E,6EAAwE;AACxE,2EAAsE;AACtE,+CAA2C;AAGpC,IAAM,oBAAoB,4BAA1B,MAAM,oBAAoB;IAK/B,YACmB,OAA4B,EAC5B,KAAwB,EACxB,MAA0B,EAC1B,KAAsB,EACtB,GAAe,EACP,OAAyB;QALjC,YAAO,GAAP,OAAO,CAAqB;QAC5B,UAAK,GAAL,KAAK,CAAmB;QACxB,WAAM,GAAN,MAAM,CAAoB;QAC1B,UAAK,GAAL,KAAK,CAAiB;QACtB,QAAG,GAAH,GAAG,CAAY;QATjB,WAAM,GAAG,IAAI,eAAM,CAAC,sBAAoB,CAAC,IAAI,CAAC,CAAC;QAY9D,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,oBAAoB,IAAI,0CAAkC,CAAC;IAC3F,CAAC;IAOK,AAAN,KAAK,CAAC,KAAK,CACsB,MAAc,EACf,KAAe,EACV,UAAmB,EACpB,SAAkB,EACf,YAAqB,EACd,WAAoB;QAEhE,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,oBAAoB,CAAC,CAAC;QAC7D,IAAI,CAAC,KAAK,EAAE,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,oBAAoB,CAAC,CAAC;QACpE,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,WAAW,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,UAAU,EAAE,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC,EAAE,CAAC;YACrG,MAAM,IAAI,uBAAc,CAAC,IAAI,IAAI,CAAC,cAAc,+CAA+C,CAAC,CAAC;QACnG,CAAC;QACD,MAAM,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;QAGnC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;QACrE,IAAI,MAAgB,CAAC;QACrB,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,IAAI,EAAE,CAAC,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAC1E,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAI,EAAE;gBACnD,KAAK,EAAE,MAAM;gBACb,SAAS,EAAE,SAAS,IAAI,QAAQ,CAAC,SAAS;gBAC1C,YAAY,EAAE,YAAY,IAAI,QAAQ,CAAC,YAAY;aACpD,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,CAAC,CAAC;QACxH,CAAC;QACD,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACpC,OAAO,MAAM,CAAC;IAChB,CAAC;IAGK,AAAN,KAAK,CAAC,MAAM,CACqB,MAAc,EACf,KAAe,EACV,UAAmB,EACpB,SAAkB,EACR,WAAoB;QAEhE,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,oBAAoB,CAAC,CAAC;QAC7D,IAAI,CAAC,KAAK,EAAE,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,oBAAoB,CAAC,CAAC;QACpE,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,WAAW,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,UAAU,EAAE,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC,EAAE,CAAC;YACrG,MAAM,IAAI,uBAAc,CAAC,IAAI,IAAI,CAAC,cAAc,gDAAgD,CAAC,CAAC;QACpG,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;QACrE,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,CAAC;QAG3B,MAAM,SAAS,GAAG,CAAC,QAAQ,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3E,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM;YAC7B,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAI,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;YACnE,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAI,CAAC,CAAC;QAChD,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACpC,OAAO,MAAM,CAAC;IAChB,CAAC;IAGO,KAAK,CAAC,SAAS,CAAC,MAAc,EAAE,SAAkB,EAAE,UAAmB;QAC7E,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,iCAAoB,EAAC,CAAC,EAAE,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;IACrF,CAAC;IAKK,AAAN,KAAK,CAAC,YAAY,CACa,IAAY,EACL,WAAoB;QAExD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,CAAC,CAAC;QACzD,MAAM,KAAK,GAAuB,EAAE,IAAI,EAAE,GAAG,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;QAClG,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,EAAE,KAAK,CAAC,CAAC;QAC7D,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,MAAM,CAAC;IAChB,CAAC;IAGK,AAAN,KAAK,CAAC,YAAY,CAA8B,IAAY;QAC1D,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QACvD,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,OAAO,CAAC;IACjB,CAAC;IAGK,AAAN,KAAK,CAAC,WAAW,CACc,IAAa,EACZ,KAAc;QAE5C,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IAClF,CAAC;IAGK,AAAN,KAAK,CAAC,SAAS,CAA8B,IAAY;QACvD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,CAAC,CAAC;QACzD,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IACvC,CAAC;IAKK,AAAN,KAAK,CAAC,UAAU,CACe,IAAY,EACT,OAAiB,EACb,WAAoB;QAExD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,CAAC,CAAC;QACzD,IAAI,CAAC,OAAO,EAAE,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,sBAAsB,CAAC,CAAC;QACxE,MAAM,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;QACvC,MAAM,KAAK,GAAqB,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;QACzG,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,EAAE,KAAK,CAAC,CAAC;QAC3D,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,MAAM,CAAC;IAChB,CAAC;IAGK,AAAN,KAAK,CAAC,UAAU,CAA8B,IAAY;QAGxD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QACrD,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,OAAO,CAAC;IACjB,CAAC;IAGK,AAAN,KAAK,CAAC,SAAS,CACgB,IAAa,EACZ,KAAc;QAE5C,OAAO,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IAChF,CAAC;IAGK,AAAN,KAAK,CAAC,OAAO,CAA8B,IAAY;QACrD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,CAAC,CAAC;QACzD,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IACrC,CAAC;IAIK,AAAN,KAAK,CAAC,aAAa,CAA2B,CAAU,EAA+B,IAAa,EAAgC,KAAc;QAChJ,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IACxE,CAAC;IAIK,AAAN,KAAK,CAAC,WAAW,CAA2B,CAAU,EAA+B,IAAa,EAAgC,KAAc;QAC9I,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IACtE,CAAC;IAIK,AAAN,KAAK,CAAC,YAAY,CAA2B,CAAU,EAA+B,IAAa,EAAgC,KAAc;QAC/I,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,KAAe;QACrC,OAAO,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;IAC7C,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAAC,KAAe;QAC9C,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;QAClE,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;QACtE,IAAI,OAAO,CAAC,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,oBAAoB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC1F,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAAC,KAAe;QAC5C,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;QAChE,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;QACtE,IAAI,OAAO,CAAC,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACxF,CAAC;CACF,CAAA;AAlMY,oDAAoB;AAqBzB;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,KAAK,EAAE,KAAK,CAAC;IAE/C,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAA;IAC7B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAC5B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,YAAY,CAAC,CAAA;IACjC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,WAAW,CAAC,CAAA;IAChC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,cAAc,CAAC,CAAA;IACnC,WAAA,IAAA,oBAAW,EAAC,QAAQ,EAAE,mBAAmB,CAAC,CAAA;;;;iDAwB5C;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,MAAM,EAAE,KAAK,CAAC;IAEhD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAA;IAC7B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAC5B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,YAAY,CAAC,CAAA;IACjC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,WAAW,CAAC,CAAA;IAChC,WAAA,IAAA,oBAAW,EAAC,QAAQ,EAAE,mBAAmB,CAAC,CAAA;;;;kDAiB5C;AAWK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,YAAY,EAAE,KAAK,CAAC;IAEtD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC3B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,aAAa,CAAC,CAAA;;;;wDAOpC;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,YAAY,EAAE,KAAK,CAAC;IACrC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;;;;wDAK9C;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,UAAU,EAAE,KAAK,CAAC;IAEpD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC3B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,OAAO,CAAC,CAAA;;;;uDAG9B;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,SAAS,EAAE,KAAK,CAAC;IACrC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;;;;qDAG3C;AAKK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,UAAU,EAAE,KAAK,CAAC;IAEpD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC3B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,SAAS,CAAC,CAAA;IAC9B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,aAAa,CAAC,CAAA;;;;sDASpC;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,UAAU,EAAE,KAAK,CAAC;IACrC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;;;;sDAO5C;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,QAAQ,EAAE,KAAK,CAAC;IAElD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC3B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,OAAO,CAAC,CAAA;;;;qDAG9B;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,OAAO,EAAE,KAAK,CAAC;IACrC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;;;;mDAGzC;AAIK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,YAAY,EAAE,KAAK,CAAC;IACpC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,GAAG,CAAC,CAAA;IAAc,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAAiB,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,OAAO,CAAC,CAAA;;;;yDAElI;AAIK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,UAAU,EAAE,KAAK,CAAC;IACpC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,GAAG,CAAC,CAAA;IAAc,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAAiB,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,OAAO,CAAC,CAAA;;;;uDAEhI;AAIK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,WAAW,EAAE,KAAK,CAAC;IACpC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,GAAG,CAAC,CAAA;IAAc,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAAiB,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,OAAO,CAAC,CAAA;;;;wDAEjI;+BAjLU,oBAAoB;IADhC,IAAA,mBAAU,GAAE;IAYR,WAAA,IAAA,eAAM,EAAC,uBAAe,CAAC,CAAA;qCALE,2CAAmB;QACrB,uCAAiB;QAChB,yCAAkB;QACnB,mCAAe;QACjB,wBAAU;GAVvB,oBAAoB,CAkMhC"}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { IAclRoleService } from '../../proxy/services/acl.service';
|
|
2
|
+
import { AclResourceContext } from '../auth-match';
|
|
2
3
|
import { AclCacheService } from '../cache/acl-cache.service';
|
|
3
4
|
import { AclResourceGroup } from '../models';
|
|
4
5
|
import { AclGrantRepository } from '../repository/acl-grant.repository';
|
|
@@ -10,9 +11,7 @@ export declare class AclService implements IAclRoleService {
|
|
|
10
11
|
private readonly logger;
|
|
11
12
|
constructor(grants: AclGrantRepository, roles: AclRoleRepository, cache: AclCacheService);
|
|
12
13
|
private toList;
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
handleCanUserDoGtw(userId: string, roles?: string | string[]): Promise<boolean>;
|
|
16
|
-
handleCanUserDo(userId: string, resource: string, roles?: string | string[]): Promise<boolean>;
|
|
14
|
+
checkAction(userId: string, ctx: AclResourceContext | undefined, action: string | string[]): Promise<boolean>;
|
|
15
|
+
handleCheckAction(userId: string, action: string | string[], companyId?: string, resourceId?: string): Promise<boolean>;
|
|
17
16
|
listResourcesByUser(userId: string): Promise<AclResourceGroup[]>;
|
|
18
17
|
}
|