@pcg/auth 1.0.0-alpha.0

package/.turbo/turbo-build.log

@@ -0,0 +1,15 @@
+
+
+> @pcg/auth@1.0.0-alpha.0 build /Users/serg_sadovyi/prj/deepvisionsoftware.github/pcg/packages/auth
+> tsdown
+
+ℹ tsdown v0.15.12 powered by rolldown v1.0.0-beta.45
+ℹ Using tsdown config: /Users/serg_sadovyi/prj/deepvisionsoftware.github/pcg/packages/auth/tsdown.config.ts
+ℹ entry: src/index.ts
+ℹ tsconfig: ../../tsconfig.build.json
+ℹ Build start
+ℹ dist/index.js      11.71 kB │ gzip: 3.11 kB
+ℹ dist/index.js.map  20.80 kB │ gzip: 5.58 kB
+ℹ dist/index.d.ts     8.62 kB │ gzip: 2.00 kB
+ℹ 3 files, total: 41.13 kB
+✔ Build complete in 577ms

package/README.md

@@ -0,0 +1,84 @@
+# @deep/auth
+
+### Quick Start
+
+Install npm package
+
+```tsx
+npm i @deep/auth --save
+```
+
+Use `isGranted` helper to check access rights.
+
+```jsx
+import { isGranted } from '@deep/auth'
+isGranted(user, 'js:episodes:create'); // boolean
+```
+
+### Resolved Permissions
+
+User object `user` must contain `resolvedPemissions` array with array of objects:
+
+```tsx
+user.resolvedPermission = [
+	{
+		id: "js:episodes:get",
+	  scopes: []
+	},
+	{
+		id: "js:episodes:list",
+		scopes: ["published"]
+	}
+],
+
+```
+
+But, is real life we store permissions in database as array of string, like this:
+
+```tsx
+[
+	"js:episodes:get",
+	"js:episodes[@published]:list"
+]
+```
+
+Library has special helper, to resolve permissions:
+
+```tsx
+import { resolvePermissions } from '@deep/auth';
+
+const permissions = [
+	"js:episodes:get",
+	"js:episodes[@published]:list"
+]
+
+user.resolvedPermission = resolvePermissions(permissions)
+```
+
+### Permission Context
+
+Some users don't have full access to action, but have access in some execution context. For example, user dont have permission to all episodes, but have permission only to published episodes.
+
+In this case we determinate execution context. If user fetch only published episodes, we set scope to `published`. If user has special permission `js:episodes[@published]:list` he will obtain access to this action.
+
+```tsx
+import { isGranted, PermissionContext } from '@deep/auth';
+const ctx = new PermissionContext();
+
+if (filter.published) {
+	ctx.addScope('published');
+}
+
+isGranted(user, 'js:episodes:list'); // boolean
+```
+
+Otherwise, we can build query based on user rights. In this case, we add system roles if user have special permission.
+
+```tsx
+import { isGranted } from '@deep/auth'
+if(isGranted(user, 'js:roles:get', { scopes: ['system'] })) {
+	where.or.push({
+    type: 'system'
+  })
+}
+```

package/dist/index.d.ts

@@ -0,0 +1,246 @@
+//#region src/permissions/action-scopes.d.ts
+type ActionScopesArray = (string | string[])[];
+/**
+ * Action scopes are used to describe
+ * what scopes are required to execute an action.
+ */
+declare class ActionScopes {
+  array: ActionScopesArray;
+  anyScope: boolean;
+  private idsMap;
+  constructor(scopes?: ActionScopesArray);
+  /**
+   * Set id scope (e.g. 'id#jsu:123')
+   * @param id - entity id
+   * @returns - this
+   * @example
+   * scopes.setEntityId('jsu:123')
+   *
+   * // scopes.getArray() = ['id#jsu:123']
+   */
+  setEntityId(id: string): this;
+  /**
+   * Set scope (e.g. 'org', 'org+review')
+   * @param scope - scope name (e.g. 'org', 'org+review')
+   * @param id - entity id (e.g. 'jsorg:hci')
+   * @returns - this
+   * @example
+   * scopes.set('my')
+   *
+   * // scopes.getArray() = ['my']
+   *
+   * scopes.set('org', 'jsorg:hci')
+   *
+   * // scopes.getArray() = ['org#jsorg:hci']
+   */
+  set(scope: string, id?: string): this;
+  has(scope: string): boolean;
+  getArray(): ActionScopesArray;
+  /**
+   * Permission scopes must cover auth scopes determined in auth context.
+   * @param permissionScopes
+   */
+  canBeExecutedInScopes(permissionScopes: readonly (string | string[])[]): boolean;
+  /**
+   * Resolve presaved scopes
+   * @example
+   * authCtx.setScope('org', 'jsorg:hci')
+   * [org#hci]
+   *
+   * authCtx.setScope('org+review');
+   * [org#hci, [org#hci, review]]
+   **/
+  private resolveScopeId;
+}
+//#endregion
+//#region src/types/permissions.d.ts
+/**
+ * Resolved permission string to object with scopes
+ * @example
+ * 'js:core:episodes[org]:get' => { id: 'js:core:episodes:get', scopes: ['org'] }
+ */
+interface ResolvedPermission {
+  id: string;
+  scopes: (string | string[])[];
+}
+/**
+ * Resolved permission string to object with scopes
+ * @example
+ * 'g:js:core:episodes[org]:read' => { id: 'g:js:core:episodes:read', scopes: ['org'] }
+ */
+interface ResolvedPermissionGroup {
+  id: string;
+  scopes: (string | string[])[];
+}
+interface ReadonlyResolvedPermission {
+  readonly id: string;
+  readonly scopes: readonly (string | string[])[];
+}
+//#endregion
+//#region src/types/user.d.ts
+interface IUser {
+  /**
+   * User ID
+   * @example
+   * ```ts
+   * 'hcu:2x6g7l8n9op'
+   * ```
+   */
+  id: string;
+  /**
+   * User's permissions
+   * @example
+   * ```ts
+   * ['js:core:episodes[org]:get', 'js:core:episodes[org]:create']
+   * ```
+   */
+  permissions: readonly string[];
+  /**
+   * User's resolved permissions
+   * @example
+   * ```ts
+   * [
+   *  { id: 'js:core:episodes:get', scopes: ['org'] },
+   *  { id: 'js:core:episodes:create', scopes: ['org'] },
+   * ]
+   * ```
+   */
+  resolvedPermissions: ReadonlyResolvedPermission[];
+}
+//#endregion
+//#region src/permissions/helpers.d.ts
+/**
+ * Check if user has access to permission
+ * @example
+ *
+ * // Check episode access
+ * const scopes = new ActionScopes();
+ * scopes.setEntityId(episode.id); // id#js:core:episodes:xxxxx
+ * scopes.set('org', episode.organizationId); // org#hcorg:hci
+ *
+ * isGranted(user, 'js:core:episodes:get', scopes)
+ * @param user - user object with resolvedPermissions
+ * @param permission - permission string (e.g. 'js:core:episodes:get')
+ * @param actionScopes - action scopes (e.g. ['org#hcorg:hci'] or ActionScopes instance)
+ * @returns - true if user has access to permission
+ */
+declare const isGranted: (user: IUser, permission: string, actionScopes?: ActionScopesArray | ActionScopes) => boolean;
+declare const encodeScopes: (scopes: (string | string[])[]) => string;
+/**
+ * Inject scopes into permission
+ * @param permission - permission string (e.g. 'js:core:episodes:get')
+ * @param scopesToInject - scopes to inject (e.g. ['org', 'published'])
+ * @returns - permission string with injected scopes (e.g. 'js:core:episodes[org,published]:get')
+ * @example
+ * injectScopesIntoPermission('js:core:episodes:get', ['org', 'published'])
+ * // js:core:episodes[org,published]:get
+ */
+declare const injectScopesIntoPermission: (permission: string, scopesToInject: (string | string[])[]) => string;
+/**
+ * Concat scopes
+ * @param set - set of scopes
+ * @param items - items to concat
+ * @example
+ * concatScopes(['org#hci'], ['org#dv'])
+ * // ['org#hci', 'org#dv']
+ */
+declare const concatScopes: (set: (string | string[])[], items: (string | string[])[]) => void;
+/**
+ * Resolve permission string to object with scopes
+ * @param permission - permission string
+ * @returns - resolved permission object
+ * @example
+ * resolvePermission('js:core:episodes[org,published]:get')
+ * // { id: 'js:core:episodes:get', scopes: ['org', 'published'] }
+ */
+declare const resolvePermission: (permission: string) => ResolvedPermission;
+/**
+ * Resolve permissions to array of resolved permissions
+ * @param permissions - array of permissions
+ * @returns - array of resolved permissions
+ * @example
+ * resolvePermissions(['js:core:episodes[org]:get', 'js:core:episodes[published]:get'])
+ * // [{ id: 'js:core:episodes:get', scopes: ['org', 'published'] }]
+ */
+declare const resolvePermissions: (permissions: string[]) => ResolvedPermission[];
+/**
+ * Resolve permission group string to object with scopes
+ * @param permissionGroup - permission group string
+ * @returns - resolved permission group object
+ * @example
+ * resolvePermissionGroup('g:js:core:episodes[org]:read')
+ * // { id: 'g:js:core:episodes:read', scopes: ['org'] }
+ */
+declare const resolvePermissionGroup: (permissionGroup: string) => ResolvedPermission;
+/**
+ * Resolve permission groups to array of resolved permission groups
+ * @param permissionGroups - array of permission groups
+ * @returns - array of resolved permission groups
+ * @example
+ * resolvePermissionGroups(['g:js:core:episodes[org]:read', 'g:js:core:episodes[published]:read'])
+ * // [{ id: 'g:js:core:episodes:read', scopes: ['org', 'published'] }]
+ */
+declare const resolvePermissionGroups: (permissionGroups: string[]) => ResolvedPermissionGroup[];
+declare const mergeResolvedPermissions: (array1: ResolvedPermission[], array2: ResolvedPermission[]) => ResolvedPermission[];
+/**
+ * Replace scope in array of scopes
+ * @param scopes - array of scopes
+ * @param from - scope to replace
+ * @param to - scope to replace with
+ * @returns  - array of scopes with replaced scopes
+ * @example
+ * replaceScope(['org#jsorg:xxx', ['org#jsorg:xxx', 'published']], 'org#jsorg:xxx', 'org#jsorg:hci')
+ * // ['org#jsorg:hci', ['org#jsorg:hci', 'published']]
+ */
+declare const replaceScope: (scopes: (string | string[])[],
+// [org#jsorg:xxx, [org#jsorg:xxx, published]]
+from: string, to: string | (string | string[])[]) => (string | string[])[];
+//#endregion
+//#region src/permissions/scopes-bulder.d.ts
+declare class ScopesBulder {
+  private scopes;
+  constructor(scopes?: (string | string[])[]);
+  static fromBulder(builder: ScopesBulder): ScopesBulder;
+  build(): (string | string[])[];
+  clone(): ScopesBulder;
+  /**
+   * Append scope or scopes to the current scopes
+   * @param scope - scope or array of scopes to append
+   * @example
+   * append('org#jsorg:hci')
+   * // ['org#xxx'] => ['org#xxx', 'org#jsorg:hci']
+   * append(['org#hci', 'lang#en])
+   * // ['org#xxx'] => ['org#xxx', ['org#hci', 'lang#en']]
+   */
+  append(scope: string | string[]): void;
+  /**
+   * Extend current scopes with the given scopes
+   * @param scopes - scope or array of scopes to extend with
+   * @example
+   * extend(['lang#en', 'lang#de'])
+   * // ['published', 'draft'] => ['published', 'draft', 'lang#en', 'lang#de']
+   */
+  extend(scopes: (string | string[])[] | ScopesBulder): void;
+  /**
+   * Join all scopes with the given scope
+   * @param scope - scope to join with
+   * @example
+   * join('org#jsorg:hci', 'before')
+   * // ['published', 'draft'] => [['org#jsorg:hci', 'published'], ['org#jsorg:hci', 'draft']]
+   * join(['lang#en', 'lang#de'])
+   * // ['published', 'draft'] => [['published', 'lang#en'], ['published', 'lang#de'], ['draft', 'lang#en'], ['draft', 'lang#de']]
+   */
+  join(scopeOrScopes: string | (string | string[])[], pos?: 'before' | 'after'): void;
+  /**
+   * Replace prefix in all scopes
+   * @param from - prefix to replace
+   * @param to - prefix to replace with
+   * @example
+   * replacePrefix('org', 'id')
+   * ['org#jsorg:hci'] => ['id#jsorg:hci']
+   */
+  replacePrefix(from: string, to: string): void;
+}
+//#endregion
+export { ActionScopes, ActionScopesArray, IUser, ReadonlyResolvedPermission, ResolvedPermission, ResolvedPermissionGroup, ScopesBulder, concatScopes, encodeScopes, injectScopesIntoPermission, isGranted, mergeResolvedPermissions, replaceScope, resolvePermission, resolvePermissionGroup, resolvePermissionGroups, resolvePermissions };
+//# sourceMappingURL=index.d.ts.map

package/dist/index.js

@@ -0,0 +1,349 @@
+//#region src/permissions/action-scopes.ts
+/**
+* Action scopes are used to describe
+* what scopes are required to execute an action.
+*/
+var ActionScopes = class {
+	array = [];
+	anyScope = false;
+	idsMap = /* @__PURE__ */ new Map();
+	constructor(scopes) {
+		if (scopes) this.array = scopes ?? [];
+	}
+	/**
+	* Set id scope (e.g. 'id#jsu:123')
+	* @param id - entity id
+	* @returns - this
+	* @example
+	* scopes.setEntityId('jsu:123')
+	*
+	* // scopes.getArray() = ['id#jsu:123']
+	*/
+	setEntityId(id) {
+		this.set(`id#${id}`);
+		return this;
+	}
+	/**
+	* Set scope (e.g. 'org', 'org+review')
+	* @param scope - scope name (e.g. 'org', 'org+review')
+	* @param id - entity id (e.g. 'jsorg:hci')
+	* @returns - this
+	* @example
+	* scopes.set('my')
+	*
+	* // scopes.getArray() = ['my']
+	*
+	* scopes.set('org', 'jsorg:hci')
+	*
+	* // scopes.getArray() = ['org#jsorg:hci']
+	*/
+	set(scope, id) {
+		if (id && /^[A-Za-z_]+$/.test(scope)) this.idsMap.set(scope, id);
+		if (scope.includes("+")) {
+			const subscopes = scope.split("+");
+			this.array.push(subscopes.map((subscope) => this.resolveScopeId(subscope)));
+		} else this.array.push(this.resolveScopeId(scope));
+		return this;
+	}
+	has(scope) {
+		return this.array.includes(scope);
+	}
+	getArray() {
+		return [...this.array];
+	}
+	/**
+	* Permission scopes must cover auth scopes determined in auth context.
+	* @param permissionScopes
+	*/
+	canBeExecutedInScopes(permissionScopes) {
+		if (this.array.includes("*")) return true;
+		if (permissionScopes.length === 0) return true;
+		/**
+		* Empty auth scopes but user has permission scopes = no access to action
+		*
+		* action scopes = []
+		* permission scopes = ['org#hci']
+		*
+		* Example:
+		* User try to get list of all entities
+		* But user only has permission to entity from org#hci
+		*/
+		if (this.array.length === 0) return false;
+		return this.array.some((authScope) => {
+			if (Array.isArray(authScope)) return permissionScopes.some((permissionScope) => {
+				if (Array.isArray(permissionScope)) return permissionScope.every((sub) => authScope.includes(sub));
+				return authScope.includes(permissionScope);
+			});
+			return permissionScopes.includes(authScope);
+		});
+	}
+	/**
+	* Resolve presaved scopes
+	* @example
+	* authCtx.setScope('org', 'jsorg:hci')
+	* [org#hci]
+	*
+	* authCtx.setScope('org+review');
+	* [org#hci, [org#hci, review]]
+	**/
+	resolveScopeId(scope) {
+		return this.idsMap.has(scope) ? `${scope}#${this.idsMap.get(scope)}` : scope;
+	}
+};
+
+//#endregion
+//#region src/permissions/helpers.ts
+/**
+* Normilize scopes to ActionScopes
+* @example
+* const scopes = normalizeScopes(['org#hci', 'user#hcu:xxxxx') // ActionScopes
+*
+* scopes.set('my')
+*/
+const normalizeScopes = (scopes) => {
+	if (!(scopes instanceof ActionScopes)) return new ActionScopes(scopes);
+	return scopes;
+};
+/**
+* Check if user has access to permission
+* @example
+*
+* // Check episode access
+* const scopes = new ActionScopes();
+* scopes.setEntityId(episode.id); // id#js:core:episodes:xxxxx
+* scopes.set('org', episode.organizationId); // org#hcorg:hci
+*
+* isGranted(user, 'js:core:episodes:get', scopes)
+* @param user - user object with resolvedPermissions
+* @param permission - permission string (e.g. 'js:core:episodes:get')
+* @param actionScopes - action scopes (e.g. ['org#hcorg:hci'] or ActionScopes instance)
+* @returns - true if user has access to permission
+*/
+const isGranted = (user, permission, actionScopes = []) => {
+	const [service, module, resource, action] = permission.split(":");
+	if (!user?.resolvedPermissions || user.resolvedPermissions.length === 0) return false;
+	const userPermissions = user.resolvedPermissions;
+	const scopes = normalizeScopes(actionScopes);
+	const permissionCanBeExecutedInScopes = (perm, scopes$1) => !perm.scopes || perm.scopes.length === 0 || scopes$1.canBeExecutedInScopes(perm.scopes);
+	const regexp = /* @__PURE__ */ new RegExp(`^(${service}|\\*):(${module}|\\*):(${resource}|\\*):(${action}|\\*)$`);
+	if (userPermissions.some((perm) => regexp.test(perm.id) && permissionCanBeExecutedInScopes(perm, scopes))) return true;
+	return false;
+};
+const encodeScopes = (scopes) => {
+	const scopesString = scopes.map((s) => Array.isArray(s) ? s.join("+") : s).join(",");
+	return scopesString.length > 0 ? `[${scopesString}]` : "";
+};
+/**
+* Inject scopes into permission
+* @param permission - permission string (e.g. 'js:core:episodes:get')
+* @param scopesToInject - scopes to inject (e.g. ['org', 'published'])
+* @returns - permission string with injected scopes (e.g. 'js:core:episodes[org,published]:get')
+* @example
+* injectScopesIntoPermission('js:core:episodes:get', ['org', 'published'])
+* // js:core:episodes[org,published]:get
+*/
+const injectScopesIntoPermission = (permission, scopesToInject) => {
+	const { id, scopes = [] } = resolvePermission(permission);
+	const [service, module, resource, action] = id.split(":");
+	concatScopes(scopes, scopesToInject);
+	return `${service}:${module}:${resource}${encodeScopes(scopes)}:${action}`;
+};
+/**
+* Concat scopes
+* @param set - set of scopes
+* @param items - items to concat
+* @example
+* concatScopes(['org#hci'], ['org#dv'])
+* // ['org#hci', 'org#dv']
+*/
+const concatScopes = (set, items) => {
+	for (const item of items) if (Array.isArray(item)) {
+		if (!set.some((scope) => Array.isArray(scope) && scope.length === item.length && scope.every((s) => item.includes(s)))) set.push(item);
+	} else if (!set.includes(item)) set.push(item);
+};
+/**
+* Resolve permission string to object with scopes
+* @param permission - permission string
+* @returns - resolved permission object
+* @example
+* resolvePermission('js:core:episodes[org,published]:get')
+* // { id: 'js:core:episodes:get', scopes: ['org', 'published'] }
+*/
+const resolvePermission = (permission) => {
+	const matches = /\[(?<scopes>.*?)\]/u.exec(permission);
+	if (matches?.[0] && matches.groups?.scopes) {
+		const scopes = String(matches.groups.scopes).split(",").map((s) => {
+			if (s.includes("+")) return s.split("+");
+			return s;
+		});
+		return {
+			id: permission.replace(matches[0], ""),
+			scopes
+		};
+	}
+	return {
+		id: permission,
+		scopes: []
+	};
+};
+/**
+* Resolve permissions to array of resolved permissions
+* @param permissions - array of permissions
+* @returns - array of resolved permissions
+* @example
+* resolvePermissions(['js:core:episodes[org]:get', 'js:core:episodes[published]:get'])
+* // [{ id: 'js:core:episodes:get', scopes: ['org', 'published'] }]
+*/
+const resolvePermissions = (permissions) => {
+	const resolvedPermissions = [];
+	for (const permission of permissions) {
+		const { id, scopes } = resolvePermission(permission);
+		const currentPermission = resolvedPermissions.find((p) => p.id === id);
+		if (currentPermission) concatScopes(currentPermission.scopes, scopes);
+		else resolvedPermissions.push({
+			id,
+			scopes
+		});
+	}
+	return resolvedPermissions;
+};
+/**
+* Resolve permission group string to object with scopes
+* @param permissionGroup - permission group string
+* @returns - resolved permission group object
+* @example
+* resolvePermissionGroup('g:js:core:episodes[org]:read')
+* // { id: 'g:js:core:episodes:read', scopes: ['org'] }
+*/
+const resolvePermissionGroup = (permissionGroup) => {
+	return resolvePermission(permissionGroup);
+};
+/**
+* Resolve permission groups to array of resolved permission groups
+* @param permissionGroups - array of permission groups
+* @returns - array of resolved permission groups
+* @example
+* resolvePermissionGroups(['g:js:core:episodes[org]:read', 'g:js:core:episodes[published]:read'])
+* // [{ id: 'g:js:core:episodes:read', scopes: ['org', 'published'] }]
+*/
+const resolvePermissionGroups = (permissionGroups) => {
+	return resolvePermissions(permissionGroups);
+};
+const mergeResolvedPermissions = (array1, array2) => {
+	const result = [];
+	for (const rp1 of array1) {
+		const rps2 = array2.filter((rp2) => rp2.id === rp1.id);
+		if (rp1.scopes.length === 0 || rps2.some((rp2) => rp2.id === rp1.id && rp2.scopes.length === 0)) {
+			result.push({
+				id: rp1.id,
+				scopes: []
+			});
+			continue;
+		}
+		const scopes = [...rp1.scopes];
+		for (const rp2 of rps2) concatScopes(scopes, rp2.scopes);
+		result.push({
+			id: rp1.id,
+			scopes
+		});
+	}
+	for (const rp2 of array2) if (!result.some((rp) => rp.id === rp2.id)) result.push(rp2);
+	return result;
+};
+/**
+* Replace scope in array of scopes
+* @param scopes - array of scopes
+* @param from - scope to replace
+* @param to - scope to replace with
+* @returns  - array of scopes with replaced scopes
+* @example
+* replaceScope(['org#jsorg:xxx', ['org#jsorg:xxx', 'published']], 'org#jsorg:xxx', 'org#jsorg:hci')
+* // ['org#jsorg:hci', ['org#jsorg:hci', 'published']]
+*/
+const replaceScope = (scopes, from, to) => {
+	const result = [];
+	for (const scope of scopes) if (Array.isArray(scope)) result.push(replaceScope(scope, from, to));
+	else if (scope === from) if (Array.isArray(to)) result.push(...to);
+	else result.push(to);
+	else result.push(scope);
+	return result;
+};
+
+//#endregion
+//#region src/permissions/scopes-bulder.ts
+var ScopesBulder = class ScopesBulder {
+	constructor(scopes = []) {
+		this.scopes = scopes;
+	}
+	static fromBulder(builder) {
+		return new ScopesBulder(builder.scopes.slice());
+	}
+	build() {
+		return JSON.parse(JSON.stringify(this.scopes));
+	}
+	clone() {
+		return ScopesBulder.fromBulder(this);
+	}
+	/**
+	* Append scope or scopes to the current scopes
+	* @param scope - scope or array of scopes to append
+	* @example
+	* append('org#jsorg:hci')
+	* // ['org#xxx'] => ['org#xxx', 'org#jsorg:hci']
+	* append(['org#hci', 'lang#en])
+	* // ['org#xxx'] => ['org#xxx', ['org#hci', 'lang#en']]
+	*/
+	append(scope) {
+		this.scopes.push(scope);
+	}
+	/**
+	* Extend current scopes with the given scopes
+	* @param scopes - scope or array of scopes to extend with
+	* @example
+	* extend(['lang#en', 'lang#de'])
+	* // ['published', 'draft'] => ['published', 'draft', 'lang#en', 'lang#de']
+	*/
+	extend(scopes) {
+		if (Array.isArray(scopes)) concatScopes(this.scopes, scopes);
+		else if (scopes instanceof ScopesBulder) concatScopes(this.scopes, scopes.scopes);
+	}
+	/**
+	* Join all scopes with the given scope
+	* @param scope - scope to join with
+	* @example
+	* join('org#jsorg:hci', 'before')
+	* // ['published', 'draft'] => [['org#jsorg:hci', 'published'], ['org#jsorg:hci', 'draft']]
+	* join(['lang#en', 'lang#de'])
+	* // ['published', 'draft'] => [['published', 'lang#en'], ['published', 'lang#de'], ['draft', 'lang#en'], ['draft', 'lang#de']]
+	*/
+	join(scopeOrScopes, pos = "after") {
+		const result = [];
+		const scopesToJoin = Array.isArray(scopeOrScopes) ? scopeOrScopes : [scopeOrScopes];
+		if (scopesToJoin.length === 0) return;
+		const currentScopesCopy = this.build();
+		for (const scope of scopesToJoin) {
+			const scopeToJoin = Array.isArray(scope) ? scope : [scope];
+			for (const s of currentScopesCopy) if (Array.isArray(s)) result.push(pos === "before" ? [...scopeToJoin, ...s] : [...s, ...scopeToJoin]);
+			else result.push(pos === "before" ? [...scopeToJoin, s] : [s, ...scopeToJoin]);
+		}
+		this.scopes = result;
+	}
+	/**
+	* Replace prefix in all scopes
+	* @param from - prefix to replace
+	* @param to - prefix to replace with
+	* @example
+	* replacePrefix('org', 'id')
+	* ['org#jsorg:hci'] => ['id#jsorg:hci']
+	*/
+	replacePrefix(from, to) {
+		const result = [];
+		for (const scope of this.scopes) if (Array.isArray(scope)) result.push(scope.map((s) => s.replace(`${from}#`, `${to}#`)));
+		else result.push(scope.replace(`${from}#`, `${to}#`));
+		this.scopes = result;
+	}
+};
+
+//#endregion
+export { ActionScopes, ScopesBulder, concatScopes, encodeScopes, injectScopesIntoPermission, isGranted, mergeResolvedPermissions, replaceScope, resolvePermission, resolvePermissionGroup, resolvePermissionGroups, resolvePermissions };
+//# sourceMappingURL=index.js.map