npm - @pcg/auth - Versions diffs - 1.0.0-alpha.0 → 1.0.0-alpha.2 - Mend

@pcg/auth 1.0.0-alpha.0 → 1.0.0-alpha.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (29) hide show

package/README.md +15 -15
package/dist/functional-scopes-CsZNJMXW.js +96 -0
package/dist/functional-scopes-CsZNJMXW.js.map +1 -0
package/dist/functional-scopes-DygK315q.d.ts +133 -0
package/dist/functional-scopes-DygK315q.d.ts.map +1 -0
package/dist/index.d.ts +4 -56
package/dist/index.d.ts.map +1 -0
package/dist/index.js +58 -55
package/dist/index.js.map +1 -1
package/dist/scopes.d.ts +2 -0
package/dist/scopes.js +3 -0
package/package.json +24 -2
package/.turbo/turbo-build.log +0 -15
package/src/index.ts +0 -4
package/src/permissions/action-scopes.ts +0 -141
package/src/permissions/helpers.ts +0 -304
package/src/permissions/index.ts +0 -4
package/src/permissions/scopes-bulder.ts +0 -99
package/src/types/permissions.ts +0 -24
package/src/types/user.ts +0 -33
package/tests/permissions/__snapshots__/helpers.test.ts.snap +0 -43
package/tests/permissions/action-scopes.test.ts +0 -111
package/tests/permissions/helpers.test.ts +0 -169
package/tests/permissions/helpers.ts +0 -10
package/tests/permissions/permissions.test.ts +0 -218
package/tests/permissions/scopes-bulder.test.ts +0 -80
package/tsconfig.json +0 -9
package/tsdown.config.ts +0 -11
package/vitest.config.ts +0 -23

package/README.md CHANGED Viewed

@@ -21,14 +21,14 @@ User object `user` must contain `resolvedPemissions` array with array of objects
 ```tsx
 user.resolvedPermission = [
-	{
-		id: "js:episodes:get",
-	  scopes: []
-	},
-	{
-		id: "js:episodes:list",
-		scopes: ["published"]
-	}
+ {
+  id: "js:episodes:get",
+   scopes: []
+ },
+ {
+  id: "js:episodes:list",
+  scopes: ["published"]
+ }
 ],
 ```
@@ -37,8 +37,8 @@ But, is real life we store permissions in database as array of string, like this
 ```tsx
 [
-	"js:episodes:get",
-	"js:episodes[@published]:list"
+ "js:episodes:get",
+ "js:episodes[@published]:list"
 ]
 ```
@@ -48,8 +48,8 @@ Library has special helper, to resolve permissions:
 import { resolvePermissions } from '@deep/auth';
 const permissions = [
-	"js:episodes:get",
-	"js:episodes[@published]:list"
+ "js:episodes:get",
+ "js:episodes[@published]:list"
 ]
 user.resolvedPermission = resolvePermissions(permissions)
@@ -66,7 +66,7 @@ import { isGranted, PermissionContext } from '@deep/auth';
 const ctx = new PermissionContext();
 if (filter.published) {
-	ctx.addScope('published');
+ ctx.addScope('published');
 }
 isGranted(user, 'js:episodes:list'); // boolean
@@ -77,8 +77,8 @@ Otherwise, we can build query based on user rights. In this case, we add system
 ```tsx
 import { isGranted } from '@deep/auth'
 if(isGranted(user, 'js:roles:get', { scopes: ['system'] })) {
-	where.or.push({
+ where.or.push({
     type: 'system'
   })
 }
-```
+```

package/dist/functional-scopes-CsZNJMXW.js ADDED Viewed

@@ -0,0 +1,96 @@
+//#region src/permissions/functional-scopes.ts
+/**
+* Create an ActionScopesArray from individual scope items.
+*
+* @example
+* scopes(org('jsorg:hci'))
+* // => ['org#jsorg:hci']
+*
+* scopes(org('jsorg:hci'), entityId('ep:123'))
+* // => ['org#jsorg:hci', 'id#ep:123']
+*
+* const o = org('jsorg:hci');
+* scopes(o, and(o, 'published'))
+* // => ['org#jsorg:hci', ['org#jsorg:hci', 'published']]
+*/
+function scopes(...items) {
+	return items;
+}
+/**
+* Create a wildcard scope that matches any permission scope.
+*
+* @example
+* isGranted(user, 'js:core:episodes:list', anyScope())
+*/
+function anyScope() {
+	return ["*"];
+}
+/**
+* Create an organization scope.
+*
+* @example
+* org('jsorg:hci') // => 'org#jsorg:hci'
+*/
+function org(id$1) {
+	return `org#${id$1}`;
+}
+/**
+* Create an entity id scope.
+*
+* @example
+* id('ep:123') // => 'id#ep:123'
+*/
+function id(entityId) {
+	return `id#${entityId}`;
+}
+/**
+* Create a user scope.
+*
+* @example
+* user('hcu:xxx') // => 'user#hcu:xxx'
+*/
+function user(id$1) {
+	return `user#${id$1}`;
+}
+/**
+* Create a form scope.
+*
+* @example
+* form('contact') // => 'form#contact'
+*/
+function form(id$1) {
+	return `form#${id$1}`;
+}
+/**
+* Create a group scope.
+*
+* @example
+* group('hcgrp:ZT9') // => 'grp#hcgrp:ZT9'
+*/
+function group(id$1) {
+	return `grp#${id$1}`;
+}
+/**
+* Create a named scope with an optional ID.
+*
+* @example
+* scope('published')                      // => 'published'
+* scope('orggroup', 'hcgrp:ZT9mt8j9lSR') // => 'orggroup#hcgrp:ZT9mt8j9lSR'
+*/
+function scope(name, id$1) {
+	return id$1 ? `${name}#${id$1}` : name;
+}
+/**
+* Combine multiple scopes with AND logic (all must match).
+*
+* @example
+* and(org('jsorg:hci'), 'published')
+* // => ['org#jsorg:hci', 'published']
+*/
+function and(...items) {
+	return items;
+}
+//#endregion
+export { id as a, scopes as c, group as i, user as l, anyScope as n, org as o, form as r, scope as s, and as t };
+//# sourceMappingURL=functional-scopes-CsZNJMXW.js.map

package/dist/functional-scopes-CsZNJMXW.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"functional-scopes-CsZNJMXW.js","names":["id"],"sources":["../src/permissions/functional-scopes.ts"],"sourcesContent":["import { type ActionScopesArray } from './action-scopes.js';\n\nexport type ScopeItem = string | string[];\n\n/**\n * Create an ActionScopesArray from individual scope items.\n *\n * @example\n * scopes(org('jsorg:hci'))\n * // => ['org#jsorg:hci']\n *\n * scopes(org('jsorg:hci'), entityId('ep:123'))\n * // => ['org#jsorg:hci', 'id#ep:123']\n *\n * const o = org('jsorg:hci');\n * scopes(o, and(o, 'published'))\n * // => ['org#jsorg:hci', ['org#jsorg:hci', 'published']]\n */\nexport function scopes(...items: ScopeItem[]): ActionScopesArray {\n return items;\n}\n\n/**\n * Create a wildcard scope that matches any permission scope.\n *\n * @example\n * isGranted(user, 'js:core:episodes:list', anyScope())\n */\nexport function anyScope(): ActionScopesArray {\n return ['*'];\n}\n\n/**\n * Create an organization scope.\n *\n * @example\n * org('jsorg:hci') // => 'org#jsorg:hci'\n */\nexport function org(id: string): string {\n return `org#${id}`;\n}\n\n/**\n * Create an entity id scope.\n *\n * @example\n * id('ep:123') // => 'id#ep:123'\n */\nexport function id(entityId: string): string {\n return `id#${entityId}`;\n}\n\n/**\n * Create a user scope.\n *\n * @example\n * user('hcu:xxx') // => 'user#hcu:xxx'\n */\nexport function user(id: string): string {\n return `user#${id}`;\n}\n\n/**\n * Create a form scope.\n *\n * @example\n * form('contact') // => 'form#contact'\n */\nexport function form(id: string): string {\n return `form#${id}`;\n}\n\n/**\n * Create a group scope.\n *\n * @example\n * group('hcgrp:ZT9') // => 'grp#hcgrp:ZT9'\n */\nexport function group(id: string): string {\n return `grp#${id}`;\n}\n\n/**\n * Create a named scope with an optional ID.\n *\n * @example\n * scope('published') // => 'published'\n * scope('orggroup', 'hcgrp:ZT9mt8j9lSR') // => 'orggroup#hcgrp:ZT9mt8j9lSR'\n */\nexport function scope(name: string, id?: string): string {\n return id ? `${name}#${id}` : name;\n}\n\n/**\n * Combine multiple scopes with AND logic (all must match).\n *\n * @example\n * and(org('jsorg:hci'), 'published')\n * // => ['org#jsorg:hci', 'published']\n */\nexport function and(...items: string[]): string[] {\n return items;\n}\n"],"mappings":";;;;;;;;;;;;;;;AAkBA,SAAgB,OAAO,GAAG,OAAuC;AAC/D,QAAO;;;;;;;;AAST,SAAgB,WAA8B;AAC5C,QAAO,CAAC,IAAI;;;;;;;;AASd,SAAgB,IAAI,MAAoB;AACtC,QAAO,OAAOA;;;;;;;;AAShB,SAAgB,GAAG,UAA0B;AAC3C,QAAO,MAAM;;;;;;;;AASf,SAAgB,KAAK,MAAoB;AACvC,QAAO,QAAQA;;;;;;;;AASjB,SAAgB,KAAK,MAAoB;AACvC,QAAO,QAAQA;;;;;;;;AASjB,SAAgB,MAAM,MAAoB;AACxC,QAAO,OAAOA;;;;;;;;;AAUhB,SAAgB,MAAM,MAAc,MAAqB;AACvD,QAAOA,OAAK,GAAG,KAAK,GAAGA,SAAO;;;;;;;;;AAUhC,SAAgB,IAAI,GAAG,OAA2B;AAChD,QAAO"}

package/dist/functional-scopes-DygK315q.d.ts ADDED Viewed

@@ -0,0 +1,133 @@
+//#region src/permissions/action-scopes.d.ts
+type ActionScopesArray = (string | string[])[];
+/**
+ * Action scopes are used to describe
+ * what scopes are required to execute an action.
+ */
+declare class ActionScopes {
+  array: ActionScopesArray;
+  anyScope: boolean;
+  private idsMap;
+  constructor(scopes?: ActionScopesArray);
+  /**
+   * Set id scope (e.g. 'id#jsu:123')
+   * @param id - entity id
+   * @returns - this
+   * @example
+   * scopes.setEntityId('jsu:123')
+   *
+   * // scopes.getArray() = ['id#jsu:123']
+   */
+  setEntityId(id: string): this;
+  /**
+   * Set scope (e.g. 'org', 'org+review')
+   * @param scope - scope name (e.g. 'org', 'org+review')
+   * @param id - entity id (e.g. 'jsorg:hci')
+   * @returns - this
+   * @example
+   * scopes.set('my')
+   *
+   * // scopes.getArray() = ['my']
+   *
+   * scopes.set('org', 'jsorg:hci')
+   *
+   * // scopes.getArray() = ['org#jsorg:hci']
+   */
+  set(scope: string, id?: string): this;
+  has(scope: string): boolean;
+  getArray(): ActionScopesArray;
+  /**
+   * Permission scopes must cover auth scopes determined in auth context.
+   * @param permissionScopes
+   */
+  canBeExecutedInScopes(permissionScopes: readonly (string | string[])[]): boolean;
+  /**
+   * Resolve presaved scopes
+   * @example
+   * authCtx.setScope('org', 'jsorg:hci')
+   * [org#hci]
+   *
+   * authCtx.setScope('org+review');
+   * [org#hci, [org#hci, review]]
+   **/
+  private resolveScopeId;
+}
+//#endregion
+//#region src/permissions/functional-scopes.d.ts
+type ScopeItem = string | string[];
+/**
+ * Create an ActionScopesArray from individual scope items.
+ *
+ * @example
+ * scopes(org('jsorg:hci'))
+ * // => ['org#jsorg:hci']
+ *
+ * scopes(org('jsorg:hci'), entityId('ep:123'))
+ * // => ['org#jsorg:hci', 'id#ep:123']
+ *
+ * const o = org('jsorg:hci');
+ * scopes(o, and(o, 'published'))
+ * // => ['org#jsorg:hci', ['org#jsorg:hci', 'published']]
+ */
+declare function scopes(...items: ScopeItem[]): ActionScopesArray;
+/**
+ * Create a wildcard scope that matches any permission scope.
+ *
+ * @example
+ * isGranted(user, 'js:core:episodes:list', anyScope())
+ */
+declare function anyScope(): ActionScopesArray;
+/**
+ * Create an organization scope.
+ *
+ * @example
+ * org('jsorg:hci') // => 'org#jsorg:hci'
+ */
+declare function org(id: string): string;
+/**
+ * Create an entity id scope.
+ *
+ * @example
+ * id('ep:123') // => 'id#ep:123'
+ */
+declare function id(entityId: string): string;
+/**
+ * Create a user scope.
+ *
+ * @example
+ * user('hcu:xxx') // => 'user#hcu:xxx'
+ */
+declare function user(id: string): string;
+/**
+ * Create a form scope.
+ *
+ * @example
+ * form('contact') // => 'form#contact'
+ */
+declare function form(id: string): string;
+/**
+ * Create a group scope.
+ *
+ * @example
+ * group('hcgrp:ZT9') // => 'grp#hcgrp:ZT9'
+ */
+declare function group(id: string): string;
+/**
+ * Create a named scope with an optional ID.
+ *
+ * @example
+ * scope('published')                      // => 'published'
+ * scope('orggroup', 'hcgrp:ZT9mt8j9lSR') // => 'orggroup#hcgrp:ZT9mt8j9lSR'
+ */
+declare function scope(name: string, id?: string): string;
+/**
+ * Combine multiple scopes with AND logic (all must match).
+ *
+ * @example
+ * and(org('jsorg:hci'), 'published')
+ * // => ['org#jsorg:hci', 'published']
+ */
+declare function and(...items: string[]): string[];
+//#endregion
+export { group as a, scope as c, ActionScopes as d, ActionScopesArray as f, form as i, scopes as l, and as n, id as o, anyScope as r, org as s, ScopeItem as t, user as u };
+//# sourceMappingURL=functional-scopes-DygK315q.d.ts.map

package/dist/functional-scopes-DygK315q.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"functional-scopes-DygK315q.d.ts","names":[],"sources":["../src/permissions/action-scopes.ts","../src/permissions/functional-scopes.ts"],"sourcesContent":[],"mappings":";KAAY,iBAAA;AAAZ;AAMA;;;AA6Dc,cA7DD,YAAA,CA6DC;EAAiB,KAAA,EA5Df,iBA4De;;;uBAxDR;ECTX;AAgBZ;AAUA;AAUA;AAUA;AAUA;AAUA;AAUA;AAWA;EAWgB,WAAG,CAAA,EAAA,EAAA,MAAA,CAAA,EAAA,IAAA;;;;;;;;;;;;;;;;;cDjCL;;;;;;;;;;;;;;;;;;;AAnEF,KCEA,SAAA,GDFiB,MAAA,GAAA,MAAA,EAAA;AAM7B;;;;;;;;ACJA;AAgBA;AAUA;AAUA;AAUA;AAUA;AAUgB,iBAlDA,MAAA,CAkDI,GAAA,KAAA,EAlDa,SAkDb,EAAA,CAAA,EAlD2B,iBAkD3B;AAUpB;AAWA;AAWA;;;;iBAxEgB,QAAA,CAAA,GAAY;;;;;;;iBAUZ,GAAA;;;;;;;iBAUA,EAAA;;;;;;;iBAUA,IAAA;;;;;;;iBAUA,IAAA;;;;;;;iBAUA,KAAA;;;;;;;;iBAWA,KAAA;;;;;;;;iBAWA,GAAA"}

package/dist/index.d.ts CHANGED Viewed

@@ -1,59 +1,7 @@
-//#region src/permissions/action-scopes.d.ts
-type ActionScopesArray = (string | string[])[];
-/**
- * Action scopes are used to describe
- * what scopes are required to execute an action.
- */
-declare class ActionScopes {
-  array: ActionScopesArray;
-  anyScope: boolean;
-  private idsMap;
-  constructor(scopes?: ActionScopesArray);
-  /**
-   * Set id scope (e.g. 'id#jsu:123')
-   * @param id - entity id
-   * @returns - this
-   * @example
-   * scopes.setEntityId('jsu:123')
-   *
-   * // scopes.getArray() = ['id#jsu:123']
-   */
-  setEntityId(id: string): this;
-  /**
-   * Set scope (e.g. 'org', 'org+review')
-   * @param scope - scope name (e.g. 'org', 'org+review')
-   * @param id - entity id (e.g. 'jsorg:hci')
-   * @returns - this
-   * @example
-   * scopes.set('my')
-   *
-   * // scopes.getArray() = ['my']
-   *
-   * scopes.set('org', 'jsorg:hci')
-   *
-   * // scopes.getArray() = ['org#jsorg:hci']
-   */
-  set(scope: string, id?: string): this;
-  has(scope: string): boolean;
-  getArray(): ActionScopesArray;
-  /**
-   * Permission scopes must cover auth scopes determined in auth context.
-   * @param permissionScopes
-   */
-  canBeExecutedInScopes(permissionScopes: readonly (string | string[])[]): boolean;
-  /**
-   * Resolve presaved scopes
-   * @example
-   * authCtx.setScope('org', 'jsorg:hci')
-   * [org#hci]
-   *
-   * authCtx.setScope('org+review');
-   * [org#hci, [org#hci, review]]
-   **/
-  private resolveScopeId;
-}
-//#endregion
+import { a as group, c as scope, d as ActionScopes, f as ActionScopesArray, i as form, l as scopes, n as and, o as id, r as anyScope, s as org, t as ScopeItem, u as user } from "./functional-scopes-DygK315q.js";
 //#region src/types/permissions.d.ts
 /**
  * Resolved permission string to object with scopes
  * @example
@@ -242,5 +190,5 @@ declare class ScopesBulder {
   replacePrefix(from: string, to: string): void;
 }
 //#endregion
-export { ActionScopes, ActionScopesArray, IUser, ReadonlyResolvedPermission, ResolvedPermission, ResolvedPermissionGroup, ScopesBulder, concatScopes, encodeScopes, injectScopesIntoPermission, isGranted, mergeResolvedPermissions, replaceScope, resolvePermission, resolvePermissionGroup, resolvePermissionGroups, resolvePermissions };
+export { ActionScopes, ActionScopesArray, IUser, ReadonlyResolvedPermission, ResolvedPermission, ResolvedPermissionGroup, ScopeItem, ScopesBulder, and, anyScope, concatScopes, encodeScopes, form, group, id, injectScopesIntoPermission, isGranted, mergeResolvedPermissions, org, replaceScope, resolvePermission, resolvePermissionGroup, resolvePermissionGroups, resolvePermissions, scope, scopes, user };
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","names":[],"sources":["../src/types/permissions.ts","../src/types/user.ts","../src/permissions/helpers.ts","../src/permissions/scopes-bulder.ts"],"sourcesContent":[],"mappings":";;;;;;;AAKA;AAUA;AAKiB,UAfA,kBAAA,CAe0B;;;;AClB3C;;;;ACoCA;AACQ,UFxBS,uBAAA,CEwBT;EAEQ,EAAA,EAAA,MAAA;EAAoB,MAAA,EAAA,CAAA,MAAA,GAAA,MAAA,EAAA,CAAA,EAAA;;AAgCvB,UFrDI,0BAAA,CE2DhB;EAWY,SAAA,EAAA,EAAA,MAAA;EAqBA,SAAA,MAqBZ,EAAA,SAAA,CAAA,MAAA,GAAA,MAAA,EAAA,CAAA,EAAA;AAUD;;;UD5IiB,KAAA;;ADGjB;AAUA;AAKA;;;;EClBiB,EAAA,EAAA,MAAK;;;;ACoCtB;;;;EAGqD,WAAA,EAAA,SAAA,MAAA,EAAA;EAgCxC;AAiBb;AAqBA;AA+BA;AAkCA;AAiCA;AAaA;AAOA;;;EAE8B,mBAAA,EDxMP,0BCwMO,EAAA;;;;AFlO9B;AAUA;AAKA;;;;AClBA;;;;ACoCA;;;;;AAmCa,cAnCA,SAyCZ,EAAA,CAAA,IAAA,EAxCO,KAwCP,EAAA,UAAA,EAAA,MAAA,EAAA,YAAA,CAAA,EAtCe,iBAsCf,GAtCmC,YAsCnC,EAAA,GAAA,OAAA;AAWY,cAjBA,YA4BZ,EAAA,CAAA,MAAA,EAAA,CAAA,MAAA,GAAA,MAAA,EAAA,CAAA,EAAA,EAAA,GAAA,MAAA;AAUD;AA+BA;AAkCA;AAiCA;AAaA;AAOA;;;;AAE8B,cA7IjB,0BA6IiB,EAAA,CAAA,UAAA,EAAA,MAAA,EAAA,cAAA,EAAA,CAAA,MAAA,GAAA,MAAA,EAAA,CAAA,EAAA,EAAA,GAAA,MAAA;AAmD9B;;;;ACxRA;;;;AAmCyC,cD0E5B,YC1E4B,EAAA,CAAA,GAAA,EAAA,CAAA,MAAA,GAAA,MAAA,EAAA,CAAA,EAAA,EAAA,KAAA,EAAA,CAAA,MAAA,GAAA,MAAA,EAAA,CAAA,EAAA,EAAA,GAAA,IAAA;;;;;;;;;cDyG5B,2CAA0C;;;;;;;;;cAkC1C,+CAEV;;;;;;;;;cA+BU,qDAAiD;;;;;;;;;cAajD,yDAEV;cAKU,mCACH,8BACA,yBAAoB;;;;;;;;;;;cAmDjB;;;;;cCxRA,YAAA;;;EHGI,OAAA,UAAA,CAAA,OAAkB,EGAN,YHAM,CAAA,EGAM,YHAN;EAUlB,KAAA,CAAA,CAAA,EAAA,CAAA,MAAA,GAAA,MAAA,EAAuB,CAAA,EAAA;EAKvB,KAAA,CAAA,CAAA,EGPV,YHOU;;;;AClBjB;;;;ACoCA;;EAGgB,MAAA,CAAA,KAAA,EAAA,MAAA,GAAA,MAAA,EAAA,CAAA,EAAA,IAAA;EAAoB;;AAgCpC;AAiBA;AAqBA;AA+BA;AAkCA;EAiCa,MAAA,CAAA,MAAA,EAAA,CAAA,MAAA,GAGZ,MAAA,EAAA,CAAA,EAAA,GC/KwC,YD4KqB,CAAA,EAAA,IAG7D;EAUY;AAOb;;;;;AAqDA;;;;ECxRa"}

package/dist/index.js CHANGED Viewed

@@ -1,3 +1,5 @@
+import { a as id, c as scopes, i as group, l as user, n as anyScope, o as org, r as form, s as scope, t as and } from "./functional-scopes-CsZNJMXW.js";
 //#region src/permissions/action-scopes.ts
 /**
 * Action scopes are used to describe
@@ -7,8 +9,8 @@ var ActionScopes = class {
 	array = [];
 	anyScope = false;
 	idsMap = /* @__PURE__ */ new Map();
-	constructor(scopes) {
-		if (scopes) this.array = scopes ?? [];
+	constructor(scopes$1) {
+		if (scopes$1) this.array = scopes$1;
 	}
 	/**
 	* Set id scope (e.g. 'id#jsu:123')
@@ -19,8 +21,8 @@ var ActionScopes = class {
 	*
 	* // scopes.getArray() = ['id#jsu:123']
 	*/
-	setEntityId(id) {
-		this.set(`id#${id}`);
+	setEntityId(id$1) {
+		this.set(`id#${id$1}`);
 		return this;
 	}
 	/**
@@ -37,16 +39,16 @@ var ActionScopes = class {
 	*
 	* // scopes.getArray() = ['org#jsorg:hci']
 	*/
-	set(scope, id) {
-		if (id && /^[A-Za-z_]+$/.test(scope)) this.idsMap.set(scope, id);
-		if (scope.includes("+")) {
-			const subscopes = scope.split("+");
+	set(scope$1, id$1) {
+		if (id$1 && /^[A-Za-z_]+$/.test(scope$1)) this.idsMap.set(scope$1, id$1);
+		if (scope$1.includes("+")) {
+			const subscopes = scope$1.split("+");
 			this.array.push(subscopes.map((subscope) => this.resolveScopeId(subscope)));
-		} else this.array.push(this.resolveScopeId(scope));
+		} else this.array.push(this.resolveScopeId(scope$1));
 		return this;
 	}
-	has(scope) {
-		return this.array.includes(scope);
+	has(scope$1) {
+		return this.array.includes(scope$1);
 	}
 	getArray() {
 		return [...this.array];
@@ -86,8 +88,9 @@ var ActionScopes = class {
 	* authCtx.setScope('org+review');
 	* [org#hci, [org#hci, review]]
 	**/
-	resolveScopeId(scope) {
-		return this.idsMap.has(scope) ? `${scope}#${this.idsMap.get(scope)}` : scope;
+	resolveScopeId(scope$1) {
+		const id$1 = this.idsMap.get(scope$1);
+		return id$1 !== void 0 ? `${scope$1}#${id$1}` : scope$1;
 	}
 };
@@ -100,9 +103,9 @@ var ActionScopes = class {
 *
 * scopes.set('my')
 */
-const normalizeScopes = (scopes) => {
-	if (!(scopes instanceof ActionScopes)) return new ActionScopes(scopes);
-	return scopes;
+const normalizeScopes = (scopes$1) => {
+	if (!(scopes$1 instanceof ActionScopes)) return new ActionScopes(scopes$1);
+	return scopes$1;
 };
 /**
 * Check if user has access to permission
@@ -119,18 +122,18 @@ const normalizeScopes = (scopes) => {
 * @param actionScopes - action scopes (e.g. ['org#hcorg:hci'] or ActionScopes instance)
 * @returns - true if user has access to permission
 */
-const isGranted = (user, permission, actionScopes = []) => {
+const isGranted = (user$1, permission, actionScopes = []) => {
 	const [service, module, resource, action] = permission.split(":");
-	if (!user?.resolvedPermissions || user.resolvedPermissions.length === 0) return false;
-	const userPermissions = user.resolvedPermissions;
-	const scopes = normalizeScopes(actionScopes);
-	const permissionCanBeExecutedInScopes = (perm, scopes$1) => !perm.scopes || perm.scopes.length === 0 || scopes$1.canBeExecutedInScopes(perm.scopes);
+	if (user$1.resolvedPermissions.length === 0) return false;
+	const userPermissions = user$1.resolvedPermissions;
+	const scopes$1 = normalizeScopes(actionScopes);
+	const permissionCanBeExecutedInScopes = (perm, scopes$2) => perm.scopes.length === 0 || scopes$2.canBeExecutedInScopes(perm.scopes);
 	const regexp = /* @__PURE__ */ new RegExp(`^(${service}|\\*):(${module}|\\*):(${resource}|\\*):(${action}|\\*)$`);
-	if (userPermissions.some((perm) => regexp.test(perm.id) && permissionCanBeExecutedInScopes(perm, scopes))) return true;
+	if (userPermissions.some((perm) => regexp.test(perm.id) && permissionCanBeExecutedInScopes(perm, scopes$1))) return true;
 	return false;
 };
-const encodeScopes = (scopes) => {
-	const scopesString = scopes.map((s) => Array.isArray(s) ? s.join("+") : s).join(",");
+const encodeScopes = (scopes$1) => {
+	const scopesString = scopes$1.map((s) => Array.isArray(s) ? s.join("+") : s).join(",");
 	return scopesString.length > 0 ? `[${scopesString}]` : "";
 };
 /**
@@ -143,10 +146,10 @@ const encodeScopes = (scopes) => {
 * // js:core:episodes[org,published]:get
 */
 const injectScopesIntoPermission = (permission, scopesToInject) => {
-	const { id, scopes = [] } = resolvePermission(permission);
-	const [service, module, resource, action] = id.split(":");
-	concatScopes(scopes, scopesToInject);
-	return `${service}:${module}:${resource}${encodeScopes(scopes)}:${action}`;
+	const { id: id$1, scopes: scopes$1 } = resolvePermission(permission);
+	const [service, module, resource, action] = id$1.split(":");
+	concatScopes(scopes$1, scopesToInject);
+	return `${service}:${module}:${resource}${encodeScopes(scopes$1)}:${action}`;
 };
 /**
 * Concat scopes
@@ -158,7 +161,7 @@ const injectScopesIntoPermission = (permission, scopesToInject) => {
 */
 const concatScopes = (set, items) => {
 	for (const item of items) if (Array.isArray(item)) {
-		if (!set.some((scope) => Array.isArray(scope) && scope.length === item.length && scope.every((s) => item.includes(s)))) set.push(item);
+		if (!set.some((scope$1) => Array.isArray(scope$1) && scope$1.length === item.length && scope$1.every((s) => item.includes(s)))) set.push(item);
 	} else if (!set.includes(item)) set.push(item);
 };
 /**
@@ -172,13 +175,13 @@ const concatScopes = (set, items) => {
 const resolvePermission = (permission) => {
 	const matches = /\[(?<scopes>.*?)\]/u.exec(permission);
 	if (matches?.[0] && matches.groups?.scopes) {
-		const scopes = String(matches.groups.scopes).split(",").map((s) => {
+		const scopes$1 = matches.groups.scopes.split(",").map((s) => {
 			if (s.includes("+")) return s.split("+");
 			return s;
 		});
 		return {
 			id: permission.replace(matches[0], ""),
-			scopes
+			scopes: scopes$1
 		};
 	}
 	return {
@@ -197,12 +200,12 @@ const resolvePermission = (permission) => {
 const resolvePermissions = (permissions) => {
 	const resolvedPermissions = [];
 	for (const permission of permissions) {
-		const { id, scopes } = resolvePermission(permission);
-		const currentPermission = resolvedPermissions.find((p) => p.id === id);
-		if (currentPermission) concatScopes(currentPermission.scopes, scopes);
+		const { id: id$1, scopes: scopes$1 } = resolvePermission(permission);
+		const currentPermission = resolvedPermissions.find((p) => p.id === id$1);
+		if (currentPermission) concatScopes(currentPermission.scopes, scopes$1);
 		else resolvedPermissions.push({
-			id,
-			scopes
+			id: id$1,
+			scopes: scopes$1
 		});
 	}
 	return resolvedPermissions;
@@ -240,11 +243,11 @@ const mergeResolvedPermissions = (array1, array2) => {
 			});
 			continue;
 		}
-		const scopes = [...rp1.scopes];
-		for (const rp2 of rps2) concatScopes(scopes, rp2.scopes);
+		const scopes$1 = [...rp1.scopes];
+		for (const rp2 of rps2) concatScopes(scopes$1, rp2.scopes);
 		result.push({
 			id: rp1.id,
-			scopes
+			scopes: scopes$1
 		});
 	}
 	for (const rp2 of array2) if (!result.some((rp) => rp.id === rp2.id)) result.push(rp2);
@@ -260,20 +263,20 @@ const mergeResolvedPermissions = (array1, array2) => {
 * replaceScope(['org#jsorg:xxx', ['org#jsorg:xxx', 'published']], 'org#jsorg:xxx', 'org#jsorg:hci')
 * // ['org#jsorg:hci', ['org#jsorg:hci', 'published']]
 */
-const replaceScope = (scopes, from, to) => {
+const replaceScope = (scopes$1, from, to) => {
 	const result = [];
-	for (const scope of scopes) if (Array.isArray(scope)) result.push(replaceScope(scope, from, to));
-	else if (scope === from) if (Array.isArray(to)) result.push(...to);
+	for (const scope$1 of scopes$1) if (Array.isArray(scope$1)) result.push(replaceScope(scope$1, from, to));
+	else if (scope$1 === from) if (Array.isArray(to)) result.push(...to);
 	else result.push(to);
-	else result.push(scope);
+	else result.push(scope$1);
 	return result;
 };
 //#endregion
 //#region src/permissions/scopes-bulder.ts
 var ScopesBulder = class ScopesBulder {
-	constructor(scopes = []) {
-		this.scopes = scopes;
+	constructor(scopes$1 = []) {
+		this.scopes = scopes$1;
 	}
 	static fromBulder(builder) {
 		return new ScopesBulder(builder.scopes.slice());
@@ -293,8 +296,8 @@ var ScopesBulder = class ScopesBulder {
 	* append(['org#hci', 'lang#en])
 	* // ['org#xxx'] => ['org#xxx', ['org#hci', 'lang#en']]
 	*/
-	append(scope) {
-		this.scopes.push(scope);
+	append(scope$1) {
+		this.scopes.push(scope$1);
 	}
 	/**
 	* Extend current scopes with the given scopes
@@ -303,9 +306,9 @@ var ScopesBulder = class ScopesBulder {
 	* extend(['lang#en', 'lang#de'])
 	* // ['published', 'draft'] => ['published', 'draft', 'lang#en', 'lang#de']
 	*/
-	extend(scopes) {
-		if (Array.isArray(scopes)) concatScopes(this.scopes, scopes);
-		else if (scopes instanceof ScopesBulder) concatScopes(this.scopes, scopes.scopes);
+	extend(scopes$1) {
+		if (Array.isArray(scopes$1)) concatScopes(this.scopes, scopes$1);
+		else if (scopes$1 instanceof ScopesBulder) concatScopes(this.scopes, scopes$1.scopes);
 	}
 	/**
 	* Join all scopes with the given scope
@@ -321,8 +324,8 @@ var ScopesBulder = class ScopesBulder {
 		const scopesToJoin = Array.isArray(scopeOrScopes) ? scopeOrScopes : [scopeOrScopes];
 		if (scopesToJoin.length === 0) return;
 		const currentScopesCopy = this.build();
-		for (const scope of scopesToJoin) {
-			const scopeToJoin = Array.isArray(scope) ? scope : [scope];
+		for (const scope$1 of scopesToJoin) {
+			const scopeToJoin = Array.isArray(scope$1) ? scope$1 : [scope$1];
 			for (const s of currentScopesCopy) if (Array.isArray(s)) result.push(pos === "before" ? [...scopeToJoin, ...s] : [...s, ...scopeToJoin]);
 			else result.push(pos === "before" ? [...scopeToJoin, s] : [s, ...scopeToJoin]);
 		}
@@ -338,12 +341,12 @@ var ScopesBulder = class ScopesBulder {
 	*/
 	replacePrefix(from, to) {
 		const result = [];
-		for (const scope of this.scopes) if (Array.isArray(scope)) result.push(scope.map((s) => s.replace(`${from}#`, `${to}#`)));
-		else result.push(scope.replace(`${from}#`, `${to}#`));
+		for (const scope$1 of this.scopes) if (Array.isArray(scope$1)) result.push(scope$1.map((s) => s.replace(`${from}#`, `${to}#`)));
+		else result.push(scope$1.replace(`${from}#`, `${to}#`));
 		this.scopes = result;
 	}
 };
 //#endregion
-export { ActionScopes, ScopesBulder, concatScopes, encodeScopes, injectScopesIntoPermission, isGranted, mergeResolvedPermissions, replaceScope, resolvePermission, resolvePermissionGroup, resolvePermissionGroups, resolvePermissions };
+export { ActionScopes, ScopesBulder, and, anyScope, concatScopes, encodeScopes, form, group, id, injectScopesIntoPermission, isGranted, mergeResolvedPermissions, org, replaceScope, resolvePermission, resolvePermissionGroup, resolvePermissionGroups, resolvePermissions, scope, scopes, user };
 //# sourceMappingURL=index.js.map