@rockster/core 0.0.4 → 0.1.0

package/access/functions/resolve-scope-context-id.js

@@ -0,0 +1,71 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolveScopeContextId = resolveScopeContextId;
+const env_1 = require("../env");
+const build_scope_resolver_initial_data_1 = require("./build-scope-resolver-initial-data");
+const init_scope_service_executors_1 = require("./init-scope-service-executors");
+const CONTEXT_ID_FIELDS = {
+    workspace: ["$workspaceId", "workspaceId"],
+    project: ["$projectId", "projectId"],
+    account: ["$accountId", "accountId"],
+    manager: ["$contextId", "contextId"],
+};
+function pickContextIdFromPayload(payload, contextName) {
+    if (!payload || typeof payload !== "object") {
+        return undefined;
+    }
+    const record = payload;
+    const fields = CONTEXT_ID_FIELDS[contextName] ?? ["$contextId", "contextId"];
+    for (const field of fields) {
+        const value = record[field];
+        if (value != null && String(value).trim() !== "") {
+            return String(value);
+        }
+    }
+    return undefined;
+}
+function normalizeRequestPayload(requestPayload, actionKind) {
+    if (actionKind === "remove") {
+        if (requestPayload == null
+            || typeof requestPayload === "string"
+            || typeof requestPayload === "number") {
+            return undefined;
+        }
+    }
+    return requestPayload;
+}
+async function resolveScopeContextId(params) {
+    const registry = env_1.env.scopeServiceRegistry.get(params.contextName);
+    if (registry?.withId === false) {
+        return undefined;
+    }
+    const handlerName = params.resolverHandler ?? init_scope_service_executors_1.DEFAULT_SCOPE_CONTEXT_RESOLVER;
+    const executor = registry?.resolvers?.[handlerName];
+    if (executor) {
+        const initialData = (0, build_scope_resolver_initial_data_1.buildScopeResolverInitialData)(params, params.requestContext, params.pendingAnnotations);
+        const resolved = await executor.handle(initialData);
+        if (resolved != null && String(resolved).trim() !== "") {
+            return String(resolved);
+        }
+        if (params.resolverHandler
+            && params.resolverHandler !== init_scope_service_executors_1.DEFAULT_SCOPE_CONTEXT_RESOLVER) {
+            return undefined;
+        }
+    }
+    else if (registry?.instance) {
+        throw new Error(`[${registry.Service.name}] scope resolver "${handlerName}" is not registered — decorate the method with @ScopeContextIdResolver()`);
+    }
+    const payload = normalizeRequestPayload(params.requestPayload, params.actionKind);
+    const fromPayload = pickContextIdFromPayload(payload, params.contextName);
+    if (fromPayload) {
+        return fromPayload;
+    }
+    if (params.actionKind === "remove" && params.idValue != null) {
+        const id = String(params.idValue).trim();
+        if (id !== "") {
+            return id;
+        }
+    }
+    return undefined;
+}
+//# sourceMappingURL=resolve-scope-context-id.js.map

package/access/functions/resolve-scope-context-id.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolve-scope-context-id.js","sourceRoot":"./","sources":["access/functions/resolve-scope-context-id.ts"],"names":[],"mappings":";;AA0DA,sDAsDC;AA9GD,gCAA6B;AAE7B,2FAAoF;AACpF,iFAAgF;AAEhF,MAAM,iBAAiB,GAA6B;IACjD,SAAS,EAAE,CAAC,cAAc,EAAE,aAAa,CAAC;IAC1C,OAAO,EAAE,CAAC,YAAY,EAAE,WAAW,CAAC;IACpC,OAAO,EAAE,CAAC,YAAY,EAAE,WAAW,CAAC;IACpC,OAAO,EAAE,CAAC,YAAY,EAAE,WAAW,CAAC;CACtC,CAAC;AAQF,SAAS,wBAAwB,CAC9B,OAAgB,EAChB,WAAmB;IAEnB,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC3C,OAAO,SAAS,CAAC;IACpB,CAAC;IAED,MAAM,MAAM,GAAG,OAAkC,CAAC;IAClD,MAAM,MAAM,GAAG,iBAAiB,CAAC,WAAW,CAAC,IAAI,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;IAE7E,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC1B,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;QAC5B,IAAI,KAAK,IAAI,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YAChD,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;QACxB,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACpB,CAAC;AAED,SAAS,uBAAuB,CAC7B,cAAuB,EACvB,UAAsD;IAEtD,IAAI,UAAU,KAAK,QAAQ,EAAE,CAAC;QAC3B,IACG,cAAc,IAAI,IAAI;eACnB,OAAO,cAAc,KAAK,QAAQ;eAClC,OAAO,cAAc,KAAK,QAAQ,EACtC,CAAC;YACA,OAAO,SAAS,CAAC;QACpB,CAAC;IACJ,CAAC;IAED,OAAO,cAAc,CAAC;AACzB,CAAC;AAEM,KAAK,UAAU,qBAAqB,CACxC,MAAmC;IAEnC,MAAM,QAAQ,GAAG,SAAG,CAAC,oBAAoB,CAAC,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IAElE,IAAI,QAAQ,EAAE,MAAM,KAAK,KAAK,EAAE,CAAC;QAC9B,OAAO,SAAS,CAAC;IACpB,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,CAAC,eAAe,IAAI,6DAA8B,CAAC;IAC7E,MAAM,QAAQ,GAAG,QAAQ,EAAE,SAAS,EAAE,CAAC,WAAW,CAAC,CAAC;IAEpD,IAAI,QAAQ,EAAE,CAAC;QACZ,MAAM,WAAW,GAAG,IAAA,iEAA6B,EAC9C,MAAM,EACN,MAAM,CAAC,cAAc,EACrB,MAAM,CAAC,kBAAkB,CAC3B,CAAC;QACF,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QAEpD,IAAI,QAAQ,IAAI,IAAI,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YACtD,OAAO,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC3B,CAAC;QAED,IACG,MAAM,CAAC,eAAe;eACnB,MAAM,CAAC,eAAe,KAAK,6DAA8B,EAC7D,CAAC;YACA,OAAO,SAAS,CAAC;QACpB,CAAC;IACJ,CAAC;SAAM,IAAI,QAAQ,EAAE,QAAQ,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CACZ,IAAI,QAAQ,CAAC,OAAO,CAAC,IAAI,qBAAqB,WAAW,0EAA0E,CACrI,CAAC;IACL,CAAC;IAED,MAAM,OAAO,GAAG,uBAAuB,CACpC,MAAM,CAAC,cAAc,EACrB,MAAM,CAAC,UAAU,CACnB,CAAC;IAEF,MAAM,WAAW,GAAG,wBAAwB,CAAC,OAAO,EAAE,MAAM,CAAC,WAAW,CAAC,CAAC;IAC1E,IAAI,WAAW,EAAE,CAAC;QACf,OAAO,WAAW,CAAC;IACtB,CAAC;IAED,IAAI,MAAM,CAAC,UAAU,KAAK,QAAQ,IAAI,MAAM,CAAC,OAAO,IAAI,IAAI,EAAE,CAAC;QAC5D,MAAM,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;QACzC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YACb,OAAO,EAAE,CAAC;QACb,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACpB,CAAC"}

package/access/functions/warn-if-public.d.ts

@@ -0,0 +1,12 @@
+import { PropertyNote } from "@rockster/class-memory";
+import { IControllerProperty } from "../../controllers/interfaces/controller-property";
+/**
+ * Standing warning for every endpoint exposed without authentication
+ * (`public: true`). Endpoints that use a special auth strategy
+ * (`property.authenticated`, via `createAuthenticationInterceptor`) are exempt —
+ * they skip the default auth service but still authenticate.
+ *
+ * Called by every action builder at registration so a public route can never
+ * ship silently.
+ */
+export declare function warnIfPublic(label: string, property: PropertyNote<IControllerProperty>): void;

package/access/functions/warn-if-public.js

@@ -0,0 +1,20 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.warnIfPublic = warnIfPublic;
+const logger_1 = require("@rockster/logger");
+const logger = new logger_1.Logger("Security");
+/**
+ * Standing warning for every endpoint exposed without authentication
+ * (`public: true`). Endpoints that use a special auth strategy
+ * (`property.authenticated`, via `createAuthenticationInterceptor`) are exempt —
+ * they skip the default auth service but still authenticate.
+ *
+ * Called by every action builder at registration so a public route can never
+ * ship silently.
+ */
+function warnIfPublic(label, property) {
+    if (property.public && !property.authenticated) {
+        logger.warn(`[PUBLIC] ${label} — endpoint exposto sem autenticação (public:true)`);
+    }
+}
+//# sourceMappingURL=warn-if-public.js.map

package/access/functions/warn-if-public.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"warn-if-public.js","sourceRoot":"./","sources":["access/functions/warn-if-public.ts"],"names":[],"mappings":";;AAeA,oCASC;AAvBD,6CAA0C;AAG1C,MAAM,MAAM,GAAG,IAAI,eAAM,CAAC,UAAU,CAAC,CAAC;AAEtC;;;;;;;;GAQG;AACH,SAAgB,YAAY,CACzB,KAAa,EACb,QAA2C;IAE3C,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,aAAa,EAAE,CAAC;QAC9C,MAAM,CAAC,IAAI,CACR,YAAY,KAAK,oDAAoD,CACvE,CAAC;IACL,CAAC;AACJ,CAAC"}

package/access/index.d.ts

@@ -1,5 +1,7 @@
 export * from './entities';
 export * from './access.module';
+export * from './constants';
+export * from './decorators';
 export * from './functions';
 export * from './services';
 export * from './interfaces';

package/access/index.js

@@ -16,6 +16,8 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./entities"), exports);
 __exportStar(require("./access.module"), exports);
+__exportStar(require("./constants"), exports);
+__exportStar(require("./decorators"), exports);
 __exportStar(require("./functions"), exports);
 __exportStar(require("./services"), exports);
 __exportStar(require("./interfaces"), exports);

package/access/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"./","sources":["access/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,6CAA2B;AAC3B,kDAAgC;AAChC,8CAA4B;AAC5B,6CAA2B;AAC3B,+CAA6B"}
+{"version":3,"file":"index.js","sourceRoot":"./","sources":["access/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,6CAA2B;AAC3B,kDAAgC;AAChC,8CAA4B;AAC5B,+CAA6B;AAC7B,8CAA4B;AAC5B,6CAA2B;AAC3B,+CAA6B"}

package/access/interfaces/index.d.ts

@@ -1,2 +1,3 @@
 export * from './scope-service-registry';
 export * from './scope-service';
+export * from './resolve-scope-context-id';

package/access/interfaces/index.js

@@ -16,4 +16,5 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./scope-service-registry"), exports);
 __exportStar(require("./scope-service"), exports);
+__exportStar(require("./resolve-scope-context-id"), exports);
 //# sourceMappingURL=index.js.map

package/access/interfaces/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"./","sources":["access/interfaces/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2DAAyC;AACzC,kDAAgC"}
+{"version":3,"file":"index.js","sourceRoot":"./","sources":["access/interfaces/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2DAAyC;AACzC,kDAAgC;AAChC,6DAA2C"}

package/access/interfaces/resolve-scope-context-id.d.ts

@@ -0,0 +1,21 @@
+import { EntityManager } from "typeorm";
+import { Instantiable } from "@rockster/common";
+export type ScopeActionKind = "query" | "post" | "remove" | "default";
+/** Params injected with @ContextParams() on @ScopeContextIdResolver methods. */
+export type IScopeContextParams = IResolveScopeContextIdParams;
+export interface IResolveScopeContextIdParams {
+    contextName: string;
+    requestPayload?: unknown;
+    actionKind: ScopeActionKind;
+    postType?: "create" | "modify";
+    idValue?: string;
+    entityTarget?: Instantiable;
+    entityManager?: EntityManager;
+    withId?: boolean;
+    /**
+     * Per-request store. Resolvers may stash loaded entities here (e.g. the
+     * project/account row fetched to resolve the context id) so other resolvers
+     * or the handler reuse them instead of hitting the DB again.
+     */
+    store?: Map<string, unknown>;
+}

package/access/interfaces/resolve-scope-context-id.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=resolve-scope-context-id.js.map

package/access/interfaces/resolve-scope-context-id.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolve-scope-context-id.js","sourceRoot":"./","sources":["access/interfaces/resolve-scope-context-id.ts"],"names":[],"mappings":""}

package/access/interfaces/scope-service-registry.d.ts

@@ -1,6 +1,21 @@
-import { Instantiable } from "@rockster/common";
+import { ExecutorData } from "@rockster/class-injector/interfaces";
+import { Dictionary, Instantiable } from "@rockster/common";
 import { IScopeService } from "./scope-service";
 export interface IScopeServiceRegistry {
     Service: Instantiable<IScopeService<any>>;
+    /** When false, scope has no context id (e.g. manager). */
+    withId?: boolean;
     instance?: IScopeService<any>;
+    resolvers?: Dictionary<ExecutorData>;
+    /** Marks this scope as the hierarchy root (e.g. workspace). */
+    root?: boolean;
+    /** Context name of the root scope this scope descends from. */
+    rootScope?: string;
+    /**
+     * Key that, held at the ROOT context, grants everything in every descendant
+     * scope (platform master). Set on the root scope.
+     */
+    masterKey?: string;
+    /** Key that grants everything WITHIN this context (context admin). */
+    adminKey?: string;
 }

package/access/interfaces/scope-service.d.ts

@@ -1,12 +1,11 @@
 import { IScopeUserMapped } from "@rockster/common/access";
-import { IRequestValues } from "@rockster/common";
 import { GetConditionCallbackResult } from "../../database/interfaces/path";
 import { SelectQueryBuilder } from "../../database/extensions/select-query-builder";
-export interface IScopeService<TCurrentSession> {
+export interface IScopeService<_TCurrentSession = unknown> {
     joinUser(rootAlias: string, contextId: string, queryBuilder: SelectQueryBuilder<IScopeUserMapped>): GetConditionCallbackResult;
-    onAction(values: IRequestValues<TCurrentSession>): string | Promise<string>;
-    onQuery(values: IRequestValues<TCurrentSession>): string | Promise<string>;
-    onPostCreate(values: IRequestValues<TCurrentSession>): string | Promise<string>;
-    onPostModify(values: IRequestValues<TCurrentSession>): string | Promise<string>;
-    onRestful(values: IRequestValues<TCurrentSession>): string | Promise<string>;
+    /**
+     * Maps a context id to its hierarchy ROOT context id (e.g. account/project →
+     * workspace). The root scope returns the same id. Used by the master-key check.
+     */
+    resolveRootContextId?(contextId: string): Promise<string | undefined>;
 }

package/access/models/scope-access-profile-keys-update.d.ts

@@ -0,0 +1,5 @@
+import { IScopeAccessProfileKeysUpdate } from "@rockster/common/access";
+export declare class ScopeAccessProfileKeysUpdate implements IScopeAccessProfileKeysUpdate {
+    scopeAccessProfileId: string;
+    keys: string[];
+}

package/access/models/scope-access-profile-keys-update.js

@@ -0,0 +1,27 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ScopeAccessProfileKeysUpdate = void 0;
+const class_pipe_1 = require("@rockster/class-pipe");
+class ScopeAccessProfileKeysUpdate {
+}
+exports.ScopeAccessProfileKeysUpdate = ScopeAccessProfileKeysUpdate;
+__decorate([
+    (0, class_pipe_1.IsRequired)(),
+    (0, class_pipe_1.IsString)(),
+    __metadata("design:type", String)
+], ScopeAccessProfileKeysUpdate.prototype, "scopeAccessProfileId", void 0);
+__decorate([
+    (0, class_pipe_1.IsRequired)(),
+    (0, class_pipe_1.IsArray)(),
+    __metadata("design:type", Array)
+], ScopeAccessProfileKeysUpdate.prototype, "keys", void 0);
+//# sourceMappingURL=scope-access-profile-keys-update.js.map

package/access/models/scope-access-profile-keys-update.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scope-access-profile-keys-update.js","sourceRoot":"./","sources":["access/models/scope-access-profile-keys-update.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAAqE;AAGrE,MAAa,4BAA4B;CASxC;AATD,oEASC;AALE;IAFC,IAAA,uBAAU,GAAE;IACZ,IAAA,qBAAQ,GAAE;;0EACkB;AAI7B;IAFC,IAAA,uBAAU,GAAE;IACZ,IAAA,oBAAO,GAAE;;0DACK"}

package/access/models/scope-group-apply-access-profile.d.ts

@@ -0,0 +1,6 @@
+import { IScopeGroupApplyAccessProfile } from "@rockster/common/access";
+export declare class ScopeGroupApplyAccessProfile implements IScopeGroupApplyAccessProfile {
+    groupId: string;
+    contextName: string;
+    contextId: string;
+}

package/access/models/scope-group-apply-access-profile.js

@@ -0,0 +1,32 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ScopeGroupApplyAccessProfile = void 0;
+const class_pipe_1 = require("@rockster/class-pipe");
+class ScopeGroupApplyAccessProfile {
+}
+exports.ScopeGroupApplyAccessProfile = ScopeGroupApplyAccessProfile;
+__decorate([
+    (0, class_pipe_1.IsRequired)(),
+    (0, class_pipe_1.IsString)(),
+    __metadata("design:type", String)
+], ScopeGroupApplyAccessProfile.prototype, "groupId", void 0);
+__decorate([
+    (0, class_pipe_1.IsRequired)(),
+    (0, class_pipe_1.IsString)(),
+    __metadata("design:type", String)
+], ScopeGroupApplyAccessProfile.prototype, "contextName", void 0);
+__decorate([
+    (0, class_pipe_1.IsRequired)(),
+    (0, class_pipe_1.IsString)(),
+    __metadata("design:type", String)
+], ScopeGroupApplyAccessProfile.prototype, "contextId", void 0);
+//# sourceMappingURL=scope-group-apply-access-profile.js.map

package/access/models/scope-group-apply-access-profile.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scope-group-apply-access-profile.js","sourceRoot":"./","sources":["access/models/scope-group-apply-access-profile.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAA4D;AAG5D,MAAa,4BAA4B;CAaxC;AAbD,oEAaC;AATE;IAFC,IAAA,uBAAU,GAAE;IACZ,IAAA,qBAAQ,GAAE;;6DACK;AAIhB;IAFC,IAAA,uBAAU,GAAE;IACZ,IAAA,qBAAQ,GAAE;;iEACS;AAIpB;IAFC,IAAA,uBAAU,GAAE;IACZ,IAAA,qBAAQ,GAAE;;+DACO"}

package/access/models/scope-user-mapped.d.ts

@@ -5,4 +5,5 @@ export declare class ScopeUserMapped implements IScopeUserMapped {
     email: string;
     imageUrl?: string;
     active?: boolean;
+    isScopeOwner?: boolean;
 }

package/access/models/scope-user-mapped.js

@@ -39,4 +39,10 @@ __decorate([
     (0, class_pipe_1.IsBoolean)(),
     __metadata("design:type", Boolean)
 ], ScopeUserMapped.prototype, "active", void 0);
+__decorate([
+    (0, class_pipe_1.Expose)(),
+    (0, class_pipe_1.IsBoolean)(),
+    (0, class_pipe_1.IsOptional)(),
+    __metadata("design:type", Boolean)
+], ScopeUserMapped.prototype, "isScopeOwner", void 0);
 //# sourceMappingURL=scope-user-mapped.js.map

package/access/models/scope-user-mapped.js.map

@@ -1 +1 @@
-{"version":3,"file":"scope-user-mapped.js","sourceRoot":"./","sources":["access/models/scope-user-mapped.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAAmE;AAGnE,MAAa,eAAe;CAsB3B;AAtBD,0CAsBC;AAjBE;IAFC,IAAA,mBAAM,GAAE;IACR,IAAA,qBAAQ,GAAE;;2CACA;AAIX;IAFC,IAAA,mBAAM,GAAE;IACR,IAAA,qBAAQ,GAAE;;6CACE;AAIb;IAFC,IAAA,mBAAM,GAAE;IACR,IAAA,qBAAQ,GAAE;;8CACG;AAId;IAFC,IAAA,mBAAM,GAAE;IACR,IAAA,qBAAQ,GAAE;;iDACO;AAIlB;IAFC,IAAA,mBAAM,GAAE;IACR,IAAA,sBAAS,GAAE;;+CACK"}
+{"version":3,"file":"scope-user-mapped.js","sourceRoot":"./","sources":["access/models/scope-user-mapped.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAA+E;AAG/E,MAAa,eAAe;CA2B3B;AA3BD,0CA2BC;AAtBE;IAFC,IAAA,mBAAM,GAAE;IACR,IAAA,qBAAQ,GAAE;;2CACA;AAIX;IAFC,IAAA,mBAAM,GAAE;IACR,IAAA,qBAAQ,GAAE;;6CACE;AAIb;IAFC,IAAA,mBAAM,GAAE;IACR,IAAA,qBAAQ,GAAE;;8CACG;AAId;IAFC,IAAA,mBAAM,GAAE;IACR,IAAA,qBAAQ,GAAE;;iDACO;AAIlB;IAFC,IAAA,mBAAM,GAAE;IACR,IAAA,sBAAS,GAAE;;+CACK;AAKjB;IAHC,IAAA,mBAAM,GAAE;IACR,IAAA,sBAAS,GAAE;IACX,IAAA,uBAAU,GAAE;;qDACU"}

package/access/models/scope-user.js

@@ -12,7 +12,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.ScopeUser = void 0;
 const class_pipe_1 = require("@rockster/class-pipe");
 const scope_group_1 = require("../entities/scope-group");
-const scope_key_1 = require("../entities/scope-key");
+const scope_access_1 = require("../entities/scope-access");
 class ScopeUser {
 }
 exports.ScopeUser = ScopeUser;
@@ -38,12 +38,14 @@ __decorate([
 ], ScopeUser.prototype, "contextId", void 0);
 __decorate([
     (0, class_pipe_1.Expose)(),
+    (0, class_pipe_1.IsArray)(),
     (0, class_pipe_1.IsType)(() => scope_group_1.ScopeGroup),
     __metadata("design:type", Array)
 ], ScopeUser.prototype, "groups", void 0);
 __decorate([
     (0, class_pipe_1.Expose)(),
-    (0, class_pipe_1.IsType)(() => scope_key_1.ScopeKey),
+    (0, class_pipe_1.IsArray)(),
+    (0, class_pipe_1.IsType)(() => scope_access_1.ScopeAccess),
     __metadata("design:type", Array)
 ], ScopeUser.prototype, "keys", void 0);
 //# sourceMappingURL=scope-user.js.map

package/access/models/scope-user.js.map

@@ -1 +1 @@
-{"version":3,"file":"scope-user.js","sourceRoot":"./","sources":["access/models/scope-user.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAK8B;AAM9B,yDAAqD;AACrD,qDAAiD;AAEjD,MAAa,SAAS;CAyBrB;AAzBD,8BAyBC;AArBE;IAFC,IAAA,mBAAM,GAAE;IACR,IAAA,sBAAS,GAAE;;0CACM;AAIlB;IAFC,IAAA,mBAAM,GAAE;IACR,IAAA,qBAAQ,GAAE;;yCACI;AAIf;IAFC,IAAA,mBAAM,GAAE;IACR,IAAA,qBAAQ,GAAE;;8CACS;AAIpB;IAFC,IAAA,mBAAM,GAAE;IACR,IAAA,qBAAQ,GAAE;;4CACQ;AAInB;IAFC,IAAA,mBAAM,GAAE;IACR,IAAA,mBAAM,EAAC,GAAG,EAAE,CAAC,wBAAU,CAAC;;yCACF;AAIvB;IAFC,IAAA,mBAAM,GAAE;IACR,IAAA,mBAAM,EAAC,GAAG,EAAE,CAAC,oBAAQ,CAAC;;uCACD"}
+{"version":3,"file":"scope-user.js","sourceRoot":"./","sources":["access/models/scope-user.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAM8B;AAM9B,yDAAqD;AAErD,2DAAuD;AAEvD,MAAa,SAAS;CA2BrB;AA3BD,8BA2BC;AAvBE;IAFC,IAAA,mBAAM,GAAE;IACR,IAAA,sBAAS,GAAE;;0CACM;AAIlB;IAFC,IAAA,mBAAM,GAAE;IACR,IAAA,qBAAQ,GAAE;;yCACI;AAIf;IAFC,IAAA,mBAAM,GAAE;IACR,IAAA,qBAAQ,GAAE;;8CACS;AAIpB;IAFC,IAAA,mBAAM,GAAE;IACR,IAAA,qBAAQ,GAAE;;4CACQ;AAKnB;IAHC,IAAA,mBAAM,GAAE;IACR,IAAA,oBAAO,GAAE;IACT,IAAA,mBAAM,EAAC,GAAG,EAAE,CAAC,wBAAU,CAAC;;yCACF;AAKvB;IAHC,IAAA,mBAAM,GAAE;IACR,IAAA,oBAAO,GAAE;IACT,IAAA,mBAAM,EAAC,GAAG,EAAE,CAAC,0BAAW,CAAC;;uCACJ"}

package/access/queries/scope-access-profile.query.d.ts

@@ -0,0 +1 @@
+export declare const ScopeAccessProfileQuery: import("../../query/functions/create-query").QueryDecoratorFactory;

package/access/queries/scope-access-profile.query.js

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ScopeAccessProfileQuery = void 0;
+const create_query_1 = require("../../query/functions/create-query");
+const scope_access_profile_1 = require("../entities/scope-access-profile");
+exports.ScopeAccessProfileQuery = (0, create_query_1.createQuery)({
+    alias: "scopeAccessProfile",
+    target: () => scope_access_profile_1.ScopeAccessProfile,
+});
+//# sourceMappingURL=scope-access-profile.query.js.map

package/access/queries/scope-access-profile.query.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scope-access-profile.query.js","sourceRoot":"./","sources":["access/queries/scope-access-profile.query.ts"],"names":[],"mappings":";;;AAAA,qEAAiE;AACjE,2EAAsE;AAEzD,QAAA,uBAAuB,GAAG,IAAA,0BAAW,EAAC;IAChD,KAAK,EAAE,oBAAoB;IAC3B,MAAM,EAAE,GAAG,EAAE,CAAC,yCAAkB;CAClC,CAAC,CAAC"}

package/access/queries/scope-group.query.js

@@ -2,11 +2,18 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.ScopeGroupQuery = void 0;
 const create_query_1 = require("../../query/functions/create-query");
+const scope_access_profile_1 = require("../entities/scope-access-profile");
 const scope_group_1 = require("../entities/scope-group");
 const scope_context_1 = require("../models/scope-context");
 exports.ScopeGroupQuery = (0, create_query_1.createQuery)({
-    alias: 'scopeGroup',
+    alias: "scopeGroup",
     target: () => scope_group_1.ScopeGroup,
-    context: () => scope_context_1.ScopeContext
+    context: () => scope_context_1.ScopeContext,
+    paths: {
+        scopeAccessProfile: (0, create_query_1.joinOne)({
+            alias: "scopeAccessProfile",
+            target: () => scope_access_profile_1.ScopeAccessProfile,
+        }),
+    },
 });
 //# sourceMappingURL=scope-group.query.js.map

package/access/queries/scope-group.query.js.map

@@ -1 +1 @@
-{"version":3,"file":"scope-group.query.js","sourceRoot":"./","sources":["access/queries/scope-group.query.ts"],"names":[],"mappings":";;;AAAA,qEAAiE;AACjE,yDAAqD;AACrD,2DAAuD;AAE1C,QAAA,eAAe,GAAG,IAAA,0BAAW,EAAC;IACxC,KAAK,EAAE,YAAY;IACnB,MAAM,EAAE,GAAG,EAAE,CAAC,wBAAU;IACxB,OAAO,EAAE,GAAG,EAAE,CAAC,4BAAY;CAC7B,CAAC,CAAA"}
+{"version":3,"file":"scope-group.query.js","sourceRoot":"./","sources":["access/queries/scope-group.query.ts"],"names":[],"mappings":";;;AAAA,qEAA0E;AAC1E,2EAAsE;AACtE,yDAAqD;AACrD,2DAAuD;AAE1C,QAAA,eAAe,GAAG,IAAA,0BAAW,EAAC;IACxC,KAAK,EAAE,YAAY;IACnB,MAAM,EAAE,GAAG,EAAE,CAAC,wBAAU;IACxB,OAAO,EAAE,GAAG,EAAE,CAAC,4BAAY;IAC3B,KAAK,EAAE;QACJ,kBAAkB,EAAE,IAAA,sBAAO,EAAC;YACzB,KAAK,EAAE,oBAAoB;YAC3B,MAAM,EAAE,GAAG,EAAE,CAAC,yCAAkB;SAClC,CAAC;KACJ;CACH,CAAC,CAAC"}

package/access/services/index.d.ts

@@ -1,4 +1,5 @@
 export * from './scope-access.service';
+export * from './scope-access-profile.service';
 export * from './scope-group-user.service';
 export * from './scope-group.service';
 export * from './scope-key.service';

package/access/services/index.js

@@ -15,6 +15,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./scope-access.service"), exports);
+__exportStar(require("./scope-access-profile.service"), exports);
 __exportStar(require("./scope-group-user.service"), exports);
 __exportStar(require("./scope-group.service"), exports);
 __exportStar(require("./scope-key.service"), exports);

package/access/services/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"./","sources":["access/services/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,yDAAuC;AACvC,6DAA2C;AAC3C,wDAAsC;AACtC,sDAAoC;AACpC,wDAAsC;AACtC,kDAAgC"}
+{"version":3,"file":"index.js","sourceRoot":"./","sources":["access/services/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,yDAAuC;AACvC,iEAA+C;AAC/C,6DAA2C;AAC3C,wDAAsC;AACtC,sDAAoC;AACpC,wDAAsC;AACtC,kDAAgC"}

package/access/services/scope-access-profile.service.d.ts

@@ -0,0 +1,13 @@
+import { IScopeAccessProfile, IScopeAccessProfileKey } from "@rockster/common/access";
+import { RepositoryService } from "../../database/services/repository.service";
+import { Repository } from "../../database/interfaces/repository";
+import { ScopeKey } from "../entities/scope-key";
+export declare class ScopeAccessProfileService extends RepositoryService<IScopeAccessProfile> {
+    protected repository: Repository<IScopeAccessProfile>;
+    protected profileKeyRepository: Repository<IScopeAccessProfileKey>;
+    protected scopeKeyRepository: Repository<ScopeKey>;
+    updateKeys(scopeAccessProfileId: string, keys: string[]): Promise<IScopeAccessProfileKey[]>;
+    getProfileKeys(scopeAccessProfileId: string): Promise<IScopeAccessProfileKey[]>;
+    /** Keys from the profile whose scope_key.context_name matches the given context. */
+    getKeysForContext(scopeAccessProfileId: string, contextName: string): Promise<string[]>;
+}

package/access/services/scope-access-profile.service.js

@@ -0,0 +1,75 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ScopeAccessProfileService = void 0;
+const class_injector_1 = require("@rockster/class-injector");
+const repository_service_1 = require("../../database/services/repository.service");
+const inject_repository_decorator_1 = require("../../database/decorators/inject-repository.decorator");
+const scope_access_profile_1 = require("../entities/scope-access-profile");
+const scope_access_profile_key_1 = require("../entities/scope-access-profile-key");
+const scope_key_1 = require("../entities/scope-key");
+const generate_entity_id_1 = require("../../database/functions/generate-entity-id");
+const normalize_scope_keys_1 = require("../functions/normalize-scope-keys");
+let ScopeAccessProfileService = class ScopeAccessProfileService extends repository_service_1.RepositoryService {
+    async updateKeys(scopeAccessProfileId, keys) {
+        await this.profileKeyRepository.delete({ scopeAccessProfileId });
+        const validKeys = (0, normalize_scope_keys_1.normalizeScopeKeys)(keys);
+        if (!validKeys.length) {
+            return [];
+        }
+        const rows = validKeys.map((key) => ({
+            id: (0, generate_entity_id_1.generateEntityId)(scope_access_profile_key_1.ScopeAccessProfileKey),
+            scopeAccessProfileId,
+            key,
+        }));
+        return this.profileKeyRepository.save(rows);
+    }
+    async getProfileKeys(scopeAccessProfileId) {
+        return this.profileKeyRepository.find({
+            where: { scopeAccessProfileId },
+        });
+    }
+    /** Keys from the profile whose scope_key.context_name matches the given context. */
+    async getKeysForContext(scopeAccessProfileId, contextName) {
+        const profileKeys = await this.getProfileKeys(scopeAccessProfileId);
+        if (!profileKeys.length) {
+            return [];
+        }
+        const keyNames = profileKeys
+            .map((row) => row.key)
+            .filter((key) => Boolean(key));
+        if (!keyNames.length) {
+            return [];
+        }
+        const scopeKeys = await this.scopeKeyRepository.find({
+            where: { contextName },
+        });
+        const allowed = new Set(scopeKeys.map((row) => row.name));
+        return (0, normalize_scope_keys_1.normalizeScopeKeys)(keyNames.filter((key) => allowed.has(key)));
+    }
+};
+exports.ScopeAccessProfileService = ScopeAccessProfileService;
+__decorate([
+    (0, inject_repository_decorator_1.InjectRepository)(() => scope_access_profile_1.ScopeAccessProfile),
+    __metadata("design:type", Object)
+], ScopeAccessProfileService.prototype, "repository", void 0);
+__decorate([
+    (0, inject_repository_decorator_1.InjectRepository)(() => scope_access_profile_key_1.ScopeAccessProfileKey),
+    __metadata("design:type", Object)
+], ScopeAccessProfileService.prototype, "profileKeyRepository", void 0);
+__decorate([
+    (0, inject_repository_decorator_1.InjectRepository)(() => scope_key_1.ScopeKey),
+    __metadata("design:type", Object)
+], ScopeAccessProfileService.prototype, "scopeKeyRepository", void 0);
+exports.ScopeAccessProfileService = ScopeAccessProfileService = __decorate([
+    (0, class_injector_1.Injectable)()
+], ScopeAccessProfileService);
+//# sourceMappingURL=scope-access-profile.service.js.map

package/access/services/scope-access-profile.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scope-access-profile.service.js","sourceRoot":"./","sources":["access/services/scope-access-profile.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,6DAAsD;AAKtD,mFAA+E;AAC/E,uGAAyF;AAEzF,2EAAsE;AACtE,mFAA6E;AAC7E,qDAAiD;AACjD,oFAA+E;AAC/E,4EAAuE;AAGhE,IAAM,yBAAyB,GAA/B,MAAM,yBAA0B,SAAQ,sCAAsC;IAWlF,KAAK,CAAC,UAAU,CAAC,oBAA4B,EAAE,IAAc;QAC1D,MAAM,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,EAAE,oBAAoB,EAAE,CAAC,CAAC;QAEjE,MAAM,SAAS,GAAG,IAAA,yCAAkB,EAAC,IAAI,CAAC,CAAC;QAE3C,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC;YACrB,OAAO,EAAE,CAAC;QACb,CAAC;QAED,MAAM,IAAI,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YAClC,EAAE,EAAE,IAAA,qCAAgB,EAAC,gDAAqB,CAAC;YAC3C,oBAAoB;YACpB,GAAG;SACsB,CAAA,CAAC,CAAC;QAE9B,OAAO,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC/C,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,oBAA4B;QAC9C,OAAO,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC;YACnC,KAAK,EAAE,EAAE,oBAAoB,EAAE;SACjC,CAAC,CAAC;IACN,CAAC;IAED,oFAAoF;IACpF,KAAK,CAAC,iBAAiB,CAAC,oBAA4B,EAAE,WAAmB;QACtE,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,oBAAoB,CAAC,CAAC;QACpE,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC;YACvB,OAAO,EAAc,CAAC;QACzB,CAAC;QAED,MAAM,QAAQ,GAAG,WAAW;aACxB,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC;aACrB,MAAM,CAAC,CAAC,GAAG,EAAiB,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;QAEjD,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;YACpB,OAAO,EAAE,CAAC;QACb,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC;YAClD,KAAK,EAAE,EAAE,WAAW,EAAE;SACxB,CAAC,CAAC;QAEH,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;QAC1D,OAAO,IAAA,yCAAkB,EAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IACzE,CAAC;CACH,CAAA;AAzDY,8DAAyB;AAGzB;IADT,IAAA,8CAAgB,EAAC,GAAG,EAAE,CAAC,yCAAkB,CAAC;;6DACW;AAG5C;IADT,IAAA,8CAAgB,EAAC,GAAG,EAAE,CAAC,gDAAqB,CAAC;;uEACqB;AAGzD;IADT,IAAA,8CAAgB,EAAC,GAAG,EAAE,CAAC,oBAAQ,CAAC;;qEACkB;oCATzC,yBAAyB;IADrC,IAAA,2BAAU,GAAE;GACA,yBAAyB,CAyDrC"}

package/access/services/scope-access.service.js

@@ -15,6 +15,7 @@ const repository_service_1 = require("../../database/services/repository.service
 const inject_repository_decorator_1 = require("../../database/decorators/inject-repository.decorator");
 const scope_access_1 = require("../entities/scope-access");
 const generate_entity_id_1 = require("../../database/functions/generate-entity-id");
+const normalize_scope_keys_1 = require("../functions/normalize-scope-keys");
 let ScopeAccessService = class ScopeAccessService extends repository_service_1.RepositoryService {
     constructor() {
         super(...arguments);
@@ -57,7 +58,7 @@ let ScopeAccessService = class ScopeAccessService extends repository_service_1.R
     }
     async getKeysWithCtx(contextId, userId) {
         const rows = await this.repository.query(this.withCtxQuery, [userId, contextId]);
-        return rows.map(r => r.k);
+        return rows.map(row => row.key);
     }
     async updateKeys(type, contextName, contextId, targetId, keys) {
         const keyName = type === 'group' ? 'groupId' : 'userId';
@@ -66,7 +67,8 @@ let ScopeAccessService = class ScopeAccessService extends repository_service_1.R
             contextId,
             contextName
         });
-        const accessKeys = keys.map(key => ({
+        const validKeys = (0, normalize_scope_keys_1.normalizeScopeKeys)(keys);
+        const accessKeys = validKeys.map(key => ({
             id: (0, generate_entity_id_1.generateEntityId)(scope_access_1.ScopeAccess),
             [keyName]: targetId,
             contextName: contextName,

package/access/services/scope-access.service.js.map

@@ -1 +1 @@
-{"version":3,"file":"scope-access.service.js","sourceRoot":"./","sources":["access/services/scope-access.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,6DAAsD;AACtD,mFAA+E;AAE/E,uGAAyF;AAEzF,2DAAuD;AACvD,oFAA+E;AAGxE,IAAM,kBAAkB,GAAxB,MAAM,kBAAmB,SAAQ,sCAA+B;IAAhE;;QAKM,eAAU,GAAG;;;;;;;;;;;;;;IActB,CAAC;QAEQ,iBAAY,GAAG;;;;;;;;;;;;;;;;IAgBxB,CAAC;IA6CL,CAAC;IA3CE,KAAK,CAAC,cAAc,CAAC,MAAc;QAChC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,CACrC,IAAI,CAAC,UAAU,EACf,CAAC,MAAM,CAAC,CACV,CAAC;QAEF,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAa,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,SAAiB,EAAE,MAAc;QACnD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,CACrC,IAAI,CAAC,YAAY,EACjB,CAAC,MAAM,EAAE,SAAS,CAAC,CACrB,CAAC;QAEF,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAa,CAAA;IACxC,CAAC;IAED,KAAK,CAAC,UAAU,CACb,IAAsB,EACtB,WAAmB,EACnB,SAAiB,EACjB,QAAgB,EAChB,IAAc;QAEd,MAAM,OAAO,GAAG,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC;QAExD,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC;YAC1B,CAAC,OAAO,CAAC,EAAE,QAAQ;YACnB,SAAS;YACT,WAAW;SACb,CAAC,CAAC;QAEH,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACjC,EAAE,EAAE,IAAA,qCAAgB,EAAC,0BAAW,CAAC;YACjC,CAAC,OAAO,CAAC,EAAE,QAAQ;YACnB,WAAW,EAAE,WAAW;YACxB,SAAS,EAAE,SAAS;YACpB,GAAG,EAAE,GAAG;SACO,CAAA,CAAC,CAAC;QAEpB,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC1C,CAAC;CACH,CAAA;AAlFY,gDAAkB;AAGlB;IADT,IAAA,8CAAgB,EAAC,GAAG,EAAE,CAAC,0BAAW,CAAC;;sDACW;6BAHrC,kBAAkB;IAD9B,IAAA,2BAAU,GAAE;GACA,kBAAkB,CAkF9B"}
+{"version":3,"file":"scope-access.service.js","sourceRoot":"./","sources":["access/services/scope-access.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,6DAAsD;AACtD,mFAA+E;AAE/E,uGAAyF;AAEzF,2DAAuD;AACvD,oFAA+E;AAC/E,4EAAuE;AAGhE,IAAM,kBAAkB,GAAxB,MAAM,kBAAmB,SAAQ,sCAA+B;IAAhE;;QAKM,eAAU,GAAG;;;;;;;;;;;;;;IActB,CAAC;QAEQ,iBAAY,GAAG;;;;;;;;;;;;;;;;IAgBxB,CAAC;IA+CL,CAAC;IA7CE,KAAK,CAAC,cAAc,CAAC,MAAc;QAChC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,CACrC,IAAI,CAAC,UAAU,EACf,CAAC,MAAM,CAAC,CACV,CAAC;QAEF,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAa,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,SAAiB,EAAE,MAAc;QACnD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,CACrC,IAAI,CAAC,YAAY,EACjB,CAAC,MAAM,EAAE,SAAS,CAAC,CACrB,CAAC;QAEF,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAa,CAAA;IAC9C,CAAC;IAED,KAAK,CAAC,UAAU,CACb,IAAsB,EACtB,WAAmB,EACnB,SAAiB,EACjB,QAAgB,EAChB,IAAc;QAEd,MAAM,OAAO,GAAG,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC;QAExD,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC;YAC1B,CAAC,OAAO,CAAC,EAAE,QAAQ;YACnB,SAAS;YACT,WAAW;SACb,CAAC,CAAC;QAEH,MAAM,SAAS,GAAG,IAAA,yCAAkB,EAAC,IAAI,CAAC,CAAC;QAE3C,MAAM,UAAU,GAAG,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACtC,EAAE,EAAE,IAAA,qCAAgB,EAAC,0BAAW,CAAC;YACjC,CAAC,OAAO,CAAC,EAAE,QAAQ;YACnB,WAAW,EAAE,WAAW;YACxB,SAAS,EAAE,SAAS;YACpB,GAAG,EAAE,GAAG;SACO,CAAA,CAAC,CAAC;QAEpB,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC1C,CAAC;CACH,CAAA;AApFY,gDAAkB;AAGlB;IADT,IAAA,8CAAgB,EAAC,GAAG,EAAE,CAAC,0BAAW,CAAC;;sDACW;6BAHrC,kBAAkB;IAD9B,IAAA,2BAAU,GAAE;GACA,kBAAkB,CAoF9B"}

package/access/services/scope-group-user.service.js

@@ -31,10 +31,10 @@ let ScopeGroupUserService = class ScopeGroupUserService extends repository_servi
         return this
             .repository
             .createQueryBuilder('scopeGroupUser')
-            .leftJoin(scope_group_1.ScopeGroup, 'scopeGroup')
+            .leftJoin(scope_group_1.ScopeGroup, 'scopeGroup', '"scopeGroup".id = "scopeGroupUser".group_id')
             .where(`"scopeGroup".context_name = '${contextName}' 
             AND "scopeGroupUser".user_id = '${userId}'
-            ${!contextId ? '' : `"scopeGroup".context_id = '${contextId}'`}`)
+            ${!contextId ? '' : `AND "scopeGroup".context_id = '${contextId}'`}`)
             .getMany();
     }
 };

package/access/services/scope-group-user.service.js.map

@@ -1 +1 @@
-{"version":3,"file":"scope-group-user.service.js","sourceRoot":"./","sources":["access/services/scope-group-user.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,6DAAsD;AACtD,mFAA+E;AAE/E,uGAAyF;AAEzF,mEAA8D;AAC9D,oFAA+E;AAC/E,yDAAqD;AAG9C,IAAM,qBAAqB,GAA3B,MAAM,qBAAsB,SAAQ,sCAAkC;IAK1E,KAAK,CAAC,cAAc,CAAC,OAAe,EAAE,MAAc;QACjD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;QACvE,IAAI,SAAS;YAAE,OAAO,SAAS,CAAC;QAChC,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;YACzB,EAAE,EAAE,IAAA,qCAAgB,EAAC,iCAAc,CAAC;YACpC,OAAO,EAAE,OAAO;YAChB,MAAM,EAAE,MAAM;SAChB,CAAC,CAAC;IACN,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,MAAc,EAAE,WAAmB,EAAE,SAAkB;QACpE,OAAO,IAAI;aACP,UAAU;aACV,kBAAkB,CAAC,gBAAgB,CAAC;aACpC,QAAQ,CACN,wBAAU,EACV,YAAY,CACd;aACA,KAAK,CAAC,gCAAgC,WAAW;8CACb,MAAM;cACtC,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,8BAA8B,SAAS,GAAG,EAAE,CAAC;aACnE,OAAO,EAAE,CAAC;IACjB,CAAC;CACH,CAAA;AA5BY,sDAAqB;AAGrB;IADT,IAAA,8CAAgB,EAAC,GAAG,EAAE,CAAC,iCAAc,CAAC;;yDACW;gCAHxC,qBAAqB;IADjC,IAAA,2BAAU,GAAE;GACA,qBAAqB,CA4BjC"}
+{"version":3,"file":"scope-group-user.service.js","sourceRoot":"./","sources":["access/services/scope-group-user.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,6DAAsD;AACtD,mFAA+E;AAE/E,uGAAyF;AAEzF,mEAA8D;AAC9D,oFAA+E;AAC/E,yDAAqD;AAG9C,IAAM,qBAAqB,GAA3B,MAAM,qBAAsB,SAAQ,sCAAkC;IAK1E,KAAK,CAAC,cAAc,CAAC,OAAe,EAAE,MAAc;QACjD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;QACvE,IAAI,SAAS;YAAE,OAAO,SAAS,CAAC;QAChC,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;YACzB,EAAE,EAAE,IAAA,qCAAgB,EAAC,iCAAc,CAAC;YACpC,OAAO,EAAE,OAAO;YAChB,MAAM,EAAE,MAAM;SAChB,CAAC,CAAC;IACN,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,MAAc,EAAE,WAAmB,EAAE,SAAkB;QACpE,OAAO,IAAI;aACP,UAAU;aACV,kBAAkB,CAAC,gBAAgB,CAAC;aACpC,QAAQ,CACN,wBAAU,EACV,YAAY,EACZ,6CAA6C,CAC/C;aACA,KAAK,CAAC,gCAAgC,WAAW;8CACb,MAAM;cACtC,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,kCAAkC,SAAS,GAAG,EAAE,CAAC;aACvE,OAAO,EAAE,CAAC;IACjB,CAAC;CACH,CAAA;AA7BY,sDAAqB;AAGrB;IADT,IAAA,8CAAgB,EAAC,GAAG,EAAE,CAAC,iCAAc,CAAC;;yDACW;gCAHxC,qBAAqB;IADjC,IAAA,2BAAU,GAAE;GACA,qBAAqB,CA6BjC"}