@schorts/shared-kernel 2.2.4 → 2.3.0

package/CHANGELOG

@@ -5,13 +5,19 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-### [2.2.4] - 2025-10-10
+## [2.3.0] - 2025-10-11
+
+### Added
+
+- Added `RBAC` module.
+
+## [2.2.4] - 2025-10-10
 
 ### Changed
 
 - Remove `Optional` param in the `EnumValue`. Instead allow null values in the `allowedTypes` array.
 
-### [2.2.3] - 2025-10-10
+## [2.2.3] - 2025-10-10
 
 ### Changed
 

package/dist/cjs/index.js

@@ -25,6 +25,7 @@ __exportStar(require("./i18n"), exports);
 __exportStar(require("./json-api"), exports);
 __exportStar(require("./messages"), exports);
 __exportStar(require("./models"), exports);
+__exportStar(require("./rbac"), exports);
 __exportStar(require("./result"), exports);
 __exportStar(require("./state-manager"), exports);
 __exportStar(require("./unit-of-work"), exports);

package/dist/cjs/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,yCAAuB;AACvB,6CAA2B;AAC3B,wCAAsB;AACtB,kDAAgC;AAChC,6CAA2B;AAC3B,+CAA6B;AAC7B,yCAAuB;AACvB,yCAAuB;AACvB,6CAA2B;AAC3B,6CAA2B;AAC3B,2CAAyB;AACzB,2CAAyB;AACzB,kDAAgC;AAChC,iDAA+B;AAC/B,0CAAwB;AACxB,kDAAgC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,yCAAuB;AACvB,6CAA2B;AAC3B,wCAAsB;AACtB,kDAAgC;AAChC,6CAA2B;AAC3B,+CAA6B;AAC7B,yCAAuB;AACvB,yCAAuB;AACvB,6CAA2B;AAC3B,6CAA2B;AAC3B,2CAAyB;AACzB,yCAAuB;AACvB,2CAAyB;AACzB,kDAAgC;AAChC,iDAA+B;AAC/B,0CAAwB;AACxB,kDAAgC"}

package/dist/cjs/rbac/index.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RBACPolicy = void 0;
+var rbac_policy_1 = require("./rbac-policy");
+Object.defineProperty(exports, "RBACPolicy", { enumerable: true, get: function () { return rbac_policy_1.RBACPolicy; } });
+//# sourceMappingURL=index.js.map

package/dist/cjs/rbac/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/rbac/index.ts"],"names":[],"mappings":";;;AAGA,6CAA2C;AAAlC,yGAAA,UAAU,OAAA"}

package/dist/cjs/rbac/permission.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=permission.js.map

package/dist/cjs/rbac/permission.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"permission.js","sourceRoot":"","sources":["../../../src/rbac/permission.ts"],"names":[],"mappings":""}

package/dist/cjs/rbac/rbac-policy.js

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RBACPolicy = void 0;
+class RBACPolicy {
+    can(role, action, resource) {
+        const permissions = this.getPermissions(role);
+        return permissions.some((perm) => (perm.resource === '*' || perm.resource === resource.name) &&
+            (perm.action === action || perm.action === 'manage'));
+    }
+    canAccessOwnedResource(resource) {
+        return resource.owner_id === this.userID.value;
+    }
+    canWithOwnership(role, action, resource) {
+        return this.can(role, action, resource) && this.canAccessOwnedResource(resource);
+    }
+}
+exports.RBACPolicy = RBACPolicy;
+//# sourceMappingURL=rbac-policy.js.map

package/dist/cjs/rbac/rbac-policy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rbac-policy.js","sourceRoot":"","sources":["../../../src/rbac/rbac-policy.ts"],"names":[],"mappings":";;;AAIA,MAAsB,UAAU;IAI9B,GAAG,CAAC,IAAU,EAAE,MAA4B,EAAE,QAAkB;QAC9D,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAE9C,OAAO,WAAW,CAAC,IAAI,CACrB,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,IAAI,CAAC,QAAQ,KAAK,GAAG,IAAI,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,IAAI,CAAC;YAC1D,CAAC,IAAI,CAAC,MAAM,KAAK,MAAM,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,CACvD,CAAC;IACJ,CAAC;IAED,sBAAsB,CAAC,QAAkB;QACvC,OAAO,QAAQ,CAAC,QAAQ,KAAK,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;IACjD,CAAC;IAED,gBAAgB,CAAC,IAAU,EAAE,MAA4B,EAAE,QAAkB;QAC3E,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,IAAI,CAAC,sBAAsB,CAAC,QAAQ,CAAC,CAAC;IACnF,CAAC;CACF;AArBD,gCAqBC"}

package/dist/cjs/rbac/resource.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=resource.js.map

package/dist/cjs/rbac/resource.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"resource.js","sourceRoot":"","sources":["../../../src/rbac/resource.ts"],"names":[],"mappings":""}

package/dist/cjs/value-objects/enum-value.js

@@ -13,11 +13,10 @@ class EnumValue {
         return this.allowedValues.includes(this.value);
     }
     equals(valueObject) {
-        if (!(valueObject instanceof EnumValue))
-            return false;
-        if (!this.isValid || !valueObject.isValid)
-            return false;
-        return this.value === valueObject.value;
+        return (valueObject instanceof EnumValue &&
+            this.isValid &&
+            valueObject.isValid &&
+            this.value === valueObject.value);
     }
 }
 exports.EnumValue = EnumValue;

package/dist/cjs/value-objects/enum-value.js.map

@@ -1 +1 @@
-{"version":3,"file":"enum-value.js","sourceRoot":"","sources":["../../../src/value-objects/enum-value.ts"],"names":[],"mappings":";;;AAEA,MAAsB,SAAS;IACpB,SAAS,GAAG,MAAM,CAAC;IACnB,aAAa,CAAS;IACtB,KAAK,CAAO;IAErB,YAAY,aAAqB,EAAE,KAAW;QAC5C,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QACnC,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;IAED,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAa,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,CAAC,WAAoB;QACzB,IAAI,CAAC,CAAC,WAAW,YAAY,SAAS,CAAC;YAAE,OAAO,KAAK,CAAC;QACtD,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,WAAW,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC;QAExD,OAAO,IAAI,CAAC,KAAK,KAAK,WAAW,CAAC,KAAK,CAAC;IAC1C,CAAC;CAGF;AAtBD,8BAsBC"}
+{"version":3,"file":"enum-value.js","sourceRoot":"","sources":["../../../src/value-objects/enum-value.ts"],"names":[],"mappings":";;;AAEA,MAAsB,SAAS;IACpB,SAAS,GAAG,MAAM,CAAC;IACnB,aAAa,CAAU;IACvB,KAAK,CAAkB;IAEhC,YAAY,aAAsB,EAAE,KAAsB;QACxD,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QACnC,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;IAED,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACjD,CAAC;IAED,MAAM,CAAC,WAAoB;QACzB,OAAO,CACL,WAAW,YAAY,SAAS;YAChC,IAAI,CAAC,OAAO;YACZ,WAAW,CAAC,OAAO;YACnB,IAAI,CAAC,KAAK,KAAK,WAAW,CAAC,KAAK,CACjC,CAAC;IACJ,CAAC;CAGF;AAxBD,8BAwBC"}

package/dist/esm/index.js

@@ -25,6 +25,7 @@ __exportStar(require("./i18n"), exports);
 __exportStar(require("./json-api"), exports);
 __exportStar(require("./messages"), exports);
 __exportStar(require("./models"), exports);
+__exportStar(require("./rbac"), exports);
 __exportStar(require("./result"), exports);
 __exportStar(require("./state-manager"), exports);
 __exportStar(require("./unit-of-work"), exports);

package/dist/esm/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,yCAAuB;AACvB,6CAA2B;AAC3B,wCAAsB;AACtB,kDAAgC;AAChC,6CAA2B;AAC3B,+CAA6B;AAC7B,yCAAuB;AACvB,yCAAuB;AACvB,6CAA2B;AAC3B,6CAA2B;AAC3B,2CAAyB;AACzB,2CAAyB;AACzB,kDAAgC;AAChC,iDAA+B;AAC/B,0CAAwB;AACxB,kDAAgC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,yCAAuB;AACvB,6CAA2B;AAC3B,wCAAsB;AACtB,kDAAgC;AAChC,6CAA2B;AAC3B,+CAA6B;AAC7B,yCAAuB;AACvB,yCAAuB;AACvB,6CAA2B;AAC3B,6CAA2B;AAC3B,2CAAyB;AACzB,yCAAuB;AACvB,2CAAyB;AACzB,kDAAgC;AAChC,iDAA+B;AAC/B,0CAAwB;AACxB,kDAAgC"}

package/dist/esm/rbac/index.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RBACPolicy = void 0;
+var rbac_policy_1 = require("./rbac-policy");
+Object.defineProperty(exports, "RBACPolicy", { enumerable: true, get: function () { return rbac_policy_1.RBACPolicy; } });
+//# sourceMappingURL=index.js.map

package/dist/esm/rbac/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/rbac/index.ts"],"names":[],"mappings":";;;AAGA,6CAA2C;AAAlC,yGAAA,UAAU,OAAA"}

package/dist/esm/rbac/permission.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=permission.js.map

package/dist/esm/rbac/permission.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"permission.js","sourceRoot":"","sources":["../../../src/rbac/permission.ts"],"names":[],"mappings":""}

package/dist/esm/rbac/rbac-policy.js

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RBACPolicy = void 0;
+class RBACPolicy {
+    can(role, action, resource) {
+        const permissions = this.getPermissions(role);
+        return permissions.some((perm) => (perm.resource === '*' || perm.resource === resource.name) &&
+            (perm.action === action || perm.action === 'manage'));
+    }
+    canAccessOwnedResource(resource) {
+        return resource.owner_id === this.userID.value;
+    }
+    canWithOwnership(role, action, resource) {
+        return this.can(role, action, resource) && this.canAccessOwnedResource(resource);
+    }
+}
+exports.RBACPolicy = RBACPolicy;
+//# sourceMappingURL=rbac-policy.js.map

package/dist/esm/rbac/rbac-policy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rbac-policy.js","sourceRoot":"","sources":["../../../src/rbac/rbac-policy.ts"],"names":[],"mappings":";;;AAIA,MAAsB,UAAU;IAI9B,GAAG,CAAC,IAAU,EAAE,MAA4B,EAAE,QAAkB;QAC9D,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAE9C,OAAO,WAAW,CAAC,IAAI,CACrB,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,IAAI,CAAC,QAAQ,KAAK,GAAG,IAAI,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,IAAI,CAAC;YAC1D,CAAC,IAAI,CAAC,MAAM,KAAK,MAAM,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,CACvD,CAAC;IACJ,CAAC;IAED,sBAAsB,CAAC,QAAkB;QACvC,OAAO,QAAQ,CAAC,QAAQ,KAAK,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;IACjD,CAAC;IAED,gBAAgB,CAAC,IAAU,EAAE,MAA4B,EAAE,QAAkB;QAC3E,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,IAAI,CAAC,sBAAsB,CAAC,QAAQ,CAAC,CAAC;IACnF,CAAC;CACF;AArBD,gCAqBC"}

package/dist/esm/rbac/resource.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=resource.js.map

package/dist/esm/rbac/resource.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"resource.js","sourceRoot":"","sources":["../../../src/rbac/resource.ts"],"names":[],"mappings":""}

package/dist/esm/value-objects/enum-value.js

@@ -13,11 +13,10 @@ class EnumValue {
         return this.allowedValues.includes(this.value);
     }
     equals(valueObject) {
-        if (!(valueObject instanceof EnumValue))
-            return false;
-        if (!this.isValid || !valueObject.isValid)
-            return false;
-        return this.value === valueObject.value;
+        return (valueObject instanceof EnumValue &&
+            this.isValid &&
+            valueObject.isValid &&
+            this.value === valueObject.value);
     }
 }
 exports.EnumValue = EnumValue;

package/dist/esm/value-objects/enum-value.js.map

@@ -1 +1 @@
-{"version":3,"file":"enum-value.js","sourceRoot":"","sources":["../../../src/value-objects/enum-value.ts"],"names":[],"mappings":";;;AAEA,MAAsB,SAAS;IACpB,SAAS,GAAG,MAAM,CAAC;IACnB,aAAa,CAAS;IACtB,KAAK,CAAO;IAErB,YAAY,aAAqB,EAAE,KAAW;QAC5C,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QACnC,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;IAED,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAa,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,CAAC,WAAoB;QACzB,IAAI,CAAC,CAAC,WAAW,YAAY,SAAS,CAAC;YAAE,OAAO,KAAK,CAAC;QACtD,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,WAAW,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC;QAExD,OAAO,IAAI,CAAC,KAAK,KAAK,WAAW,CAAC,KAAK,CAAC;IAC1C,CAAC;CAGF;AAtBD,8BAsBC"}
+{"version":3,"file":"enum-value.js","sourceRoot":"","sources":["../../../src/value-objects/enum-value.ts"],"names":[],"mappings":";;;AAEA,MAAsB,SAAS;IACpB,SAAS,GAAG,MAAM,CAAC;IACnB,aAAa,CAAU;IACvB,KAAK,CAAkB;IAEhC,YAAY,aAAsB,EAAE,KAAsB;QACxD,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QACnC,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;IAED,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACjD,CAAC;IAED,MAAM,CAAC,WAAoB;QACzB,OAAO,CACL,WAAW,YAAY,SAAS;YAChC,IAAI,CAAC,OAAO;YACZ,WAAW,CAAC,OAAO;YACnB,IAAI,CAAC,KAAK,KAAK,WAAW,CAAC,KAAK,CACjC,CAAC;IACJ,CAAC;CAGF;AAxBD,8BAwBC"}

package/dist/types/index.d.ts

@@ -9,6 +9,7 @@ export * from "./i18n";
 export * from "./json-api";
 export * from "./messages";
 export * from "./models";
+export * from "./rbac";
 export * from "./result";
 export * from "./state-manager";
 export * from "./unit-of-work";

package/dist/types/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,QAAQ,CAAC;AACvB,cAAc,YAAY,CAAC;AAC3B,cAAc,OAAO,CAAC;AACtB,cAAc,iBAAiB,CAAC;AAChC,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,QAAQ,CAAC;AACvB,cAAc,QAAQ,CAAC;AACvB,cAAc,YAAY,CAAC;AAC3B,cAAc,YAAY,CAAC;AAC3B,cAAc,UAAU,CAAC;AACzB,cAAc,UAAU,CAAC;AACzB,cAAc,iBAAiB,CAAC;AAChC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,SAAS,CAAC;AACxB,cAAc,iBAAiB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,QAAQ,CAAC;AACvB,cAAc,YAAY,CAAC;AAC3B,cAAc,OAAO,CAAC;AACtB,cAAc,iBAAiB,CAAC;AAChC,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,QAAQ,CAAC;AACvB,cAAc,QAAQ,CAAC;AACvB,cAAc,YAAY,CAAC;AAC3B,cAAc,YAAY,CAAC;AAC3B,cAAc,UAAU,CAAC;AACzB,cAAc,QAAQ,CAAC;AACvB,cAAc,UAAU,CAAC;AACzB,cAAc,iBAAiB,CAAC;AAChC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,SAAS,CAAC;AACxB,cAAc,iBAAiB,CAAC"}

package/dist/types/rbac/index.d.ts

@@ -0,0 +1,4 @@
+export type { Permission } from "./permission";
+export type { Resource } from "./resource";
+export { RBACPolicy } from "./rbac-policy";
+//# sourceMappingURL=index.d.ts.map

package/dist/types/rbac/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/rbac/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC/C,YAAY,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAE3C,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC"}

package/dist/types/rbac/permission.d.ts

@@ -0,0 +1,5 @@
+export type Permission = {
+    resource: string;
+    action: "read" | "write" | "delete" | "manage";
+};
+//# sourceMappingURL=permission.d.ts.map

package/dist/types/rbac/permission.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"permission.d.ts","sourceRoot":"","sources":["../../../src/rbac/permission.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,UAAU,GAAG;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,GAAG,OAAO,GAAG,QAAQ,GAAG,QAAQ,CAAC;CAChD,CAAA"}

package/dist/types/rbac/rbac-policy.d.ts

@@ -0,0 +1,11 @@
+import { Permission } from './permission';
+import { Resource } from './resource';
+import { ValueObject } from '../value-objects';
+export declare abstract class RBACPolicy<Role extends string, UserID extends ValueObject> {
+    abstract userID: UserID;
+    abstract getPermissions(role: Role): Permission[];
+    can(role: Role, action: Permission['action'], resource: Resource): boolean;
+    canAccessOwnedResource(resource: Resource): boolean;
+    canWithOwnership(role: Role, action: Permission['action'], resource: Resource): boolean;
+}
+//# sourceMappingURL=rbac-policy.d.ts.map

package/dist/types/rbac/rbac-policy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rbac-policy.d.ts","sourceRoot":"","sources":["../../../src/rbac/rbac-policy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AACtC,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAE/C,8BAAsB,UAAU,CAAC,IAAI,SAAS,MAAM,EAAE,MAAM,SAAS,WAAW;IAC9E,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,cAAc,CAAC,IAAI,EAAE,IAAI,GAAG,UAAU,EAAE;IAEjD,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,CAAC,QAAQ,CAAC,EAAE,QAAQ,EAAE,QAAQ,GAAG,OAAO;IAU1E,sBAAsB,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO;IAInD,gBAAgB,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,CAAC,QAAQ,CAAC,EAAE,QAAQ,EAAE,QAAQ,GAAG,OAAO;CAGxF"}

package/dist/types/rbac/resource.d.ts

@@ -0,0 +1,5 @@
+export type Resource = {
+    name: string;
+    owner_id?: string;
+};
+//# sourceMappingURL=resource.d.ts.map

package/dist/types/rbac/resource.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"resource.d.ts","sourceRoot":"","sources":["../../../src/rbac/resource.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,QAAQ,GAAG;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC"}

package/dist/types/value-objects/enum-value.d.ts

@@ -1,9 +1,9 @@
-import { ValueObject } from './';
-export declare abstract class EnumValue<Type extends string | null> implements ValueObject {
+import { ValueObject } from "./value-object";
+export declare abstract class EnumValue<Allowed extends readonly (string | null)[]> implements ValueObject {
     readonly valueType = "Enum";
-    readonly allowedValues: Type[];
-    readonly value: Type;
-    constructor(allowedValues: Type[], value: Type);
+    readonly allowedValues: Allowed;
+    readonly value: Allowed[number];
+    constructor(allowedValues: Allowed, value: Allowed[number]);
     get isValid(): boolean;
     equals(valueObject: unknown): boolean;
     abstract readonly attributeName: string;

package/dist/types/value-objects/enum-value.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"enum-value.d.ts","sourceRoot":"","sources":["../../../src/value-objects/enum-value.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,IAAI,CAAC;AAEjC,8BAAsB,SAAS,CAAC,IAAI,SAAS,MAAM,GAAG,IAAI,CAAE,YAAW,WAAW;IAChF,QAAQ,CAAC,SAAS,UAAU;IAC5B,QAAQ,CAAC,aAAa,EAAE,IAAI,EAAE,CAAC;IAC/B,QAAQ,CAAC,KAAK,EAAE,IAAI,CAAC;gBAET,aAAa,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,IAAI;IAK9C,IAAI,OAAO,IAAI,OAAO,CAErB;IAED,MAAM,CAAC,WAAW,EAAE,OAAO,GAAG,OAAO;IAOrC,QAAQ,CAAC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;CACzC"}
+{"version":3,"file":"enum-value.d.ts","sourceRoot":"","sources":["../../../src/value-objects/enum-value.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAE7C,8BAAsB,SAAS,CAAC,OAAO,SAAS,SAAS,CAAC,MAAM,GAAG,IAAI,CAAC,EAAE,CAAE,YAAW,WAAW;IAChG,QAAQ,CAAC,SAAS,UAAU;IAC5B,QAAQ,CAAC,aAAa,EAAE,OAAO,CAAC;IAChC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;gBAEpB,aAAa,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,CAAC,MAAM,CAAC;IAK1D,IAAI,OAAO,IAAI,OAAO,CAErB;IAED,MAAM,CAAC,WAAW,EAAE,OAAO,GAAG,OAAO;IASrC,QAAQ,CAAC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;CACzC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@schorts/shared-kernel",
-  "version": "2.2.4",
+  "version": "2.3.0",
   "description": "A modular, type-safe foundation for building expressive, maintainable applications. This package provides core abstractions for domain modeling, HTTP integration, authentication, state management, and more — designed to be framework-agnostic and highly extensible.",
   "main": "./dist/cjs/index.js",
   "module": "./dist/esm/index.js",
@@ -66,6 +66,11 @@
       "require": "./dist/cjs/models/index.js",
       "types": "./dist/types/models/index.d.ts"
     },
+    "./rbac": {
+      "import": "./dist/esm/rbac/index.js",
+      "require": "./dist/cjs/rbac/index.js",
+      "types": "./dist/types/rbac/index.d.ts"
+    },
     "./result": {
       "import": "./dist/esm/result/index.js",
       "require": "./dist/cjs/result/index.js",

package/src/index.ts

@@ -9,6 +9,7 @@ export * from "./i18n";
 export * from "./json-api";
 export * from "./messages";
 export * from "./models";
+export * from "./rbac";
 export * from "./result";
 export * from "./state-manager";
 export * from "./unit-of-work";

package/src/rbac/index.ts

@@ -0,0 +1,4 @@
+export type { Permission } from "./permission";
+export type { Resource } from "./resource";
+
+export { RBACPolicy } from "./rbac-policy"; 

package/src/rbac/permission.ts

@@ -0,0 +1,4 @@
+export type Permission = {
+  resource: string;
+  action: "read" | "write" | "delete" | "manage";
+}

package/src/rbac/rbac-policy.ts

@@ -0,0 +1,26 @@
+import { Permission } from './permission';
+import { Resource } from './resource';
+import { ValueObject } from '../value-objects';
+
+export abstract class RBACPolicy<Role extends string, UserID extends ValueObject> {
+  abstract userID: UserID;
+  abstract getPermissions(role: Role): Permission[];
+
+  can(role: Role, action: Permission['action'], resource: Resource): boolean {
+    const permissions = this.getPermissions(role);
+
+    return permissions.some(
+      (perm) =>
+        (perm.resource === '*' || perm.resource === resource.name) &&
+        (perm.action === action || perm.action === 'manage')
+    );
+  }
+
+  canAccessOwnedResource(resource: Resource): boolean {
+    return resource.owner_id === this.userID.value;
+  }
+
+  canWithOwnership(role: Role, action: Permission['action'], resource: Resource): boolean {
+    return this.can(role, action, resource) && this.canAccessOwnedResource(resource);
+  }
+}

package/src/rbac/resource.ts

@@ -0,0 +1,4 @@
+export type Resource = {
+  name: string;
+  owner_id?: string;
+};

package/src/value-objects/enum-value.ts

@@ -1,24 +1,26 @@
-import { ValueObject } from './';
+import { ValueObject } from "./value-object";
 
-export abstract class EnumValue<Type extends string | null> implements ValueObject {
+export abstract class EnumValue<Allowed extends readonly (string | null)[]> implements ValueObject {
   readonly valueType = 'Enum';
-  readonly allowedValues: Type[];
-  readonly value: Type;
+  readonly allowedValues: Allowed;
+  readonly value: Allowed[number];
 
-  constructor(allowedValues: Type[], value: Type) {
+  constructor(allowedValues: Allowed, value: Allowed[number]) {
     this.allowedValues = allowedValues;
     this.value = value;
   }
 
   get isValid(): boolean {
-    return this.allowedValues.includes(this.value as Type);
+    return this.allowedValues.includes(this.value);
   }
 
   equals(valueObject: unknown): boolean {
-    if (!(valueObject instanceof EnumValue)) return false;
-    if (!this.isValid || !valueObject.isValid) return false;
-
-    return this.value === valueObject.value;
+    return (
+      valueObject instanceof EnumValue &&
+      this.isValid &&
+      valueObject.isValid &&
+      this.value === valueObject.value
+    );
   }
 
   abstract readonly attributeName: string;