@schorts/shared-kernel 3.1.4 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (40) hide show
  1. package/CHANGELOG +12 -0
  2. package/README.md +1 -0
  3. package/dist/cjs/abac/index.js +3 -0
  4. package/dist/cjs/abac/index.js.map +1 -0
  5. package/dist/cjs/abac/predicate.js +3 -0
  6. package/dist/cjs/abac/predicate.js.map +1 -0
  7. package/dist/cjs/rbac/base-resource.js +3 -0
  8. package/dist/cjs/rbac/base-resource.js.map +1 -0
  9. package/dist/cjs/rbac/rbac-policy.js +8 -4
  10. package/dist/cjs/rbac/rbac-policy.js.map +1 -1
  11. package/dist/cjs/value-objects/array-value.js +1 -1
  12. package/dist/cjs/value-objects/array-value.js.map +1 -1
  13. package/dist/esm/abac/index.js +3 -0
  14. package/dist/esm/abac/index.js.map +1 -0
  15. package/dist/esm/abac/predicate.js +3 -0
  16. package/dist/esm/abac/predicate.js.map +1 -0
  17. package/dist/esm/rbac/base-resource.js +3 -0
  18. package/dist/esm/rbac/base-resource.js.map +1 -0
  19. package/dist/esm/rbac/rbac-policy.js +8 -4
  20. package/dist/esm/rbac/rbac-policy.js.map +1 -1
  21. package/dist/esm/value-objects/array-value.js +1 -1
  22. package/dist/esm/value-objects/array-value.js.map +1 -1
  23. package/dist/types/abac/index.d.ts +2 -0
  24. package/dist/types/abac/index.d.ts.map +1 -0
  25. package/dist/types/abac/predicate.d.ts +5 -0
  26. package/dist/types/abac/predicate.d.ts.map +1 -0
  27. package/dist/types/rbac/base-resource.d.ts +4 -0
  28. package/dist/types/rbac/base-resource.d.ts.map +1 -0
  29. package/dist/types/rbac/index.d.ts +1 -1
  30. package/dist/types/rbac/index.d.ts.map +1 -1
  31. package/dist/types/rbac/rbac-policy.d.ts +11 -8
  32. package/dist/types/rbac/rbac-policy.d.ts.map +1 -1
  33. package/package.json +6 -1
  34. package/src/abac/index.ts +1 -0
  35. package/src/abac/predicate.ts +3 -0
  36. package/src/rbac/base-resource.ts +3 -0
  37. package/src/rbac/index.ts +1 -1
  38. package/src/rbac/rbac-policy.ts +25 -10
  39. package/src/value-objects/array-value.ts +1 -1
  40. package/src/rbac/resource.ts +0 -4
package/CHANGELOG CHANGED
@@ -5,6 +5,18 @@ All notable changes to this project will be documented in this file.
5
5
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
6
6
  and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
7
7
 
8
+ ## [4.0.0] - 2025-10-21
9
+
10
+ ### Added
11
+
12
+ - Added `ABAC` support to `RBACPolicy`.
13
+
14
+ ## [3.1.5] - 2025-10-18
15
+
16
+ ### Fixed
17
+
18
+ - Fixed `greater_than_or_equal` validation in the `FloatValue`.
19
+
8
20
  ## [3.1.4] - 2025-10-18
9
21
 
10
22
  ### Added
package/README.md CHANGED
@@ -18,6 +18,7 @@ npm install @schorts/shared-kernel --save
18
18
  ### 🛡️ RBAC (Role-Based Access Control)
19
19
  - **RBACPolicy:** Abstract base class for defining role-based permission logic. Supports wildcard actions (manage) and resources (*), ownership checks, and composable access control strategies.
20
20
  - **Permission:** Lightweight value object representing an action-resource pair (e.g., read:orders, manage:*).
21
+ - **ABAC Integration:** ABAC Integration: Extend RBAC with attribute-based access control via composable predicates. Use canWithAttributes() and canAnyWithAttributes() to enforce dynamic policies based on user and resource attributes (e.g., ownership, organization, status). This enables hybrid access control strategies that combine declarative roles with contextual rules.
21
22
 
22
23
  ### 📊 Criteria
23
24
 
package/dist/cjs/abac/index.js ADDED
@@ -0,0 +1,3 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ //# sourceMappingURL=index.js.map
package/dist/cjs/abac/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/abac/index.ts"],"names":[],"mappings":""}
package/dist/cjs/abac/predicate.js ADDED
@@ -0,0 +1,3 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ //# sourceMappingURL=predicate.js.map
package/dist/cjs/abac/predicate.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"predicate.js","sourceRoot":"","sources":["../../../src/abac/predicate.ts"],"names":[],"mappings":""}
package/dist/cjs/rbac/base-resource.js ADDED
@@ -0,0 +1,3 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ //# sourceMappingURL=base-resource.js.map
package/dist/cjs/rbac/base-resource.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"base-resource.js","sourceRoot":"","sources":["../../../src/rbac/base-resource.ts"],"names":[],"mappings":""}
package/dist/cjs/rbac/rbac-policy.js CHANGED
@@ -7,11 +7,15 @@ class RBACPolicy {
7
7
  return permissions.some((perm) => (perm.resource === '*' || perm.resource === resource.name) &&
8
8
  (perm.action === action || perm.action === 'manage'));
9
9
  }
10
- canAccessOwnedResource(resource) {
11
- return resource.owner_id === this.userID.value;
10
+ canWithAttributes(user, role, action, resource, predicates) {
11
+ if (!this.can(role, action, resource))
12
+ return false;
13
+ return predicates.every((predicate) => predicate(user, resource));
12
14
  }
13
- canWithOwnership(role, action, resource) {
14
- return this.can(role, action, resource) && this.canAccessOwnedResource(resource);
15
+ canAnyWithAttributes(user, role, action, resource, predicates) {
16
+ if (!this.can(role, action, resource))
17
+ return false;
18
+ return predicates.some((predicate) => predicate(user, resource));
15
19
  }
16
20
  }
17
21
  exports.RBACPolicy = RBACPolicy;
package/dist/cjs/rbac/rbac-policy.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"rbac-policy.js","sourceRoot":"","sources":["../../../src/rbac/rbac-policy.ts"],"names":[],"mappings":";;;AAIA,MAAsB,UAAU;IAI9B,GAAG,CAAC,IAAU,EAAE,MAA4B,EAAE,QAAkB;QAC9D,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAE9C,OAAO,WAAW,CAAC,IAAI,CACrB,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,IAAI,CAAC,QAAQ,KAAK,GAAG,IAAI,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,IAAI,CAAC;YAC1D,CAAC,IAAI,CAAC,MAAM,KAAK,MAAM,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,CACvD,CAAC;IACJ,CAAC;IAED,sBAAsB,CAAC,QAAkB;QACvC,OAAO,QAAQ,CAAC,QAAQ,KAAK,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;IACjD,CAAC;IAED,gBAAgB,CAAC,IAAU,EAAE,MAA4B,EAAE,QAAkB;QAC3E,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,IAAI,CAAC,sBAAsB,CAAC,QAAQ,CAAC,CAAC;IACnF,CAAC;CACF;AArBD,gCAqBC"}
1
+ {"version":3,"file":"rbac-policy.js","sourceRoot":"","sources":["../../../src/rbac/rbac-policy.ts"],"names":[],"mappings":";;;AAIA,MAAsB,UAAU;IAG9B,GAAG,CAAC,IAAY,EAAE,MAA4B,EAAE,QAAsB;QACpE,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAE9C,OAAO,WAAW,CAAC,IAAI,CACrB,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,IAAI,CAAC,QAAQ,KAAK,GAAG,IAAI,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,IAAI,CAAC;YAC1D,CAAC,IAAI,CAAC,MAAM,KAAK,MAAM,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,CACvD,CAAC;IACJ,CAAC;IAED,iBAAiB,CACf,IAAU,EACV,IAAY,EACZ,MAA4B,EAC5B,QAAkB,EAClB,UAAuC;QAEvC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC;YAAE,OAAO,KAAK,CAAC;QAEpD,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC;IACpE,CAAC;IAED,oBAAoB,CAClB,IAAU,EACV,IAAY,EACZ,MAA4B,EAC5B,QAAkB,EAClB,UAAuC;QAEvC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC;YAAE,OAAO,KAAK,CAAC;QAEpD,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC;IACnE,CAAC;CACF;AApCD,gCAoCC"}
package/dist/cjs/value-objects/array-value.js CHANGED
@@ -34,7 +34,7 @@ class ArrayValue {
34
34
  if ("greater_than" in rule)
35
35
  return typeof value === "number" && value > rule.greater_than;
36
36
  if ("greater_than_or_equal" in rule)
37
- return value === "number" && value >= rule.greater_than_or_equal;
37
+ return typeof value === "number" && value >= rule.greater_than_or_equal;
38
38
  if ("less_than" in rule)
39
39
  return typeof value === "number" && value < rule.less_than;
40
40
  if ("less_than_or_equal" in rule)
package/dist/cjs/value-objects/array-value.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"array-value.js","sourceRoot":"","sources":["../../../src/value-objects/array-value.ts"],"names":[],"mappings":";;;AAmBA,MAAsB,UAAU;IACrB,SAAS,GAAG,OAAO,CAAC;IACpB,KAAK,CAAS;IACd,MAAM,CAA8C;IAI7D,YACE,KAAa,EACb,MAAmD;QAEnD,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;QACpC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE;YAC/B,OAAO,IAAI,CAAC,WAAW;gBACrB,CAAC,CAAE,IAAI,CAAC,MAAiC,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;gBACtF,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,IAAI,CAAC,MAA4B,CAAC,CAAC;QACnE,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,cAAc,CAAC,GAAQ,EAAE,MAAyB;QACxD,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,EAAE,aAAa,CAAC,EAAE,EAAE;YAC3D,MAAM,KAAK,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;YAEvB,IAAI,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC;gBACjC,OAAO,aAAa,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC;YACvE,CAAC;YAED,IAAI,OAAO,aAAa,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBACrF,OAAO,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,aAAkC,CAAC,CAAC;YACxE,CAAC;YAED,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,YAAY,CAAC,KAAU,EAAE,IAAyB;QACxD,IAAI,UAAU,IAAI,IAAI;YAAE,OAAO,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,CAAC;QACrE,IAAI,cAAc,IAAI,IAAI;YAAE,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC;QAC1F,IAAI,uBAAuB,IAAI,IAAI;YAAE,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,IAAI,IAAI,CAAC,qBAAqB,CAAC;QACtG,IAAI,WAAW,IAAI,IAAI;YAAE,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC;QACpF,IAAI,oBAAoB,IAAI,IAAI;YAAE,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,IAAI,IAAI,CAAC,kBAAkB,CAAC;QACvG,IAAI,MAAM,IAAI,IAAI;YAAE,OAAO,OAAO,KAAK,KAAK,IAAI,CAAC,IAAI,CAAC;QACtD,IAAI,QAAQ,IAAI,IAAI;YAAE,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAEhD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,CAAC,WAAoB;QACzB,IAAI,CAAC,CAAC,WAAW,YAAY,UAAU,CAAC;YAAE,OAAO,KAAK,CAAC;QACvD,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,WAAW,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC;QAExD,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;IAC1E,CAAC;IAEO,UAAU,CAAO,GAAS;QAChC,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YACvB,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;QAC7C,CAAC;aAAM,IAAI,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC1C,MAAM,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;gBAC7C,MAAM,KAAK,GAAI,GAAW,CAAC,IAAI,CAAC,CAAC;gBACjC,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;oBACvC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;gBACzB,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;QAED,OAAO,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC5B,CAAC;CACF;AAxED,gCAwEC"}
1
+ {"version":3,"file":"array-value.js","sourceRoot":"","sources":["../../../src/value-objects/array-value.ts"],"names":[],"mappings":";;;AAmBA,MAAsB,UAAU;IACrB,SAAS,GAAG,OAAO,CAAC;IACpB,KAAK,CAAS;IACd,MAAM,CAA8C;IAI7D,YACE,KAAa,EACb,MAAmD;QAEnD,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;QACpC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE;YAC/B,OAAO,IAAI,CAAC,WAAW;gBACrB,CAAC,CAAE,IAAI,CAAC,MAAiC,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;gBACtF,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,IAAI,CAAC,MAA4B,CAAC,CAAC;QACnE,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,cAAc,CAAC,GAAQ,EAAE,MAAyB;QACxD,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,EAAE,aAAa,CAAC,EAAE,EAAE;YAC3D,MAAM,KAAK,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;YAEvB,IAAI,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC;gBACjC,OAAO,aAAa,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC;YACvE,CAAC;YAED,IAAI,OAAO,aAAa,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBACrF,OAAO,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,aAAkC,CAAC,CAAC;YACxE,CAAC;YAED,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,YAAY,CAAC,KAAU,EAAE,IAAyB;QACxD,IAAI,UAAU,IAAI,IAAI;YAAE,OAAO,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,CAAC;QACrE,IAAI,cAAc,IAAI,IAAI;YAAE,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC;QAC1F,IAAI,uBAAuB,IAAI,IAAI;YAAE,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,IAAI,IAAI,CAAC,qBAAqB,CAAC;QAC7G,IAAI,WAAW,IAAI,IAAI;YAAE,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC;QACpF,IAAI,oBAAoB,IAAI,IAAI;YAAE,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,IAAI,IAAI,CAAC,kBAAkB,CAAC;QACvG,IAAI,MAAM,IAAI,IAAI;YAAE,OAAO,OAAO,KAAK,KAAK,IAAI,CAAC,IAAI,CAAC;QACtD,IAAI,QAAQ,IAAI,IAAI;YAAE,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAEhD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,CAAC,WAAoB;QACzB,IAAI,CAAC,CAAC,WAAW,YAAY,UAAU,CAAC;YAAE,OAAO,KAAK,CAAC;QACvD,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,WAAW,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC;QAExD,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;IAC1E,CAAC;IAEO,UAAU,CAAO,GAAS;QAChC,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YACvB,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;QAC7C,CAAC;aAAM,IAAI,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC1C,MAAM,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;gBAC7C,MAAM,KAAK,GAAI,GAAW,CAAC,IAAI,CAAC,CAAC;gBACjC,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;oBACvC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;gBACzB,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;QAED,OAAO,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC5B,CAAC;CACF;AAxED,gCAwEC"}
package/dist/esm/abac/index.js ADDED
@@ -0,0 +1,3 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ //# sourceMappingURL=index.js.map
package/dist/esm/abac/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/abac/index.ts"],"names":[],"mappings":""}
package/dist/esm/abac/predicate.js ADDED
@@ -0,0 +1,3 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ //# sourceMappingURL=predicate.js.map
package/dist/esm/abac/predicate.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"predicate.js","sourceRoot":"","sources":["../../../src/abac/predicate.ts"],"names":[],"mappings":""}
package/dist/esm/rbac/base-resource.js ADDED
@@ -0,0 +1,3 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ //# sourceMappingURL=base-resource.js.map
package/dist/esm/rbac/base-resource.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"base-resource.js","sourceRoot":"","sources":["../../../src/rbac/base-resource.ts"],"names":[],"mappings":""}
package/dist/esm/rbac/rbac-policy.js CHANGED
@@ -7,11 +7,15 @@ class RBACPolicy {
7
7
  return permissions.some((perm) => (perm.resource === '*' || perm.resource === resource.name) &&
8
8
  (perm.action === action || perm.action === 'manage'));
9
9
  }
10
- canAccessOwnedResource(resource) {
11
- return resource.owner_id === this.userID.value;
10
+ canWithAttributes(user, role, action, resource, predicates) {
11
+ if (!this.can(role, action, resource))
12
+ return false;
13
+ return predicates.every((predicate) => predicate(user, resource));
12
14
  }
13
- canWithOwnership(role, action, resource) {
14
- return this.can(role, action, resource) && this.canAccessOwnedResource(resource);
15
+ canAnyWithAttributes(user, role, action, resource, predicates) {
16
+ if (!this.can(role, action, resource))
17
+ return false;
18
+ return predicates.some((predicate) => predicate(user, resource));
15
19
  }
16
20
  }
17
21
  exports.RBACPolicy = RBACPolicy;
package/dist/esm/rbac/rbac-policy.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"rbac-policy.js","sourceRoot":"","sources":["../../../src/rbac/rbac-policy.ts"],"names":[],"mappings":";;;AAIA,MAAsB,UAAU;IAI9B,GAAG,CAAC,IAAU,EAAE,MAA4B,EAAE,QAAkB;QAC9D,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAE9C,OAAO,WAAW,CAAC,IAAI,CACrB,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,IAAI,CAAC,QAAQ,KAAK,GAAG,IAAI,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,IAAI,CAAC;YAC1D,CAAC,IAAI,CAAC,MAAM,KAAK,MAAM,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,CACvD,CAAC;IACJ,CAAC;IAED,sBAAsB,CAAC,QAAkB;QACvC,OAAO,QAAQ,CAAC,QAAQ,KAAK,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;IACjD,CAAC;IAED,gBAAgB,CAAC,IAAU,EAAE,MAA4B,EAAE,QAAkB;QAC3E,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,IAAI,CAAC,sBAAsB,CAAC,QAAQ,CAAC,CAAC;IACnF,CAAC;CACF;AArBD,gCAqBC"}
1
+ {"version":3,"file":"rbac-policy.js","sourceRoot":"","sources":["../../../src/rbac/rbac-policy.ts"],"names":[],"mappings":";;;AAIA,MAAsB,UAAU;IAG9B,GAAG,CAAC,IAAY,EAAE,MAA4B,EAAE,QAAsB;QACpE,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAE9C,OAAO,WAAW,CAAC,IAAI,CACrB,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,IAAI,CAAC,QAAQ,KAAK,GAAG,IAAI,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,IAAI,CAAC;YAC1D,CAAC,IAAI,CAAC,MAAM,KAAK,MAAM,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,CACvD,CAAC;IACJ,CAAC;IAED,iBAAiB,CACf,IAAU,EACV,IAAY,EACZ,MAA4B,EAC5B,QAAkB,EAClB,UAAuC;QAEvC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC;YAAE,OAAO,KAAK,CAAC;QAEpD,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC;IACpE,CAAC;IAED,oBAAoB,CAClB,IAAU,EACV,IAAY,EACZ,MAA4B,EAC5B,QAAkB,EAClB,UAAuC;QAEvC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC;YAAE,OAAO,KAAK,CAAC;QAEpD,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC;IACnE,CAAC;CACF;AApCD,gCAoCC"}
package/dist/esm/value-objects/array-value.js CHANGED
@@ -34,7 +34,7 @@ class ArrayValue {
34
34
  if ("greater_than" in rule)
35
35
  return typeof value === "number" && value > rule.greater_than;
36
36
  if ("greater_than_or_equal" in rule)
37
- return value === "number" && value >= rule.greater_than_or_equal;
37
+ return typeof value === "number" && value >= rule.greater_than_or_equal;
38
38
  if ("less_than" in rule)
39
39
  return typeof value === "number" && value < rule.less_than;
40
40
  if ("less_than_or_equal" in rule)
package/dist/esm/value-objects/array-value.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"array-value.js","sourceRoot":"","sources":["../../../src/value-objects/array-value.ts"],"names":[],"mappings":";;;AAmBA,MAAsB,UAAU;IACrB,SAAS,GAAG,OAAO,CAAC;IACpB,KAAK,CAAS;IACd,MAAM,CAA8C;IAI7D,YACE,KAAa,EACb,MAAmD;QAEnD,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;QACpC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE;YAC/B,OAAO,IAAI,CAAC,WAAW;gBACrB,CAAC,CAAE,IAAI,CAAC,MAAiC,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;gBACtF,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,IAAI,CAAC,MAA4B,CAAC,CAAC;QACnE,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,cAAc,CAAC,GAAQ,EAAE,MAAyB;QACxD,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,EAAE,aAAa,CAAC,EAAE,EAAE;YAC3D,MAAM,KAAK,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;YAEvB,IAAI,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC;gBACjC,OAAO,aAAa,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC;YACvE,CAAC;YAED,IAAI,OAAO,aAAa,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBACrF,OAAO,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,aAAkC,CAAC,CAAC;YACxE,CAAC;YAED,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,YAAY,CAAC,KAAU,EAAE,IAAyB;QACxD,IAAI,UAAU,IAAI,IAAI;YAAE,OAAO,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,CAAC;QACrE,IAAI,cAAc,IAAI,IAAI;YAAE,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC;QAC1F,IAAI,uBAAuB,IAAI,IAAI;YAAE,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,IAAI,IAAI,CAAC,qBAAqB,CAAC;QACtG,IAAI,WAAW,IAAI,IAAI;YAAE,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC;QACpF,IAAI,oBAAoB,IAAI,IAAI;YAAE,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,IAAI,IAAI,CAAC,kBAAkB,CAAC;QACvG,IAAI,MAAM,IAAI,IAAI;YAAE,OAAO,OAAO,KAAK,KAAK,IAAI,CAAC,IAAI,CAAC;QACtD,IAAI,QAAQ,IAAI,IAAI;YAAE,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAEhD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,CAAC,WAAoB;QACzB,IAAI,CAAC,CAAC,WAAW,YAAY,UAAU,CAAC;YAAE,OAAO,KAAK,CAAC;QACvD,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,WAAW,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC;QAExD,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;IAC1E,CAAC;IAEO,UAAU,CAAO,GAAS;QAChC,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YACvB,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;QAC7C,CAAC;aAAM,IAAI,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC1C,MAAM,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;gBAC7C,MAAM,KAAK,GAAI,GAAW,CAAC,IAAI,CAAC,CAAC;gBACjC,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;oBACvC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;gBACzB,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;QAED,OAAO,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC5B,CAAC;CACF;AAxED,gCAwEC"}
1
+ {"version":3,"file":"array-value.js","sourceRoot":"","sources":["../../../src/value-objects/array-value.ts"],"names":[],"mappings":";;;AAmBA,MAAsB,UAAU;IACrB,SAAS,GAAG,OAAO,CAAC;IACpB,KAAK,CAAS;IACd,MAAM,CAA8C;IAI7D,YACE,KAAa,EACb,MAAmD;QAEnD,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;QACpC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE;YAC/B,OAAO,IAAI,CAAC,WAAW;gBACrB,CAAC,CAAE,IAAI,CAAC,MAAiC,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;gBACtF,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,IAAI,CAAC,MAA4B,CAAC,CAAC;QACnE,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,cAAc,CAAC,GAAQ,EAAE,MAAyB;QACxD,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,EAAE,aAAa,CAAC,EAAE,EAAE;YAC3D,MAAM,KAAK,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;YAEvB,IAAI,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC;gBACjC,OAAO,aAAa,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC;YACvE,CAAC;YAED,IAAI,OAAO,aAAa,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBACrF,OAAO,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,aAAkC,CAAC,CAAC;YACxE,CAAC;YAED,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,YAAY,CAAC,KAAU,EAAE,IAAyB;QACxD,IAAI,UAAU,IAAI,IAAI;YAAE,OAAO,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,CAAC;QACrE,IAAI,cAAc,IAAI,IAAI;YAAE,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC;QAC1F,IAAI,uBAAuB,IAAI,IAAI;YAAE,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,IAAI,IAAI,CAAC,qBAAqB,CAAC;QAC7G,IAAI,WAAW,IAAI,IAAI;YAAE,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC;QACpF,IAAI,oBAAoB,IAAI,IAAI;YAAE,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,IAAI,IAAI,CAAC,kBAAkB,CAAC;QACvG,IAAI,MAAM,IAAI,IAAI;YAAE,OAAO,OAAO,KAAK,KAAK,IAAI,CAAC,IAAI,CAAC;QACtD,IAAI,QAAQ,IAAI,IAAI;YAAE,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAEhD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,CAAC,WAAoB;QACzB,IAAI,CAAC,CAAC,WAAW,YAAY,UAAU,CAAC;YAAE,OAAO,KAAK,CAAC;QACvD,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,WAAW,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC;QAExD,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;IAC1E,CAAC;IAEO,UAAU,CAAO,GAAS;QAChC,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YACvB,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;QAC7C,CAAC;aAAM,IAAI,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC1C,MAAM,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;gBAC7C,MAAM,KAAK,GAAI,GAAW,CAAC,IAAI,CAAC,CAAC;gBACjC,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;oBACvC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;gBACzB,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;QAED,OAAO,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC5B,CAAC;CACF;AAxED,gCAwEC"}
package/dist/types/abac/index.d.ts ADDED
@@ -0,0 +1,2 @@
1
+ export type { Predicate } from "./predicate";
2
+ //# sourceMappingURL=index.d.ts.map
package/dist/types/abac/index.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/abac/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC"}
package/dist/types/abac/predicate.d.ts ADDED
@@ -0,0 +1,5 @@
1
+ import type { BaseResource } from '../rbac/base-resource';
2
+ export type Predicate<User extends {
3
+ id: string;
4
+ }, Resource extends BaseResource> = (user: User, resource: Resource) => boolean;
5
+ //# sourceMappingURL=predicate.d.ts.map
package/dist/types/abac/predicate.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"predicate.d.ts","sourceRoot":"","sources":["../../../src/abac/predicate.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAE1D,MAAM,MAAM,SAAS,CAAC,IAAI,SAAS;IAAE,EAAE,EAAE,MAAM,CAAA;CAAE,EAAE,QAAQ,SAAS,YAAY,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,KAAK,OAAO,CAAC"}
package/dist/types/rbac/base-resource.d.ts ADDED
@@ -0,0 +1,4 @@
1
+ export type BaseResource = {
2
+ name: string;
3
+ };
4
+ //# sourceMappingURL=base-resource.d.ts.map
package/dist/types/rbac/base-resource.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"base-resource.d.ts","sourceRoot":"","sources":["../../../src/rbac/base-resource.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,YAAY,GAAG;IACzB,IAAI,EAAE,MAAM,CAAC;CACd,CAAC"}
package/dist/types/rbac/index.d.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  export type { Permission } from "./permission";
2
- export type { Resource } from "./resource";
2
+ export type { BaseResource } from "./base-resource";
3
3
  export { RBACPolicy } from "./rbac-policy";
4
4
  export * from "./exceptions";
5
5
  //# sourceMappingURL=index.d.ts.map
package/dist/types/rbac/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/rbac/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC/C,YAAY,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAE3C,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,cAAc,cAAc,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/rbac/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC/C,YAAY,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAEpD,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,cAAc,cAAc,CAAC"}
package/dist/types/rbac/rbac-policy.d.ts CHANGED
@@ -1,11 +1,14 @@
1
1
  import { Permission } from './permission';
2
- import { Resource } from './resource';
3
- import { ValueObject } from '../value-objects';
4
- export declare abstract class RBACPolicy<Role extends string, UserID extends ValueObject> {
5
- protected abstract userID: UserID;
6
- abstract getPermissions(role: Role): Permission[];
7
- can(role: Role, action: Permission['action'], resource: Resource): boolean;
8
- canAccessOwnedResource(resource: Resource): boolean;
9
- canWithOwnership(role: Role, action: Permission['action'], resource: Resource): boolean;
2
+ import { BaseResource } from './base-resource';
3
+ import { Predicate } from '../abac';
4
+ export declare abstract class RBACPolicy {
5
+ abstract getPermissions(role: string): Permission[];
6
+ can(role: string, action: Permission['action'], resource: BaseResource): boolean;
7
+ canWithAttributes<User extends {
8
+ id: string;
9
+ }, Resource extends BaseResource>(user: User, role: string, action: Permission['action'], resource: Resource, predicates: Predicate<User, Resource>[]): boolean;
10
+ canAnyWithAttributes<User extends {
11
+ id: string;
12
+ }, Resource extends BaseResource>(user: User, role: string, action: Permission['action'], resource: Resource, predicates: Predicate<User, Resource>[]): boolean;
10
13
  }
11
14
  //# sourceMappingURL=rbac-policy.d.ts.map
package/dist/types/rbac/rbac-policy.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"rbac-policy.d.ts","sourceRoot":"","sources":["../../../src/rbac/rbac-policy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AACtC,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAE/C,8BAAsB,UAAU,CAAC,IAAI,SAAS,MAAM,EAAE,MAAM,SAAS,WAAW;IAC9E,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,cAAc,CAAC,IAAI,EAAE,IAAI,GAAG,UAAU,EAAE;IAEjD,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,CAAC,QAAQ,CAAC,EAAE,QAAQ,EAAE,QAAQ,GAAG,OAAO;IAU1E,sBAAsB,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO;IAInD,gBAAgB,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,CAAC,QAAQ,CAAC,EAAE,QAAQ,EAAE,QAAQ,GAAG,OAAO;CAGxF"}
1
+ {"version":3,"file":"rbac-policy.d.ts","sourceRoot":"","sources":["../../../src/rbac/rbac-policy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAEpC,8BAAsB,UAAU;IAC9B,QAAQ,CAAC,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,UAAU,EAAE;IAEnD,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,CAAC,QAAQ,CAAC,EAAE,QAAQ,EAAE,YAAY,GAAG,OAAO;IAUhF,iBAAiB,CAAC,IAAI,SAAU;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,EAAE,QAAQ,SAAS,YAAY,EAC3E,IAAI,EAAE,IAAI,EACV,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,UAAU,CAAC,QAAQ,CAAC,EAC5B,QAAQ,EAAE,QAAQ,EAClB,UAAU,EAAE,SAAS,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,GACtC,OAAO;IAMV,oBAAoB,CAAC,IAAI,SAAS;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,EAAE,QAAQ,SAAS,YAAY,EAC7E,IAAI,EAAE,IAAI,EACV,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,UAAU,CAAC,QAAQ,CAAC,EAC5B,QAAQ,EAAE,QAAQ,EAClB,UAAU,EAAE,SAAS,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,GACtC,OAAO;CAKX"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@schorts/shared-kernel",
3
- "version": "3.1.4",
3
+ "version": "4.0.0",
4
4
  "description": "A modular, type-safe foundation for building expressive, maintainable applications. This package provides core abstractions for domain modeling, HTTP integration, authentication, state management, and more — designed to be framework-agnostic and highly extensible.",
5
5
  "main": "./dist/cjs/index.js",
6
6
  "module": "./dist/esm/index.js",
@@ -11,6 +11,11 @@
11
11
  "require": "./dist/cjs/index.js",
12
12
  "types": "./dist/types/index.d.ts"
13
13
  },
14
+ "./abac": {
15
+ "import": "./dist/esm/abac/index.js",
16
+ "require": "./dist/cjs/abac/index.js",
17
+ "types": "./dist/types/abac/index.d.ts"
18
+ },
14
19
  "./auth": {
15
20
  "import": "./dist/esm/auth/index.js",
16
21
  "require": "./dist/cjs/auth/index.js",
package/src/abac/index.ts ADDED
@@ -0,0 +1 @@
1
+ export type { Predicate } from "./predicate";
package/src/abac/predicate.ts ADDED
@@ -0,0 +1,3 @@
1
+ import type { BaseResource } from '../rbac/base-resource';
2
+
3
+ export type Predicate<User extends { id: string }, Resource extends BaseResource> = (user: User, resource: Resource) => boolean;
package/src/rbac/base-resource.ts ADDED
@@ -0,0 +1,3 @@
1
+ export type BaseResource = {
2
+ name: string;
3
+ };
package/src/rbac/index.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  export type { Permission } from "./permission";
2
- export type { Resource } from "./resource";
2
+ export type { BaseResource } from "./base-resource";
3
3
 
4
4
  export { RBACPolicy } from "./rbac-policy";
5
5
  export * from "./exceptions";
package/src/rbac/rbac-policy.ts CHANGED
@@ -1,12 +1,11 @@
1
1
  import { Permission } from './permission';
2
- import { Resource } from './resource';
3
- import { ValueObject } from '../value-objects';
2
+ import { BaseResource } from './base-resource';
3
+ import { Predicate } from '../abac';
4
4
 
5
- export abstract class RBACPolicy<Role extends string, UserID extends ValueObject> {
6
- protected abstract userID: UserID;
7
- abstract getPermissions(role: Role): Permission[];
5
+ export abstract class RBACPolicy {
6
+ abstract getPermissions(role: string): Permission[];
8
7
 
9
- can(role: Role, action: Permission['action'], resource: Resource): boolean {
8
+ can(role: string, action: Permission['action'], resource: BaseResource): boolean {
10
9
  const permissions = this.getPermissions(role);
11
10
 
12
11
  return permissions.some(
@@ -16,11 +15,27 @@ export abstract class RBACPolicy<Role extends string, UserID extends ValueObject
16
15
  );
17
16
  }
18
17
 
19
- canAccessOwnedResource(resource: Resource): boolean {
20
- return resource.owner_id === this.userID.value;
18
+ canWithAttributes<User extends { id: string }, Resource extends BaseResource>(
19
+ user: User,
20
+ role: string,
21
+ action: Permission['action'],
22
+ resource: Resource,
23
+ predicates: Predicate<User, Resource>[],
24
+ ): boolean {
25
+ if (!this.can(role, action, resource)) return false;
26
+
27
+ return predicates.every((predicate) => predicate(user, resource));
21
28
  }
22
29
 
23
- canWithOwnership(role: Role, action: Permission['action'], resource: Resource): boolean {
24
- return this.can(role, action, resource) && this.canAccessOwnedResource(resource);
30
+ canAnyWithAttributes<User extends { id: string }, Resource extends BaseResource>(
31
+ user: User,
32
+ role: string,
33
+ action: Permission['action'],
34
+ resource: Resource,
35
+ predicates: Predicate<User, Resource>[]
36
+ ): boolean {
37
+ if (!this.can(role, action, resource)) return false;
38
+
39
+ return predicates.some((predicate) => predicate(user, resource));
25
40
  }
26
41
  }
package/src/value-objects/array-value.ts CHANGED
@@ -59,7 +59,7 @@ export abstract class ArrayValue<Type = any> implements ValueObject {
59
59
  private validateRule(value: any, rule: ValidationRule<any>): boolean {
60
60
  if ("required" in rule) return value !== undefined && value !== null;
61
61
  if ("greater_than" in rule) return typeof value === "number" && value > rule.greater_than;
62
- if ("greater_than_or_equal" in rule) return value === "number" && value >= rule.greater_than_or_equal;
62
+ if ("greater_than_or_equal" in rule) return typeof value === "number" && value >= rule.greater_than_or_equal;
63
63
  if ("less_than" in rule) return typeof value === "number" && value < rule.less_than;
64
64
  if ("less_than_or_equal" in rule) return typeof value === "number" && value <= rule.less_than_or_equal;
65
65
  if ("type" in rule) return typeof value === rule.type;
package/src/rbac/resource.ts DELETED
@@ -1,4 +0,0 @@
1
- export type Resource = {
2
- name: string;
3
- owner_id?: string;
4
- };