npm - @schorts/shared-kernel - Versions diffs - 3.1.5 → 4.0.0 - Mend

@schorts/shared-kernel 3.1.5 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

package/CHANGELOG +6 -0
package/README.md +1 -0
package/dist/cjs/abac/index.js +3 -0
package/dist/cjs/abac/index.js.map +1 -0
package/dist/cjs/abac/predicate.js +3 -0
package/dist/cjs/abac/predicate.js.map +1 -0
package/dist/cjs/rbac/base-resource.js +3 -0
package/dist/cjs/rbac/base-resource.js.map +1 -0
package/dist/cjs/rbac/rbac-policy.js +8 -4
package/dist/cjs/rbac/rbac-policy.js.map +1 -1
package/dist/esm/abac/index.js +3 -0
package/dist/esm/abac/index.js.map +1 -0
package/dist/esm/abac/predicate.js +3 -0
package/dist/esm/abac/predicate.js.map +1 -0
package/dist/esm/rbac/base-resource.js +3 -0
package/dist/esm/rbac/base-resource.js.map +1 -0
package/dist/esm/rbac/rbac-policy.js +8 -4
package/dist/esm/rbac/rbac-policy.js.map +1 -1
package/dist/types/abac/index.d.ts +2 -0
package/dist/types/abac/index.d.ts.map +1 -0
package/dist/types/abac/predicate.d.ts +5 -0
package/dist/types/abac/predicate.d.ts.map +1 -0
package/dist/types/rbac/base-resource.d.ts +4 -0
package/dist/types/rbac/base-resource.d.ts.map +1 -0
package/dist/types/rbac/index.d.ts +1 -1
package/dist/types/rbac/index.d.ts.map +1 -1
package/dist/types/rbac/rbac-policy.d.ts +11 -8
package/dist/types/rbac/rbac-policy.d.ts.map +1 -1
package/package.json +6 -1
package/src/abac/index.ts +1 -0
package/src/abac/predicate.ts +3 -0
package/src/rbac/base-resource.ts +3 -0
package/src/rbac/index.ts +1 -1
package/src/rbac/rbac-policy.ts +25 -10
package/src/rbac/resource.ts +0 -4

package/CHANGELOG CHANGED Viewed

@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [4.0.0] - 2025-10-21
+### Added
+- Added `ABAC` support to `RBACPolicy`.
 ## [3.1.5] - 2025-10-18
 ### Fixed

package/README.md CHANGED Viewed

@@ -18,6 +18,7 @@ npm install @schorts/shared-kernel --save
 ### 🛡️ RBAC (Role-Based Access Control)
 - **RBACPolicy:** Abstract base class for defining role-based permission logic. Supports wildcard actions (manage) and resources (*), ownership checks, and composable access control strategies.
 - **Permission:** Lightweight value object representing an action-resource pair (e.g., read:orders, manage:*).
+- **ABAC Integration:** ABAC Integration: Extend RBAC with attribute-based access control via composable predicates. Use canWithAttributes() and canAnyWithAttributes() to enforce dynamic policies based on user and resource attributes (e.g., ownership, organization, status). This enables hybrid access control strategies that combine declarative roles with contextual rules.
 ### 📊 Criteria

package/dist/cjs/abac/index.js ADDED Viewed

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=index.js.map

package/dist/cjs/abac/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/abac/index.ts"],"names":[],"mappings":""}

package/dist/cjs/abac/predicate.js ADDED Viewed

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=predicate.js.map

package/dist/cjs/abac/predicate.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"predicate.js","sourceRoot":"","sources":["../../../src/abac/predicate.ts"],"names":[],"mappings":""}

package/dist/cjs/rbac/base-resource.js ADDED Viewed

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=base-resource.js.map

package/dist/cjs/rbac/base-resource.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"base-resource.js","sourceRoot":"","sources":["../../../src/rbac/base-resource.ts"],"names":[],"mappings":""}

package/dist/cjs/rbac/rbac-policy.js CHANGED Viewed

@@ -7,11 +7,15 @@ class RBACPolicy {
         return permissions.some((perm) => (perm.resource === '*' || perm.resource === resource.name) &&
             (perm.action === action || perm.action === 'manage'));
     }
-    canAccessOwnedResource(resource) {
-        return resource.owner_id === this.userID.value;
+    canWithAttributes(user, role, action, resource, predicates) {
+        if (!this.can(role, action, resource))
+            return false;
+        return predicates.every((predicate) => predicate(user, resource));
     }
-    canWithOwnership(role, action, resource) {
-        return this.can(role, action, resource) && this.canAccessOwnedResource(resource);
+    canAnyWithAttributes(user, role, action, resource, predicates) {
+        if (!this.can(role, action, resource))
+            return false;
+        return predicates.some((predicate) => predicate(user, resource));
     }
 }
 exports.RBACPolicy = RBACPolicy;

package/dist/cjs/rbac/rbac-policy.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"rbac-policy.js","sourceRoot":"","sources":["../../../src/rbac/rbac-policy.ts"],"names":[],"mappings":";;;AAIA,MAAsB,UAAU;~~IAI9B~~,GAAG,CAAC,~~IAAU~~,EAAE,MAA4B,EAAE,~~QAAkB~~;~~QAC9D~~,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAE9C,OAAO,WAAW,CAAC,IAAI,CACrB,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,IAAI,CAAC,QAAQ,KAAK,GAAG,IAAI,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,IAAI,CAAC;YAC1D,CAAC,IAAI,CAAC,MAAM,KAAK,MAAM,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,CACvD,CAAC;IACJ,CAAC;IAED,~~sBAAsB~~,~~CAAC~~,QAAkB;~~QACvC~~,~~OAAO~~,~~QAAQ~~,CAAC,~~QAAQ~~,~~KAAK~~,IAAI,~~CAAC~~,MAAM,CAAC,KAAK,CAAC;~~IACjD~~,CAAC;IAED,~~gBAAgB~~,~~CAAC~~,IAAU,~~EAAE~~,MAA4B,~~EAAE~~,QAAkB;~~QAC3E~~,~~OAAO~~,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,~~IAAI~~,IAAI,CAAC,~~sBAAsB~~,CAAC,QAAQ,CAAC,CAAC;~~IACnF~~,CAAC;CACF;~~AArBD~~,~~gCAqBC~~"}
1	+ {"version":3,"file":"rbac-policy.js","sourceRoot":"","sources":["../../../src/rbac/rbac-policy.ts"],"names":[],"mappings":";;;AAIA,MAAsB,UAAU;IAG9B,GAAG,CAAC,IAAY,EAAE,MAA4B,EAAE,QAAsB;QACpE,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAE9C,OAAO,WAAW,CAAC,IAAI,CACrB,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,IAAI,CAAC,QAAQ,KAAK,GAAG,IAAI,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,IAAI,CAAC;YAC1D,CAAC,IAAI,CAAC,MAAM,KAAK,MAAM,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,CACvD,CAAC;IACJ,CAAC;IAED,iBAAiB,CACf,IAAU,EACV,IAAY,EACZ,MAA4B,EAC5B,QAAkB,EAClB,UAAuC;QAEvC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC;YAAE,OAAO,KAAK,CAAC;QAEpD,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC;IACpE,CAAC;IAED,oBAAoB,CAClB,IAAU,EACV,IAAY,EACZ,MAA4B,EAC5B,QAAkB,EAClB,UAAuC;QAEvC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC;YAAE,OAAO,KAAK,CAAC;QAEpD,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC;IACnE,CAAC;CACF;AApCD,gCAoCC"}

package/dist/esm/abac/index.js ADDED Viewed

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=index.js.map

package/dist/esm/abac/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/abac/index.ts"],"names":[],"mappings":""}

package/dist/esm/abac/predicate.js ADDED Viewed

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=predicate.js.map

package/dist/esm/abac/predicate.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"predicate.js","sourceRoot":"","sources":["../../../src/abac/predicate.ts"],"names":[],"mappings":""}

package/dist/esm/rbac/base-resource.js ADDED Viewed

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=base-resource.js.map

package/dist/esm/rbac/base-resource.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"base-resource.js","sourceRoot":"","sources":["../../../src/rbac/base-resource.ts"],"names":[],"mappings":""}

package/dist/esm/rbac/rbac-policy.js CHANGED Viewed

@@ -7,11 +7,15 @@ class RBACPolicy {
         return permissions.some((perm) => (perm.resource === '*' || perm.resource === resource.name) &&
             (perm.action === action || perm.action === 'manage'));
     }
-    canAccessOwnedResource(resource) {
-        return resource.owner_id === this.userID.value;
+    canWithAttributes(user, role, action, resource, predicates) {
+        if (!this.can(role, action, resource))
+            return false;
+        return predicates.every((predicate) => predicate(user, resource));
     }
-    canWithOwnership(role, action, resource) {
-        return this.can(role, action, resource) && this.canAccessOwnedResource(resource);
+    canAnyWithAttributes(user, role, action, resource, predicates) {
+        if (!this.can(role, action, resource))
+            return false;
+        return predicates.some((predicate) => predicate(user, resource));
     }
 }
 exports.RBACPolicy = RBACPolicy;

package/dist/esm/rbac/rbac-policy.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"rbac-policy.js","sourceRoot":"","sources":["../../../src/rbac/rbac-policy.ts"],"names":[],"mappings":";;;AAIA,MAAsB,UAAU;~~IAI9B~~,GAAG,CAAC,~~IAAU~~,EAAE,MAA4B,EAAE,~~QAAkB~~;~~QAC9D~~,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAE9C,OAAO,WAAW,CAAC,IAAI,CACrB,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,IAAI,CAAC,QAAQ,KAAK,GAAG,IAAI,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,IAAI,CAAC;YAC1D,CAAC,IAAI,CAAC,MAAM,KAAK,MAAM,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,CACvD,CAAC;IACJ,CAAC;IAED,~~sBAAsB~~,~~CAAC~~,QAAkB;~~QACvC~~,~~OAAO~~,~~QAAQ~~,CAAC,~~QAAQ~~,~~KAAK~~,IAAI,~~CAAC~~,MAAM,CAAC,KAAK,CAAC;~~IACjD~~,CAAC;IAED,~~gBAAgB~~,~~CAAC~~,IAAU,~~EAAE~~,MAA4B,~~EAAE~~,QAAkB;~~QAC3E~~,~~OAAO~~,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,~~IAAI~~,IAAI,CAAC,~~sBAAsB~~,CAAC,QAAQ,CAAC,CAAC;~~IACnF~~,CAAC;CACF;~~AArBD~~,~~gCAqBC~~"}
1	+ {"version":3,"file":"rbac-policy.js","sourceRoot":"","sources":["../../../src/rbac/rbac-policy.ts"],"names":[],"mappings":";;;AAIA,MAAsB,UAAU;IAG9B,GAAG,CAAC,IAAY,EAAE,MAA4B,EAAE,QAAsB;QACpE,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAE9C,OAAO,WAAW,CAAC,IAAI,CACrB,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,IAAI,CAAC,QAAQ,KAAK,GAAG,IAAI,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,IAAI,CAAC;YAC1D,CAAC,IAAI,CAAC,MAAM,KAAK,MAAM,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,CACvD,CAAC;IACJ,CAAC;IAED,iBAAiB,CACf,IAAU,EACV,IAAY,EACZ,MAA4B,EAC5B,QAAkB,EAClB,UAAuC;QAEvC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC;YAAE,OAAO,KAAK,CAAC;QAEpD,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC;IACpE,CAAC;IAED,oBAAoB,CAClB,IAAU,EACV,IAAY,EACZ,MAA4B,EAC5B,QAAkB,EAClB,UAAuC;QAEvC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC;YAAE,OAAO,KAAK,CAAC;QAEpD,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC;IACnE,CAAC;CACF;AApCD,gCAoCC"}

package/dist/types/abac/index.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export type { Predicate } from "./predicate";
2	+ //# sourceMappingURL=index.d.ts.map

package/dist/types/abac/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/abac/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC"}

package/dist/types/abac/predicate.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import type { BaseResource } from '../rbac/base-resource';
+export type Predicate<User extends {
+    id: string;
+}, Resource extends BaseResource> = (user: User, resource: Resource) => boolean;
+//# sourceMappingURL=predicate.d.ts.map

package/dist/types/abac/predicate.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"predicate.d.ts","sourceRoot":"","sources":["../../../src/abac/predicate.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAE1D,MAAM,MAAM,SAAS,CAAC,IAAI,SAAS;IAAE,EAAE,EAAE,MAAM,CAAA;CAAE,EAAE,QAAQ,SAAS,YAAY,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,KAAK,OAAO,CAAC"}

package/dist/types/rbac/base-resource.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+export type BaseResource = {
+    name: string;
+};
+//# sourceMappingURL=base-resource.d.ts.map

package/dist/types/rbac/base-resource.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"base-resource.d.ts","sourceRoot":"","sources":["../../../src/rbac/base-resource.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,YAAY,GAAG;IACzB,IAAI,EAAE,MAAM,CAAC;CACd,CAAC"}

package/dist/types/rbac/index.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 export type { Permission } from "./permission";
-export type { Resource } from "./resource";
+export type { BaseResource } from "./base-resource";
 export { RBACPolicy } from "./rbac-policy";
 export * from "./exceptions";
 //# sourceMappingURL=index.d.ts.map

package/dist/types/rbac/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/rbac/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC/C,YAAY,EAAE,~~QAAQ~~,EAAE,MAAM,~~YAAY~~,CAAC;~~AAE3C~~,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,cAAc,cAAc,CAAC"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/rbac/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC/C,YAAY,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAEpD,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,cAAc,cAAc,CAAC"}

package/dist/types/rbac/rbac-policy.d.ts CHANGED Viewed

@@ -1,11 +1,14 @@
 import { Permission } from './permission';
-import { Resource } from './resource';
-import { ValueObject } from '../value-objects';
-export declare abstract class RBACPolicy<Role extends string, UserID extends ValueObject> {
-    protected abstract userID: UserID;
-    abstract getPermissions(role: Role): Permission[];
-    can(role: Role, action: Permission['action'], resource: Resource): boolean;
-    canAccessOwnedResource(resource: Resource): boolean;
-    canWithOwnership(role: Role, action: Permission['action'], resource: Resource): boolean;
+import { BaseResource } from './base-resource';
+import { Predicate } from '../abac';
+export declare abstract class RBACPolicy {
+    abstract getPermissions(role: string): Permission[];
+    can(role: string, action: Permission['action'], resource: BaseResource): boolean;
+    canWithAttributes<User extends {
+        id: string;
+    }, Resource extends BaseResource>(user: User, role: string, action: Permission['action'], resource: Resource, predicates: Predicate<User, Resource>[]): boolean;
+    canAnyWithAttributes<User extends {
+        id: string;
+    }, Resource extends BaseResource>(user: User, role: string, action: Permission['action'], resource: Resource, predicates: Predicate<User, Resource>[]): boolean;
 }
 //# sourceMappingURL=rbac-policy.d.ts.map

package/dist/types/rbac/rbac-policy.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"rbac-policy.d.ts","sourceRoot":"","sources":["../../../src/rbac/rbac-policy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,~~QAAQ~~,EAAE,MAAM,~~YAAY~~,CAAC;~~AACtC~~,OAAO,EAAE,~~WAAW~~,EAAE,MAAM,~~kBAAkB~~,CAAC;~~AAE/C~~,8BAAsB,UAAU,CAAC,~~IAAI~~,~~SAAS~~,~~MAAM~~,EAAE,MAAM,~~SAAS~~,~~WAAW~~;~~IAC9E~~,~~SAAS~~,CAAC,~~QAAQ~~,~~CAAC~~,MAAM,EAAE,MAAM,CAAC~~;IAClC~~,QAAQ,CAAC,~~cAAc~~,CAAC,IAAI,EAAE,~~IAAI~~,~~GAAG~~,~~UAAU~~,EAAE~~;IAEjD~~,~~GAAG~~,~~CAAC~~,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,CAAC,QAAQ,CAAC,~~EAAE~~,QAAQ,EAAE,QAAQ,~~GAAG~~,~~OAAO;IAU1E~~,~~sBAAsB~~,CAAC,~~QAAQ~~,EAAE,QAAQ,~~GAAG~~,OAAO;~~IAInD~~,~~gBAAgB~~,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,CAAC,QAAQ,CAAC,EAAE,QAAQ,EAAE,QAAQ,~~GAAG~~,OAAO;~~CAGxF~~"}
1	+ {"version":3,"file":"rbac-policy.d.ts","sourceRoot":"","sources":["../../../src/rbac/rbac-policy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAEpC,8BAAsB,UAAU;IAC9B,QAAQ,CAAC,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,UAAU,EAAE;IAEnD,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,CAAC,QAAQ,CAAC,EAAE,QAAQ,EAAE,YAAY,GAAG,OAAO;IAUhF,iBAAiB,CAAC,IAAI,SAAU;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,EAAE,QAAQ,SAAS,YAAY,EAC3E,IAAI,EAAE,IAAI,EACV,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,UAAU,CAAC,QAAQ,CAAC,EAC5B,QAAQ,EAAE,QAAQ,EAClB,UAAU,EAAE,SAAS,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,GACtC,OAAO;IAMV,oBAAoB,CAAC,IAAI,SAAS;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,EAAE,QAAQ,SAAS,YAAY,EAC7E,IAAI,EAAE,IAAI,EACV,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,UAAU,CAAC,QAAQ,CAAC,EAC5B,QAAQ,EAAE,QAAQ,EAClB,UAAU,EAAE,SAAS,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,GACtC,OAAO;CAKX"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@schorts/shared-kernel",
-  "version": "3.1.5",
+  "version": "4.0.0",
   "description": "A modular, type-safe foundation for building expressive, maintainable applications. This package provides core abstractions for domain modeling, HTTP integration, authentication, state management, and more — designed to be framework-agnostic and highly extensible.",
   "main": "./dist/cjs/index.js",
   "module": "./dist/esm/index.js",
@@ -11,6 +11,11 @@
       "require": "./dist/cjs/index.js",
       "types": "./dist/types/index.d.ts"
     },
+    "./abac": {
+      "import": "./dist/esm/abac/index.js",
+      "require": "./dist/cjs/abac/index.js",
+      "types": "./dist/types/abac/index.d.ts"
+    },
     "./auth": {
       "import": "./dist/esm/auth/index.js",
       "require": "./dist/cjs/auth/index.js",

package/src/abac/index.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export type { Predicate } from "./predicate";

package/src/abac/predicate.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import type { BaseResource } from '../rbac/base-resource';
+export type Predicate<User extends { id: string }, Resource extends BaseResource> = (user: User, resource: Resource) => boolean;

package/src/rbac/base-resource.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export type BaseResource = {
+  name: string;
+};

package/src/rbac/index.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 export type { Permission } from "./permission";
-export type { Resource } from "./resource";
+export type { BaseResource } from "./base-resource";
 export { RBACPolicy } from "./rbac-policy";
 export * from "./exceptions";

package/src/rbac/rbac-policy.ts CHANGED Viewed

@@ -1,12 +1,11 @@
 import { Permission } from './permission';
-import { Resource } from './resource';
-import { ValueObject } from '../value-objects';
+import { BaseResource } from './base-resource';
+import { Predicate } from '../abac';
-export abstract class RBACPolicy<Role extends string, UserID extends ValueObject> {
-  protected abstract userID: UserID;
-  abstract getPermissions(role: Role): Permission[];
+export abstract class RBACPolicy {
+  abstract getPermissions(role: string): Permission[];
-  can(role: Role, action: Permission['action'], resource: Resource): boolean {
+  can(role: string, action: Permission['action'], resource: BaseResource): boolean {
     const permissions = this.getPermissions(role);
     return permissions.some(
@@ -16,11 +15,27 @@ export abstract class RBACPolicy<Role extends string, UserID extends ValueObject
     );
   }
-  canAccessOwnedResource(resource: Resource): boolean {
-    return resource.owner_id === this.userID.value;
+  canWithAttributes<User extends  { id: string }, Resource extends BaseResource>(
+    user: User,
+    role: string,
+    action: Permission['action'],
+    resource: Resource,
+    predicates: Predicate<User, Resource>[],
+  ): boolean {
+    if (!this.can(role, action, resource)) return false;
+    return predicates.every((predicate) => predicate(user, resource));
   }
-  canWithOwnership(role: Role, action: Permission['action'], resource: Resource): boolean {
-    return this.can(role, action, resource) && this.canAccessOwnedResource(resource);
+  canAnyWithAttributes<User extends { id: string }, Resource extends BaseResource>(
+    user: User,
+    role: string,
+    action: Permission['action'],
+    resource: Resource,
+    predicates: Predicate<User, Resource>[]
+  ): boolean {
+    if (!this.can(role, action, resource)) return false;
+    return predicates.some((predicate) => predicate(user, resource));
   }
 }

package/src/rbac/resource.ts DELETED Viewed

@@ -1,4 +0,0 @@
-export type Resource = {
-  name: string;
-  owner_id?: string;
-};