@schorts/shared-kernel 3.1.5 โ 4.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG +12 -0
- package/README.md +5 -0
- package/dist/cjs/abac/index.js +3 -0
- package/dist/cjs/abac/index.js.map +1 -0
- package/dist/cjs/abac/predicate.js +3 -0
- package/dist/cjs/abac/predicate.js.map +1 -0
- package/dist/cjs/rbac/base-resource.js +3 -0
- package/dist/cjs/rbac/base-resource.js.map +1 -0
- package/dist/cjs/rbac/rbac-policy.js +8 -4
- package/dist/cjs/rbac/rbac-policy.js.map +1 -1
- package/dist/cjs/telemetry/index.js +3 -0
- package/dist/cjs/telemetry/index.js.map +1 -0
- package/dist/cjs/telemetry/telemetry.js +3 -0
- package/dist/cjs/telemetry/telemetry.js.map +1 -0
- package/dist/esm/abac/index.js +3 -0
- package/dist/esm/abac/index.js.map +1 -0
- package/dist/esm/abac/predicate.js +3 -0
- package/dist/esm/abac/predicate.js.map +1 -0
- package/dist/esm/rbac/base-resource.js +3 -0
- package/dist/esm/rbac/base-resource.js.map +1 -0
- package/dist/esm/rbac/rbac-policy.js +8 -4
- package/dist/esm/rbac/rbac-policy.js.map +1 -1
- package/dist/esm/telemetry/index.js +3 -0
- package/dist/esm/telemetry/index.js.map +1 -0
- package/dist/esm/telemetry/telemetry.js +3 -0
- package/dist/esm/telemetry/telemetry.js.map +1 -0
- package/dist/types/abac/index.d.ts +2 -0
- package/dist/types/abac/index.d.ts.map +1 -0
- package/dist/types/abac/predicate.d.ts +5 -0
- package/dist/types/abac/predicate.d.ts.map +1 -0
- package/dist/types/pub-sub/subscription.d.ts +1 -0
- package/dist/types/pub-sub/subscription.d.ts.map +1 -1
- package/dist/types/rbac/base-resource.d.ts +4 -0
- package/dist/types/rbac/base-resource.d.ts.map +1 -0
- package/dist/types/rbac/index.d.ts +1 -1
- package/dist/types/rbac/index.d.ts.map +1 -1
- package/dist/types/rbac/rbac-policy.d.ts +11 -8
- package/dist/types/rbac/rbac-policy.d.ts.map +1 -1
- package/dist/types/telemetry/index.d.ts +2 -0
- package/dist/types/telemetry/index.d.ts.map +1 -0
- package/dist/types/telemetry/telemetry.d.ts +7 -0
- package/dist/types/telemetry/telemetry.d.ts.map +1 -0
- package/package.json +11 -1
- package/src/abac/index.ts +1 -0
- package/src/abac/predicate.ts +3 -0
- package/src/pub-sub/subscription.ts +1 -0
- package/src/rbac/base-resource.ts +3 -0
- package/src/rbac/index.ts +1 -1
- package/src/rbac/rbac-policy.ts +25 -10
- package/src/telemetry/index.ts +1 -0
- package/src/telemetry/telemetry.ts +6 -0
- package/src/rbac/resource.ts +0 -4
package/CHANGELOG
CHANGED
|
@@ -5,6 +5,18 @@ All notable changes to this project will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [4.1.0] - 2025-10-21
|
|
9
|
+
|
|
10
|
+
### Added
|
|
11
|
+
|
|
12
|
+
- Added `Telemetry`.
|
|
13
|
+
|
|
14
|
+
## [4.0.0] - 2025-10-21
|
|
15
|
+
|
|
16
|
+
### Added
|
|
17
|
+
|
|
18
|
+
- Added `ABAC` support to `RBACPolicy`.
|
|
19
|
+
|
|
8
20
|
## [3.1.5] - 2025-10-18
|
|
9
21
|
|
|
10
22
|
### Fixed
|
package/README.md
CHANGED
|
@@ -18,6 +18,7 @@ npm install @schorts/shared-kernel --save
|
|
|
18
18
|
### ๐ก๏ธ RBAC (Role-Based Access Control)
|
|
19
19
|
- **RBACPolicy:** Abstract base class for defining role-based permission logic. Supports wildcard actions (manage) and resources (*), ownership checks, and composable access control strategies.
|
|
20
20
|
- **Permission:** Lightweight value object representing an action-resource pair (e.g., read:orders, manage:*).
|
|
21
|
+
- **ABAC Integration:** ABAC Integration: Extend RBAC with attribute-based access control via composable predicates. Use canWithAttributes() and canAnyWithAttributes() to enforce dynamic policies based on user and resource attributes (e.g., ownership, organization, status). This enables hybrid access control strategies that combine declarative roles with contextual rules.
|
|
21
22
|
|
|
22
23
|
### ๐ Criteria
|
|
23
24
|
|
|
@@ -81,6 +82,10 @@ Translation keys are centralized in registries for discoverability and tooling,
|
|
|
81
82
|
- **SessionStorageStateManager:** Concrete implementation using session storage.
|
|
82
83
|
- **InMemoryStateManager:** Concrete implementation using in-memory.
|
|
83
84
|
|
|
85
|
+
### ๐ Telemetry
|
|
86
|
+
|
|
87
|
+
- **Telemetry:** Abstract interface for unified telemetry across frontend and backend environments. Supports initialization, error tracking, custom context attributes, and transaction naming. Enables integration with observability platforms like New Relic via a consistent API.
|
|
88
|
+
|
|
84
89
|
### ๐งช Value Objects
|
|
85
90
|
|
|
86
91
|
- **CoordinatesValue**
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/abac/index.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"predicate.js","sourceRoot":"","sources":["../../../src/abac/predicate.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"base-resource.js","sourceRoot":"","sources":["../../../src/rbac/base-resource.ts"],"names":[],"mappings":""}
|
|
@@ -7,11 +7,15 @@ class RBACPolicy {
|
|
|
7
7
|
return permissions.some((perm) => (perm.resource === '*' || perm.resource === resource.name) &&
|
|
8
8
|
(perm.action === action || perm.action === 'manage'));
|
|
9
9
|
}
|
|
10
|
-
|
|
11
|
-
|
|
10
|
+
canWithAttributes(user, role, action, resource, predicates) {
|
|
11
|
+
if (!this.can(role, action, resource))
|
|
12
|
+
return false;
|
|
13
|
+
return predicates.every((predicate) => predicate(user, resource));
|
|
12
14
|
}
|
|
13
|
-
|
|
14
|
-
|
|
15
|
+
canAnyWithAttributes(user, role, action, resource, predicates) {
|
|
16
|
+
if (!this.can(role, action, resource))
|
|
17
|
+
return false;
|
|
18
|
+
return predicates.some((predicate) => predicate(user, resource));
|
|
15
19
|
}
|
|
16
20
|
}
|
|
17
21
|
exports.RBACPolicy = RBACPolicy;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rbac-policy.js","sourceRoot":"","sources":["../../../src/rbac/rbac-policy.ts"],"names":[],"mappings":";;;AAIA,MAAsB,UAAU;
|
|
1
|
+
{"version":3,"file":"rbac-policy.js","sourceRoot":"","sources":["../../../src/rbac/rbac-policy.ts"],"names":[],"mappings":";;;AAIA,MAAsB,UAAU;IAG9B,GAAG,CAAC,IAAY,EAAE,MAA4B,EAAE,QAAsB;QACpE,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAE9C,OAAO,WAAW,CAAC,IAAI,CACrB,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,IAAI,CAAC,QAAQ,KAAK,GAAG,IAAI,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,IAAI,CAAC;YAC1D,CAAC,IAAI,CAAC,MAAM,KAAK,MAAM,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,CACvD,CAAC;IACJ,CAAC;IAED,iBAAiB,CACf,IAAU,EACV,IAAY,EACZ,MAA4B,EAC5B,QAAkB,EAClB,UAAuC;QAEvC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC;YAAE,OAAO,KAAK,CAAC;QAEpD,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC;IACpE,CAAC;IAED,oBAAoB,CAClB,IAAU,EACV,IAAY,EACZ,MAA4B,EAC5B,QAAkB,EAClB,UAAuC;QAEvC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC;YAAE,OAAO,KAAK,CAAC;QAEpD,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC;IACnE,CAAC;CACF;AApCD,gCAoCC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/telemetry/index.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"telemetry.js","sourceRoot":"","sources":["../../../src/telemetry/telemetry.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/abac/index.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"predicate.js","sourceRoot":"","sources":["../../../src/abac/predicate.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"base-resource.js","sourceRoot":"","sources":["../../../src/rbac/base-resource.ts"],"names":[],"mappings":""}
|
|
@@ -7,11 +7,15 @@ class RBACPolicy {
|
|
|
7
7
|
return permissions.some((perm) => (perm.resource === '*' || perm.resource === resource.name) &&
|
|
8
8
|
(perm.action === action || perm.action === 'manage'));
|
|
9
9
|
}
|
|
10
|
-
|
|
11
|
-
|
|
10
|
+
canWithAttributes(user, role, action, resource, predicates) {
|
|
11
|
+
if (!this.can(role, action, resource))
|
|
12
|
+
return false;
|
|
13
|
+
return predicates.every((predicate) => predicate(user, resource));
|
|
12
14
|
}
|
|
13
|
-
|
|
14
|
-
|
|
15
|
+
canAnyWithAttributes(user, role, action, resource, predicates) {
|
|
16
|
+
if (!this.can(role, action, resource))
|
|
17
|
+
return false;
|
|
18
|
+
return predicates.some((predicate) => predicate(user, resource));
|
|
15
19
|
}
|
|
16
20
|
}
|
|
17
21
|
exports.RBACPolicy = RBACPolicy;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rbac-policy.js","sourceRoot":"","sources":["../../../src/rbac/rbac-policy.ts"],"names":[],"mappings":";;;AAIA,MAAsB,UAAU;
|
|
1
|
+
{"version":3,"file":"rbac-policy.js","sourceRoot":"","sources":["../../../src/rbac/rbac-policy.ts"],"names":[],"mappings":";;;AAIA,MAAsB,UAAU;IAG9B,GAAG,CAAC,IAAY,EAAE,MAA4B,EAAE,QAAsB;QACpE,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAE9C,OAAO,WAAW,CAAC,IAAI,CACrB,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,IAAI,CAAC,QAAQ,KAAK,GAAG,IAAI,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,IAAI,CAAC;YAC1D,CAAC,IAAI,CAAC,MAAM,KAAK,MAAM,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,CACvD,CAAC;IACJ,CAAC;IAED,iBAAiB,CACf,IAAU,EACV,IAAY,EACZ,MAA4B,EAC5B,QAAkB,EAClB,UAAuC;QAEvC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC;YAAE,OAAO,KAAK,CAAC;QAEpD,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC;IACpE,CAAC;IAED,oBAAoB,CAClB,IAAU,EACV,IAAY,EACZ,MAA4B,EAC5B,QAAkB,EAClB,UAAuC;QAEvC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC;YAAE,OAAO,KAAK,CAAC;QAEpD,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC;IACnE,CAAC;CACF;AApCD,gCAoCC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/telemetry/index.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"telemetry.js","sourceRoot":"","sources":["../../../src/telemetry/telemetry.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/abac/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"predicate.d.ts","sourceRoot":"","sources":["../../../src/abac/predicate.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAE1D,MAAM,MAAM,SAAS,CAAC,IAAI,SAAS;IAAE,EAAE,EAAE,MAAM,CAAA;CAAE,EAAE,QAAQ,SAAS,YAAY,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,KAAK,OAAO,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"subscription.d.ts","sourceRoot":"","sources":["../../../src/pub-sub/subscription.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,YAAY;IAC3B,OAAO,IAAI,IAAI,CAAC;IAChB,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,OAAO,EAAE,GAAG,KAAK,IAAI,GAAG,IAAI,CAAC;IACjF,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,UAAU,IAAI,IAAI,CAAC;CACpB"}
|
|
1
|
+
{"version":3,"file":"subscription.d.ts","sourceRoot":"","sources":["../../../src/pub-sub/subscription.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,YAAY;IAC3B,IAAI,IAAI,IAAI,CAAC;IACb,OAAO,IAAI,IAAI,CAAC;IAChB,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,OAAO,EAAE,GAAG,KAAK,IAAI,GAAG,IAAI,CAAC;IACjF,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,UAAU,IAAI,IAAI,CAAC;CACpB"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"base-resource.d.ts","sourceRoot":"","sources":["../../../src/rbac/base-resource.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,YAAY,GAAG;IACzB,IAAI,EAAE,MAAM,CAAC;CACd,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/rbac/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC/C,YAAY,EAAE,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/rbac/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC/C,YAAY,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAEpD,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,cAAc,cAAc,CAAC"}
|
|
@@ -1,11 +1,14 @@
|
|
|
1
1
|
import { Permission } from './permission';
|
|
2
|
-
import {
|
|
3
|
-
import {
|
|
4
|
-
export declare abstract class RBACPolicy
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
2
|
+
import { BaseResource } from './base-resource';
|
|
3
|
+
import { Predicate } from '../abac';
|
|
4
|
+
export declare abstract class RBACPolicy {
|
|
5
|
+
abstract getPermissions(role: string): Permission[];
|
|
6
|
+
can(role: string, action: Permission['action'], resource: BaseResource): boolean;
|
|
7
|
+
canWithAttributes<User extends {
|
|
8
|
+
id: string;
|
|
9
|
+
}, Resource extends BaseResource>(user: User, role: string, action: Permission['action'], resource: Resource, predicates: Predicate<User, Resource>[]): boolean;
|
|
10
|
+
canAnyWithAttributes<User extends {
|
|
11
|
+
id: string;
|
|
12
|
+
}, Resource extends BaseResource>(user: User, role: string, action: Permission['action'], resource: Resource, predicates: Predicate<User, Resource>[]): boolean;
|
|
10
13
|
}
|
|
11
14
|
//# sourceMappingURL=rbac-policy.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rbac-policy.d.ts","sourceRoot":"","sources":["../../../src/rbac/rbac-policy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"rbac-policy.d.ts","sourceRoot":"","sources":["../../../src/rbac/rbac-policy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAEpC,8BAAsB,UAAU;IAC9B,QAAQ,CAAC,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,UAAU,EAAE;IAEnD,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,CAAC,QAAQ,CAAC,EAAE,QAAQ,EAAE,YAAY,GAAG,OAAO;IAUhF,iBAAiB,CAAC,IAAI,SAAU;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,EAAE,QAAQ,SAAS,YAAY,EAC3E,IAAI,EAAE,IAAI,EACV,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,UAAU,CAAC,QAAQ,CAAC,EAC5B,QAAQ,EAAE,QAAQ,EAClB,UAAU,EAAE,SAAS,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,GACtC,OAAO;IAMV,oBAAoB,CAAC,IAAI,SAAS;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,EAAE,QAAQ,SAAS,YAAY,EAC7E,IAAI,EAAE,IAAI,EACV,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,UAAU,CAAC,QAAQ,CAAC,EAC5B,QAAQ,EAAE,QAAQ,EAClB,UAAU,EAAE,SAAS,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,GACtC,OAAO;CAKX"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/telemetry/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"telemetry.d.ts","sourceRoot":"","sources":["../../../src/telemetry/telemetry.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,SAAS;IACxB,IAAI,IAAI,IAAI,CAAC;IACb,UAAU,CAAC,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;IAC/B,gBAAgB,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACnD,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;CACpC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@schorts/shared-kernel",
|
|
3
|
-
"version": "
|
|
3
|
+
"version": "4.1.0",
|
|
4
4
|
"description": "A modular, type-safe foundation for building expressive, maintainable applications. This package provides core abstractions for domain modeling, HTTP integration, authentication, state management, and more โ designed to be framework-agnostic and highly extensible.",
|
|
5
5
|
"main": "./dist/cjs/index.js",
|
|
6
6
|
"module": "./dist/esm/index.js",
|
|
@@ -11,6 +11,11 @@
|
|
|
11
11
|
"require": "./dist/cjs/index.js",
|
|
12
12
|
"types": "./dist/types/index.d.ts"
|
|
13
13
|
},
|
|
14
|
+
"./abac": {
|
|
15
|
+
"import": "./dist/esm/abac/index.js",
|
|
16
|
+
"require": "./dist/cjs/abac/index.js",
|
|
17
|
+
"types": "./dist/types/abac/index.d.ts"
|
|
18
|
+
},
|
|
14
19
|
"./auth": {
|
|
15
20
|
"import": "./dist/esm/auth/index.js",
|
|
16
21
|
"require": "./dist/cjs/auth/index.js",
|
|
@@ -96,6 +101,11 @@
|
|
|
96
101
|
"require": "./dist/cjs/state-manager/index.js",
|
|
97
102
|
"types": "./dist/types/state-manager/index.d.ts"
|
|
98
103
|
},
|
|
104
|
+
"./telemetry": {
|
|
105
|
+
"import": "./dist/esm/telemetry/index.js",
|
|
106
|
+
"require": "./dist/cjs/telemetry/index.js",
|
|
107
|
+
"types": "./dist/types/telemetry/index.d.ts"
|
|
108
|
+
},
|
|
99
109
|
"./unit-of-work": {
|
|
100
110
|
"import": "./dist/esm/unit-of-work/index.js",
|
|
101
111
|
"require": "./dist/cjs/unit-of-work/index.js",
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export type { Predicate } from "./predicate";
|
package/src/rbac/index.ts
CHANGED
package/src/rbac/rbac-policy.ts
CHANGED
|
@@ -1,12 +1,11 @@
|
|
|
1
1
|
import { Permission } from './permission';
|
|
2
|
-
import {
|
|
3
|
-
import {
|
|
2
|
+
import { BaseResource } from './base-resource';
|
|
3
|
+
import { Predicate } from '../abac';
|
|
4
4
|
|
|
5
|
-
export abstract class RBACPolicy
|
|
6
|
-
|
|
7
|
-
abstract getPermissions(role: Role): Permission[];
|
|
5
|
+
export abstract class RBACPolicy {
|
|
6
|
+
abstract getPermissions(role: string): Permission[];
|
|
8
7
|
|
|
9
|
-
can(role:
|
|
8
|
+
can(role: string, action: Permission['action'], resource: BaseResource): boolean {
|
|
10
9
|
const permissions = this.getPermissions(role);
|
|
11
10
|
|
|
12
11
|
return permissions.some(
|
|
@@ -16,11 +15,27 @@ export abstract class RBACPolicy<Role extends string, UserID extends ValueObject
|
|
|
16
15
|
);
|
|
17
16
|
}
|
|
18
17
|
|
|
19
|
-
|
|
20
|
-
|
|
18
|
+
canWithAttributes<User extends { id: string }, Resource extends BaseResource>(
|
|
19
|
+
user: User,
|
|
20
|
+
role: string,
|
|
21
|
+
action: Permission['action'],
|
|
22
|
+
resource: Resource,
|
|
23
|
+
predicates: Predicate<User, Resource>[],
|
|
24
|
+
): boolean {
|
|
25
|
+
if (!this.can(role, action, resource)) return false;
|
|
26
|
+
|
|
27
|
+
return predicates.every((predicate) => predicate(user, resource));
|
|
21
28
|
}
|
|
22
29
|
|
|
23
|
-
|
|
24
|
-
|
|
30
|
+
canAnyWithAttributes<User extends { id: string }, Resource extends BaseResource>(
|
|
31
|
+
user: User,
|
|
32
|
+
role: string,
|
|
33
|
+
action: Permission['action'],
|
|
34
|
+
resource: Resource,
|
|
35
|
+
predicates: Predicate<User, Resource>[]
|
|
36
|
+
): boolean {
|
|
37
|
+
if (!this.can(role, action, resource)) return false;
|
|
38
|
+
|
|
39
|
+
return predicates.some((predicate) => predicate(user, resource));
|
|
25
40
|
}
|
|
26
41
|
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export type { telemetry } from "./telemetry";
|
package/src/rbac/resource.ts
DELETED