@sirketio/auth 0.0.1

package/dist/plugins/access/access.mjs

@@ -0,0 +1,46 @@
+import { BetterAuthError } from "@better-auth/core/error";
+
+//#region src/plugins/access/access.ts
+function role(statements) {
+	return {
+		authorize(request, connector = "AND") {
+			let success = false;
+			for (const [requestedResource, requestedActions] of Object.entries(request)) {
+				const allowedActions = statements[requestedResource];
+				if (!allowedActions) return {
+					success: false,
+					error: `You are not allowed to access resource: ${requestedResource}`
+				};
+				if (Array.isArray(requestedActions)) success = requestedActions.every((requestedAction) => allowedActions.includes(requestedAction));
+				else if (typeof requestedActions === "object") {
+					const actions = requestedActions;
+					if (actions.connector === "OR") success = actions.actions.some((requestedAction) => allowedActions.includes(requestedAction));
+					else success = actions.actions.every((requestedAction) => allowedActions.includes(requestedAction));
+				} else throw new BetterAuthError("Invalid access control request");
+				if (success && connector === "OR") return { success };
+				if (!success && connector === "AND") return {
+					success: false,
+					error: `unauthorized to access resource "${requestedResource}"`
+				};
+			}
+			if (success) return { success };
+			return {
+				success: false,
+				error: "Not authorized"
+			};
+		},
+		statements
+	};
+}
+function createAccessControl(s) {
+	return {
+		newRole(statements) {
+			return role(statements);
+		},
+		statements: s
+	};
+}
+
+//#endregion
+export { createAccessControl, role };
+//# sourceMappingURL=access.mjs.map

package/dist/plugins/access/access.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"access.mjs","names":[],"sources":["../../../src/plugins/access/access.ts"],"sourcesContent":["import { BetterAuthError } from \"@better-auth/core/error\";\nimport type { Statements, Subset } from \"./types\";\n\nexport type AuthorizeResponse =\n\t| { success: false; error: string }\n\t| { success: true; error?: never | undefined };\n\nexport function role<TStatements extends Statements>(statements: TStatements) {\n\treturn {\n\t\tauthorize<K extends keyof TStatements>(\n\t\t\trequest: {\n\t\t\t\t[key in K]?:\n\t\t\t\t\t| TStatements[key]\n\t\t\t\t\t| {\n\t\t\t\t\t\t\tactions: TStatements[key];\n\t\t\t\t\t\t\tconnector: \"OR\" | \"AND\";\n\t\t\t\t\t  };\n\t\t\t},\n\t\t\tconnector: \"OR\" | \"AND\" = \"AND\",\n\t\t): AuthorizeResponse {\n\t\t\tlet success = false;\n\t\t\tfor (const [requestedResource, requestedActions] of Object.entries(\n\t\t\t\trequest,\n\t\t\t)) {\n\t\t\t\tconst allowedActions = statements[requestedResource];\n\t\t\t\tif (!allowedActions) {\n\t\t\t\t\treturn {\n\t\t\t\t\t\tsuccess: false,\n\t\t\t\t\t\terror: `You are not allowed to access resource: ${requestedResource}`,\n\t\t\t\t\t};\n\t\t\t\t}\n\t\t\t\tif (Array.isArray(requestedActions)) {\n\t\t\t\t\tsuccess = (requestedActions as string[]).every((requestedAction) =>\n\t\t\t\t\t\tallowedActions.includes(requestedAction),\n\t\t\t\t\t);\n\t\t\t\t} else {\n\t\t\t\t\tif (typeof requestedActions === \"object\") {\n\t\t\t\t\t\tconst actions = requestedActions as {\n\t\t\t\t\t\t\tactions: string[];\n\t\t\t\t\t\t\tconnector: \"OR\" | \"AND\";\n\t\t\t\t\t\t};\n\t\t\t\t\t\tif (actions.connector === \"OR\") {\n\t\t\t\t\t\t\tsuccess = actions.actions.some((requestedAction) =>\n\t\t\t\t\t\t\t\tallowedActions.includes(requestedAction),\n\t\t\t\t\t\t\t);\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\tsuccess = actions.actions.every((requestedAction) =>\n\t\t\t\t\t\t\t\tallowedActions.includes(requestedAction),\n\t\t\t\t\t\t\t);\n\t\t\t\t\t\t}\n\t\t\t\t\t} else {\n\t\t\t\t\t\tthrow new BetterAuthError(\"Invalid access control request\");\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\tif (success && connector === \"OR\") {\n\t\t\t\t\treturn { success };\n\t\t\t\t}\n\t\t\t\tif (!success && connector === \"AND\") {\n\t\t\t\t\treturn {\n\t\t\t\t\t\tsuccess: false,\n\t\t\t\t\t\terror: `unauthorized to access resource \"${requestedResource}\"`,\n\t\t\t\t\t};\n\t\t\t\t}\n\t\t\t}\n\t\t\tif (success) {\n\t\t\t\treturn {\n\t\t\t\t\tsuccess,\n\t\t\t\t};\n\t\t\t}\n\t\t\treturn {\n\t\t\t\tsuccess: false,\n\t\t\t\terror: \"Not authorized\",\n\t\t\t};\n\t\t},\n\t\tstatements,\n\t};\n}\n\nexport function createAccessControl<const TStatements extends Statements>(\n\ts: TStatements,\n) {\n\treturn {\n\t\tnewRole<K extends keyof TStatements>(statements: Subset<K, TStatements>) {\n\t\t\treturn role<Subset<K, TStatements>>(statements);\n\t\t},\n\t\tstatements: s,\n\t};\n}\n"],"mappings":";;;AAOA,SAAgB,KAAqC,YAAyB;AAC7E,QAAO;EACN,UACC,SAQA,YAA0B,OACN;GACpB,IAAI,UAAU;AACd,QAAK,MAAM,CAAC,mBAAmB,qBAAqB,OAAO,QAC1D,QACA,EAAE;IACF,MAAM,iBAAiB,WAAW;AAClC,QAAI,CAAC,eACJ,QAAO;KACN,SAAS;KACT,OAAO,2CAA2C;KAClD;AAEF,QAAI,MAAM,QAAQ,iBAAiB,CAClC,WAAW,iBAA8B,OAAO,oBAC/C,eAAe,SAAS,gBAAgB,CACxC;aAEG,OAAO,qBAAqB,UAAU;KACzC,MAAM,UAAU;AAIhB,SAAI,QAAQ,cAAc,KACzB,WAAU,QAAQ,QAAQ,MAAM,oBAC/B,eAAe,SAAS,gBAAgB,CACxC;SAED,WAAU,QAAQ,QAAQ,OAAO,oBAChC,eAAe,SAAS,gBAAgB,CACxC;UAGF,OAAM,IAAI,gBAAgB,iCAAiC;AAG7D,QAAI,WAAW,cAAc,KAC5B,QAAO,EAAE,SAAS;AAEnB,QAAI,CAAC,WAAW,cAAc,MAC7B,QAAO;KACN,SAAS;KACT,OAAO,oCAAoC,kBAAkB;KAC7D;;AAGH,OAAI,QACH,QAAO,EACN,SACA;AAEF,UAAO;IACN,SAAS;IACT,OAAO;IACP;;EAEF;EACA;;AAGF,SAAgB,oBACf,GACC;AACD,QAAO;EACN,QAAqC,YAAoC;AACxE,UAAO,KAA6B,WAAW;;EAEhD,YAAY;EACZ"}

package/dist/plugins/access/index.d.mts

@@ -0,0 +1,3 @@
+import { AccessControl, Role, Statements, SubArray, Subset } from "./types.mjs";
+import { AuthorizeResponse, createAccessControl, role } from "./access.mjs";
+export { AccessControl, AuthorizeResponse, Role, Statements, SubArray, Subset, createAccessControl, role };

package/dist/plugins/access/index.mjs

@@ -0,0 +1,3 @@
+import { createAccessControl, role } from "./access.mjs";
+
+export { createAccessControl, role };

package/dist/plugins/access/types.d.mts

@@ -0,0 +1,17 @@
+import { AuthorizeResponse, createAccessControl } from "./access.mjs";
+import { LiteralString } from "@better-auth/core";
+
+//#region src/plugins/access/types.d.ts
+type SubArray<T extends unknown[] | readonly unknown[] | any[]> = T[number][] | ReadonlyArray<T[number]>;
+type Subset<K extends keyof R, R extends Record<string | LiteralString, readonly string[] | readonly LiteralString[]>> = { [P in K]: SubArray<R[P]> };
+type Statements = {
+  readonly [resource: string]: readonly LiteralString[];
+};
+type AccessControl<TStatements extends Statements = Statements> = ReturnType<typeof createAccessControl<TStatements>>;
+type Role<TStatements extends Statements = Record<string, any>> = {
+  authorize: (request: any, connector?: ("OR" | "AND") | undefined) => AuthorizeResponse;
+  statements: TStatements;
+};
+//#endregion
+export { AccessControl, Role, Statements, SubArray, Subset };
+//# sourceMappingURL=types.d.mts.map

package/dist/plugins/additional-fields/client.d.mts

@@ -0,0 +1,96 @@
+import { BetterAuthOptions, BetterAuthPlugin } from "@better-auth/core";
+import { DBFieldAttribute } from "@better-auth/core/db";
+
+//#region src/plugins/additional-fields/client.d.ts
+declare const inferAdditionalFields: <T, S extends {
+  user?: {
+    [key: string]: DBFieldAttribute;
+  } | undefined;
+  session?: {
+    [key: string]: DBFieldAttribute;
+  } | undefined;
+} = {}>(schema?: S | undefined) => {
+  id: "additional-fields-client";
+  $InferServerPlugin: ((T extends BetterAuthOptions ? T : T extends {
+    options: BetterAuthOptions;
+  } ? T["options"] : never) extends never ? S extends {
+    user?: {
+      [key: string]: DBFieldAttribute;
+    } | undefined;
+    session?: {
+      [key: string]: DBFieldAttribute;
+    } | undefined;
+  } ? {
+    id: "additional-fields-client";
+    schema: {
+      user: {
+        fields: S["user"] extends object ? S["user"] : {};
+      };
+      session: {
+        fields: S["session"] extends object ? S["session"] : {};
+      };
+    };
+  } : never : (T extends BetterAuthOptions ? T : T extends {
+    options: BetterAuthOptions;
+  } ? T["options"] : never) extends BetterAuthOptions ? {
+    id: "additional-fields";
+    schema: {
+      user: {
+        fields: (T extends BetterAuthOptions ? T : T extends {
+          options: BetterAuthOptions;
+        } ? T["options"] : never)["user"] extends {
+          additionalFields: infer U;
+        } ? U : {};
+      };
+      session: {
+        fields: (T extends BetterAuthOptions ? T : T extends {
+          options: BetterAuthOptions;
+        } ? T["options"] : never)["session"] extends {
+          additionalFields: infer U;
+        } ? U : {};
+      };
+    };
+  } : never) extends BetterAuthPlugin ? (T extends BetterAuthOptions ? T : T extends {
+    options: BetterAuthOptions;
+  } ? T["options"] : never) extends never ? S extends {
+    user?: {
+      [key: string]: DBFieldAttribute;
+    } | undefined;
+    session?: {
+      [key: string]: DBFieldAttribute;
+    } | undefined;
+  } ? {
+    id: "additional-fields-client";
+    schema: {
+      user: {
+        fields: S["user"] extends object ? S["user"] : {};
+      };
+      session: {
+        fields: S["session"] extends object ? S["session"] : {};
+      };
+    };
+  } : never : (T extends BetterAuthOptions ? T : T extends {
+    options: BetterAuthOptions;
+  } ? T["options"] : never) extends BetterAuthOptions ? {
+    id: "additional-fields";
+    schema: {
+      user: {
+        fields: (T extends BetterAuthOptions ? T : T extends {
+          options: BetterAuthOptions;
+        } ? T["options"] : never)["user"] extends {
+          additionalFields: infer U;
+        } ? U : {};
+      };
+      session: {
+        fields: (T extends BetterAuthOptions ? T : T extends {
+          options: BetterAuthOptions;
+        } ? T["options"] : never)["session"] extends {
+          additionalFields: infer U;
+        } ? U : {};
+      };
+    };
+  } : never : undefined;
+};
+//#endregion
+export { inferAdditionalFields };
+//# sourceMappingURL=client.d.mts.map

package/dist/plugins/additional-fields/client.mjs

@@ -0,0 +1,11 @@
+//#region src/plugins/additional-fields/client.ts
+const inferAdditionalFields = (schema) => {
+	return {
+		id: "additional-fields-client",
+		$InferServerPlugin: {}
+	};
+};
+
+//#endregion
+export { inferAdditionalFields };
+//# sourceMappingURL=client.mjs.map

package/dist/plugins/additional-fields/client.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.mjs","names":[],"sources":["../../../src/plugins/additional-fields/client.ts"],"sourcesContent":["import type {\n\tBetterAuthClientPlugin,\n\tBetterAuthOptions,\n\tBetterAuthPlugin,\n} from \"@better-auth/core\";\nimport type { DBFieldAttribute } from \"@better-auth/core/db\";\n\nexport const inferAdditionalFields = <\n\tT,\n\tS extends {\n\t\tuser?:\n\t\t\t| {\n\t\t\t\t\t[key: string]: DBFieldAttribute;\n\t\t\t  }\n\t\t\t| undefined;\n\t\tsession?:\n\t\t\t| {\n\t\t\t\t\t[key: string]: DBFieldAttribute;\n\t\t\t  }\n\t\t\t| undefined;\n\t} = {},\n>(\n\tschema?: S | undefined,\n) => {\n\ttype Opts = T extends BetterAuthOptions\n\t\t? T\n\t\t: T extends {\n\t\t\t\t\toptions: BetterAuthOptions;\n\t\t\t\t}\n\t\t\t? T[\"options\"]\n\t\t\t: never;\n\n\ttype Plugin = Opts extends never\n\t\t? S extends {\n\t\t\t\tuser?:\n\t\t\t\t\t| {\n\t\t\t\t\t\t\t[key: string]: DBFieldAttribute;\n\t\t\t\t\t  }\n\t\t\t\t\t| undefined;\n\t\t\t\tsession?:\n\t\t\t\t\t| {\n\t\t\t\t\t\t\t[key: string]: DBFieldAttribute;\n\t\t\t\t\t  }\n\t\t\t\t\t| undefined;\n\t\t\t}\n\t\t\t? {\n\t\t\t\t\tid: \"additional-fields-client\";\n\t\t\t\t\tschema: {\n\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\tfields: S[\"user\"] extends object ? S[\"user\"] : {};\n\t\t\t\t\t\t};\n\t\t\t\t\t\tsession: {\n\t\t\t\t\t\t\tfields: S[\"session\"] extends object ? S[\"session\"] : {};\n\t\t\t\t\t\t};\n\t\t\t\t\t};\n\t\t\t\t}\n\t\t\t: never\n\t\t: Opts extends BetterAuthOptions\n\t\t\t? {\n\t\t\t\t\tid: \"additional-fields\";\n\t\t\t\t\tschema: {\n\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\tfields: Opts[\"user\"] extends {\n\t\t\t\t\t\t\t\tadditionalFields: infer U;\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t? U\n\t\t\t\t\t\t\t\t: {};\n\t\t\t\t\t\t};\n\t\t\t\t\t\tsession: {\n\t\t\t\t\t\t\tfields: Opts[\"session\"] extends {\n\t\t\t\t\t\t\t\tadditionalFields: infer U;\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t? U\n\t\t\t\t\t\t\t\t: {};\n\t\t\t\t\t\t};\n\t\t\t\t\t};\n\t\t\t\t}\n\t\t\t: never;\n\n\treturn {\n\t\tid: \"additional-fields-client\",\n\t\t$InferServerPlugin: {} as Plugin extends BetterAuthPlugin\n\t\t\t? Plugin\n\t\t\t: undefined,\n\t} satisfies BetterAuthClientPlugin;\n};\n"],"mappings":";AAOA,MAAa,yBAeZ,WACI;AAwDJ,QAAO;EACN,IAAI;EACJ,oBAAoB,EAAE;EAGtB"}

package/dist/plugins/admin/access/index.d.mts

@@ -0,0 +1,2 @@
+import { adminAc, defaultAc, defaultRoles, defaultStatements, userAc } from "./statement.mjs";
+export { adminAc, defaultAc, defaultRoles, defaultStatements, userAc };

package/dist/plugins/admin/access/index.mjs

@@ -0,0 +1,3 @@
+import { adminAc, defaultAc, defaultRoles, defaultStatements, userAc } from "./statement.mjs";
+
+export { adminAc, defaultAc, defaultRoles, defaultStatements, userAc };

package/dist/plugins/admin/access/statement.d.mts

@@ -0,0 +1,118 @@
+import { Subset } from "../../access/types.mjs";
+import { AuthorizeResponse } from "../../access/access.mjs";
+import "../../index.mjs";
+
+//#region src/plugins/admin/access/statement.d.ts
+declare const defaultStatements: {
+  readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "delete", "set-password", "get", "update"];
+  readonly session: readonly ["list", "revoke", "delete"];
+};
+declare const defaultAc: {
+  newRole<K extends "user" | "session">(statements: Subset<K, {
+    readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "delete", "set-password", "get", "update"];
+    readonly session: readonly ["list", "revoke", "delete"];
+  }>): {
+    authorize<K_1 extends K>(request: K_1 extends infer T extends keyof Subset<K, {
+      readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "delete", "set-password", "get", "update"];
+      readonly session: readonly ["list", "revoke", "delete"];
+    }> ? { [key in T]?: Subset<K, {
+      readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "delete", "set-password", "get", "update"];
+      readonly session: readonly ["list", "revoke", "delete"];
+    }>[key] | {
+      actions: Subset<K, {
+        readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "delete", "set-password", "get", "update"];
+        readonly session: readonly ["list", "revoke", "delete"];
+      }>[key];
+      connector: "OR" | "AND";
+    } | undefined } : never, connector?: "OR" | "AND"): AuthorizeResponse;
+    statements: Subset<K, {
+      readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "delete", "set-password", "get", "update"];
+      readonly session: readonly ["list", "revoke", "delete"];
+    }>;
+  };
+  statements: {
+    readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "delete", "set-password", "get", "update"];
+    readonly session: readonly ["list", "revoke", "delete"];
+  };
+};
+declare const adminAc: {
+  authorize<K extends "user" | "session">(request: K extends infer T extends keyof Subset<"user" | "session", {
+    readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "delete", "set-password", "get", "update"];
+    readonly session: readonly ["list", "revoke", "delete"];
+  }> ? { [key in T]?: Subset<"user" | "session", {
+    readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "delete", "set-password", "get", "update"];
+    readonly session: readonly ["list", "revoke", "delete"];
+  }>[key] | {
+    actions: Subset<"user" | "session", {
+      readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "delete", "set-password", "get", "update"];
+      readonly session: readonly ["list", "revoke", "delete"];
+    }>[key];
+    connector: "OR" | "AND";
+  } | undefined } : never, connector?: "OR" | "AND"): AuthorizeResponse;
+  statements: Subset<"user" | "session", {
+    readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "delete", "set-password", "get", "update"];
+    readonly session: readonly ["list", "revoke", "delete"];
+  }>;
+};
+declare const userAc: {
+  authorize<K extends "user" | "session">(request: K extends infer T extends keyof Subset<"user" | "session", {
+    readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "delete", "set-password", "get", "update"];
+    readonly session: readonly ["list", "revoke", "delete"];
+  }> ? { [key in T]?: Subset<"user" | "session", {
+    readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "delete", "set-password", "get", "update"];
+    readonly session: readonly ["list", "revoke", "delete"];
+  }>[key] | {
+    actions: Subset<"user" | "session", {
+      readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "delete", "set-password", "get", "update"];
+      readonly session: readonly ["list", "revoke", "delete"];
+    }>[key];
+    connector: "OR" | "AND";
+  } | undefined } : never, connector?: "OR" | "AND"): AuthorizeResponse;
+  statements: Subset<"user" | "session", {
+    readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "delete", "set-password", "get", "update"];
+    readonly session: readonly ["list", "revoke", "delete"];
+  }>;
+};
+declare const defaultRoles: {
+  admin: {
+    authorize<K extends "user" | "session">(request: K extends infer T extends keyof Subset<"user" | "session", {
+      readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "delete", "set-password", "get", "update"];
+      readonly session: readonly ["list", "revoke", "delete"];
+    }> ? { [key in T]?: Subset<"user" | "session", {
+      readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "delete", "set-password", "get", "update"];
+      readonly session: readonly ["list", "revoke", "delete"];
+    }>[key] | {
+      actions: Subset<"user" | "session", {
+        readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "delete", "set-password", "get", "update"];
+        readonly session: readonly ["list", "revoke", "delete"];
+      }>[key];
+      connector: "OR" | "AND";
+    } | undefined } : never, connector?: "OR" | "AND"): AuthorizeResponse;
+    statements: Subset<"user" | "session", {
+      readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "delete", "set-password", "get", "update"];
+      readonly session: readonly ["list", "revoke", "delete"];
+    }>;
+  };
+  user: {
+    authorize<K extends "user" | "session">(request: K extends infer T extends keyof Subset<"user" | "session", {
+      readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "delete", "set-password", "get", "update"];
+      readonly session: readonly ["list", "revoke", "delete"];
+    }> ? { [key in T]?: Subset<"user" | "session", {
+      readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "delete", "set-password", "get", "update"];
+      readonly session: readonly ["list", "revoke", "delete"];
+    }>[key] | {
+      actions: Subset<"user" | "session", {
+        readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "delete", "set-password", "get", "update"];
+        readonly session: readonly ["list", "revoke", "delete"];
+      }>[key];
+      connector: "OR" | "AND";
+    } | undefined } : never, connector?: "OR" | "AND"): AuthorizeResponse;
+    statements: Subset<"user" | "session", {
+      readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "delete", "set-password", "get", "update"];
+      readonly session: readonly ["list", "revoke", "delete"];
+    }>;
+  };
+};
+//#endregion
+export { adminAc, defaultAc, defaultRoles, defaultStatements, userAc };
+//# sourceMappingURL=statement.d.mts.map

package/dist/plugins/admin/access/statement.mjs

@@ -0,0 +1,53 @@
+import { createAccessControl } from "../../access/access.mjs";
+import "../../access/index.mjs";
+
+//#region src/plugins/admin/access/statement.ts
+const defaultStatements = {
+	user: [
+		"create",
+		"list",
+		"set-role",
+		"ban",
+		"impersonate",
+		"delete",
+		"set-password",
+		"get",
+		"update"
+	],
+	session: [
+		"list",
+		"revoke",
+		"delete"
+	]
+};
+const defaultAc = createAccessControl(defaultStatements);
+const adminAc = defaultAc.newRole({
+	user: [
+		"create",
+		"list",
+		"set-role",
+		"ban",
+		"impersonate",
+		"delete",
+		"set-password",
+		"get",
+		"update"
+	],
+	session: [
+		"list",
+		"revoke",
+		"delete"
+	]
+});
+const userAc = defaultAc.newRole({
+	user: [],
+	session: []
+});
+const defaultRoles = {
+	admin: adminAc,
+	user: userAc
+};
+
+//#endregion
+export { adminAc, defaultAc, defaultRoles, defaultStatements, userAc };
+//# sourceMappingURL=statement.mjs.map

package/dist/plugins/admin/access/statement.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"statement.mjs","names":[],"sources":["../../../../src/plugins/admin/access/statement.ts"],"sourcesContent":["import { createAccessControl } from \"../../access\";\n\nexport const defaultStatements = {\n\tuser: [\n\t\t\"create\",\n\t\t\"list\",\n\t\t\"set-role\",\n\t\t\"ban\",\n\t\t\"impersonate\",\n\t\t\"delete\",\n\t\t\"set-password\",\n\t\t\"get\",\n\t\t\"update\",\n\t],\n\tsession: [\"list\", \"revoke\", \"delete\"],\n} as const;\n\nexport const defaultAc = createAccessControl(defaultStatements);\n\nexport const adminAc = defaultAc.newRole({\n\tuser: [\n\t\t\"create\",\n\t\t\"list\",\n\t\t\"set-role\",\n\t\t\"ban\",\n\t\t\"impersonate\",\n\t\t\"delete\",\n\t\t\"set-password\",\n\t\t\"get\",\n\t\t\"update\",\n\t],\n\tsession: [\"list\", \"revoke\", \"delete\"],\n});\n\nexport const userAc = defaultAc.newRole({\n\tuser: [],\n\tsession: [],\n});\n\nexport const defaultRoles = {\n\tadmin: adminAc,\n\tuser: userAc,\n};\n"],"mappings":";;;;AAEA,MAAa,oBAAoB;CAChC,MAAM;EACL;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;CACD,SAAS;EAAC;EAAQ;EAAU;EAAS;CACrC;AAED,MAAa,YAAY,oBAAoB,kBAAkB;AAE/D,MAAa,UAAU,UAAU,QAAQ;CACxC,MAAM;EACL;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;CACD,SAAS;EAAC;EAAQ;EAAU;EAAS;CACrC,CAAC;AAEF,MAAa,SAAS,UAAU,QAAQ;CACvC,MAAM,EAAE;CACR,SAAS,EAAE;CACX,CAAC;AAEF,MAAa,eAAe;CAC3B,OAAO;CACP,MAAM;CACN"}