@spinajs/rbac-http 1.2.125 → 1.2.127

package/lib/decorators.d.ts

@@ -1,5 +1,6 @@
-import { PermissionType } from './interfaces';
+import { IRbacDescriptor, PermissionType } from './interfaces';
 export declare const ACL_CONTROLLER_DESCRIPTOR: unique symbol;
+export declare function setRbacMetadata(target: any, callback: (meta: IRbacDescriptor) => void): void;
 /**
  * Assign resource for controller
  *

package/lib/decorators.js

@@ -1,9 +1,24 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.FromUser = exports.Permission = exports.Resource = exports.ACL_CONTROLLER_DESCRIPTOR = void 0;
+exports.FromUser = exports.Permission = exports.Resource = exports.setRbacMetadata = exports.ACL_CONTROLLER_DESCRIPTOR = void 0;
 const http_1 = require("@spinajs/http");
 const policies_1 = require("./policies");
 exports.ACL_CONTROLLER_DESCRIPTOR = Symbol('ACL_CONTROLLER_DESCRIPTOR_SYMBOL');
+function setRbacMetadata(target, callback) {
+    let metadata = Reflect.getMetadata(exports.ACL_CONTROLLER_DESCRIPTOR, target.prototype || target);
+    if (!metadata) {
+        metadata = {
+            Resource: '',
+            Routes: new Map(),
+            Permission: 'readOwn',
+        };
+        Reflect.defineMetadata(exports.ACL_CONTROLLER_DESCRIPTOR, metadata, target.prototype || target);
+    }
+    if (callback) {
+        callback(metadata);
+    }
+}
+exports.setRbacMetadata = setRbacMetadata;
 function descriptor(callback) {
     return (target, propertyKey, indexOrDescriptor) => {
         let metadata = Reflect.getMetadata(exports.ACL_CONTROLLER_DESCRIPTOR, target.prototype || target);
@@ -28,7 +43,7 @@ function descriptor(callback) {
  */
 function Resource(resource, permission = 'readOwn') {
     return descriptor((metadata, target) => {
-        (0, http_1.Policy)(policies_1.AclPolicy)(target, null, null);
+        (0, http_1.Policy)(policies_1.RbacPolicy)(target, null, null);
         metadata.Resource = resource;
         metadata.Permission = permission;
     });
@@ -54,7 +69,7 @@ function Permission(permission = 'readOwn') {
             }
             metadata.Routes.set(propertyKey, route);
         }
-        (0, http_1.Policy)(policies_1.AclPolicy)(target, propertyKey, null);
+        (0, http_1.Policy)(policies_1.RbacPolicy)(target, propertyKey, null);
     });
 }
 exports.Permission = Permission;

package/lib/decorators.js.map

@@ -1 +1 @@
-{"version":3,"file":"decorators.js","sourceRoot":"","sources":["../src/decorators.ts"],"names":[],"mappings":";;;AACA,wCAAyD;AACzD,yCAAuC;AAE1B,QAAA,yBAAyB,GAAG,MAAM,CAAC,kCAAkC,CAAC,CAAC;AAEpF,SAAS,UAAU,CAAC,QAAyI;IAC3J,OAAO,CAAC,MAAW,EAAE,WAA4B,EAAE,iBAA8C,EAAE,EAAE;QACnG,IAAI,QAAQ,GAAmB,OAAO,CAAC,WAAW,CAAC,iCAAyB,EAAE,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,CAAC;QAC1G,IAAI,CAAC,QAAQ,EAAE;YACb,QAAQ,GAAG;gBACT,QAAQ,EAAE,EAAE;gBACZ,MAAM,EAAE,IAAI,GAAG,EAAyC;gBACxD,UAAU,EAAE,SAAS;aACtB,CAAC;YAEF,OAAO,CAAC,cAAc,CAAC,iCAAyB,EAAE,QAAQ,EAAE,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,CAAC;SACzF;QAED,IAAI,QAAQ,EAAE;YACZ,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,iBAAiB,CAAC,CAAC;SAC5D;IACH,CAAC,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAgB,QAAQ,CAAC,QAAgB,EAAE,aAA6B,SAAS;IAC/E,OAAO,UAAU,CAAC,CAAC,QAAwB,EAAE,MAAW,EAAE,EAAE;QAC1D,IAAA,aAAM,EAAC,oBAAS,CAAC,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;QAEtC,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAC7B,QAAQ,CAAC,UAAU,GAAG,UAAU,CAAC;IACnC,CAAC,CAAC,CAAC;AACL,CAAC;AAPD,4BAOC;AAED;;;;;GAKG;AACH,SAAgB,UAAU,CAAC,aAA6B,SAAS;IAC/D,OAAO,UAAU,CAAC,CAAC,QAAwB,EAAE,MAAW,EAAE,WAAmB,EAAE,EAAE;QAC/E,IAAI,KAAK,GAAkC,IAAI,CAAC;QAEhD,IAAI,WAAW,EAAE;YACf,IAAI,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE;gBACpC,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;aAC1C;iBAAM;gBACL,KAAK,GAAG;oBACN,UAAU,EAAE,UAAU;iBACvB,CAAC;aACH;YAED,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;SACzC;QAED,IAAA,aAAM,EAAC,oBAAS,CAAC,CAAC,MAAM,EAAE,WAAW,EAAE,IAAI,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;AACL,CAAC;AAlBD,gCAkBC;AAED,SAAgB,QAAQ;IACtB,OAAO,IAAA,YAAK,EAAC,IAAA,gBAAS,EAAC,SAAS,CAAC,CAAC,CAAC;AACrC,CAAC;AAFD,4BAEC"}
+{"version":3,"file":"decorators.js","sourceRoot":"","sources":["../src/decorators.ts"],"names":[],"mappings":";;;AACA,wCAAyD;AACzD,yCAAwC;AAE3B,QAAA,yBAAyB,GAAG,MAAM,CAAC,kCAAkC,CAAC,CAAC;AAEpF,SAAgB,eAAe,CAAC,MAAW,EAAE,QAAyC;IACpF,IAAI,QAAQ,GAAoB,OAAO,CAAC,WAAW,CAAC,iCAAyB,EAAE,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,CAAC;IAC3G,IAAI,CAAC,QAAQ,EAAE;QACb,QAAQ,GAAG;YACT,QAAQ,EAAE,EAAE;YACZ,MAAM,EAAE,IAAI,GAAG,EAA0C;YACzD,UAAU,EAAE,SAAS;SACtB,CAAC;QAEF,OAAO,CAAC,cAAc,CAAC,iCAAyB,EAAE,QAAQ,EAAE,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,CAAC;KACzF;IAED,IAAI,QAAQ,EAAE;QACZ,QAAQ,CAAC,QAAQ,CAAC,CAAC;KACpB;AACH,CAAC;AAfD,0CAeC;AAED,SAAS,UAAU,CAAC,QAA0I;IAC5J,OAAO,CAAC,MAAW,EAAE,WAA4B,EAAE,iBAA8C,EAAE,EAAE;QACnG,IAAI,QAAQ,GAAoB,OAAO,CAAC,WAAW,CAAC,iCAAyB,EAAE,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,CAAC;QAC3G,IAAI,CAAC,QAAQ,EAAE;YACb,QAAQ,GAAG;gBACT,QAAQ,EAAE,EAAE;gBACZ,MAAM,EAAE,IAAI,GAAG,EAA0C;gBACzD,UAAU,EAAE,SAAS;aACtB,CAAC;YAEF,OAAO,CAAC,cAAc,CAAC,iCAAyB,EAAE,QAAQ,EAAE,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,CAAC;SACzF;QAED,IAAI,QAAQ,EAAE;YACZ,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,iBAAiB,CAAC,CAAC;SAC5D;IACH,CAAC,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAgB,QAAQ,CAAC,QAAgB,EAAE,aAA6B,SAAS;IAC/E,OAAO,UAAU,CAAC,CAAC,QAAyB,EAAE,MAAW,EAAE,EAAE;QAC3D,IAAA,aAAM,EAAC,qBAAU,CAAC,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;QAEvC,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAC7B,QAAQ,CAAC,UAAU,GAAG,UAAU,CAAC;IACnC,CAAC,CAAC,CAAC;AACL,CAAC;AAPD,4BAOC;AAED;;;;;GAKG;AACH,SAAgB,UAAU,CAAC,aAA6B,SAAS;IAC/D,OAAO,UAAU,CAAC,CAAC,QAAyB,EAAE,MAAW,EAAE,WAAmB,EAAE,EAAE;QAChF,IAAI,KAAK,GAAmC,IAAI,CAAC;QAEjD,IAAI,WAAW,EAAE;YACf,IAAI,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE;gBACpC,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;aAC1C;iBAAM;gBACL,KAAK,GAAG;oBACN,UAAU,EAAE,UAAU;iBACvB,CAAC;aACH;YAED,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;SACzC;QAED,IAAA,aAAM,EAAC,qBAAU,CAAC,CAAC,MAAM,EAAE,WAAW,EAAE,IAAI,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;AACL,CAAC;AAlBD,gCAkBC;AAED,SAAgB,QAAQ;IACtB,OAAO,IAAA,YAAK,EAAC,IAAA,gBAAS,EAAC,SAAS,CAAC,CAAC,CAAC;AACrC,CAAC;AAFD,4BAEC"}

package/lib/interfaces.d.ts

@@ -1,5 +1,5 @@
 export declare type PermissionType = 'readAny' | 'readOwn' | 'updateAny' | 'updateOwn' | 'deleteAny' | 'deleteOwn' | 'createAny' | 'createOwn';
-export interface IAclDescriptor {
+export interface IRbacDescriptor {
     /**
      * Resource name
      */
@@ -13,9 +13,9 @@ export interface IAclDescriptor {
     /**
      * Per routes permissions
      */
-    Routes: Map<string, IAclRoutePermissionDescriptor>;
+    Routes: Map<string, IRbacRoutePermissionDescriptor>;
 }
-export interface IAclRoutePermissionDescriptor {
+export interface IRbacRoutePermissionDescriptor {
     /**
      * controller route permission. It overrides acl descriptor options
      */

package/lib/policies.d.ts

@@ -1,9 +1,13 @@
-import { AccessControl } from '@spinajs/rbac';
+import { AccessControl, Permission } from 'accesscontrol';
 import { BasePolicy, IController, IRoute } from '@spinajs/http';
 import * as express from 'express';
-export declare class AclPolicy extends BasePolicy {
+import { User } from '@spinajs/rbac';
+export declare class RbacPolicy extends BasePolicy {
     protected Ac: AccessControl;
     constructor();
     isEnabled(_action: IRoute, _instance: IController): boolean;
     execute(req: express.Request, action: IRoute, instance: IController): Promise<void>;
 }
+export declare function checkRbacPermission(role: string | string[], resource: string, permission: string): Permission;
+export declare function checkUserPermission(user: User, resource: string, permission: string): Permission;
+export declare function checkRoutePermission(req: express.Request, resource: string, permission: string): Permission;

package/lib/policies.js

@@ -1,11 +1,11 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.AclPolicy = void 0;
+exports.checkRoutePermission = exports.checkUserPermission = exports.checkRbacPermission = exports.RbacPolicy = void 0;
 const http_1 = require("@spinajs/http");
 const exceptions_1 = require("@spinajs/exceptions");
 const decorators_1 = require("./decorators");
 const di_1 = require("@spinajs/di");
-class AclPolicy extends http_1.BasePolicy {
+class RbacPolicy extends http_1.BasePolicy {
     constructor() {
         super();
         this.Ac = di_1.DI.get('AccessControl');
@@ -28,10 +28,30 @@ class AclPolicy extends http_1.BasePolicy {
         if (!req.User) {
             throw new exceptions_1.AuthenticationFailed();
         }
-        if (!this.Ac.can(req.User.Role.split(',')).resource(descriptor.Resource)[permission]()) {
+        if (!checkRoutePermission(req, descriptor.Resource, permission).granted) {
             throw new exceptions_1.Forbidden(`role(s) ${req.User.Role} does not have permission ${permission} for resource ${descriptor.Resource}`);
         }
     }
 }
-exports.AclPolicy = AclPolicy;
+exports.RbacPolicy = RbacPolicy;
+function checkRbacPermission(role, resource, permission) {
+    const ac = di_1.DI.get('AccessControl');
+    return ac.can(role)[permission](resource);
+}
+exports.checkRbacPermission = checkRbacPermission;
+function checkUserPermission(user, resource, permission) {
+    const ac = di_1.DI.get('AccessControl');
+    if (!user) {
+        return null;
+    }
+    return ac.can(user.Role.split(','))[permission](resource);
+}
+exports.checkUserPermission = checkUserPermission;
+function checkRoutePermission(req, resource, permission) {
+    if (!req.User) {
+        return null;
+    }
+    return checkUserPermission(req.User, resource, permission);
+}
+exports.checkRoutePermission = checkRoutePermission;
 //# sourceMappingURL=policies.js.map

package/lib/policies.js.map

@@ -1 +1 @@
-{"version":3,"file":"policies.js","sourceRoot":"","sources":["../src/policies.ts"],"names":[],"mappings":";;;AACA,wCAAgE;AAEhE,oDAAsE;AACtE,6CAAyD;AAEzD,oCAAiC;AAEjC,MAAa,SAAU,SAAQ,iBAAU;IAGvC;QACE,KAAK,EAAE,CAAC;QAER,IAAI,CAAC,EAAE,GAAG,OAAE,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IACpC,CAAC;IAEM,SAAS,CAAC,OAAe,EAAE,SAAsB;QACtD,0BAA0B;QAC1B,OAAO,IAAI,CAAC;IACd,CAAC;IAEM,KAAK,CAAC,OAAO,CAAC,GAAoB,EAAE,MAAc,EAAE,QAAqB;;QAC9E,MAAM,UAAU,GAAmB,OAAO,CAAC,WAAW,CAAC,sCAAyB,EAAE,QAAQ,CAAC,CAAC;QAC5F,IAAI,UAAU,GAAG,MAAA,UAAU,CAAC,UAAU,mCAAI,EAAE,CAAC;QAE7C,wCAAwC;QACxC,IAAI,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE;YACxC,UAAU,GAAG,MAAA,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,UAAU,mCAAI,EAAE,CAAC;SACpE;QAED,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE;YACzC,MAAM,IAAI,sBAAS,CAAC,2CAA2C,CAAC,CAAC;SAClE;QAED,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE;YACb,MAAM,IAAI,iCAAoB,EAAE,CAAC;SAClC;QAED,IAAI,CAAE,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,QAAQ,CAAS,CAAC,UAAU,CAAC,EAAE,EAAE;YAC/F,MAAM,IAAI,sBAAS,CAAC,WAAW,GAAG,CAAC,IAAI,CAAC,IAAI,6BAA6B,UAAU,iBAAiB,UAAU,CAAC,QAAQ,EAAE,CAAC,CAAC;SAC5H;IACH,CAAC;CACF;AAnCD,8BAmCC"}
+{"version":3,"file":"policies.js","sourceRoot":"","sources":["../src/policies.ts"],"names":[],"mappings":";;;AACA,wCAAgE;AAEhE,oDAAsE;AACtE,6CAAyD;AAEzD,oCAAiC;AAGjC,MAAa,UAAW,SAAQ,iBAAU;IAGxC;QACE,KAAK,EAAE,CAAC;QAER,IAAI,CAAC,EAAE,GAAG,OAAE,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IACpC,CAAC;IAEM,SAAS,CAAC,OAAe,EAAE,SAAsB;QACtD,0BAA0B;QAC1B,OAAO,IAAI,CAAC;IACd,CAAC;IAEM,KAAK,CAAC,OAAO,CAAC,GAAoB,EAAE,MAAc,EAAE,QAAqB;;QAC9E,MAAM,UAAU,GAAoB,OAAO,CAAC,WAAW,CAAC,sCAAyB,EAAE,QAAQ,CAAC,CAAC;QAC7F,IAAI,UAAU,GAAG,MAAA,UAAU,CAAC,UAAU,mCAAI,EAAE,CAAC;QAE7C,wCAAwC;QACxC,IAAI,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE;YACxC,UAAU,GAAG,MAAA,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,UAAU,mCAAI,EAAE,CAAC;SACpE;QAED,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE;YACzC,MAAM,IAAI,sBAAS,CAAC,2CAA2C,CAAC,CAAC;SAClE;QAED,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE;YACb,MAAM,IAAI,iCAAoB,EAAE,CAAC;SAClC;QAED,IAAI,CAAC,oBAAoB,CAAC,GAAG,EAAE,UAAU,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC,OAAO,EAAE;YACvE,MAAM,IAAI,sBAAS,CAAC,WAAW,GAAG,CAAC,IAAI,CAAC,IAAI,6BAA6B,UAAU,iBAAiB,UAAU,CAAC,QAAQ,EAAE,CAAC,CAAC;SAC5H;IACH,CAAC;CACF;AAnCD,gCAmCC;AAED,SAAgB,mBAAmB,CAAC,IAAuB,EAAE,QAAgB,EAAE,UAAkB;IAC/F,MAAM,EAAE,GAAG,OAAE,CAAC,GAAG,CAAgB,eAAe,CAAC,CAAC;IAClD,OAAQ,EAAE,CAAC,GAAG,CAAC,IAAI,CAAS,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,CAAC;AACrD,CAAC;AAHD,kDAGC;AAED,SAAgB,mBAAmB,CAAC,IAAU,EAAE,QAAgB,EAAE,UAAkB;IAClF,MAAM,EAAE,GAAG,OAAE,CAAC,GAAG,CAAgB,eAAe,CAAC,CAAC;IAElD,IAAI,CAAC,IAAI,EAAE;QACT,OAAO,IAAI,CAAC;KACb;IAED,OAAQ,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAS,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,CAAC;AACrE,CAAC;AARD,kDAQC;AAED,SAAgB,oBAAoB,CAAC,GAAoB,EAAE,QAAgB,EAAE,UAAkB;IAC7F,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE;QACb,OAAO,IAAI,CAAC;KACb;IAED,OAAO,mBAAmB,CAAC,GAAG,CAAC,IAAI,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;AAC7D,CAAC;AAND,oDAMC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@spinajs/rbac-http",
-  "version": "1.2.125",
+  "version": "1.2.127",
   "description": "HTTP API for user session & permissions",
   "main": "lib/index.js",
   "private": false,
@@ -38,17 +38,18 @@
   },
   "homepage": "https://github.com/spinajs/main#readme",
   "dependencies": {
-    "@spinajs/configuration": "^1.2.81",
-    "@spinajs/di": "^1.2.81",
-    "@spinajs/exceptions": "^1.2.81",
-    "@spinajs/log": "^1.2.103",
-    "@spinajs/orm": "^1.2.125",
-    "@spinajs/rbac": "^1.2.125",
-    "@spinajs/reflection": "^1.2.103",
+    "@spinajs/configuration": "^1.2.127",
+    "@spinajs/di": "^1.2.127",
+    "@spinajs/exceptions": "^1.2.127",
+    "@spinajs/log": "^1.2.127",
+    "@spinajs/orm": "^1.2.127",
+    "@spinajs/rbac": "^1.2.127",
+    "@spinajs/reflection": "^1.2.127",
+    "accesscontrol": "^2.2.1",
     "luxon": "^2.4.0"
   },
   "devDependencies": {
-    "@spinajs/orm-sqlite": "^1.2.125"
+    "@spinajs/orm-sqlite": "^1.2.127"
   },
-  "gitHead": "8fa0abc0b4088aa24a6074dcbfff0f55d74c16bf"
+  "gitHead": "53b022d0e70b7f2689ac984578b52afb0fd9e967"
 }