npm - @spinajs/rbac - Versions diffs - 2.0.472 → 2.0.474 - Mend

@spinajs/rbac 2.0.472 → 2.0.474

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (67) hide show

package/lib/cjs/config/rbac.d.ts +35 -0
package/lib/cjs/config/rbac.d.ts.map +1 -1
package/lib/cjs/config/rbac.js +31 -0
package/lib/cjs/config/rbac.js.map +1 -1
package/lib/cjs/events/UserImpersonationEnded.d.ts +12 -0
package/lib/cjs/events/UserImpersonationEnded.d.ts.map +1 -0
package/lib/cjs/events/UserImpersonationEnded.js +32 -0
package/lib/cjs/events/UserImpersonationEnded.js.map +1 -0
package/lib/cjs/events/UserImpersonationStarted.d.ts +12 -0
package/lib/cjs/events/UserImpersonationStarted.d.ts.map +1 -0
package/lib/cjs/events/UserImpersonationStarted.js +32 -0
package/lib/cjs/events/UserImpersonationStarted.js.map +1 -0
package/lib/cjs/events/index.d.ts +2 -0
package/lib/cjs/events/index.d.ts.map +1 -1
package/lib/cjs/events/index.js +2 -0
package/lib/cjs/events/index.js.map +1 -1
package/lib/cjs/impersonation.d.ts +32 -0
package/lib/cjs/impersonation.d.ts.map +1 -0
package/lib/cjs/impersonation.js +97 -0
package/lib/cjs/impersonation.js.map +1 -0
package/lib/cjs/index.d.ts +1 -0
package/lib/cjs/index.d.ts.map +1 -1
package/lib/cjs/index.js +1 -0
package/lib/cjs/index.js.map +1 -1
package/lib/cjs/interfaces.d.ts +12 -0
package/lib/cjs/interfaces.d.ts.map +1 -1
package/lib/cjs/middleware.d.ts +2 -0
package/lib/cjs/middleware.d.ts.map +1 -1
package/lib/cjs/middleware.js +51 -75
package/lib/cjs/middleware.js.map +1 -1
package/lib/cjs/models/User.d.ts.map +1 -1
package/lib/cjs/models/User.js.map +1 -1
package/lib/mjs/config/rbac.d.ts +35 -0
package/lib/mjs/config/rbac.d.ts.map +1 -1
package/lib/mjs/config/rbac.js +31 -0
package/lib/mjs/config/rbac.js.map +1 -1
package/lib/mjs/events/UserImpersonationEnded.d.ts +12 -0
package/lib/mjs/events/UserImpersonationEnded.d.ts.map +1 -0
package/lib/mjs/events/UserImpersonationEnded.js +29 -0
package/lib/mjs/events/UserImpersonationEnded.js.map +1 -0
package/lib/mjs/events/UserImpersonationStarted.d.ts +12 -0
package/lib/mjs/events/UserImpersonationStarted.d.ts.map +1 -0
package/lib/mjs/events/UserImpersonationStarted.js +29 -0
package/lib/mjs/events/UserImpersonationStarted.js.map +1 -0
package/lib/mjs/events/index.d.ts +2 -0
package/lib/mjs/events/index.d.ts.map +1 -1
package/lib/mjs/events/index.js +2 -0
package/lib/mjs/events/index.js.map +1 -1
package/lib/mjs/impersonation.d.ts +32 -0
package/lib/mjs/impersonation.d.ts.map +1 -0
package/lib/mjs/impersonation.js +94 -0
package/lib/mjs/impersonation.js.map +1 -0
package/lib/mjs/index.d.ts +1 -0
package/lib/mjs/index.d.ts.map +1 -1
package/lib/mjs/index.js +1 -0
package/lib/mjs/index.js.map +1 -1
package/lib/mjs/interfaces.d.ts +12 -0
package/lib/mjs/interfaces.d.ts.map +1 -1
package/lib/mjs/middleware.d.ts +2 -0
package/lib/mjs/middleware.d.ts.map +1 -1
package/lib/mjs/middleware.js +52 -76
package/lib/mjs/middleware.js.map +1 -1
package/lib/mjs/models/User.d.ts.map +1 -1
package/lib/mjs/models/User.js.map +1 -1
package/lib/tsconfig.cjs.tsbuildinfo +1 -1
package/lib/tsconfig.mjs.tsbuildinfo +1 -1
package/package.json +11 -11

package/lib/cjs/config/rbac.d.ts CHANGED Viewed

@@ -42,6 +42,12 @@ declare const rbac: {
             UserRoleRevoked: {
                 connection: string;
             };
+            UserImpersonationStarted: {
+                connection: string;
+            };
+            UserImpersonationEnded: {
+                connection: string;
+            };
         };
         connections: {
             name: string;
@@ -195,6 +201,35 @@ declare const rbac: {
          * Column name in database where role is stored, by default is "Role", but if your user table has different column name, you can change it here
          */
         roleColumn: string;
+        /**
+         * Role switching behavior. Users with multiple roles can switch the
+         * currently active role via /auth/active-role.
+         */
+        roleSwitch: {
+            /**
+             * Roles whose activation requires the user to re-enter their password.
+             * Use to gate privileged role switches (e.g. 'admin', 'system').
+             */
+            requirePassword: string[];
+        };
+        /**
+         * Impersonation lets a privileged user (createAny on virtual resource
+         * 'user:impersonate') act as another user for the rest of the session.
+         * Example admin grant:
+         *   admin: { 'user:impersonate': { 'create:any': ['*'] } }
+         */
+        impersonation: {
+            /**
+             * When true, starting impersonation requires the impersonator to
+             * re-enter their password as a confirmation step.
+             */
+            requirePassword: boolean;
+            /**
+             * Targets whose role list intersects this set cannot be impersonated.
+             * 'system' is reserved for internal automation and is blocked by default.
+             */
+            protectedRoles: string[];
+        };
     };
 };
 export default rbac;

package/lib/cjs/config/rbac.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"rbac.d.ts","sourceRoot":"","sources":["../../../src/config/rbac.ts"],"names":[],"mappings":"AAcA,QAAA,MAAM,IAAI~~;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;YAmLJ~~;;eAEG;;;;;YASH;;eAEG;;;;;;;;;;QAcL;;WAEG;;QAEH;;;;;eAKO;;;8BAGiB,KAAK,CAAC,QAAQ,CAAC;6BAChB,KAAK,CAAC,QAAQ,CAAC;;;QAMtC;;WAEG;;;~~CAGN~~,CAAC;AAEF,eAAe,IAAI,CAAC"}
1	+ {"version":3,"file":"rbac.d.ts","sourceRoot":"","sources":["../../../src/config/rbac.ts"],"names":[],"mappings":"AAcA,QAAA,MAAM,IAAI;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;YAqLJ;;eAEG;;;;;YASH;;eAEG;;;;;;;;;;QAcL;;WAEG;;QAEH;;;;;eAKO;;;8BAGiB,KAAK,CAAC,QAAQ,CAAC;6BAChB,KAAK,CAAC,QAAQ,CAAC;;;QAMtC;;WAEG;;QAGH;;;WAGG;;YAED;;;eAGG;6BACoB,MAAM,EAAE;;QAGjC;;;;;WAKG;;YAED;;;eAGG;;YAGH;;;eAGG;4BAC2B,MAAM,EAAE;;;CAG3C,CAAC;AAEF,eAAe,IAAI,CAAC"}

package/lib/cjs/config/rbac.js CHANGED Viewed

@@ -29,6 +29,8 @@ const rbac = {
             UserPasswordChangeRequest: { connection: 'rbac-user-empty-queue' },
             UserRoleGranted: { connection: 'rbac-user-empty-queue' },
             UserRoleRevoked: { connection: 'rbac-user-empty-queue' },
+            UserImpersonationStarted: { connection: 'rbac-user-empty-queue' },
+            UserImpersonationEnded: { connection: 'rbac-user-empty-queue' },
         },
         // by default all events from rbac module are routed to rbac-user-empty-queue
         // and is using empty sink ( no events are sent )
@@ -210,6 +212,35 @@ const rbac = {
          * Column name in database where role is stored, by default is "Role", but if your user table has different column name, you can change it here
          */
         roleColumn: 'Role',
+        /**
+         * Role switching behavior. Users with multiple roles can switch the
+         * currently active role via /auth/active-role.
+         */
+        roleSwitch: {
+            /**
+             * Roles whose activation requires the user to re-enter their password.
+             * Use to gate privileged role switches (e.g. 'admin', 'system').
+             */
+            requirePassword: [],
+        },
+        /**
+         * Impersonation lets a privileged user (createAny on virtual resource
+         * 'user:impersonate') act as another user for the rest of the session.
+         * Example admin grant:
+         *   admin: { 'user:impersonate': { 'create:any': ['*'] } }
+         */
+        impersonation: {
+            /**
+             * When true, starting impersonation requires the impersonator to
+             * re-enter their password as a confirmation step.
+             */
+            requirePassword: true,
+            /**
+             * Targets whose role list intersects this set cannot be impersonated.
+             * 'system' is reserved for internal automation and is blocked by default.
+             */
+            protectedRoles: ['system'],
+        },
     },
 };
 exports.default = rbac;

package/lib/cjs/config/rbac.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"rbac.js","sourceRoot":"","sources":["../../../src/config/rbac.ts"],"names":[],"mappings":";;AAAA,+BAAgD;AAEhD,SAAS,GAAG,CAAC,IAAY;IACvB,MAAM,UAAU,GAAG,OAAO,MAAM,KAAK,WAAW,CAAC;IACjD,OAAO;QACL,IAAA,cAAO,EAAC,IAAA,gBAAS,EAAC,IAAA,WAAI,EAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,OAAO,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC;QAEvJ,4CAA4C;QAC5C,IAAA,cAAO,EAAC,IAAA,gBAAS,EAAC,IAAA,WAAI,EAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,OAAO,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC;KAC/J,CAAC;AACJ,CAAC;AAID,MAAM,IAAI,GAAG;IACX,MAAM,EAAE;QACN,IAAI,EAAE;YACJ,GAAG,EAAE,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC;SACrB;KACF;IACD,KAAK,EAAE;QACL,OAAO,EAAE;YACP,OAAO,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YAChD,aAAa,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YACtD,UAAU,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YACnD,eAAe,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YACxD,WAAW,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YACpD,UAAU,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YACnD,mBAAmB,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YAC5D,YAAY,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YACrD,mBAAmB,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YAC5D,yBAAyB,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YAClE,eAAe,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YACxD,eAAe,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;~~SACzD~~;QAED,6EAA6E;QAC7E,iDAAiD;QACjD,WAAW,EAAE;YACX;gBACE,IAAI,EAAE,uBAAuB;gBAC7B,OAAO,EAAE,sBAAsB;gBAC/B,mBAAmB,EAAE,WAAW;gBAChC,mBAAmB,EAAE,aAAa;aACnC;SACF;KACF;IACD,IAAI,EAAE;QACJ,kBAAkB,EAAE,KAAK;QAEzB,KAAK,EAAE;YACL,UAAU,EAAE,uBAAuB;YAEnC,cAAc,EAAE;gBACd,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,qCAAqC;gBAC/C,OAAO,EAAE,yBAAyB;aACnC;YAED,2DAA2D;YAC3D,OAAO,EAAE;gBACP,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,oCAAoC;gBAC9C,OAAO,EAAE,2BAA2B;aACrC;YAED,MAAM,EAAE;gBACN,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,kCAAkC;gBAC5C,OAAO,EAAE,gBAAgB;aAC1B;YAED,QAAQ,EAAE;gBACR,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,oCAAoC;gBAC9C,OAAO,EAAE,kBAAkB;aAC5B;YAED,OAAO,EAAE;gBACP,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,mCAAmC;gBAC7C,OAAO,EAAE,iBAAiB;aAC3B;YAED,WAAW,EAAE;gBACX,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,uCAAuC;gBACjD,OAAO,EAAE,qBAAqB;aAC/B;YAED,eAAe,EAAE;gBACf,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,sCAAsC;gBAChD,OAAO,EAAE,kBAAkB;aAC5B;YAED,kBAAkB,EAAE;gBAClB,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,sCAAsC;gBAChD,OAAO,EAAE,gCAAgC;aAC1C;YAED,SAAS,EAAE;gBACT,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,qCAAqC;gBAC/C,OAAO,EAAE,mBAAmB;aAC7B;YAED,gDAAgD;YAChD,wCAAwC;YACxC,yDAAyD;YACzD,OAAO,EAAE;gBACP,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,wCAAwC;gBAClD,OAAO,EAAE,iBAAiB;aAC3B;SACF;QACD,gDAAgD;QAChD,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,OAAO;gBACb,WAAW,EAAE,eAAe;aAC7B;YACD;gBACE,IAAI,EAAE,MAAM;gBACZ,WAAW,EAAE,sCAAsC;aACpD;SACF;QACD,MAAM,EAAE;YACN,sDAAsD;YACtD,MAAM,EAAE;gBACN,OAAO,EAAE,CAAC,OAAO,CAAC;aACnB;YAED,aAAa,EAAE;gBACb,KAAK,EAAE;oBACL,YAAY,EAAE,CAAC,GAAG,CAAC;oBACnB,UAAU,EAAE,CAAC,GAAG,CAAC;oBACjB,YAAY,EAAE,CAAC,GAAG,CAAC;oBACnB,YAAY,EAAE,CAAC,GAAG,CAAC;iBACpB;gBACD,eAAe,EAAE;oBACf,YAAY,EAAE,CAAC,GAAG,CAAC;oBACnB,UAAU,EAAE,CAAC,GAAG,CAAC;oBACjB,YAAY,EAAE,CAAC,GAAG,CAAC;oBACnB,YAAY,EAAE,CAAC,GAAG,CAAC;iBACpB;aACF;YACD,IAAI,EAAE;gBACJ,MAAM,EAAE;oBACN,UAAU,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;oBAC9B,YAAY,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC;iBAC7C;gBACD,eAAe,EAAE;oBACf,YAAY,EAAE,CAAC,GAAG,CAAC;oBACnB,UAAU,EAAE,CAAC,GAAG,CAAC;oBACjB,YAAY,EAAE,CAAC,GAAG,CAAC;oBACnB,YAAY,EAAE,CAAC,GAAG,CAAC;iBACpB;aACF;YACD,KAAK,EAAE;gBACL,OAAO,EAAE,CAAC,aAAa,CAAC;aACzB;SACF;QACD,WAAW,EAAE,OAAO;QACpB,IAAI,EAAE;YACJ,OAAO,EAAE,sBAAsB;SAChC;QACD,QAAQ,EAAE;YACR,OAAO,EAAE,uBAAuB;YAEhC,UAAU,EAAE;gBACV,OAAO,EAAE,iCAAiC;gBAC1C,IAAI,EAAE;oBACJ,mCAAmC;oBACnC,iCAAiC;oBAEjC,+DAA+D;oBAC/D,OAAO,EAAE,kBAAkB;oBAE3B,uFAAuF;oBACvF,6EAA6E;oBAE7E,+FAA+F;oBAC/F,6DAA6D;oBAE7D,+FAA+F;oBAC/F,mFAAmF;oBAEnF,IAAI,EAAE,QAAQ;iBACf;aACF;YAED;;eAEG;YAEH,UAAU,EAAE;gBACV,OAAO,EAAE,IAAI;gBAEb,aAAa;gBACb,sBAAsB,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE;aAC1C;YAED;;eAEG;YACH,qBAAqB,EAAE,EAAE,GAAG,EAAE;SAC/B;QACD,IAAI,EAAE;YACJ,OAAO,EAAE,sBAAsB;SAChC;QACD,OAAO,EAAE;YACP,OAAO,EAAE,oBAAoB;YAE7B,8BAA8B;YAC9B,kBAAkB;YAClB,UAAU,EAAE,GAAG;SAChB;QAED;;WAEG;QACH,UAAU,EAAE,QAAQ;QACpB;;;;;eAKO;QACP,OAAO,EAAE;YACP,MAAM,EAAE;gBACN,YAAY,EAAE,EAAqB;gBACnC,WAAW,EAAE,EAAqB;aACnC;SACF;QAID;;WAEG;QACH,UAAU,EAAE,MAAM;~~KACnB~~;CACF,CAAC;AAEF,kBAAe,IAAI,CAAC"}
1	+ {"version":3,"file":"rbac.js","sourceRoot":"","sources":["../../../src/config/rbac.ts"],"names":[],"mappings":";;AAAA,+BAAgD;AAEhD,SAAS,GAAG,CAAC,IAAY;IACvB,MAAM,UAAU,GAAG,OAAO,MAAM,KAAK,WAAW,CAAC;IACjD,OAAO;QACL,IAAA,cAAO,EAAC,IAAA,gBAAS,EAAC,IAAA,WAAI,EAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,OAAO,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC;QAEvJ,4CAA4C;QAC5C,IAAA,cAAO,EAAC,IAAA,gBAAS,EAAC,IAAA,WAAI,EAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,OAAO,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC;KAC/J,CAAC;AACJ,CAAC;AAID,MAAM,IAAI,GAAG;IACX,MAAM,EAAE;QACN,IAAI,EAAE;YACJ,GAAG,EAAE,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC;SACrB;KACF;IACD,KAAK,EAAE;QACL,OAAO,EAAE;YACP,OAAO,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YAChD,aAAa,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YACtD,UAAU,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YACnD,eAAe,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YACxD,WAAW,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YACpD,UAAU,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YACnD,mBAAmB,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YAC5D,YAAY,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YACrD,mBAAmB,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YAC5D,yBAAyB,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YAClE,eAAe,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YACxD,eAAe,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YACxD,wBAAwB,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YACjE,sBAAsB,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;SAChE;QAED,6EAA6E;QAC7E,iDAAiD;QACjD,WAAW,EAAE;YACX;gBACE,IAAI,EAAE,uBAAuB;gBAC7B,OAAO,EAAE,sBAAsB;gBAC/B,mBAAmB,EAAE,WAAW;gBAChC,mBAAmB,EAAE,aAAa;aACnC;SACF;KACF;IACD,IAAI,EAAE;QACJ,kBAAkB,EAAE,KAAK;QAEzB,KAAK,EAAE;YACL,UAAU,EAAE,uBAAuB;YAEnC,cAAc,EAAE;gBACd,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,qCAAqC;gBAC/C,OAAO,EAAE,yBAAyB;aACnC;YAED,2DAA2D;YAC3D,OAAO,EAAE;gBACP,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,oCAAoC;gBAC9C,OAAO,EAAE,2BAA2B;aACrC;YAED,MAAM,EAAE;gBACN,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,kCAAkC;gBAC5C,OAAO,EAAE,gBAAgB;aAC1B;YAED,QAAQ,EAAE;gBACR,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,oCAAoC;gBAC9C,OAAO,EAAE,kBAAkB;aAC5B;YAED,OAAO,EAAE;gBACP,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,mCAAmC;gBAC7C,OAAO,EAAE,iBAAiB;aAC3B;YAED,WAAW,EAAE;gBACX,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,uCAAuC;gBACjD,OAAO,EAAE,qBAAqB;aAC/B;YAED,eAAe,EAAE;gBACf,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,sCAAsC;gBAChD,OAAO,EAAE,kBAAkB;aAC5B;YAED,kBAAkB,EAAE;gBAClB,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,sCAAsC;gBAChD,OAAO,EAAE,gCAAgC;aAC1C;YAED,SAAS,EAAE;gBACT,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,qCAAqC;gBAC/C,OAAO,EAAE,mBAAmB;aAC7B;YAED,gDAAgD;YAChD,wCAAwC;YACxC,yDAAyD;YACzD,OAAO,EAAE;gBACP,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,wCAAwC;gBAClD,OAAO,EAAE,iBAAiB;aAC3B;SACF;QACD,gDAAgD;QAChD,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,OAAO;gBACb,WAAW,EAAE,eAAe;aAC7B;YACD;gBACE,IAAI,EAAE,MAAM;gBACZ,WAAW,EAAE,sCAAsC;aACpD;SACF;QACD,MAAM,EAAE;YACN,sDAAsD;YACtD,MAAM,EAAE;gBACN,OAAO,EAAE,CAAC,OAAO,CAAC;aACnB;YAED,aAAa,EAAE;gBACb,KAAK,EAAE;oBACL,YAAY,EAAE,CAAC,GAAG,CAAC;oBACnB,UAAU,EAAE,CAAC,GAAG,CAAC;oBACjB,YAAY,EAAE,CAAC,GAAG,CAAC;oBACnB,YAAY,EAAE,CAAC,GAAG,CAAC;iBACpB;gBACD,eAAe,EAAE;oBACf,YAAY,EAAE,CAAC,GAAG,CAAC;oBACnB,UAAU,EAAE,CAAC,GAAG,CAAC;oBACjB,YAAY,EAAE,CAAC,GAAG,CAAC;oBACnB,YAAY,EAAE,CAAC,GAAG,CAAC;iBACpB;aACF;YACD,IAAI,EAAE;gBACJ,MAAM,EAAE;oBACN,UAAU,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;oBAC9B,YAAY,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC;iBAC7C;gBACD,eAAe,EAAE;oBACf,YAAY,EAAE,CAAC,GAAG,CAAC;oBACnB,UAAU,EAAE,CAAC,GAAG,CAAC;oBACjB,YAAY,EAAE,CAAC,GAAG,CAAC;oBACnB,YAAY,EAAE,CAAC,GAAG,CAAC;iBACpB;aACF;YACD,KAAK,EAAE;gBACL,OAAO,EAAE,CAAC,aAAa,CAAC;aACzB;SACF;QACD,WAAW,EAAE,OAAO;QACpB,IAAI,EAAE;YACJ,OAAO,EAAE,sBAAsB;SAChC;QACD,QAAQ,EAAE;YACR,OAAO,EAAE,uBAAuB;YAEhC,UAAU,EAAE;gBACV,OAAO,EAAE,iCAAiC;gBAC1C,IAAI,EAAE;oBACJ,mCAAmC;oBACnC,iCAAiC;oBAEjC,+DAA+D;oBAC/D,OAAO,EAAE,kBAAkB;oBAE3B,uFAAuF;oBACvF,6EAA6E;oBAE7E,+FAA+F;oBAC/F,6DAA6D;oBAE7D,+FAA+F;oBAC/F,mFAAmF;oBAEnF,IAAI,EAAE,QAAQ;iBACf;aACF;YAED;;eAEG;YAEH,UAAU,EAAE;gBACV,OAAO,EAAE,IAAI;gBAEb,aAAa;gBACb,sBAAsB,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE;aAC1C;YAED;;eAEG;YACH,qBAAqB,EAAE,EAAE,GAAG,EAAE;SAC/B;QACD,IAAI,EAAE;YACJ,OAAO,EAAE,sBAAsB;SAChC;QACD,OAAO,EAAE;YACP,OAAO,EAAE,oBAAoB;YAE7B,8BAA8B;YAC9B,kBAAkB;YAClB,UAAU,EAAE,GAAG;SAChB;QAED;;WAEG;QACH,UAAU,EAAE,QAAQ;QACpB;;;;;eAKO;QACP,OAAO,EAAE;YACP,MAAM,EAAE;gBACN,YAAY,EAAE,EAAqB;gBACnC,WAAW,EAAE,EAAqB;aACnC;SACF;QAID;;WAEG;QACH,UAAU,EAAE,MAAM;QAElB;;;WAGG;QACH,UAAU,EAAE;YACV;;;eAGG;YACH,eAAe,EAAE,EAAc;SAChC;QAED;;;;;WAKG;QACH,aAAa,EAAE;YACb;;;eAGG;YACH,eAAe,EAAE,IAAI;YAErB;;;eAGG;YACH,cAAc,EAAE,CAAC,QAAQ,CAAa;SACvC;KACF;CACF,CAAC;AAEF,kBAAe,IAAI,CAAC"}

package/lib/cjs/events/UserImpersonationEnded.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import { UserEvent } from './UserEvent.js';
+import { User } from '../models/User.js';
+/**
+ * Emitted when an active impersonation ends (explicit stop, logout while
+ * impersonating, or session expiry handling). UserUUID is the impersonator
+ * who initiated the impersonation; TargetUUID is whoever they were acting as.
+ */
+export declare class UserImpersonationEnded extends UserEvent {
+    TargetUUID: string;
+    constructor(original: User, target: User);
+}
+//# sourceMappingURL=UserImpersonationEnded.d.ts.map

package/lib/cjs/events/UserImpersonationEnded.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"UserImpersonationEnded.d.ts","sourceRoot":"","sources":["../../../src/events/UserImpersonationEnded.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAC;AAEzC;;;;GAIG;AACH,qBACa,sBAAuB,SAAQ,SAAS;IAC5C,UAAU,EAAE,MAAM,CAAC;gBAEd,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI;CAIzC"}

package/lib/cjs/events/UserImpersonationEnded.js ADDED Viewed

@@ -0,0 +1,32 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UserImpersonationEnded = void 0;
+const queue_1 = require("@spinajs/queue");
+const UserEvent_js_1 = require("./UserEvent.js");
+const User_js_1 = require("../models/User.js");
+/**
+ * Emitted when an active impersonation ends (explicit stop, logout while
+ * impersonating, or session expiry handling). UserUUID is the impersonator
+ * who initiated the impersonation; TargetUUID is whoever they were acting as.
+ */
+let UserImpersonationEnded = class UserImpersonationEnded extends UserEvent_js_1.UserEvent {
+    constructor(original, target) {
+        super(original);
+        this.TargetUUID = target.Uuid;
+    }
+};
+exports.UserImpersonationEnded = UserImpersonationEnded;
+exports.UserImpersonationEnded = UserImpersonationEnded = __decorate([
+    (0, queue_1.Event)(),
+    __metadata("design:paramtypes", [User_js_1.User, User_js_1.User])
+], UserImpersonationEnded);
+//# sourceMappingURL=UserImpersonationEnded.js.map

package/lib/cjs/events/UserImpersonationEnded.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"UserImpersonationEnded.js","sourceRoot":"","sources":["../../../src/events/UserImpersonationEnded.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,0CAAuC;AACvC,iDAA2C;AAC3C,+CAAyC;AAEzC;;;;GAIG;AAEI,IAAM,sBAAsB,GAA5B,MAAM,sBAAuB,SAAQ,wBAAS;IAGnD,YAAY,QAAc,EAAE,MAAY;QACtC,KAAK,CAAC,QAAQ,CAAC,CAAC;QAChB,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC;IAChC,CAAC;CACF,CAAA;AAPY,wDAAsB;iCAAtB,sBAAsB;IADlC,IAAA,aAAK,GAAE;qCAIgB,cAAI,EAAU,cAAI;GAH7B,sBAAsB,CAOlC"}

package/lib/cjs/events/UserImpersonationStarted.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import { UserEvent } from './UserEvent.js';
+import { User } from '../models/User.js';
+/**
+ * Emitted when `original` starts impersonating `target`. UserUUID (from the
+ * base class) holds the impersonator's UUID — the actor who triggered the
+ * event — and TargetUUID holds whoever they impersonated.
+ */
+export declare class UserImpersonationStarted extends UserEvent {
+    TargetUUID: string;
+    constructor(original: User, target: User);
+}
+//# sourceMappingURL=UserImpersonationStarted.d.ts.map

package/lib/cjs/events/UserImpersonationStarted.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"UserImpersonationStarted.d.ts","sourceRoot":"","sources":["../../../src/events/UserImpersonationStarted.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAC;AAEzC;;;;GAIG;AACH,qBACa,wBAAyB,SAAQ,SAAS;IAC9C,UAAU,EAAE,MAAM,CAAC;gBAEd,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI;CAIzC"}

package/lib/cjs/events/UserImpersonationStarted.js ADDED Viewed

@@ -0,0 +1,32 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UserImpersonationStarted = void 0;
+const queue_1 = require("@spinajs/queue");
+const UserEvent_js_1 = require("./UserEvent.js");
+const User_js_1 = require("../models/User.js");
+/**
+ * Emitted when `original` starts impersonating `target`. UserUUID (from the
+ * base class) holds the impersonator's UUID — the actor who triggered the
+ * event — and TargetUUID holds whoever they impersonated.
+ */
+let UserImpersonationStarted = class UserImpersonationStarted extends UserEvent_js_1.UserEvent {
+    constructor(original, target) {
+        super(original);
+        this.TargetUUID = target.Uuid;
+    }
+};
+exports.UserImpersonationStarted = UserImpersonationStarted;
+exports.UserImpersonationStarted = UserImpersonationStarted = __decorate([
+    (0, queue_1.Event)(),
+    __metadata("design:paramtypes", [User_js_1.User, User_js_1.User])
+], UserImpersonationStarted);
+//# sourceMappingURL=UserImpersonationStarted.js.map

package/lib/cjs/events/UserImpersonationStarted.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"UserImpersonationStarted.js","sourceRoot":"","sources":["../../../src/events/UserImpersonationStarted.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,0CAAuC;AACvC,iDAA2C;AAC3C,+CAAyC;AAEzC;;;;GAIG;AAEI,IAAM,wBAAwB,GAA9B,MAAM,wBAAyB,SAAQ,wBAAS;IAGrD,YAAY,QAAc,EAAE,MAAY;QACtC,KAAK,CAAC,QAAQ,CAAC,CAAC;QAChB,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC;IAChC,CAAC;CACF,CAAA;AAPY,4DAAwB;mCAAxB,wBAAwB;IADpC,IAAA,aAAK,GAAE;qCAIgB,cAAI,EAAU,cAAI;GAH7B,wBAAwB,CAOpC"}

package/lib/cjs/events/index.d.ts CHANGED Viewed

@@ -12,4 +12,6 @@ export * from './UserPasswordChangeRequest.js';
 export * from './UserLogged.js';
 export * from "./UserEvent.js";
 export * from "./UserLoginFailed.js";
+export * from "./UserImpersonationStarted.js";
+export * from "./UserImpersonationEnded.js";
 //# sourceMappingURL=index.d.ts.map

package/lib/cjs/events/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/events/index.ts"],"names":[],"mappings":"AAAA,cAAc,kBAAkB,CAAC;AACjC,cAAc,oBAAoB,CAAC;AACnC,cAAc,iBAAiB,CAAC;AAChC,cAAc,sBAAsB,CAAC;AACrC,cAAc,kBAAkB,CAAC;AACjC,cAAc,0BAA0B,CAAC;AACzC,cAAc,0BAA0B,CAAC;AACzC,cAAc,sBAAsB,CAAC;AACrC,cAAc,sBAAsB,CAAC;AACrC,cAAc,mBAAmB,CAAC;AAClC,cAAc,gCAAgC,CAAC;AAC/C,cAAc,iBAAiB,CAAC;AAChC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,sBAAsB,CAAC"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/events/index.ts"],"names":[],"mappings":"AAAA,cAAc,kBAAkB,CAAC;AACjC,cAAc,oBAAoB,CAAC;AACnC,cAAc,iBAAiB,CAAC;AAChC,cAAc,sBAAsB,CAAC;AACrC,cAAc,kBAAkB,CAAC;AACjC,cAAc,0BAA0B,CAAC;AACzC,cAAc,0BAA0B,CAAC;AACzC,cAAc,sBAAsB,CAAC;AACrC,cAAc,sBAAsB,CAAC;AACrC,cAAc,mBAAmB,CAAC;AAClC,cAAc,gCAAgC,CAAC;AAC/C,cAAc,iBAAiB,CAAC;AAChC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,sBAAsB,CAAC;AACrC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,6BAA6B,CAAC"}

package/lib/cjs/events/index.js CHANGED Viewed

@@ -28,4 +28,6 @@ __exportStar(require("./UserPasswordChangeRequest.js"), exports);
 __exportStar(require("./UserLogged.js"), exports);
 __exportStar(require("./UserEvent.js"), exports);
 __exportStar(require("./UserLoginFailed.js"), exports);
+__exportStar(require("./UserImpersonationStarted.js"), exports);
+__exportStar(require("./UserImpersonationEnded.js"), exports);
 //# sourceMappingURL=index.js.map

package/lib/cjs/events/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/events/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,mDAAiC;AACjC,qDAAmC;AACnC,kDAAgC;AAChC,uDAAqC;AACrC,mDAAiC;AACjC,2DAAyC;AACzC,2DAAyC;AACzC,uDAAqC;AACrC,uDAAqC;AACrC,oDAAkC;AAClC,iEAA+C;AAC/C,kDAAgC;AAChC,iDAA+B;AAC/B,uDAAqC"}
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/events/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,mDAAiC;AACjC,qDAAmC;AACnC,kDAAgC;AAChC,uDAAqC;AACrC,mDAAiC;AACjC,2DAAyC;AACzC,2DAAyC;AACzC,uDAAqC;AACrC,uDAAqC;AACrC,oDAAkC;AAClC,iEAA+C;AAC/C,kDAAgC;AAChC,iDAA+B;AAC/B,uDAAqC;AACrC,gEAA8C;AAC9C,8DAA4C"}

package/lib/cjs/impersonation.d.ts ADDED Viewed

@@ -0,0 +1,32 @@
+import { AccessControl } from 'accesscontrol';
+export type ImpersonationDenialReason = 'PROTECTED_ROLE' | 'PRIVILEGE_ESCALATION' | 'SELF_TARGET';
+export interface IImpersonationCheckOptions {
+    /** Roles of the user who wants to impersonate */
+    originalRoles: string[];
+    /** Roles of the target user */
+    targetRoles: string[];
+    /** Roles that may never be impersonated (default: ['system']) */
+    protectedRoles: string[];
+    /** AccessControl instance — used to compare effective grants */
+    ac: AccessControl;
+}
+export interface IImpersonationCheckResult {
+    allowed: boolean;
+    reason?: ImpersonationDenialReason;
+    detail?: string;
+}
+/**
+ * Decides whether `originalRoles` may impersonate a user with `targetRoles`.
+ *
+ * Rules:
+ *  1. If target has any role in `protectedRoles` → denied (PROTECTED_ROLE).
+ *  2. If target has any effective grant the original does NOT have, that's an
+ *     escalation and impersonation is denied (PRIVILEGE_ESCALATION). This
+ *     blocks equal-or-higher targets — admin cannot impersonate admin, user
+ *     cannot impersonate admin, but admin can impersonate user.
+ *
+ * The grant comparison walks accesscontrol's resolved grants, so $extend is
+ * honored transitively.
+ */
+export declare function canImpersonate(opts: IImpersonationCheckOptions): IImpersonationCheckResult;
+//# sourceMappingURL=impersonation.d.ts.map

package/lib/cjs/impersonation.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"impersonation.d.ts","sourceRoot":"","sources":["../../src/impersonation.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAE9C,MAAM,MAAM,yBAAyB,GAAG,gBAAgB,GAAG,sBAAsB,GAAG,aAAa,CAAC;AAElG,MAAM,WAAW,0BAA0B;IACzC,iDAAiD;IACjD,aAAa,EAAE,MAAM,EAAE,CAAC;IAExB,+BAA+B;IAC/B,WAAW,EAAE,MAAM,EAAE,CAAC;IAEtB,iEAAiE;IACjE,cAAc,EAAE,MAAM,EAAE,CAAC;IAEzB,gEAAgE;IAChE,EAAE,EAAE,aAAa,CAAC;CACnB;AAED,MAAM,WAAW,yBAAyB;IACxC,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,yBAAyB,CAAC;IACnC,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,0BAA0B,GAAG,yBAAyB,CAoC1F"}

package/lib/cjs/impersonation.js ADDED Viewed

@@ -0,0 +1,97 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.canImpersonate = canImpersonate;
+/**
+ * Decides whether `originalRoles` may impersonate a user with `targetRoles`.
+ *
+ * Rules:
+ *  1. If target has any role in `protectedRoles` → denied (PROTECTED_ROLE).
+ *  2. If target has any effective grant the original does NOT have, that's an
+ *     escalation and impersonation is denied (PRIVILEGE_ESCALATION). This
+ *     blocks equal-or-higher targets — admin cannot impersonate admin, user
+ *     cannot impersonate admin, but admin can impersonate user.
+ *
+ * The grant comparison walks accesscontrol's resolved grants, so $extend is
+ * honored transitively.
+ */
+function canImpersonate(opts) {
+    const { originalRoles, targetRoles, protectedRoles, ac } = opts;
+    const protectedHit = targetRoles.find(r => protectedRoles.includes(r));
+    if (protectedHit) {
+        return { allowed: false, reason: 'PROTECTED_ROLE', detail: protectedHit };
+    }
+    // accesscontrol throws if a role is unknown; guard so unknown target roles
+    // (e.g. orphaned data) don't crash the check — treat them as 'no grants'.
+    const safePermissions = (roles) => {
+        try {
+            return collectPermissions(ac, roles);
+        }
+        catch {
+            return new Set();
+        }
+    };
+    const targetPerms = safePermissions(targetRoles);
+    const originalPerms = safePermissions(originalRoles);
+    for (const perm of targetPerms) {
+        if (!originalPerms.has(perm)) {
+            return { allowed: false, reason: 'PRIVILEGE_ESCALATION', detail: perm };
+        }
+    }
+    // Equal privileges count as escalation per the spec: an impersonator should
+    // be strictly more privileged than the target. If target has no role at all
+    // (empty grants) we still allow — impersonating a permissionless user is
+    // safe by definition.
+    if (targetPerms.size > 0 && targetPerms.size === originalPerms.size) {
+        return { allowed: false, reason: 'PRIVILEGE_ESCALATION', detail: 'equal privileges' };
+    }
+    return { allowed: true };
+}
+/**
+ * Build a flat set of "resource::action" strings representing every permission
+ * granted to the union of `roles`. Used so we can compare two role sets by
+ * simple set inclusion.
+ */
+function collectPermissions(ac, roles) {
+    const out = new Set();
+    if (roles.length === 0)
+        return out;
+    const grants = ac.getGrants();
+    const actions = [
+        'createAny', 'createOwn', 'readAny', 'readOwn', 'updateAny', 'updateOwn', 'deleteAny', 'deleteOwn',
+    ];
+    // Resources are not enumerable directly via the can() API — read them from
+    // the raw grants map and walk every $extend chain reachable from `roles`.
+    const visited = new Set();
+    const stack = [...roles];
+    const resources = new Set();
+    while (stack.length) {
+        const role = stack.pop();
+        if (visited.has(role))
+            continue;
+        visited.add(role);
+        const roleGrants = grants[role];
+        if (!roleGrants)
+            continue;
+        for (const key of Object.keys(roleGrants)) {
+            if (key === '$extend') {
+                for (const inherited of roleGrants[key])
+                    stack.push(inherited);
+            }
+            else {
+                resources.add(key);
+            }
+        }
+    }
+    for (const resource of resources) {
+        for (const action of actions) {
+            // ac.can(roles)[action](resource).granted is true if ANY of the roles
+            // (or their $extend chain) grants the action — exactly the "union of
+            // effective permissions" we want.
+            if (ac.can(roles)[action](resource).granted) {
+                out.add(`${resource}::${action}`);
+            }
+        }
+    }
+    return out;
+}
+//# sourceMappingURL=impersonation.js.map

package/lib/cjs/impersonation.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"impersonation.js","sourceRoot":"","sources":["../../src/impersonation.ts"],"names":[],"mappings":";;AAqCA,wCAoCC;AAjDD;;;;;;;;;;;;GAYG;AACH,SAAgB,cAAc,CAAC,IAAgC;IAC7D,MAAM,EAAE,aAAa,EAAE,WAAW,EAAE,cAAc,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC;IAEhE,MAAM,YAAY,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IACvE,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;IAC5E,CAAC;IAED,2EAA2E;IAC3E,0EAA0E;IAC1E,MAAM,eAAe,GAAG,CAAC,KAAe,EAAE,EAAE;QAC1C,IAAI,CAAC;YACH,OAAO,kBAAkB,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;QACvC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,GAAG,EAAU,CAAC;QAC3B,CAAC;IACH,CAAC,CAAC;IAEF,MAAM,WAAW,GAAG,eAAe,CAAC,WAAW,CAAC,CAAC;IACjD,MAAM,aAAa,GAAG,eAAe,CAAC,aAAa,CAAC,CAAC;IAErD,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;QAC/B,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,sBAAsB,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;QAC1E,CAAC;IACH,CAAC;IAED,4EAA4E;IAC5E,4EAA4E;IAC5E,yEAAyE;IACzE,sBAAsB;IACtB,IAAI,WAAW,CAAC,IAAI,GAAG,CAAC,IAAI,WAAW,CAAC,IAAI,KAAK,aAAa,CAAC,IAAI,EAAE,CAAC;QACpE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,sBAAsB,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;IACxF,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC;AAED;;;;GAIG;AACH,SAAS,kBAAkB,CAAC,EAAiB,EAAE,KAAe;IAC5D,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,GAAG,CAAC;IAEnC,MAAM,MAAM,GAAG,EAAE,CAAC,SAAS,EAAE,CAAC;IAC9B,MAAM,OAAO,GAAqH;QAChI,WAAW,EAAE,WAAW,EAAE,SAAS,EAAE,SAAS,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW;KACnG,CAAC;IAEF,2EAA2E;IAC3E,0EAA0E;IAC1E,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,MAAM,KAAK,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC;IACzB,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;IAEpC,OAAO,KAAK,CAAC,MAAM,EAAE,CAAC;QACpB,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,EAAG,CAAC;QAC1B,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC;YAAE,SAAS;QAChC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAElB,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;QAChC,IAAI,CAAC,UAAU;YAAE,SAAS;QAE1B,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YAC1C,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;gBACtB,KAAK,MAAM,SAAS,IAAI,UAAU,CAAC,GAAG,CAAa;oBAAE,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC7E,CAAC;iBAAM,CAAC;gBACN,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACrB,CAAC;QACH,CAAC;IACH,CAAC;IAED,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,sEAAsE;YACtE,qEAAqE;YACrE,kCAAkC;YAClC,IAAK,EAAE,CAAC,GAAG,CAAC,KAAK,CAAS,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,CAAC,OAAO,EAAE,CAAC;gBACrD,GAAG,CAAC,GAAG,CAAC,GAAG,QAAQ,KAAK,MAAM,EAAE,CAAC,CAAC;YACpC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC"}

package/lib/cjs/index.d.ts CHANGED Viewed

@@ -17,6 +17,7 @@ export * from './middleware.js';
 export * from './decorators.js';
 export * from './util.js';
 export * from './profile.js';
+export * from './impersonation.js';
 declare const Permission: typeof ac.Permission;
 export { AccessControl, Permission };
 export declare class RbacBootstrapper extends Bootstrapper {

package/lib/cjs/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,eAAe,CAAC;AAC/B,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAE9C,OAAO,EAAc,YAAY,EAAkB,MAAM,aAAa,CAAC;AAIvE,OAAO,WAAW,CAAC;AACnB,OAAO,eAAe,CAAC;AACvB,OAAO,cAAc,CAAC;AAGtB,cAAc,iBAAiB,CAAC;AAChC,cAAc,WAAW,CAAC;AAC1B,cAAc,eAAe,CAAC;AAC9B,cAAc,cAAc,CAAC;AAC7B,cAAc,kBAAkB,CAAC;AACjC,cAAc,0BAA0B,CAAC;AACzC,cAAc,iDAAiD,CAAC;AAChE,cAAc,mBAAmB,CAAC;AAClC,cAAc,cAAc,CAAC;AAC7B,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,WAAW,CAAC;AAC1B,cAAc,cAAc,CAAC;~~AAG7B~~,QAAA,MAAQ,UAAU,sBAAO,CAAC;AAC1B,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,CAAC;AAErC,qBACa,gBAAiB,SAAQ,YAAY;IACzC,SAAS,IAAI,IAAI;CAwDzB"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,eAAe,CAAC;AAC/B,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAE9C,OAAO,EAAc,YAAY,EAAkB,MAAM,aAAa,CAAC;AAIvE,OAAO,WAAW,CAAC;AACnB,OAAO,eAAe,CAAC;AACvB,OAAO,cAAc,CAAC;AAGtB,cAAc,iBAAiB,CAAC;AAChC,cAAc,WAAW,CAAC;AAC1B,cAAc,eAAe,CAAC;AAC9B,cAAc,cAAc,CAAC;AAC7B,cAAc,kBAAkB,CAAC;AACjC,cAAc,0BAA0B,CAAC;AACzC,cAAc,iDAAiD,CAAC;AAChE,cAAc,mBAAmB,CAAC;AAClC,cAAc,cAAc,CAAC;AAC7B,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,WAAW,CAAC;AAC1B,cAAc,cAAc,CAAC;AAC7B,cAAc,oBAAoB,CAAC;AAGnC,QAAA,MAAQ,UAAU,sBAAO,CAAC;AAC1B,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,CAAC;AAErC,qBACa,gBAAiB,SAAQ,YAAY;IACzC,SAAS,IAAI,IAAI;CAwDzB"}

package/lib/cjs/index.js CHANGED Viewed

@@ -47,6 +47,7 @@ __exportStar(require("./middleware.js"), exports);
 __exportStar(require("./decorators.js"), exports);
 __exportStar(require("./util.js"), exports);
 __exportStar(require("./profile.js"), exports);
+__exportStar(require("./impersonation.js"), exports);
 // fix error `The requested module 'accesscontrol' is a CommonJS module`
 const { Permission } = accesscontrol_1.default;
 exports.Permission = Permission;

package/lib/cjs/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,kEAA+B;AAC/B,iDAA8C;~~AA2BrC~~,~~8FA3BA~~,6BAAa,~~OA2BA~~;~~AAzBtB~~,oCAAuE;AACvE,0DAAuD;AACvD,sCAAmC;AAEnC,qBAAmB;AACnB,yBAAuB;AACvB,wBAAsB;AACtB,8CAAwC;AAExC,kDAAgC;AAChC,4CAA0B;AAC1B,gDAA8B;AAC9B,+CAA6B;AAC7B,mDAAiC;AACjC,2DAAyC;AACzC,kFAAgE;AAChE,oDAAkC;AAClC,+CAA6B;AAC7B,kDAAgC;AAChC,kDAAgC;AAChC,4CAA0B;AAC1B,+CAA6B;~~AAE7B~~,wEAAwE;AACxE,MAAM,EAAE,UAAU,EAAE,GAAG,uBAAE,CAAC;AACF,gCAAU;AAG3B,IAAM,gBAAgB,GAAtB,MAAM,gBAAiB,SAAQ,iBAAY;IACzC,SAAS;QACd,MAAM,EAAE,GAAG,IAAI,6BAAa,EAAE,CAAC;QAC/B,OAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QACzC,OAAE,CAAC,IAAI,CAAC,2BAA2B,EAAE,CAAC,SAAqB,EAAE,aAA4B,EAAE,EAAE;YAC3F,MAAM,EAAE,GAAG,SAAS,CAAC,GAAG,CAAgB,eAAe,CAAC,CAAC;YACzD,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;YAEhD,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC,SAAG,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC7C,GAAG,CAAC,IAAI,CAAC,wGAAwG,CAAC,CAAC;YACrH,CAAC;iBAAM,CAAC;gBACN,EAAG,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YACxB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH;;WAEG;QACH,OAAE,CAAC,QAAQ,CAAC,CAAC,CAAa,EAAE,QAAgB,EAAE,EAAE;YAC9C,OAAO,cAAI,CAAC,KAAK,CAAC;gBAChB,IAAI,EAAE,QAAQ;aACf,CAAC;iBACC,QAAQ,CAAC,UAAU,CAAC;iBACpB,YAAY,EAAE;iBACd,WAAW,EAAE,CAAC;QACnB,CAAC,CAAC,CAAC,EAAE,CAAC,iBAAiB,CAAC,CAAC;QAEzB,OAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,EAAE;YAChB,MAAM,IAAI,GAAG,OAAE,CAAC,GAAG,CAAC,6BAAa,CAAC,CAAC;YACnC,MAAM,YAAY,GAAG,IAAK,CAAC,GAAG,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;YAEjE,OAAO,IAAI,cAAI,CAAC;gBACd,KAAK,EAAE,OAAO;gBACd,KAAK,EAAE,mBAAmB;gBAC1B,IAAI,EAAE,CAAC,OAAO,CAAC;gBACf,QAAQ,EAAE,YAAY;aACvB,CAAC,CAAC;QACL,CAAC,CAAC,CAAC,EAAE,CAAC,sBAAsB,CAAC,CAAC;QAE9B,OAAE,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE;YACtB,MAAM,MAAM,GAAG,MAAM,cAAI,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,MAAM,EAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC,WAAW,EAAE,CAAC;YACvG,OAAO,MAAM,CAAC;QAChB,CAAC,CAAC,CAAC,EAAE,CAAC,uBAAuB,CAAC,CAAC;QAE/B,OAAE,CAAC,QAAQ,CAAE,KAAK,EAAE,CAAC,EAAE,IAAY,EAAG,EAAE;YAEtC,OAAO,IAAI,cAAI,CAAC;gBACd,KAAK,EAAE,oBAAoB,IAAI,IAAI;gBACnC,KAAK,EAAE,oBAAoB,IAAI,WAAW;gBAC1C,IAAI,EAAE,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,IAAI;aACf,CAAC,CAAC;QAGL,CAAC,CAAC,CAAC,EAAE,CAAC,yBAAyB,CAAC,CAAC;IACnC,CAAC;CACF,CAAA;AAzDY,4CAAgB;2BAAhB,gBAAgB;IAD5B,IAAA,eAAU,EAAC,iBAAY,CAAC;GACZ,gBAAgB,CAyD5B"}
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,kEAA+B;AAC/B,iDAA8C;AA4BrC,8FA5BA,6BAAa,OA4BA;AA1BtB,oCAAuE;AACvE,0DAAuD;AACvD,sCAAmC;AAEnC,qBAAmB;AACnB,yBAAuB;AACvB,wBAAsB;AACtB,8CAAwC;AAExC,kDAAgC;AAChC,4CAA0B;AAC1B,gDAA8B;AAC9B,+CAA6B;AAC7B,mDAAiC;AACjC,2DAAyC;AACzC,kFAAgE;AAChE,oDAAkC;AAClC,+CAA6B;AAC7B,kDAAgC;AAChC,kDAAgC;AAChC,4CAA0B;AAC1B,+CAA6B;AAC7B,qDAAmC;AAEnC,wEAAwE;AACxE,MAAM,EAAE,UAAU,EAAE,GAAG,uBAAE,CAAC;AACF,gCAAU;AAG3B,IAAM,gBAAgB,GAAtB,MAAM,gBAAiB,SAAQ,iBAAY;IACzC,SAAS;QACd,MAAM,EAAE,GAAG,IAAI,6BAAa,EAAE,CAAC;QAC/B,OAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QACzC,OAAE,CAAC,IAAI,CAAC,2BAA2B,EAAE,CAAC,SAAqB,EAAE,aAA4B,EAAE,EAAE;YAC3F,MAAM,EAAE,GAAG,SAAS,CAAC,GAAG,CAAgB,eAAe,CAAC,CAAC;YACzD,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;YAEhD,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC,SAAG,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC7C,GAAG,CAAC,IAAI,CAAC,wGAAwG,CAAC,CAAC;YACrH,CAAC;iBAAM,CAAC;gBACN,EAAG,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YACxB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH;;WAEG;QACH,OAAE,CAAC,QAAQ,CAAC,CAAC,CAAa,EAAE,QAAgB,EAAE,EAAE;YAC9C,OAAO,cAAI,CAAC,KAAK,CAAC;gBAChB,IAAI,EAAE,QAAQ;aACf,CAAC;iBACC,QAAQ,CAAC,UAAU,CAAC;iBACpB,YAAY,EAAE;iBACd,WAAW,EAAE,CAAC;QACnB,CAAC,CAAC,CAAC,EAAE,CAAC,iBAAiB,CAAC,CAAC;QAEzB,OAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,EAAE;YAChB,MAAM,IAAI,GAAG,OAAE,CAAC,GAAG,CAAC,6BAAa,CAAC,CAAC;YACnC,MAAM,YAAY,GAAG,IAAK,CAAC,GAAG,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;YAEjE,OAAO,IAAI,cAAI,CAAC;gBACd,KAAK,EAAE,OAAO;gBACd,KAAK,EAAE,mBAAmB;gBAC1B,IAAI,EAAE,CAAC,OAAO,CAAC;gBACf,QAAQ,EAAE,YAAY;aACvB,CAAC,CAAC;QACL,CAAC,CAAC,CAAC,EAAE,CAAC,sBAAsB,CAAC,CAAC;QAE9B,OAAE,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE;YACtB,MAAM,MAAM,GAAG,MAAM,cAAI,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,MAAM,EAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC,WAAW,EAAE,CAAC;YACvG,OAAO,MAAM,CAAC;QAChB,CAAC,CAAC,CAAC,EAAE,CAAC,uBAAuB,CAAC,CAAC;QAE/B,OAAE,CAAC,QAAQ,CAAE,KAAK,EAAE,CAAC,EAAE,IAAY,EAAG,EAAE;YAEtC,OAAO,IAAI,cAAI,CAAC;gBACd,KAAK,EAAE,oBAAoB,IAAI,IAAI;gBACnC,KAAK,EAAE,oBAAoB,IAAI,WAAW;gBAC1C,IAAI,EAAE,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,IAAI;aACf,CAAC,CAAC;QAGL,CAAC,CAAC,CAAC,EAAE,CAAC,yBAAyB,CAAC,CAAC;IACnC,CAAC;CACF,CAAA;AAzDY,4CAAgB;2BAAhB,gBAAgB;IAD5B,IAAA,eAAU,EAAC,iBAAY,CAAC;GACZ,gBAAgB,CAyD5B"}

package/lib/cjs/interfaces.d.ts CHANGED Viewed

@@ -272,5 +272,17 @@ export interface IRbacAsyncStorage<U = User> {
    * eg. we want to read only current user data but it has admin privlidges too....
    */
     PermissionScope?: PermissionType;
+    /**
+     * Currently selected role from User.Role list. When set, all request-bound
+     * permission checks (rbac query middleware, RbacPolicy) use this single role
+     * instead of the full role array. The user may switch via /auth/active-role.
+     */
+    ActiveRole?: string;
+    /**
+     * Original user when an impersonation is active. `User` then holds the
+     * target user; `Impersonator` holds whoever initiated impersonation.
+     * Unset on regular (non-impersonated) requests.
+     */
+    Impersonator?: U;
 }
 //# sourceMappingURL=interfaces.d.ts.map

package/lib/cjs/interfaces.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"interfaces.d.ts","sourceRoot":"","sources":["../../src/interfaces.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AACxC,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,aAAa,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzI,OAAO,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AAEjC,OAAO,QAAQ,cAAc,CAAC;IAC5B,UAAiB,YAAY;QAC3B;;;;;;;WAOG;QACH,eAAe,CAAC,KAAK,EAAE,mBAAmB,CAAC,GAAG,CAAC,GAAG,mBAAmB,CAAC,GAAG,CAAC,GAAG,mBAAmB,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,IAAI,GAAG,aAAa,CAAC;QAElI;;;;WAIG;QACH,cAAc,CAAC,CAAC,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;QAErE;;;;WAIG;QACH,cAAc,CAAC,CAAC,EAAE,UAAU,EAAE,MAAM,GAAG,MAAM,EAAE,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;QAE7E;;;;WAIG;QACH,cAAc,CAAC,CAAC,EAAE,iBAAiB,EAAE,SAAS,CAAC,CAAC,CAAC,GAAG,MAAM,GAAG,MAAM,EAAE,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;KACpG;CACF;AAED,MAAM,WAAW,QAAQ;IACvB;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,UAAU,CAAC,EAAE,QAAQ,CAAC;IAEtB;;OAEG;IACH,QAAQ,EAAE,QAAQ,CAAC;IAEnB;;OAEG;IACH,IAAI,EAAE,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAE3B;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;;;;OAKG;IACH,MAAM,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAEhC;AAED;;GAEG;AACH,8BAAsB,gBAAgB;IACpC;;;;;;OAMG;aACa,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAExE;;;;;OAKG;aACa,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAEpD;;OAEG;aACa,QAAQ,IAAI,MAAM;CACnC;AAED;;;;;GAKG;AACH,8BAAsB,YAAY,CAAC,CAAC,GAAG,IAAI;IACzC;;;;;OAKG;aACa,MAAM,CAAC,WAAW,EAAE,CAAC,GAAG,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAEjE;;;;;;OAMG;aACa,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC;IAEzE;;;;;OAKG;aACa,QAAQ,CAAC,WAAW,EAAE,CAAC,GAAG,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAEnE;;;;OAIG;aACa,QAAQ,CAAC,WAAW,EAAE,CAAC,GAAG,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAEnE;;;;;OAKG;aACa,SAAS,CAAC,WAAW,EAAE,CAAC,GAAG,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAEpE;;;;;OAKG;aACa,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC;IAErD;;;;;OAKG;aACa,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC;IAErD;;;;;OAKG;aACa,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC;CACpD;AAED;;;;;;GAMG;AACH,8BAAsB,qBAAqB,CAAC,CAAC,EAAE,CAAC,GAAG,IAAI;IACrD;;OAEG;IACH,QAAQ,KAAK,IAAI,IAAI,MAAM,CAAC;IAE5B;;;;;;;;OAQG;aACa,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IAEpD;;;;;OAKG;aACa,YAAY,CAAC,WAAW,EAAE,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC;CACzD;AAED,8BAAsB,eAAe,CAAC,CAAC,GAAG,QAAQ,CAAE,SAAQ,YAAY;IACtE;;;;;OAKG;aACa,OAAO,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC;IAE7D;;;;;OAKG;aACa,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAExD;;;;;OAKG;aACa,IAAI,CAAC,OAAO,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;IAEtD;;;;;;OAMG;aACa,IAAI,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAE7D;;;;;OAKG;aACa,KAAK,CAAC,OAAO,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;IAEvD;;;;OAIG;aACa,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;IAEzC;;;;;OAKG;aACa,OAAO,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;CACnD;AAED,oBAAY,uBAAuB;IACjC,aAAa,IAAI;IACjB,iBAAiB,IAAI;IACrB,qBAAqB,IAAI;IACzB,yBAAyB,IAAI;CAC9B;AAED,MAAM,MAAM,cAAc,GAAG,SAAS,GAAG,SAAS,GAAG,WAAW,GAAG,WAAW,GAAG,WAAW,GAAG,WAAW,GAAG,WAAW,GAAG,WAAW,CAAC;AAEvI,MAAM,WAAW,oBAAqB,SAAQ,gBAAgB;IAC5D,YAAY,EAAE,MAAM,CAAC;IAErB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,8BAAsB,0BAA0B;aAC9B,KAAK,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;CACjD;AAGD,qBAAa,WAAW,CAAC,CAAC;IACjB,IAAI,EAAE,IAAI,CAAC;IACX,cAAc,CAAC,EAAE,CAAC,CAAC;gBAEP,IAAI,EAAG,IAAI,EAAE,IAAI,CAAC,EAAI,CAAC;CAI3C;AAED;;;;;GAKG;AACH,8BAAsB,mBAAmB;aACvB,QAAQ,CAAC,CAAC,EAAE,IAAI,EAAG,MAAM,GAAG,MAAM,GAAI,IAAI,GAAI,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;CACtF;AAGD,MAAM,WAAW,iBAAiB,CAAC,CAAC,GAAG,IAAI;IACzC,IAAI,CAAC,EAAE,CAAC,CAAC;IAET,OAAO,CAAC,EAAE,QAAQ,CAAC;IAEnB;;;;;KAKC;IACD,eAAe,CAAC,EAAE,cAAc,CAAC;~~CAGlC~~"}
1	+ {"version":3,"file":"interfaces.d.ts","sourceRoot":"","sources":["../../src/interfaces.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AACxC,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,aAAa,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzI,OAAO,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AAEjC,OAAO,QAAQ,cAAc,CAAC;IAC5B,UAAiB,YAAY;QAC3B;;;;;;;WAOG;QACH,eAAe,CAAC,KAAK,EAAE,mBAAmB,CAAC,GAAG,CAAC,GAAG,mBAAmB,CAAC,GAAG,CAAC,GAAG,mBAAmB,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,IAAI,GAAG,aAAa,CAAC;QAElI;;;;WAIG;QACH,cAAc,CAAC,CAAC,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;QAErE;;;;WAIG;QACH,cAAc,CAAC,CAAC,EAAE,UAAU,EAAE,MAAM,GAAG,MAAM,EAAE,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;QAE7E;;;;WAIG;QACH,cAAc,CAAC,CAAC,EAAE,iBAAiB,EAAE,SAAS,CAAC,CAAC,CAAC,GAAG,MAAM,GAAG,MAAM,EAAE,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;KACpG;CACF;AAED,MAAM,WAAW,QAAQ;IACvB;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,UAAU,CAAC,EAAE,QAAQ,CAAC;IAEtB;;OAEG;IACH,QAAQ,EAAE,QAAQ,CAAC;IAEnB;;OAEG;IACH,IAAI,EAAE,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAE3B;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;;;;OAKG;IACH,MAAM,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAEhC;AAED;;GAEG;AACH,8BAAsB,gBAAgB;IACpC;;;;;;OAMG;aACa,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAExE;;;;;OAKG;aACa,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAEpD;;OAEG;aACa,QAAQ,IAAI,MAAM;CACnC;AAED;;;;;GAKG;AACH,8BAAsB,YAAY,CAAC,CAAC,GAAG,IAAI;IACzC;;;;;OAKG;aACa,MAAM,CAAC,WAAW,EAAE,CAAC,GAAG,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAEjE;;;;;;OAMG;aACa,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC;IAEzE;;;;;OAKG;aACa,QAAQ,CAAC,WAAW,EAAE,CAAC,GAAG,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAEnE;;;;OAIG;aACa,QAAQ,CAAC,WAAW,EAAE,CAAC,GAAG,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAEnE;;;;;OAKG;aACa,SAAS,CAAC,WAAW,EAAE,CAAC,GAAG,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAEpE;;;;;OAKG;aACa,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC;IAErD;;;;;OAKG;aACa,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC;IAErD;;;;;OAKG;aACa,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC;CACpD;AAED;;;;;;GAMG;AACH,8BAAsB,qBAAqB,CAAC,CAAC,EAAE,CAAC,GAAG,IAAI;IACrD;;OAEG;IACH,QAAQ,KAAK,IAAI,IAAI,MAAM,CAAC;IAE5B;;;;;;;;OAQG;aACa,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IAEpD;;;;;OAKG;aACa,YAAY,CAAC,WAAW,EAAE,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC;CACzD;AAED,8BAAsB,eAAe,CAAC,CAAC,GAAG,QAAQ,CAAE,SAAQ,YAAY;IACtE;;;;;OAKG;aACa,OAAO,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC;IAE7D;;;;;OAKG;aACa,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAExD;;;;;OAKG;aACa,IAAI,CAAC,OAAO,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;IAEtD;;;;;;OAMG;aACa,IAAI,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAE7D;;;;;OAKG;aACa,KAAK,CAAC,OAAO,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;IAEvD;;;;OAIG;aACa,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;IAEzC;;;;;OAKG;aACa,OAAO,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;CACnD;AAED,oBAAY,uBAAuB;IACjC,aAAa,IAAI;IACjB,iBAAiB,IAAI;IACrB,qBAAqB,IAAI;IACzB,yBAAyB,IAAI;CAC9B;AAED,MAAM,MAAM,cAAc,GAAG,SAAS,GAAG,SAAS,GAAG,WAAW,GAAG,WAAW,GAAG,WAAW,GAAG,WAAW,GAAG,WAAW,GAAG,WAAW,CAAC;AAEvI,MAAM,WAAW,oBAAqB,SAAQ,gBAAgB;IAC5D,YAAY,EAAE,MAAM,CAAC;IAErB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,8BAAsB,0BAA0B;aAC9B,KAAK,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;CACjD;AAGD,qBAAa,WAAW,CAAC,CAAC;IACjB,IAAI,EAAE,IAAI,CAAC;IACX,cAAc,CAAC,EAAE,CAAC,CAAC;gBAEP,IAAI,EAAG,IAAI,EAAE,IAAI,CAAC,EAAI,CAAC;CAI3C;AAED;;;;;GAKG;AACH,8BAAsB,mBAAmB;aACvB,QAAQ,CAAC,CAAC,EAAE,IAAI,EAAG,MAAM,GAAG,MAAM,GAAI,IAAI,GAAI,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;CACtF;AAGD,MAAM,WAAW,iBAAiB,CAAC,CAAC,GAAG,IAAI;IACzC,IAAI,CAAC,EAAE,CAAC,CAAC;IAET,OAAO,CAAC,EAAE,QAAQ,CAAC;IAEnB;;;;;KAKC;IACD,eAAe,CAAC,EAAE,cAAc,CAAC;IAEjC;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;;;OAIG;IACH,YAAY,CAAC,EAAE,CAAC,CAAC;CAClB"}

package/lib/cjs/middleware.d.ts CHANGED Viewed

@@ -1,7 +1,9 @@
 import { QueryBuilder, QueryMiddleware } from '@spinajs/orm';
+import { AccessControl } from 'accesscontrol';
 import { Log } from '@spinajs/log-common';
 export declare class RbacModelPermissionMiddleware extends QueryMiddleware {
     protected Log: Log;
+    protected Ac: AccessControl;
     beforeQueryExecution(_query: QueryBuilder<any>): void;
     afterQueryCreation(builder: QueryBuilder): void;
 }

package/lib/cjs/middleware.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../src/middleware.ts"],"names":[],"mappings":"AACA,OAAO,EAAgF,YAAY,EAAE,eAAe,EAA0C,MAAM,cAAc,CAAC;~~AAKnL~~,OAAO,EAAE,GAAG,EAAU,MAAM,qBAAqB,CAAC;~~AAkBlD~~,qBACa,6BAA8B,SAAQ,eAAe;IAGhE,SAAS,CAAC,GAAG,~~EAAE~~,GAAG,CAAC;~~IAEnB~~,oBAAoB,CAAC,MAAM,EAAE,YAAY,CAAC,GAAG,CAAC,GAAG,IAAI;IACrD,kBAAkB,CAAC,OAAO,EAAE,YAAY;~~CAwHzC~~"}
1	+ {"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../src/middleware.ts"],"names":[],"mappings":"AACA,OAAO,EAAgF,YAAY,EAAE,eAAe,EAA0C,MAAM,cAAc,CAAC;AAGnL,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAE9C,OAAO,EAAE,GAAG,EAAU,MAAM,qBAAqB,CAAC;AA4BlD,qBACa,6BAA8B,SAAQ,eAAe;IAGhE,SAAS,CAAC,GAAG,EAAG,GAAG,CAAC;IAGpB,SAAS,CAAC,EAAE,EAAG,aAAa,CAAC;IAE7B,oBAAoB,CAAC,MAAM,EAAE,YAAY,CAAC,GAAG,CAAC,GAAG,IAAI;IACrD,kBAAkB,CAAC,OAAO,EAAE,YAAY;CA0EzC"}