@spinajs/rbac 2.0.476 → 2.0.478
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/cjs/config/rbac.d.ts +40 -0
- package/lib/cjs/config/rbac.d.ts.map +1 -1
- package/lib/cjs/config/rbac.js +36 -0
- package/lib/cjs/config/rbac.js.map +1 -1
- package/lib/cjs/events/UserImpersonationEnded.d.ts +12 -0
- package/lib/cjs/events/UserImpersonationEnded.d.ts.map +1 -0
- package/lib/cjs/events/UserImpersonationEnded.js +32 -0
- package/lib/cjs/events/UserImpersonationEnded.js.map +1 -0
- package/lib/cjs/events/UserImpersonationStarted.d.ts +12 -0
- package/lib/cjs/events/UserImpersonationStarted.d.ts.map +1 -0
- package/lib/cjs/events/UserImpersonationStarted.js +32 -0
- package/lib/cjs/events/UserImpersonationStarted.js.map +1 -0
- package/lib/cjs/events/index.d.ts +2 -0
- package/lib/cjs/events/index.d.ts.map +1 -1
- package/lib/cjs/events/index.js +2 -0
- package/lib/cjs/events/index.js.map +1 -1
- package/lib/cjs/impersonation.d.ts +32 -0
- package/lib/cjs/impersonation.d.ts.map +1 -0
- package/lib/cjs/impersonation.js +97 -0
- package/lib/cjs/impersonation.js.map +1 -0
- package/lib/cjs/index.d.ts +1 -0
- package/lib/cjs/index.d.ts.map +1 -1
- package/lib/cjs/index.js +1 -0
- package/lib/cjs/index.js.map +1 -1
- package/lib/cjs/interfaces.d.ts +19 -0
- package/lib/cjs/interfaces.d.ts.map +1 -1
- package/lib/cjs/middleware.d.ts +2 -0
- package/lib/cjs/middleware.d.ts.map +1 -1
- package/lib/cjs/middleware.js +64 -75
- package/lib/cjs/middleware.js.map +1 -1
- package/lib/cjs/models/User.d.ts.map +1 -1
- package/lib/cjs/models/User.js.map +1 -1
- package/lib/mjs/config/rbac.d.ts +40 -0
- package/lib/mjs/config/rbac.d.ts.map +1 -1
- package/lib/mjs/config/rbac.js +36 -0
- package/lib/mjs/config/rbac.js.map +1 -1
- package/lib/mjs/events/UserImpersonationEnded.d.ts +12 -0
- package/lib/mjs/events/UserImpersonationEnded.d.ts.map +1 -0
- package/lib/mjs/events/UserImpersonationEnded.js +29 -0
- package/lib/mjs/events/UserImpersonationEnded.js.map +1 -0
- package/lib/mjs/events/UserImpersonationStarted.d.ts +12 -0
- package/lib/mjs/events/UserImpersonationStarted.d.ts.map +1 -0
- package/lib/mjs/events/UserImpersonationStarted.js +29 -0
- package/lib/mjs/events/UserImpersonationStarted.js.map +1 -0
- package/lib/mjs/events/index.d.ts +2 -0
- package/lib/mjs/events/index.d.ts.map +1 -1
- package/lib/mjs/events/index.js +2 -0
- package/lib/mjs/events/index.js.map +1 -1
- package/lib/mjs/impersonation.d.ts +32 -0
- package/lib/mjs/impersonation.d.ts.map +1 -0
- package/lib/mjs/impersonation.js +94 -0
- package/lib/mjs/impersonation.js.map +1 -0
- package/lib/mjs/index.d.ts +1 -0
- package/lib/mjs/index.d.ts.map +1 -1
- package/lib/mjs/index.js +1 -0
- package/lib/mjs/index.js.map +1 -1
- package/lib/mjs/interfaces.d.ts +19 -0
- package/lib/mjs/interfaces.d.ts.map +1 -1
- package/lib/mjs/middleware.d.ts +2 -0
- package/lib/mjs/middleware.d.ts.map +1 -1
- package/lib/mjs/middleware.js +65 -76
- package/lib/mjs/middleware.js.map +1 -1
- package/lib/mjs/models/User.d.ts.map +1 -1
- package/lib/mjs/models/User.js.map +1 -1
- package/lib/tsconfig.cjs.tsbuildinfo +1 -1
- package/lib/tsconfig.mjs.tsbuildinfo +1 -1
- package/package.json +11 -11
package/lib/cjs/middleware.js
CHANGED
|
@@ -13,6 +13,7 @@ exports.RbacModelPermissionMiddleware = void 0;
|
|
|
13
13
|
const di_1 = require("@spinajs/di");
|
|
14
14
|
const orm_1 = require("@spinajs/orm");
|
|
15
15
|
const async_hooks_1 = require("async_hooks");
|
|
16
|
+
const accesscontrol_1 = require("accesscontrol");
|
|
16
17
|
const exceptions_1 = require("@spinajs/exceptions");
|
|
17
18
|
const log_common_1 = require("@spinajs/log-common");
|
|
18
19
|
const QUERY_TO_PERMISSION = {
|
|
@@ -29,6 +30,16 @@ const QUERY_TO_PERMISSION = {
|
|
|
29
30
|
all: "readAny"
|
|
30
31
|
}
|
|
31
32
|
};
|
|
33
|
+
const PERMISSION_SCOPE_TO_QUERY = {
|
|
34
|
+
deleteOwn: "DeleteQueryBuilder",
|
|
35
|
+
deleteAny: "DeleteQueryBuilder",
|
|
36
|
+
updateOwn: "UpdateQueryBuilder",
|
|
37
|
+
updateAny: "UpdateQueryBuilder",
|
|
38
|
+
readOwn: "SelectQueryBuilder",
|
|
39
|
+
readAny: "SelectQueryBuilder",
|
|
40
|
+
createOwn: "InsertQueryBuilder",
|
|
41
|
+
createAny: "InsertQueryBuilder"
|
|
42
|
+
};
|
|
32
43
|
let RbacModelPermissionMiddleware = class RbacModelPermissionMiddleware extends orm_1.QueryMiddleware {
|
|
33
44
|
beforeQueryExecution(_query) { }
|
|
34
45
|
afterQueryCreation(builder) {
|
|
@@ -36,104 +47,78 @@ let RbacModelPermissionMiddleware = class RbacModelPermissionMiddleware extends
|
|
|
36
47
|
const store = di_1.DI.get(async_hooks_1.AsyncLocalStorage);
|
|
37
48
|
if (store) {
|
|
38
49
|
const storage = store.getStore();
|
|
50
|
+
if (storage && storage.SkipModelPermissionCheck) {
|
|
51
|
+
this.Log.trace(`Model permission check disabled for current execution context, skipping rbac check`);
|
|
52
|
+
return;
|
|
53
|
+
}
|
|
39
54
|
if (storage && storage.User) {
|
|
40
55
|
// add where statement
|
|
41
56
|
const descriptor = (0, orm_1.extractModelDescriptor)(builder.Model);
|
|
42
|
-
const ac = di_1.DI.get('AccessControl');
|
|
43
57
|
// if model does not have @Resource() decorator set, model name is used
|
|
44
|
-
const resource = descriptor.RbacResource;
|
|
58
|
+
const resource = descriptor.RbacResource ?? descriptor.Name;
|
|
45
59
|
// no rbac is set do nothing
|
|
46
60
|
if (!resource) {
|
|
47
61
|
return;
|
|
48
62
|
}
|
|
63
|
+
if (storage?.PermissionScope) {
|
|
64
|
+
if (!PERMISSION_SCOPE_TO_QUERY[storage.PermissionScope]) {
|
|
65
|
+
this.Log.warn(`Permission scope ${storage.PermissionScope} does not match any query type, skipping rbac check`);
|
|
66
|
+
return;
|
|
67
|
+
}
|
|
68
|
+
if (builder.constructor.name !== PERMISSION_SCOPE_TO_QUERY[storage.PermissionScope]) {
|
|
69
|
+
this.Log.warn(`Permission scope ${storage.PermissionScope} does not match query type ${builder.constructor.name}, skipping rbac check`);
|
|
70
|
+
return;
|
|
71
|
+
}
|
|
72
|
+
}
|
|
73
|
+
const ownScope = storage?.PermissionScope ?? QUERY_TO_PERMISSION[builder.constructor.name].own;
|
|
74
|
+
const anyScope = storage?.PermissionScope ?? QUERY_TO_PERMISSION[builder.constructor.name].all;
|
|
75
|
+
const roles = storage.ActiveRole ? [storage.ActiveRole] : storage.User.Role;
|
|
76
|
+
let canAny = false;
|
|
77
|
+
let canOwn = false;
|
|
78
|
+
try {
|
|
79
|
+
canAny = this.Ac.can(roles)[anyScope](resource).granted;
|
|
80
|
+
canOwn = this.Ac.can(roles)[ownScope](resource).granted;
|
|
81
|
+
}
|
|
82
|
+
catch (err) {
|
|
83
|
+
// accesscontrol throws eg. "Role not found" when role has no grants registered
|
|
84
|
+
// treat as no permission so caller gets Forbidden instead of library error
|
|
85
|
+
this.Log.trace(`Permission check for roles ${roles} on resource ${resource} failed: ${err.message}, treating as no permission`);
|
|
86
|
+
}
|
|
49
87
|
if (builder instanceof orm_1.SelectQueryBuilder || builder instanceof orm_1.UpdateQueryBuilder || builder instanceof orm_1.DeleteQueryBuilder) {
|
|
50
|
-
const canAny = ac.can(storage.User.Role)[QUERY_TO_PERMISSION[builder.constructor.name].all](resource).granted;
|
|
51
|
-
const canOwn = ac.can(storage.User.Role)[QUERY_TO_PERMISSION[builder.constructor.name].own](resource).granted;
|
|
52
88
|
/**
|
|
53
89
|
* Model can have custom rbac permission check
|
|
54
90
|
*/
|
|
55
91
|
const rbacFunc = builder.Model?.rbac;
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
if (
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
this.Log.trace(`Resource ${resource}:any permission granted for ${storage.User.Role}, scope: ${storage.PermissionScope}`);
|
|
66
|
-
return;
|
|
67
|
-
}
|
|
68
|
-
else {
|
|
69
|
-
throw new exceptions_1.Forbidden(`User does not have permission to access ${resource}:any permission`);
|
|
70
|
-
}
|
|
71
|
-
}
|
|
72
|
-
if (own.includes(storage.PermissionScope)) {
|
|
73
|
-
if (canOwn) {
|
|
74
|
-
this.Log.trace(`Resource ${resource}:own permission granted for ${storage.User.Role}, scope: ${storage.PermissionScope}`);
|
|
75
|
-
if (rbacFunc) {
|
|
76
|
-
this.Log.trace(`Applying custom rbac func for ${resource}`);
|
|
77
|
-
rbacFunc.call(builder, storage.User);
|
|
78
|
-
}
|
|
79
|
-
else if (descriptor.OwnerField) {
|
|
80
|
-
this.Log.trace(`Applying owner field restriction for ${resource}`);
|
|
81
|
-
builder.andWhere(descriptor.OwnerField, storage.User.PrimaryKeyValue);
|
|
82
|
-
}
|
|
83
|
-
else {
|
|
84
|
-
this.Log.error(`Model ${descriptor.Name} does not have OwnerField set or static rbac function, cannot apply :own permission`);
|
|
85
|
-
throw new orm_1.OrmException(`Model ${descriptor.Name} does not have OwnerField set, cannot apply :own permission`);
|
|
86
|
-
}
|
|
87
|
-
return;
|
|
88
|
-
}
|
|
89
|
-
}
|
|
90
|
-
throw new exceptions_1.Forbidden(`User does not have permission to access ${resource}:own permission`);
|
|
91
|
-
}
|
|
92
|
-
else if (canAny) {
|
|
93
|
-
this.Log.trace(`Resource ${resource}:any permission granted for ${storage.User.Role}, scope: ${storage.PermissionScope}`);
|
|
94
|
-
return;
|
|
92
|
+
if (canAny) {
|
|
93
|
+
this.Log.trace(`Resource ${resource}:any permission granted for ${storage.User.Role}, scope: ${storage.PermissionScope}`);
|
|
94
|
+
return;
|
|
95
|
+
}
|
|
96
|
+
else if (canOwn) {
|
|
97
|
+
this.Log.trace(`Resource ${resource}:own permission granted for ${storage.User.Role}, scope: ${storage.PermissionScope}`);
|
|
98
|
+
if (rbacFunc) {
|
|
99
|
+
this.Log.trace(`Applying custom rbac func for ${resource}`);
|
|
100
|
+
rbacFunc.call(builder, storage.User);
|
|
95
101
|
}
|
|
96
|
-
else if (
|
|
97
|
-
this.Log.trace(`
|
|
98
|
-
|
|
99
|
-
this.Log.trace(`Applying custom rbac func for ${resource}`);
|
|
100
|
-
rbacFunc.call(builder, storage.User);
|
|
101
|
-
}
|
|
102
|
-
else if (descriptor.OwnerField) {
|
|
103
|
-
this.Log.trace(`Applying owner field restriction for ${resource}`);
|
|
104
|
-
builder.andWhere(descriptor.OwnerField, storage.User.PrimaryKeyValue);
|
|
105
|
-
}
|
|
106
|
-
else {
|
|
107
|
-
this.Log.error(`Model ${descriptor.Name} does not have OwnerField set or static rbac function, cannot apply :own permission`);
|
|
108
|
-
throw new orm_1.OrmException(`Model ${descriptor.Name} does not have OwnerField set, cannot apply :own permission`);
|
|
109
|
-
}
|
|
102
|
+
else if (descriptor.OwnerField) {
|
|
103
|
+
this.Log.trace(`Applying owner field restriction for ${resource}`);
|
|
104
|
+
builder.andWhere(descriptor.OwnerField, storage.User.PrimaryKeyValue);
|
|
110
105
|
}
|
|
111
106
|
else {
|
|
112
|
-
|
|
107
|
+
this.Log.error(`Model ${descriptor.Name} does not have OwnerField set or static rbac function, cannot apply :own permission`);
|
|
108
|
+
throw new orm_1.OrmException(`Model ${descriptor.Name} does not have OwnerField set, cannot apply :own permission`);
|
|
113
109
|
}
|
|
114
|
-
}
|
|
115
|
-
else if (builder instanceof orm_1.InsertQueryBuilder) {
|
|
116
|
-
const canAny = ac.can(storage.User.Role)['createAny'](resource).granted;
|
|
117
|
-
const canOwn = ac.can(storage.User.Role)['createOwn'](resource).granted;
|
|
118
|
-
if (storage.PermissionScope && storage.PermissionScope === "createOwn") {
|
|
119
|
-
if (!canOwn) {
|
|
120
|
-
throw new exceptions_1.Forbidden(`User does not have permission to access ${resource}:insert permission`);
|
|
121
|
-
}
|
|
122
|
-
builder.values({
|
|
123
|
-
[descriptor.OwnerField]: storage.User.PrimaryKeyValue
|
|
124
|
-
});
|
|
125
|
-
return;
|
|
126
110
|
}
|
|
127
|
-
else
|
|
128
|
-
|
|
111
|
+
else {
|
|
112
|
+
throw new exceptions_1.Forbidden(`User does not have permission to access ${resource}:read permission`);
|
|
129
113
|
}
|
|
130
|
-
|
|
114
|
+
}
|
|
115
|
+
else if (builder instanceof orm_1.InsertQueryBuilder) {
|
|
116
|
+
if (canOwn) {
|
|
131
117
|
builder.values({
|
|
132
118
|
[descriptor.OwnerField]: storage.User.PrimaryKeyValue
|
|
133
119
|
});
|
|
134
|
-
return;
|
|
135
120
|
}
|
|
136
|
-
else {
|
|
121
|
+
else if (!canAny) {
|
|
137
122
|
throw new exceptions_1.Forbidden(`User does not have permission to access ${resource}:insert permission`);
|
|
138
123
|
}
|
|
139
124
|
}
|
|
@@ -147,6 +132,10 @@ __decorate([
|
|
|
147
132
|
(0, log_common_1.Logger)('RBAC'),
|
|
148
133
|
__metadata("design:type", log_common_1.Log)
|
|
149
134
|
], RbacModelPermissionMiddleware.prototype, "Log", void 0);
|
|
135
|
+
__decorate([
|
|
136
|
+
(0, di_1.Autoinject)(),
|
|
137
|
+
__metadata("design:type", accesscontrol_1.AccessControl)
|
|
138
|
+
], RbacModelPermissionMiddleware.prototype, "Ac", void 0);
|
|
150
139
|
exports.RbacModelPermissionMiddleware = RbacModelPermissionMiddleware = __decorate([
|
|
151
140
|
(0, di_1.Injectable)(orm_1.QueryMiddleware)
|
|
152
141
|
], RbacModelPermissionMiddleware);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../src/middleware.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,
|
|
1
|
+
{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../src/middleware.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,oCAAyD;AACzD,sCAAmL;AACnL,6CAAgD;AAEhD,iDAA8C;AAC9C,oDAAgD;AAChD,oDAAkD;AAElD,MAAM,mBAAmB,GAAG;IAC1B,kBAAkB,EAAE;QAClB,GAAG,EAAE,WAAW;QAChB,GAAG,EAAE,WAAW;KACjB;IACD,kBAAkB,EAAE;QAClB,GAAG,EAAE,WAAW;QAChB,GAAG,EAAE,WAAW;KACjB;IACD,kBAAkB,EAAE;QAClB,GAAG,EAAE,SAAS;QACd,GAAG,EAAE,SAAS;KACf;CACF,CAAA;AAED,MAAM,yBAAyB,GAAG;IAChC,SAAS,EAAE,oBAAoB;IAC/B,SAAS,EAAE,oBAAoB;IAC/B,SAAS,EAAE,oBAAoB;IAC/B,SAAS,EAAE,oBAAoB;IAC/B,OAAO,EAAE,oBAAoB;IAC7B,OAAO,EAAE,oBAAoB;IAC7B,SAAS,EAAE,oBAAoB;IAC/B,SAAS,EAAE,oBAAoB;CAChC,CAAA;AAGM,IAAM,6BAA6B,GAAnC,MAAM,6BAA8B,SAAQ,qBAAe;IAQhE,oBAAoB,CAAC,MAAyB,IAAU,CAAC;IACzD,kBAAkB,CAAC,OAAqB;QACtC,IAAI,OAAO,+BAAiB,KAAK,UAAU,EAAE,CAAC;YAC5C,MAAM,KAAK,GAAG,OAAE,CAAC,GAAG,CAAC,+BAAiB,CAAC,CAAC;YACxC,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,OAAO,GAAG,KAAK,CAAC,QAAQ,EAAuB,CAAC;gBAEtD,IAAI,OAAO,IAAI,OAAO,CAAC,wBAAwB,EAAE,CAAC;oBAChD,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,oFAAoF,CAAC,CAAC;oBACrG,OAAO;gBACT,CAAC;gBAED,IAAI,OAAO,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;oBAC5B,sBAAsB;oBACtB,MAAM,UAAU,GAAG,IAAA,4BAAsB,EAAC,OAAO,CAAC,KAAK,CAAyB,CAAC;oBAEjF,uEAAuE;oBACvE,MAAM,QAAQ,GAAG,UAAU,CAAC,YAAY,IAAI,UAAU,CAAC,IAAI,CAAC;oBAE5D,4BAA4B;oBAC5B,IAAI,CAAC,QAAQ,EAAE,CAAC;wBACd,OAAO;oBACT,CAAC;oBAED,IAAI,OAAO,EAAE,eAAe,EAAE,CAAC;wBAC7B,IAAI,CAAC,yBAAyB,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC;4BACxD,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,oBAAoB,OAAO,CAAC,eAAe,qDAAqD,CAAC,CAAC;4BAChH,OAAO;wBACT,CAAC;wBAED,IAAI,OAAO,CAAC,WAAW,CAAC,IAAI,KAAK,yBAAyB,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC;4BACpF,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,oBAAoB,OAAO,CAAC,eAAe,8BAA8B,OAAO,CAAC,WAAW,CAAC,IAAI,uBAAuB,CAAC,CAAC;4BACxI,OAAO;wBACT,CAAC;oBACH,CAAC;oBAED,MAAM,QAAQ,GAAG,OAAO,EAAE,eAAe,IAAK,mBAA2B,CAAC,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC;oBACxG,MAAM,QAAQ,GAAG,OAAO,EAAE,eAAe,IAAK,mBAA2B,CAAC,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC;oBACxG,MAAM,KAAK,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;oBAE5E,IAAI,MAAM,GAAG,KAAK,CAAC;oBACnB,IAAI,MAAM,GAAG,KAAK,CAAC;oBACnB,IAAI,CAAC;wBACH,MAAM,GAAI,IAAI,CAAC,EAAG,CAAC,GAAG,CAAC,KAAK,CAAS,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC;wBAClE,MAAM,GAAI,IAAI,CAAC,EAAG,CAAC,GAAG,CAAC,KAAK,CAAS,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC;oBACpE,CAAC;oBAAC,OAAO,GAAG,EAAE,CAAC;wBACb,+EAA+E;wBAC/E,2EAA2E;wBAC3E,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,8BAA8B,KAAK,gBAAgB,QAAQ,YAAa,GAAa,CAAC,OAAO,6BAA6B,CAAC,CAAC;oBAC7I,CAAC;oBAGD,IAAI,OAAO,YAAY,wBAAkB,IAAI,OAAO,YAAY,wBAAkB,IAAI,OAAO,YAAY,wBAAkB,EAAE,CAAC;wBAE5H;;2BAEG;wBACH,MAAM,QAAQ,GAAI,OAAO,CAAC,KAAa,EAAE,IAAgB,CAAC;wBAC1D,IAAI,MAAM,EAAE,CAAC;4BACX,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,YAAY,QAAQ,+BAA+B,OAAO,CAAC,IAAI,CAAC,IAAI,YAAY,OAAO,CAAC,eAAe,EAAE,CAAC,CAAC;4BAC1H,OAAO;wBACT,CAAC;6BAAM,IAAI,MAAM,EAAE,CAAC;4BAClB,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,YAAY,QAAQ,+BAA+B,OAAO,CAAC,IAAI,CAAC,IAAI,YAAY,OAAO,CAAC,eAAe,EAAE,CAAC,CAAC;4BAC1H,IAAI,QAAQ,EAAE,CAAC;gCACb,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,iCAAiC,QAAQ,EAAE,CAAC,CAAC;gCAC5D,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;4BACvC,CAAC;iCAAM,IAAI,UAAU,CAAC,UAAU,EAAE,CAAC;gCACjC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,wCAAwC,QAAQ,EAAE,CAAC,CAAC;gCACnE,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,UAAU,EAAE,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;4BACxE,CAAC;iCAAM,CAAC;gCACN,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,UAAU,CAAC,IAAI,qFAAqF,CAAC,CAAC;gCAAC,MAAM,IAAI,kBAAY,CAAC,SAAS,UAAU,CAAC,IAAI,6DAA6D,CAAC,CAAC;4BAC/O,CAAC;wBACH,CAAC;6BACI,CAAC;4BACJ,MAAM,IAAI,sBAAS,CAAC,2CAA2C,QAAQ,kBAAkB,CAAC,CAAC;wBAC7F,CAAC;oBACH,CAAC;yBAAM,IAAI,OAAO,YAAY,wBAAkB,EAAE,CAAC;wBACjD,IAAI,MAAM,EAAE,CAAC;4BACX,OAAO,CAAC,MAAM,CAAC;gCACb,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,OAAO,CAAC,IAAI,CAAC,eAAe;6BACtD,CAAC,CAAC;wBACL,CAAC;6BAAM,IAAI,CAAC,MAAM,EAAE,CAAC;4BACnB,MAAM,IAAI,sBAAS,CAAC,2CAA2C,QAAQ,oBAAoB,CAAC,CAAC;wBAC/F,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;CACF,CAAA;AAjGY,sEAA6B;AAG9B;IADT,IAAA,mBAAM,EAAC,MAAM,CAAC;8BACC,gBAAG;0DAAC;AAGV;IADT,IAAA,eAAU,GAAE;8BACE,6BAAa;yDAAC;wCANlB,6BAA6B;IADzC,IAAA,eAAU,EAAC,qBAAe,CAAC;GACf,6BAA6B,CAiGzC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"User.d.ts","sourceRoot":"","sources":["../../../src/models/User.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AACjC,OAAO,EAAW,SAAS,EAAmF,UAAU,EAAE,mBAAmB,EAAE,gBAAgB,EAAY,iBAAiB,EAAE,yBAAyB,EAAE,MAAM,cAAc,CAAC;AAC9O,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAE1D,OAAO,EAAgB,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAMnE,qBAAa,eAAgB,YAAW,UAAU;IAEhD;;;;;;OAMG;IACI,QAAQ,CAAC,IAAI,EAAE,mBAAmB,CAAC,IAAI,EAAE,CAAC,GAAG,eAAe,EAAE,KAAK,EAAE,MAAM,EAAE;IAKpF;;;;;;;OAOG;IACI,aAAa,CAAC,IAAI,EAAE,mBAAmB,CAAC,IAAI,EAAE,CAAC,GAAG,eAAe,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG;IAU1F,SAAS,CAAC,IAAI,EAAE,mBAAmB,CAAC,IAAI,EAAE,CAAC,GAAG,eAAe,EAAE,WAAW,EAAE,IAAI,GAAG,MAAM;IAMnF,aAAa,CAAC,IAAI,EAAE,mBAAmB,CAAC,IAAI,EAAE,CAAC,GAAG,eAAe;IAejE,aAAa,CAAC,IAAI,EAAE,mBAAmB,CAAC,IAAI,EAAE,CAAC,GAAG,eAAe;IAKvE,UAAU,CAAC,IAAI,EAAE,mBAAmB,CAAC,IAAI,EAAE,CAAC,GAAG,eAAe;IAMrE;;;;OAIG;IACI,YAAY,CAAC,IAAI,EAAE,mBAAmB,CAAC,IAAI,EAAE,CAAC,GAAG,eAAe;IAOhE,UAAU,CAAC,IAAI,EAAE,mBAAmB,CAAC,IAAI,EAAE,CAAC,GAAG,eAAe,EAAE,KAAK,EAAE,MAAM;IAQ7E,UAAU,CAAC,IAAI,EAAE,mBAAmB,CAAC,IAAI,EAAE,CAAC,GAAG,eAAe,EAAE,KAAK,EAAE,MAAM;IAQ7E,SAAS,CAAC,IAAI,EAAE,mBAAmB,CAAC,IAAI,EAAE,CAAC,GAAG,eAAe,EAAE,IAAI,EAAE,MAAM;IAQlF;;;;;;;;;OASG;IACI,aAAa,CAAC,IAAI,EAAE,mBAAmB,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,GAAG,eAAe,EAAE,UAAU,EAAE,MAAM,GAAG,MAAM;CAa7G;AAED;;GAEG;AACH,oBAAY,oBAAoB;IAC9B,6BAA6B;IAC7B,kBAAkB,uBAAuB;IACzC,mBAAmB,wBAAwB;IAC3C,iBAAiB,sBAAsB;IACvC,eAAe,oBAAoB;IAEnC,wBAAwB;IAExB,WAAW,gBAAgB;IAC3B,UAAU,eAAe;IACzB,uBAAuB,4BAA4B;IAEnD,gBAAgB;IAEhB,cAAc,mBAAmB;IAEjC,qBAAqB;IAGrB,cAAc,mBAAmB;IAEjC,yBAAyB,8BAA8B;IAEvD,wBAAwB,6BAA6B;IAErD,oBAAoB,yBAAyB;IAE7C,2BAA2B,gCAAgC;CAC5D;AAED;;;;GAIG;AACH,qBAEa,QAAS,SAAQ,SAAS,CAAC,QAAQ,CAAC;IAC/C;;;;OAIG;IACH,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,CAAsB;IAEjD,SAAS,CAAC,GAAG,EAAE,aAAa,CAAC;IAE7B,gBAAuB,YAAY,EAAE,eAAe,CAAyB;gBAE1D,IAAI,CAAC,EAAE,OAAO,CAAC,IAAI,CAAC;IAUhC,EAAE,
|
|
1
|
+
{"version":3,"file":"User.d.ts","sourceRoot":"","sources":["../../../src/models/User.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AACjC,OAAO,EAAW,SAAS,EAAmF,UAAU,EAAE,mBAAmB,EAAE,gBAAgB,EAAY,iBAAiB,EAAE,yBAAyB,EAAE,MAAM,cAAc,CAAC;AAC9O,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAE1D,OAAO,EAAgB,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAMnE,qBAAa,eAAgB,YAAW,UAAU;IAEhD;;;;;;OAMG;IACI,QAAQ,CAAC,IAAI,EAAE,mBAAmB,CAAC,IAAI,EAAE,CAAC,GAAG,eAAe,EAAE,KAAK,EAAE,MAAM,EAAE;IAKpF;;;;;;;OAOG;IACI,aAAa,CAAC,IAAI,EAAE,mBAAmB,CAAC,IAAI,EAAE,CAAC,GAAG,eAAe,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG;IAU1F,SAAS,CAAC,IAAI,EAAE,mBAAmB,CAAC,IAAI,EAAE,CAAC,GAAG,eAAe,EAAE,WAAW,EAAE,IAAI,GAAG,MAAM;IAMnF,aAAa,CAAC,IAAI,EAAE,mBAAmB,CAAC,IAAI,EAAE,CAAC,GAAG,eAAe;IAejE,aAAa,CAAC,IAAI,EAAE,mBAAmB,CAAC,IAAI,EAAE,CAAC,GAAG,eAAe;IAKvE,UAAU,CAAC,IAAI,EAAE,mBAAmB,CAAC,IAAI,EAAE,CAAC,GAAG,eAAe;IAMrE;;;;OAIG;IACI,YAAY,CAAC,IAAI,EAAE,mBAAmB,CAAC,IAAI,EAAE,CAAC,GAAG,eAAe;IAOhE,UAAU,CAAC,IAAI,EAAE,mBAAmB,CAAC,IAAI,EAAE,CAAC,GAAG,eAAe,EAAE,KAAK,EAAE,MAAM;IAQ7E,UAAU,CAAC,IAAI,EAAE,mBAAmB,CAAC,IAAI,EAAE,CAAC,GAAG,eAAe,EAAE,KAAK,EAAE,MAAM;IAQ7E,SAAS,CAAC,IAAI,EAAE,mBAAmB,CAAC,IAAI,EAAE,CAAC,GAAG,eAAe,EAAE,IAAI,EAAE,MAAM;IAQlF;;;;;;;;;OASG;IACI,aAAa,CAAC,IAAI,EAAE,mBAAmB,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,GAAG,eAAe,EAAE,UAAU,EAAE,MAAM,GAAG,MAAM;CAa7G;AAED;;GAEG;AACH,oBAAY,oBAAoB;IAC9B,6BAA6B;IAC7B,kBAAkB,uBAAuB;IACzC,mBAAmB,wBAAwB;IAC3C,iBAAiB,sBAAsB;IACvC,eAAe,oBAAoB;IAEnC,wBAAwB;IAExB,WAAW,gBAAgB;IAC3B,UAAU,eAAe;IACzB,uBAAuB,4BAA4B;IAEnD,gBAAgB;IAEhB,cAAc,mBAAmB;IAEjC,qBAAqB;IAGrB,cAAc,mBAAmB;IAEjC,yBAAyB,8BAA8B;IAEvD,wBAAwB,6BAA6B;IAErD,oBAAoB,yBAAyB;IAE7C,2BAA2B,gCAAgC;CAC5D;AAED;;;;GAIG;AACH,qBAEa,QAAS,SAAQ,SAAS,CAAC,QAAQ,CAAC;IAC/C;;;;OAIG;IACH,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,CAAsB;IAEjD,SAAS,CAAC,GAAG,EAAE,aAAa,CAAC;IAE7B,gBAAuB,YAAY,EAAE,eAAe,CAAyB;gBAE1D,IAAI,CAAC,EAAE,OAAO,CAAC,IAAI,CAAC;IAUhC,EAAE,EAAG,MAAM,CAAC;IAEZ,IAAI,EAAG,MAAM,CAAC;IAEd,KAAK,EAAG,MAAM,CAAC;IAEtB;;OAEG;IACI,QAAQ,EAAG,MAAM,CAAC;IAEzB;;OAEG;IACI,KAAK,EAAG,MAAM,CAAC;IAEtB;;OAEG;IAEI,IAAI,EAAG,MAAM,EAAE,CAAC;IAEvB;;OAEG;IAEI,SAAS,EAAG,QAAQ,CAAC;IAE5B;;OAEG;IAEI,YAAY,EAAG,QAAQ,CAAC;IAE/B;;OAEG;IAEI,SAAS,EAAG,QAAQ,CAAC;IAGrB,WAAW,EAAG,QAAQ,CAAC;IAE9B;;;OAGG;IACI,QAAQ,EAAG,OAAO,CAAC;IAE1B;;;;;OAKG;IAII,QAAQ,EAAG,gBAAgB,CAAC,gBAAgB,EAAE,IAAI,CAAC,CAAC;IAE3D,IAAW,OAAO,IAAI,OAAO,CAE5B;IAED,IAAW,QAAQ,IAAI,OAAO,CAE7B;IAEM,sBAAsB,CAAC,OAAO,CAAC,EAAE,iBAAiB,GAAG,yBAAyB,CAAC,IAAI,CAAC;IAcpF,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,UAAU;IAO5D;;;;OAIG;IACI,UAAU,CAAC,QAAQ,EAAE,MAAM;IAIlC;;;;;OAKG;IACI,UAAU,CAAC,QAAQ,EAAE,MAAM;IAIlC;;;;;OAKG;IACI,YAAY,CAAC,QAAQ,EAAE,MAAM;IAIpC;;;;OAIG;IACI,YAAY,CAAC,QAAQ,EAAE,MAAM;IAIpC;;;;OAIG;IACI,YAAY,CAAC,QAAQ,EAAE,MAAM;IAIpC;;;;OAIG;IACI,YAAY,CAAC,QAAQ,EAAE,MAAM;IAIpC;;;;OAIG;IACI,YAAY,CAAC,QAAQ,EAAE,MAAM;IAIpC;;;;OAIG;IACI,YAAY,CAAC,QAAQ,EAAE,MAAM;WAItB,UAAU,CAAC,KAAK,EAAE,MAAM;WAMxB,UAAU,CAAC,KAAK,EAAE,MAAM;WAMxB,SAAS,CAAC,IAAI,EAAE,MAAM;IAMpC;;;;;OAKG;WACW,aAAa,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM;CAGxD;AAED;;GAEG;AACH,qBAEa,IAAK,SAAQ,QAAQ;CAEjC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"User.js","sourceRoot":"","sources":["../../../src/models/User.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAAA,iCAAiC;AACjC,sCAA8O;AAE9O,oCAAiC;AACjC,uDAAmE;AACnE,+BAAoC;AACpC,wCAAwM;AAExM,0DAA8C;AAE9C,MAAa,eAAe;IAE1B;;;;;;OAMG;IACI,QAAQ,CAAsD,KAAe;QAClF,MAAM,CAAC,GAAG,IAAA,iBAAU,EAAC,IAAA,YAAK,GAAE,EAAE,IAAA,iBAAU,GAAE,CAAC,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAC5D,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IACpC,CAAC;IAED;;;;;;;OAOG;IACI,aAAa,CAAsD,GAAW,EAAE,KAAU;QAC/F,MAAM,CAAC,GAAG,IAAA,iBAAU,EAAC,IAAA,UAAG,EAAC,IAAA,iBAAU,EAAC,IAAA,eAAQ,GAAE,CAAC,EAAE,IAAA,iBAAU,EAAC,IAAA,YAAK,GAAE,EAAE,IAAA,iBAAU,GAAE,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QACjG,MAAM,CAAC,GAAG,IAAA,iBAAU,EAAC,IAAA,eAAQ,GAAE,CAAC,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAEjD,OAAO,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE;YACjC,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YACrB,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QACzB,CAAC,CAAC,CAAC;IACL,CAAC;IAEM,SAAS,CAAsD,WAA0B;QAC9F,MAAM,CAAC,GAAG,IAAA,iBAAU,EAAC,IAAA,UAAG,EAAC,IAAA,iBAAU,EAAC,IAAA,eAAQ,GAAE,CAAC,EAAE,IAAA,iBAAU,EAAC,IAAA,YAAK,GAAE,EAAE,IAAA,iBAAU,GAAE,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;QAEjH,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,YAAY,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;IACxE,CAAC;IAEM,KAAK,CAAC,aAAa;QACxB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE;aACrC,UAAU,CACT,8BAAY,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC;YACzB,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,oBAAoB,CAAC,kBAAkB,CAAC,CAAC;YAC3D,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAC5B,IAAI,CAAC,KAAK,CAAC,IAAI,cAAQ,CAAC,cAAc,CAAC,CAAC,CAAC;QAC3C,CAAC,CAAC,CACH;aACA,WAAW,EAAE,CAAA;QAGhB,OAAO,MAAM,GAAG,CAAC,CAAC;IACpB,CAAC;IAEM,KAAK,CAAC,aAAa;QACxB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC,KAAK,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QAC/E,OAAO,MAAM,GAAG,CAAC,CAAC;IACpB,CAAC;IAEM,UAAU;QACf,OAAO,IAAI,CAAC,KAAK,CAAC;YAChB,SAAS,EAAE,IAAW;SACvB,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACI,YAAY;QACjB,OAAO,IAAI,CAAC,KAAK,CAAC;YAChB,QAAQ,EAAE,IAAI;YACd,SAAS,EAAE,IAAW;SACvB,CAAC,CAAC;IACL,CAAC;IAEM,UAAU,CAAsD,KAAa;QAClF,KAAK,GAAG,IAAA,iBAAU,EAAC,IAAA,YAAK,GAAE,EAAE,IAAA,iBAAU,GAAE,EAAE,IAAA,gBAAS,GAAE,CAAC,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAEvE,OAAO,IAAI,CAAC,KAAK,CAAC;YAChB,KAAK,EAAE,KAAK;SACb,CAAC,CAAC;IACL,CAAC;IAEM,UAAU,CAAsD,KAAa;QAClF,KAAK,GAAG,IAAA,iBAAU,EAAC,IAAA,YAAK,GAAE,EAAE,IAAA,iBAAU,GAAE,CAAC,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAE1D,OAAO,IAAI,CAAC,KAAK,CAAC;YAChB,KAAK,EAAE,KAAK;SACb,CAAC,CAAC;IACL,CAAC;IAEM,SAAS,CAAsD,IAAY;QAChF,IAAI,GAAG,IAAA,iBAAU,EAAC,IAAA,YAAK,GAAE,EAAE,IAAA,eAAQ,GAAE,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAErD,OAAO,IAAI,CAAC,KAAK,CAAC;YAChB,IAAI,EAAE,IAAI;SACX,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;OASG;IACI,aAAa,CAA6D,UAA2B;QAC1G,UAAU,GAAG,IAAA,iBAAU,EAAC,IAAA,UAAG,EAAC,IAAA,iBAAU,EAAC,IAAA,UAAG,EAAC,CAAC,CAAC,CAAC,EAAE,IAAA,cAAO,GAAE,EAAE,IAAA,iBAAU,EAAC,IAAA,YAAK,GAAE,EAAE,IAAA,iBAAU,GAAE,CAAC,CAAC,CAAC,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;QAEzH,OAAO,IAAI,CAAC,IAAI,CACd,OAAO,UAAU,KAAK,QAAQ,EAC9B;YACE,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAC/B,CAAC,EACD;YACE,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QAC3F,CAAC,CACF,CAAC;IACJ,CAAC;CACF;AA3HD,0CA2HC;AAED;;GAEG;AACH,IAAY,oBA6BX;AA7BD,WAAY,oBAAoB;IAC9B,6BAA6B;IAC7B,iEAAyC,CAAA;IACzC,mEAA2C,CAAA;IAC3C,+DAAuC,CAAA;IACvC,2DAAmC,CAAA;IAEnC,wBAAwB;IAExB,mDAA2B,CAAA;IAC3B,iDAAyB,CAAA;IACzB,2EAAmD,CAAA;IAEnD,gBAAgB;IAEhB,yDAAiC,CAAA;IAEjC,qBAAqB;IAErB,gCAAgC;IAChC,yDAAiC,CAAA;IACjC,+BAA+B;IAC/B,+EAAuD,CAAA;IACvD,+BAA+B;IAC/B,6EAAqD,CAAA;IACrD,uBAAuB;IACvB,qEAA6C,CAAA;IAC7C,2CAA2C;IAC3C,mFAA2D,CAAA;AAC7D,CAAC,EA7BW,oBAAoB,oCAApB,oBAAoB,QA6B/B;AAED;;;;GAIG;AAGI,IAAM,QAAQ,gBAAd,MAAM,QAAS,SAAQ,eAAmB;IAY/C,YAAmB,IAAoB;QACrC,KAAK,CAAC,IAAI,CAAC,CAAC;QAZd;;;;WAIG;QACO,YAAO,GAAa,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;QAS/C,IAAI,CAAC,IAAI,GAAG,IAAA,iBAAU,EAAC,IAAA,eAAQ,EAAC,IAAA,SAAM,GAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC9D,IAAI,CAAC,IAAI,GAAG,IAAA,iBAAU,EAAC,IAAA,eAAQ,EAAC,CAAC,IAAA,oBAAI,EAAC,kBAAkB,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAElF,IAAI,CAAC,GAAG,GAAG,OAAE,CAAC,GAAG,CAAC,eAAe,CAAE,CAAC;IACtC,CAAC;IA+DD,IAAW,OAAO;QAChB,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,CAAC;IACrE,CAAC;IAED,IAAW,QAAQ;QACjB,OAAO,IAAI,CAAC,QAAQ,CAAC,oBAAoB,CAAC,kBAAkB,CAAC,KAAK,IAAI,CAAC;IACzE,CAAC;IAEM,sBAAsB,CAAC,OAA2B;QAEvD,MAAM,IAAI,GAAG,KAAK,CAAC,sBAAsB,CAAC,OAAO,CAA+C,CAAA;QAEhG;;WAEG;QACH,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,kCAAgB,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAQ,CAAA;QACjG,CAAC;QAED,OAAO,IAAW,CAAC;IACrB,CAAC;IAEM,GAAG,CAAC,QAAgB,EAAE,UAAkB;QAC7C,QAAQ,GAAG,IAAA,iBAAU,EAAC,IAAA,YAAK,GAAE,EAAE,IAAA,iBAAU,GAAE,CAAC,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QACnE,UAAU,GAAG,IAAA,iBAAU,EAAC,IAAA,YAAK,GAAE,EAAE,IAAA,iBAAU,GAAE,CAAC,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;QAEzE,OAAQ,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAS,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,CAAC;IAChE,CAAC;IAED;;;;OAIG;IACI,UAAU,CAAC,QAAgB;QAChC,OAAO,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IACvC,CAAC;IAED;;;;;OAKG;IACI,UAAU,CAAC,QAAgB;QAChC,OAAO,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IACvC,CAAC;IAED;;;;;OAKG;IACI,YAAY,CAAC,QAAgB;QAClC,OAAO,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;IACzC,CAAC;IAED;;;;OAIG;IACI,YAAY,CAAC,QAAgB;QAClC,OAAO,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;IACzC,CAAC;IAED;;;;OAIG;IACI,YAAY,CAAC,QAAgB;QAClC,OAAO,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;IACzC,CAAC;IAED;;;;OAIG;IACI,YAAY,CAAC,QAAgB;QAClC,OAAO,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;IACzC,CAAC;IAED;;;;OAIG;IACI,YAAY,CAAC,QAAgB;QAClC,OAAO,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;IACzC,CAAC;IAED;;;;OAIG;IACI,YAAY,CAAC,QAAgB;QAClC,OAAO,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;IACzC,CAAC;IAEM,MAAM,CAAC,UAAU,CAAC,KAAa;QACpC,KAAK,GAAG,IAAA,iBAAU,EAAC,IAAA,YAAK,GAAE,EAAE,IAAA,iBAAU,GAAE,CAAC,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAE1D,OAAO,UAAQ,CAAC,KAAK,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,CAAC;IACpD,CAAC;IAEM,MAAM,CAAC,UAAU,CAAC,KAAa;QACpC,KAAK,GAAG,IAAA,iBAAU,EAAC,IAAA,YAAK,GAAE,EAAE,IAAA,iBAAU,GAAE,EAAE,IAAA,gBAAS,GAAE,CAAC,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAEvE,OAAO,UAAQ,CAAC,KAAK,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,CAAC;IACpD,CAAC;IAEM,MAAM,CAAC,SAAS,CAAC,IAAY;QAClC,IAAI,GAAG,IAAA,iBAAU,EAAC,IAAA,YAAK,GAAE,EAAE,IAAA,eAAQ,GAAE,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAErD,OAAO,UAAQ,CAAC,KAAK,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;IAClD,CAAC;IAED;;;;;OAKG;IACI,MAAM,CAAC,aAAa,CAAC,UAA2B;QACrD,OAAO,UAAQ,CAAC,KAAK,EAAE,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,KAAK,EAAE,CAAC;IAC5D,CAAC;;AAnNU,4BAAQ;AAUI,qBAAY,GAAoB,IAAI,eAAe,EAAE,AAAzC,CAA0C;AAYtE;IADN,IAAA,aAAO,GAAE;;
|
|
1
|
+
{"version":3,"file":"User.js","sourceRoot":"","sources":["../../../src/models/User.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAAA,iCAAiC;AACjC,sCAA8O;AAE9O,oCAAiC;AACjC,uDAAmE;AACnE,+BAAoC;AACpC,wCAAwM;AAExM,0DAA8C;AAE9C,MAAa,eAAe;IAE1B;;;;;;OAMG;IACI,QAAQ,CAAsD,KAAe;QAClF,MAAM,CAAC,GAAG,IAAA,iBAAU,EAAC,IAAA,YAAK,GAAE,EAAE,IAAA,iBAAU,GAAE,CAAC,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAC5D,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IACpC,CAAC;IAED;;;;;;;OAOG;IACI,aAAa,CAAsD,GAAW,EAAE,KAAU;QAC/F,MAAM,CAAC,GAAG,IAAA,iBAAU,EAAC,IAAA,UAAG,EAAC,IAAA,iBAAU,EAAC,IAAA,eAAQ,GAAE,CAAC,EAAE,IAAA,iBAAU,EAAC,IAAA,YAAK,GAAE,EAAE,IAAA,iBAAU,GAAE,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QACjG,MAAM,CAAC,GAAG,IAAA,iBAAU,EAAC,IAAA,eAAQ,GAAE,CAAC,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAEjD,OAAO,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE;YACjC,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YACrB,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QACzB,CAAC,CAAC,CAAC;IACL,CAAC;IAEM,SAAS,CAAsD,WAA0B;QAC9F,MAAM,CAAC,GAAG,IAAA,iBAAU,EAAC,IAAA,UAAG,EAAC,IAAA,iBAAU,EAAC,IAAA,eAAQ,GAAE,CAAC,EAAE,IAAA,iBAAU,EAAC,IAAA,YAAK,GAAE,EAAE,IAAA,iBAAU,GAAE,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;QAEjH,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,YAAY,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;IACxE,CAAC;IAEM,KAAK,CAAC,aAAa;QACxB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE;aACrC,UAAU,CACT,8BAAY,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC;YACzB,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,oBAAoB,CAAC,kBAAkB,CAAC,CAAC;YAC3D,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAC5B,IAAI,CAAC,KAAK,CAAC,IAAI,cAAQ,CAAC,cAAc,CAAC,CAAC,CAAC;QAC3C,CAAC,CAAC,CACH;aACA,WAAW,EAAE,CAAA;QAGhB,OAAO,MAAM,GAAG,CAAC,CAAC;IACpB,CAAC;IAEM,KAAK,CAAC,aAAa;QACxB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC,KAAK,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QAC/E,OAAO,MAAM,GAAG,CAAC,CAAC;IACpB,CAAC;IAEM,UAAU;QACf,OAAO,IAAI,CAAC,KAAK,CAAC;YAChB,SAAS,EAAE,IAAW;SACvB,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACI,YAAY;QACjB,OAAO,IAAI,CAAC,KAAK,CAAC;YAChB,QAAQ,EAAE,IAAI;YACd,SAAS,EAAE,IAAW;SACvB,CAAC,CAAC;IACL,CAAC;IAEM,UAAU,CAAsD,KAAa;QAClF,KAAK,GAAG,IAAA,iBAAU,EAAC,IAAA,YAAK,GAAE,EAAE,IAAA,iBAAU,GAAE,EAAE,IAAA,gBAAS,GAAE,CAAC,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAEvE,OAAO,IAAI,CAAC,KAAK,CAAC;YAChB,KAAK,EAAE,KAAK;SACb,CAAC,CAAC;IACL,CAAC;IAEM,UAAU,CAAsD,KAAa;QAClF,KAAK,GAAG,IAAA,iBAAU,EAAC,IAAA,YAAK,GAAE,EAAE,IAAA,iBAAU,GAAE,CAAC,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAE1D,OAAO,IAAI,CAAC,KAAK,CAAC;YAChB,KAAK,EAAE,KAAK;SACb,CAAC,CAAC;IACL,CAAC;IAEM,SAAS,CAAsD,IAAY;QAChF,IAAI,GAAG,IAAA,iBAAU,EAAC,IAAA,YAAK,GAAE,EAAE,IAAA,eAAQ,GAAE,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAErD,OAAO,IAAI,CAAC,KAAK,CAAC;YAChB,IAAI,EAAE,IAAI;SACX,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;OASG;IACI,aAAa,CAA6D,UAA2B;QAC1G,UAAU,GAAG,IAAA,iBAAU,EAAC,IAAA,UAAG,EAAC,IAAA,iBAAU,EAAC,IAAA,UAAG,EAAC,CAAC,CAAC,CAAC,EAAE,IAAA,cAAO,GAAE,EAAE,IAAA,iBAAU,EAAC,IAAA,YAAK,GAAE,EAAE,IAAA,iBAAU,GAAE,CAAC,CAAC,CAAC,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;QAEzH,OAAO,IAAI,CAAC,IAAI,CACd,OAAO,UAAU,KAAK,QAAQ,EAC9B;YACE,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAC/B,CAAC,EACD;YACE,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QAC3F,CAAC,CACF,CAAC;IACJ,CAAC;CACF;AA3HD,0CA2HC;AAED;;GAEG;AACH,IAAY,oBA6BX;AA7BD,WAAY,oBAAoB;IAC9B,6BAA6B;IAC7B,iEAAyC,CAAA;IACzC,mEAA2C,CAAA;IAC3C,+DAAuC,CAAA;IACvC,2DAAmC,CAAA;IAEnC,wBAAwB;IAExB,mDAA2B,CAAA;IAC3B,iDAAyB,CAAA;IACzB,2EAAmD,CAAA;IAEnD,gBAAgB;IAEhB,yDAAiC,CAAA;IAEjC,qBAAqB;IAErB,gCAAgC;IAChC,yDAAiC,CAAA;IACjC,+BAA+B;IAC/B,+EAAuD,CAAA;IACvD,+BAA+B;IAC/B,6EAAqD,CAAA;IACrD,uBAAuB;IACvB,qEAA6C,CAAA;IAC7C,2CAA2C;IAC3C,mFAA2D,CAAA;AAC7D,CAAC,EA7BW,oBAAoB,oCAApB,oBAAoB,QA6B/B;AAED;;;;GAIG;AAGI,IAAM,QAAQ,gBAAd,MAAM,QAAS,SAAQ,eAAmB;IAY/C,YAAmB,IAAoB;QACrC,KAAK,CAAC,IAAI,CAAC,CAAC;QAZd;;;;WAIG;QACO,YAAO,GAAa,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;QAS/C,IAAI,CAAC,IAAI,GAAG,IAAA,iBAAU,EAAC,IAAA,eAAQ,EAAC,IAAA,SAAM,GAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC9D,IAAI,CAAC,IAAI,GAAG,IAAA,iBAAU,EAAC,IAAA,eAAQ,EAAC,CAAC,IAAA,oBAAI,EAAC,kBAAkB,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAElF,IAAI,CAAC,GAAG,GAAG,OAAE,CAAC,GAAG,CAAC,eAAe,CAAE,CAAC;IACtC,CAAC;IA+DD,IAAW,OAAO;QAChB,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,CAAC;IACrE,CAAC;IAED,IAAW,QAAQ;QACjB,OAAO,IAAI,CAAC,QAAQ,CAAC,oBAAoB,CAAC,kBAAkB,CAAC,KAAK,IAAI,CAAC;IACzE,CAAC;IAEM,sBAAsB,CAAC,OAA2B;QAEvD,MAAM,IAAI,GAAG,KAAK,CAAC,sBAAsB,CAAC,OAAO,CAA+C,CAAA;QAEhG;;WAEG;QACH,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,kCAAgB,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAQ,CAAA;QACjG,CAAC;QAED,OAAO,IAAW,CAAC;IACrB,CAAC;IAEM,GAAG,CAAC,QAAgB,EAAE,UAAkB;QAC7C,QAAQ,GAAG,IAAA,iBAAU,EAAC,IAAA,YAAK,GAAE,EAAE,IAAA,iBAAU,GAAE,CAAC,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QACnE,UAAU,GAAG,IAAA,iBAAU,EAAC,IAAA,YAAK,GAAE,EAAE,IAAA,iBAAU,GAAE,CAAC,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;QAEzE,OAAQ,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAS,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,CAAC;IAChE,CAAC;IAED;;;;OAIG;IACI,UAAU,CAAC,QAAgB;QAChC,OAAO,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IACvC,CAAC;IAED;;;;;OAKG;IACI,UAAU,CAAC,QAAgB;QAChC,OAAO,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IACvC,CAAC;IAED;;;;;OAKG;IACI,YAAY,CAAC,QAAgB;QAClC,OAAO,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;IACzC,CAAC;IAED;;;;OAIG;IACI,YAAY,CAAC,QAAgB;QAClC,OAAO,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;IACzC,CAAC;IAED;;;;OAIG;IACI,YAAY,CAAC,QAAgB;QAClC,OAAO,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;IACzC,CAAC;IAED;;;;OAIG;IACI,YAAY,CAAC,QAAgB;QAClC,OAAO,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;IACzC,CAAC;IAED;;;;OAIG;IACI,YAAY,CAAC,QAAgB;QAClC,OAAO,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;IACzC,CAAC;IAED;;;;OAIG;IACI,YAAY,CAAC,QAAgB;QAClC,OAAO,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;IACzC,CAAC;IAEM,MAAM,CAAC,UAAU,CAAC,KAAa;QACpC,KAAK,GAAG,IAAA,iBAAU,EAAC,IAAA,YAAK,GAAE,EAAE,IAAA,iBAAU,GAAE,CAAC,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAE1D,OAAO,UAAQ,CAAC,KAAK,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,CAAC;IACpD,CAAC;IAEM,MAAM,CAAC,UAAU,CAAC,KAAa;QACpC,KAAK,GAAG,IAAA,iBAAU,EAAC,IAAA,YAAK,GAAE,EAAE,IAAA,iBAAU,GAAE,EAAE,IAAA,gBAAS,GAAE,CAAC,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAEvE,OAAO,UAAQ,CAAC,KAAK,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,CAAC;IACpD,CAAC;IAEM,MAAM,CAAC,SAAS,CAAC,IAAY;QAClC,IAAI,GAAG,IAAA,iBAAU,EAAC,IAAA,YAAK,GAAE,EAAE,IAAA,eAAQ,GAAE,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAErD,OAAO,UAAQ,CAAC,KAAK,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;IAClD,CAAC;IAED;;;;;OAKG;IACI,MAAM,CAAC,aAAa,CAAC,UAA2B;QACrD,OAAO,UAAQ,CAAC,KAAK,EAAE,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,KAAK,EAAE,CAAC;IAC5D,CAAC;;AAnNU,4BAAQ;AAUI,qBAAY,GAAoB,IAAI,eAAe,EAAE,AAAzC,CAA0C;AAYtE;IADN,IAAA,aAAO,GAAE;;oCACS;AAoBZ;IADN,IAAA,SAAG,GAAE;;sCACiB;AAMhB;IADN,IAAA,eAAS,GAAE;8BACO,gBAAQ;2CAAC;AAMrB;IADN,IAAA,cAAE,GAAE;8BACiB,gBAAQ;8CAAC;AAMxB;IADN,IAAA,gBAAU,GAAE;8BACM,gBAAQ;2CAAC;AAGrB;IADN,IAAA,cAAE,GAAE;8BACgB,gBAAQ;6CAAC;AAiBvB;IAHN,IAAA,aAAO,EAAC,kCAAgB,EAAE;QACzB,UAAU,EAAE,SAAS;KACtB,CAAC;8BACgB,sBAAgB;0CAAyB;mBAhFhD,QAAQ;IAFpB,IAAA,gBAAU,EAAC,SAAS,CAAC;IACrB,IAAA,WAAK,EAAC,OAAO,CAAC;;GACF,QAAQ,CAoNpB;AAED;;GAEG;AAGI,IAAM,IAAI,GAAV,MAAM,IAAK,SAAQ,QAAQ;CAEjC,CAAA;AAFY,oBAAI;eAAJ,IAAI;IAFhB,IAAA,gBAAU,EAAC,SAAS,CAAC;IACrB,IAAA,WAAK,EAAC,OAAO,CAAC;GACF,IAAI,CAEhB"}
|
package/lib/mjs/config/rbac.d.ts
CHANGED
|
@@ -42,6 +42,12 @@ declare const rbac: {
|
|
|
42
42
|
UserRoleRevoked: {
|
|
43
43
|
connection: string;
|
|
44
44
|
};
|
|
45
|
+
UserImpersonationStarted: {
|
|
46
|
+
connection: string;
|
|
47
|
+
};
|
|
48
|
+
UserImpersonationEnded: {
|
|
49
|
+
connection: string;
|
|
50
|
+
};
|
|
45
51
|
};
|
|
46
52
|
connections: {
|
|
47
53
|
name: string;
|
|
@@ -110,6 +116,11 @@ declare const rbac: {
|
|
|
110
116
|
Description: string;
|
|
111
117
|
}[];
|
|
112
118
|
grants: {
|
|
119
|
+
guest: {
|
|
120
|
+
UserBase: {
|
|
121
|
+
'read:own': string[];
|
|
122
|
+
};
|
|
123
|
+
};
|
|
113
124
|
system: {
|
|
114
125
|
$extend: string[];
|
|
115
126
|
};
|
|
@@ -195,6 +206,35 @@ declare const rbac: {
|
|
|
195
206
|
* Column name in database where role is stored, by default is "Role", but if your user table has different column name, you can change it here
|
|
196
207
|
*/
|
|
197
208
|
roleColumn: string;
|
|
209
|
+
/**
|
|
210
|
+
* Role switching behavior. Users with multiple roles can switch the
|
|
211
|
+
* currently active role via /auth/active-role.
|
|
212
|
+
*/
|
|
213
|
+
roleSwitch: {
|
|
214
|
+
/**
|
|
215
|
+
* Roles whose activation requires the user to re-enter their password.
|
|
216
|
+
* Use to gate privileged role switches (e.g. 'admin', 'system').
|
|
217
|
+
*/
|
|
218
|
+
requirePassword: string[];
|
|
219
|
+
};
|
|
220
|
+
/**
|
|
221
|
+
* Impersonation lets a privileged user (createAny on virtual resource
|
|
222
|
+
* 'user:impersonate') act as another user for the rest of the session.
|
|
223
|
+
* Example admin grant:
|
|
224
|
+
* admin: { 'user:impersonate': { 'create:any': ['*'] } }
|
|
225
|
+
*/
|
|
226
|
+
impersonation: {
|
|
227
|
+
/**
|
|
228
|
+
* When true, starting impersonation requires the impersonator to
|
|
229
|
+
* re-enter their password as a confirmation step.
|
|
230
|
+
*/
|
|
231
|
+
requirePassword: boolean;
|
|
232
|
+
/**
|
|
233
|
+
* Targets whose role list intersects this set cannot be impersonated.
|
|
234
|
+
* 'system' is reserved for internal automation and is blocked by default.
|
|
235
|
+
*/
|
|
236
|
+
protectedRoles: string[];
|
|
237
|
+
};
|
|
198
238
|
};
|
|
199
239
|
};
|
|
200
240
|
export default rbac;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rbac.d.ts","sourceRoot":"","sources":["../../../src/config/rbac.ts"],"names":[],"mappings":"AAcA,QAAA,MAAM,IAAI
|
|
1
|
+
{"version":3,"file":"rbac.d.ts","sourceRoot":"","sources":["../../../src/config/rbac.ts"],"names":[],"mappings":"AAcA,QAAA,MAAM,IAAI;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;YA2LJ;;eAEG;;;;;YASH;;eAEG;;;;;;;;;;QAcL;;WAEG;;QAEH;;;;;eAKO;;;8BAGiB,KAAK,CAAC,QAAQ,CAAC;6BAChB,KAAK,CAAC,QAAQ,CAAC;;;QAMtC;;WAEG;;QAGH;;;WAGG;;YAED;;;eAGG;6BACoB,MAAM,EAAE;;QAGjC;;;;;WAKG;;YAED;;;eAGG;;YAGH;;;eAGG;4BAC2B,MAAM,EAAE;;;CAG3C,CAAC;AAEF,eAAe,IAAI,CAAC"}
|
package/lib/mjs/config/rbac.js
CHANGED
|
@@ -27,6 +27,8 @@ const rbac = {
|
|
|
27
27
|
UserPasswordChangeRequest: { connection: 'rbac-user-empty-queue' },
|
|
28
28
|
UserRoleGranted: { connection: 'rbac-user-empty-queue' },
|
|
29
29
|
UserRoleRevoked: { connection: 'rbac-user-empty-queue' },
|
|
30
|
+
UserImpersonationStarted: { connection: 'rbac-user-empty-queue' },
|
|
31
|
+
UserImpersonationEnded: { connection: 'rbac-user-empty-queue' },
|
|
30
32
|
},
|
|
31
33
|
// by default all events from rbac module are routed to rbac-user-empty-queue
|
|
32
34
|
// and is using empty sink ( no events are sent )
|
|
@@ -110,6 +112,11 @@ const rbac = {
|
|
|
110
112
|
},
|
|
111
113
|
],
|
|
112
114
|
grants: {
|
|
115
|
+
guest: {
|
|
116
|
+
'UserBase': {
|
|
117
|
+
'read:own': ['*'],
|
|
118
|
+
}
|
|
119
|
+
},
|
|
113
120
|
// system user can do anything that admin can and more
|
|
114
121
|
system: {
|
|
115
122
|
$extend: ['admin'],
|
|
@@ -208,6 +215,35 @@ const rbac = {
|
|
|
208
215
|
* Column name in database where role is stored, by default is "Role", but if your user table has different column name, you can change it here
|
|
209
216
|
*/
|
|
210
217
|
roleColumn: 'Role',
|
|
218
|
+
/**
|
|
219
|
+
* Role switching behavior. Users with multiple roles can switch the
|
|
220
|
+
* currently active role via /auth/active-role.
|
|
221
|
+
*/
|
|
222
|
+
roleSwitch: {
|
|
223
|
+
/**
|
|
224
|
+
* Roles whose activation requires the user to re-enter their password.
|
|
225
|
+
* Use to gate privileged role switches (e.g. 'admin', 'system').
|
|
226
|
+
*/
|
|
227
|
+
requirePassword: [],
|
|
228
|
+
},
|
|
229
|
+
/**
|
|
230
|
+
* Impersonation lets a privileged user (createAny on virtual resource
|
|
231
|
+
* 'user:impersonate') act as another user for the rest of the session.
|
|
232
|
+
* Example admin grant:
|
|
233
|
+
* admin: { 'user:impersonate': { 'create:any': ['*'] } }
|
|
234
|
+
*/
|
|
235
|
+
impersonation: {
|
|
236
|
+
/**
|
|
237
|
+
* When true, starting impersonation requires the impersonator to
|
|
238
|
+
* re-enter their password as a confirmation step.
|
|
239
|
+
*/
|
|
240
|
+
requirePassword: true,
|
|
241
|
+
/**
|
|
242
|
+
* Targets whose role list intersects this set cannot be impersonated.
|
|
243
|
+
* 'system' is reserved for internal automation and is blocked by default.
|
|
244
|
+
*/
|
|
245
|
+
protectedRoles: ['system'],
|
|
246
|
+
},
|
|
211
247
|
},
|
|
212
248
|
};
|
|
213
249
|
export default rbac;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rbac.js","sourceRoot":"","sources":["../../../src/config/rbac.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAEhD,SAAS,GAAG,CAAC,IAAY;IACvB,MAAM,UAAU,GAAG,OAAO,MAAM,KAAK,WAAW,CAAC;IACjD,OAAO;QACL,OAAO,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,OAAO,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC;QAEvJ,4CAA4C;QAC5C,OAAO,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,OAAO,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC;KAC/J,CAAC;AACJ,CAAC;AAID,MAAM,IAAI,GAAG;IACX,MAAM,EAAE;QACN,IAAI,EAAE;YACJ,GAAG,EAAE,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC;SACrB;KACF;IACD,KAAK,EAAE;QACL,OAAO,EAAE;YACP,OAAO,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YAChD,aAAa,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YACtD,UAAU,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YACnD,eAAe,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YACxD,WAAW,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YACpD,UAAU,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YACnD,mBAAmB,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YAC5D,YAAY,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YACrD,mBAAmB,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YAC5D,yBAAyB,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YAClE,eAAe,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YACxD,eAAe,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;
|
|
1
|
+
{"version":3,"file":"rbac.js","sourceRoot":"","sources":["../../../src/config/rbac.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAEhD,SAAS,GAAG,CAAC,IAAY;IACvB,MAAM,UAAU,GAAG,OAAO,MAAM,KAAK,WAAW,CAAC;IACjD,OAAO;QACL,OAAO,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,OAAO,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC;QAEvJ,4CAA4C;QAC5C,OAAO,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,OAAO,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC;KAC/J,CAAC;AACJ,CAAC;AAID,MAAM,IAAI,GAAG;IACX,MAAM,EAAE;QACN,IAAI,EAAE;YACJ,GAAG,EAAE,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC;SACrB;KACF;IACD,KAAK,EAAE;QACL,OAAO,EAAE;YACP,OAAO,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YAChD,aAAa,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YACtD,UAAU,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YACnD,eAAe,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YACxD,WAAW,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YACpD,UAAU,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YACnD,mBAAmB,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YAC5D,YAAY,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YACrD,mBAAmB,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YAC5D,yBAAyB,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YAClE,eAAe,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YACxD,eAAe,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YACxD,wBAAwB,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;YACjE,sBAAsB,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE;SAChE;QAED,6EAA6E;QAC7E,iDAAiD;QACjD,WAAW,EAAE;YACX;gBACE,IAAI,EAAE,uBAAuB;gBAC7B,OAAO,EAAE,sBAAsB;gBAC/B,mBAAmB,EAAE,WAAW;gBAChC,mBAAmB,EAAE,aAAa;aACnC;SACF;KACF;IACD,IAAI,EAAE;QACJ,kBAAkB,EAAE,KAAK;QAEzB,KAAK,EAAE;YACL,UAAU,EAAE,uBAAuB;YAEnC,cAAc,EAAE;gBACd,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,qCAAqC;gBAC/C,OAAO,EAAE,yBAAyB;aACnC;YAED,2DAA2D;YAC3D,OAAO,EAAE;gBACP,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,oCAAoC;gBAC9C,OAAO,EAAE,2BAA2B;aACrC;YAED,MAAM,EAAE;gBACN,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,kCAAkC;gBAC5C,OAAO,EAAE,gBAAgB;aAC1B;YAED,QAAQ,EAAE;gBACR,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,oCAAoC;gBAC9C,OAAO,EAAE,kBAAkB;aAC5B;YAED,OAAO,EAAE;gBACP,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,mCAAmC;gBAC7C,OAAO,EAAE,iBAAiB;aAC3B;YAED,WAAW,EAAE;gBACX,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,uCAAuC;gBACjD,OAAO,EAAE,qBAAqB;aAC/B;YAED,eAAe,EAAE;gBACf,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,sCAAsC;gBAChD,OAAO,EAAE,kBAAkB;aAC5B;YAED,kBAAkB,EAAE;gBAClB,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,sCAAsC;gBAChD,OAAO,EAAE,gCAAgC;aAC1C;YAED,SAAS,EAAE;gBACT,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,qCAAqC;gBAC/C,OAAO,EAAE,mBAAmB;aAC7B;YAED,gDAAgD;YAChD,wCAAwC;YACxC,yDAAyD;YACzD,OAAO,EAAE;gBACP,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,wCAAwC;gBAClD,OAAO,EAAE,iBAAiB;aAC3B;SACF;QACD,gDAAgD;QAChD,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,OAAO;gBACb,WAAW,EAAE,eAAe;aAC7B;YACD;gBACE,IAAI,EAAE,MAAM;gBACZ,WAAW,EAAE,sCAAsC;aACpD;SACF;QACD,MAAM,EAAE;YACN,KAAK,EAAE;gBACL,UAAU,EAAC;oBACT,UAAU,EAAE,CAAC,GAAG,CAAC;iBAClB;aACF;YAED,sDAAsD;YACtD,MAAM,EAAE;gBACN,OAAO,EAAE,CAAC,OAAO,CAAC;aACnB;YAED,aAAa,EAAE;gBACb,KAAK,EAAE;oBACL,YAAY,EAAE,CAAC,GAAG,CAAC;oBACnB,UAAU,EAAE,CAAC,GAAG,CAAC;oBACjB,YAAY,EAAE,CAAC,GAAG,CAAC;oBACnB,YAAY,EAAE,CAAC,GAAG,CAAC;iBACpB;gBACD,eAAe,EAAE;oBACf,YAAY,EAAE,CAAC,GAAG,CAAC;oBACnB,UAAU,EAAE,CAAC,GAAG,CAAC;oBACjB,YAAY,EAAE,CAAC,GAAG,CAAC;oBACnB,YAAY,EAAE,CAAC,GAAG,CAAC;iBACpB;aACF;YACD,IAAI,EAAE;gBACJ,MAAM,EAAE;oBACN,UAAU,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;oBAC9B,YAAY,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC;iBAC7C;gBACD,eAAe,EAAE;oBACf,YAAY,EAAE,CAAC,GAAG,CAAC;oBACnB,UAAU,EAAE,CAAC,GAAG,CAAC;oBACjB,YAAY,EAAE,CAAC,GAAG,CAAC;oBACnB,YAAY,EAAE,CAAC,GAAG,CAAC;iBACpB;aACF;YACD,KAAK,EAAE;gBACL,OAAO,EAAE,CAAC,aAAa,CAAC;aACzB;SACF;QACD,WAAW,EAAE,OAAO;QACpB,IAAI,EAAE;YACJ,OAAO,EAAE,sBAAsB;SAChC;QACD,QAAQ,EAAE;YACR,OAAO,EAAE,uBAAuB;YAEhC,UAAU,EAAE;gBACV,OAAO,EAAE,iCAAiC;gBAC1C,IAAI,EAAE;oBACJ,mCAAmC;oBACnC,iCAAiC;oBAEjC,+DAA+D;oBAC/D,OAAO,EAAE,kBAAkB;oBAE3B,uFAAuF;oBACvF,6EAA6E;oBAE7E,+FAA+F;oBAC/F,6DAA6D;oBAE7D,+FAA+F;oBAC/F,mFAAmF;oBAEnF,IAAI,EAAE,QAAQ;iBACf;aACF;YAED;;eAEG;YAEH,UAAU,EAAE;gBACV,OAAO,EAAE,IAAI;gBAEb,aAAa;gBACb,sBAAsB,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE;aAC1C;YAED;;eAEG;YACH,qBAAqB,EAAE,EAAE,GAAG,EAAE;SAC/B;QACD,IAAI,EAAE;YACJ,OAAO,EAAE,sBAAsB;SAChC;QACD,OAAO,EAAE;YACP,OAAO,EAAE,oBAAoB;YAE7B,8BAA8B;YAC9B,kBAAkB;YAClB,UAAU,EAAE,GAAG;SAChB;QAED;;WAEG;QACH,UAAU,EAAE,QAAQ;QACpB;;;;;eAKO;QACP,OAAO,EAAE;YACP,MAAM,EAAE;gBACN,YAAY,EAAE,EAAqB;gBACnC,WAAW,EAAE,EAAqB;aACnC;SACF;QAID;;WAEG;QACH,UAAU,EAAE,MAAM;QAElB;;;WAGG;QACH,UAAU,EAAE;YACV;;;eAGG;YACH,eAAe,EAAE,EAAc;SAChC;QAED;;;;;WAKG;QACH,aAAa,EAAE;YACb;;;eAGG;YACH,eAAe,EAAE,IAAI;YAErB;;;eAGG;YACH,cAAc,EAAE,CAAC,QAAQ,CAAa;SACvC;KACF;CACF,CAAC;AAEF,eAAe,IAAI,CAAC"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import { UserEvent } from './UserEvent.js';
|
|
2
|
+
import { User } from '../models/User.js';
|
|
3
|
+
/**
|
|
4
|
+
* Emitted when an active impersonation ends (explicit stop, logout while
|
|
5
|
+
* impersonating, or session expiry handling). UserUUID is the impersonator
|
|
6
|
+
* who initiated the impersonation; TargetUUID is whoever they were acting as.
|
|
7
|
+
*/
|
|
8
|
+
export declare class UserImpersonationEnded extends UserEvent {
|
|
9
|
+
TargetUUID: string;
|
|
10
|
+
constructor(original: User, target: User);
|
|
11
|
+
}
|
|
12
|
+
//# sourceMappingURL=UserImpersonationEnded.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"UserImpersonationEnded.d.ts","sourceRoot":"","sources":["../../../src/events/UserImpersonationEnded.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAC;AAEzC;;;;GAIG;AACH,qBACa,sBAAuB,SAAQ,SAAS;IAC5C,UAAU,EAAE,MAAM,CAAC;gBAEd,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI;CAIzC"}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
2
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
3
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
4
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
5
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
6
|
+
};
|
|
7
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
8
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
9
|
+
};
|
|
10
|
+
import { Event } from '@spinajs/queue';
|
|
11
|
+
import { UserEvent } from './UserEvent.js';
|
|
12
|
+
import { User } from '../models/User.js';
|
|
13
|
+
/**
|
|
14
|
+
* Emitted when an active impersonation ends (explicit stop, logout while
|
|
15
|
+
* impersonating, or session expiry handling). UserUUID is the impersonator
|
|
16
|
+
* who initiated the impersonation; TargetUUID is whoever they were acting as.
|
|
17
|
+
*/
|
|
18
|
+
let UserImpersonationEnded = class UserImpersonationEnded extends UserEvent {
|
|
19
|
+
constructor(original, target) {
|
|
20
|
+
super(original);
|
|
21
|
+
this.TargetUUID = target.Uuid;
|
|
22
|
+
}
|
|
23
|
+
};
|
|
24
|
+
UserImpersonationEnded = __decorate([
|
|
25
|
+
Event(),
|
|
26
|
+
__metadata("design:paramtypes", [User, User])
|
|
27
|
+
], UserImpersonationEnded);
|
|
28
|
+
export { UserImpersonationEnded };
|
|
29
|
+
//# sourceMappingURL=UserImpersonationEnded.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"UserImpersonationEnded.js","sourceRoot":"","sources":["../../../src/events/UserImpersonationEnded.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,gBAAgB,CAAC;AACvC,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAC;AAEzC;;;;GAIG;AAEI,IAAM,sBAAsB,GAA5B,MAAM,sBAAuB,SAAQ,SAAS;IAGnD,YAAY,QAAc,EAAE,MAAY;QACtC,KAAK,CAAC,QAAQ,CAAC,CAAC;QAChB,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC;IAChC,CAAC;CACF,CAAA;AAPY,sBAAsB;IADlC,KAAK,EAAE;qCAIgB,IAAI,EAAU,IAAI;GAH7B,sBAAsB,CAOlC"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import { UserEvent } from './UserEvent.js';
|
|
2
|
+
import { User } from '../models/User.js';
|
|
3
|
+
/**
|
|
4
|
+
* Emitted when `original` starts impersonating `target`. UserUUID (from the
|
|
5
|
+
* base class) holds the impersonator's UUID — the actor who triggered the
|
|
6
|
+
* event — and TargetUUID holds whoever they impersonated.
|
|
7
|
+
*/
|
|
8
|
+
export declare class UserImpersonationStarted extends UserEvent {
|
|
9
|
+
TargetUUID: string;
|
|
10
|
+
constructor(original: User, target: User);
|
|
11
|
+
}
|
|
12
|
+
//# sourceMappingURL=UserImpersonationStarted.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"UserImpersonationStarted.d.ts","sourceRoot":"","sources":["../../../src/events/UserImpersonationStarted.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAC;AAEzC;;;;GAIG;AACH,qBACa,wBAAyB,SAAQ,SAAS;IAC9C,UAAU,EAAE,MAAM,CAAC;gBAEd,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI;CAIzC"}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
2
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
3
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
4
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
5
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
6
|
+
};
|
|
7
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
8
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
9
|
+
};
|
|
10
|
+
import { Event } from '@spinajs/queue';
|
|
11
|
+
import { UserEvent } from './UserEvent.js';
|
|
12
|
+
import { User } from '../models/User.js';
|
|
13
|
+
/**
|
|
14
|
+
* Emitted when `original` starts impersonating `target`. UserUUID (from the
|
|
15
|
+
* base class) holds the impersonator's UUID — the actor who triggered the
|
|
16
|
+
* event — and TargetUUID holds whoever they impersonated.
|
|
17
|
+
*/
|
|
18
|
+
let UserImpersonationStarted = class UserImpersonationStarted extends UserEvent {
|
|
19
|
+
constructor(original, target) {
|
|
20
|
+
super(original);
|
|
21
|
+
this.TargetUUID = target.Uuid;
|
|
22
|
+
}
|
|
23
|
+
};
|
|
24
|
+
UserImpersonationStarted = __decorate([
|
|
25
|
+
Event(),
|
|
26
|
+
__metadata("design:paramtypes", [User, User])
|
|
27
|
+
], UserImpersonationStarted);
|
|
28
|
+
export { UserImpersonationStarted };
|
|
29
|
+
//# sourceMappingURL=UserImpersonationStarted.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"UserImpersonationStarted.js","sourceRoot":"","sources":["../../../src/events/UserImpersonationStarted.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,gBAAgB,CAAC;AACvC,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAC;AAEzC;;;;GAIG;AAEI,IAAM,wBAAwB,GAA9B,MAAM,wBAAyB,SAAQ,SAAS;IAGrD,YAAY,QAAc,EAAE,MAAY;QACtC,KAAK,CAAC,QAAQ,CAAC,CAAC;QAChB,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC;IAChC,CAAC;CACF,CAAA;AAPY,wBAAwB;IADpC,KAAK,EAAE;qCAIgB,IAAI,EAAU,IAAI;GAH7B,wBAAwB,CAOpC"}
|
|
@@ -12,4 +12,6 @@ export * from './UserPasswordChangeRequest.js';
|
|
|
12
12
|
export * from './UserLogged.js';
|
|
13
13
|
export * from "./UserEvent.js";
|
|
14
14
|
export * from "./UserLoginFailed.js";
|
|
15
|
+
export * from "./UserImpersonationStarted.js";
|
|
16
|
+
export * from "./UserImpersonationEnded.js";
|
|
15
17
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/events/index.ts"],"names":[],"mappings":"AAAA,cAAc,kBAAkB,CAAC;AACjC,cAAc,oBAAoB,CAAC;AACnC,cAAc,iBAAiB,CAAC;AAChC,cAAc,sBAAsB,CAAC;AACrC,cAAc,kBAAkB,CAAC;AACjC,cAAc,0BAA0B,CAAC;AACzC,cAAc,0BAA0B,CAAC;AACzC,cAAc,sBAAsB,CAAC;AACrC,cAAc,sBAAsB,CAAC;AACrC,cAAc,mBAAmB,CAAC;AAClC,cAAc,gCAAgC,CAAC;AAC/C,cAAc,iBAAiB,CAAC;AAChC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,sBAAsB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/events/index.ts"],"names":[],"mappings":"AAAA,cAAc,kBAAkB,CAAC;AACjC,cAAc,oBAAoB,CAAC;AACnC,cAAc,iBAAiB,CAAC;AAChC,cAAc,sBAAsB,CAAC;AACrC,cAAc,kBAAkB,CAAC;AACjC,cAAc,0BAA0B,CAAC;AACzC,cAAc,0BAA0B,CAAC;AACzC,cAAc,sBAAsB,CAAC;AACrC,cAAc,sBAAsB,CAAC;AACrC,cAAc,mBAAmB,CAAC;AAClC,cAAc,gCAAgC,CAAC;AAC/C,cAAc,iBAAiB,CAAC;AAChC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,sBAAsB,CAAC;AACrC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,6BAA6B,CAAC"}
|
package/lib/mjs/events/index.js
CHANGED
|
@@ -12,4 +12,6 @@ export * from './UserPasswordChangeRequest.js';
|
|
|
12
12
|
export * from './UserLogged.js';
|
|
13
13
|
export * from "./UserEvent.js";
|
|
14
14
|
export * from "./UserLoginFailed.js";
|
|
15
|
+
export * from "./UserImpersonationStarted.js";
|
|
16
|
+
export * from "./UserImpersonationEnded.js";
|
|
15
17
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/events/index.ts"],"names":[],"mappings":"AAAA,cAAc,kBAAkB,CAAC;AACjC,cAAc,oBAAoB,CAAC;AACnC,cAAc,iBAAiB,CAAC;AAChC,cAAc,sBAAsB,CAAC;AACrC,cAAc,kBAAkB,CAAC;AACjC,cAAc,0BAA0B,CAAC;AACzC,cAAc,0BAA0B,CAAC;AACzC,cAAc,sBAAsB,CAAC;AACrC,cAAc,sBAAsB,CAAC;AACrC,cAAc,mBAAmB,CAAC;AAClC,cAAc,gCAAgC,CAAC;AAC/C,cAAc,iBAAiB,CAAC;AAChC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,sBAAsB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/events/index.ts"],"names":[],"mappings":"AAAA,cAAc,kBAAkB,CAAC;AACjC,cAAc,oBAAoB,CAAC;AACnC,cAAc,iBAAiB,CAAC;AAChC,cAAc,sBAAsB,CAAC;AACrC,cAAc,kBAAkB,CAAC;AACjC,cAAc,0BAA0B,CAAC;AACzC,cAAc,0BAA0B,CAAC;AACzC,cAAc,sBAAsB,CAAC;AACrC,cAAc,sBAAsB,CAAC;AACrC,cAAc,mBAAmB,CAAC;AAClC,cAAc,gCAAgC,CAAC;AAC/C,cAAc,iBAAiB,CAAC;AAChC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,sBAAsB,CAAC;AACrC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,6BAA6B,CAAC"}
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
import { AccessControl } from 'accesscontrol';
|
|
2
|
+
export type ImpersonationDenialReason = 'PROTECTED_ROLE' | 'PRIVILEGE_ESCALATION' | 'SELF_TARGET';
|
|
3
|
+
export interface IImpersonationCheckOptions {
|
|
4
|
+
/** Roles of the user who wants to impersonate */
|
|
5
|
+
originalRoles: string[];
|
|
6
|
+
/** Roles of the target user */
|
|
7
|
+
targetRoles: string[];
|
|
8
|
+
/** Roles that may never be impersonated (default: ['system']) */
|
|
9
|
+
protectedRoles: string[];
|
|
10
|
+
/** AccessControl instance — used to compare effective grants */
|
|
11
|
+
ac: AccessControl;
|
|
12
|
+
}
|
|
13
|
+
export interface IImpersonationCheckResult {
|
|
14
|
+
allowed: boolean;
|
|
15
|
+
reason?: ImpersonationDenialReason;
|
|
16
|
+
detail?: string;
|
|
17
|
+
}
|
|
18
|
+
/**
|
|
19
|
+
* Decides whether `originalRoles` may impersonate a user with `targetRoles`.
|
|
20
|
+
*
|
|
21
|
+
* Rules:
|
|
22
|
+
* 1. If target has any role in `protectedRoles` → denied (PROTECTED_ROLE).
|
|
23
|
+
* 2. If target has any effective grant the original does NOT have, that's an
|
|
24
|
+
* escalation and impersonation is denied (PRIVILEGE_ESCALATION). This
|
|
25
|
+
* blocks equal-or-higher targets — admin cannot impersonate admin, user
|
|
26
|
+
* cannot impersonate admin, but admin can impersonate user.
|
|
27
|
+
*
|
|
28
|
+
* The grant comparison walks accesscontrol's resolved grants, so $extend is
|
|
29
|
+
* honored transitively.
|
|
30
|
+
*/
|
|
31
|
+
export declare function canImpersonate(opts: IImpersonationCheckOptions): IImpersonationCheckResult;
|
|
32
|
+
//# sourceMappingURL=impersonation.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"impersonation.d.ts","sourceRoot":"","sources":["../../src/impersonation.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAE9C,MAAM,MAAM,yBAAyB,GAAG,gBAAgB,GAAG,sBAAsB,GAAG,aAAa,CAAC;AAElG,MAAM,WAAW,0BAA0B;IACzC,iDAAiD;IACjD,aAAa,EAAE,MAAM,EAAE,CAAC;IAExB,+BAA+B;IAC/B,WAAW,EAAE,MAAM,EAAE,CAAC;IAEtB,iEAAiE;IACjE,cAAc,EAAE,MAAM,EAAE,CAAC;IAEzB,gEAAgE;IAChE,EAAE,EAAE,aAAa,CAAC;CACnB;AAED,MAAM,WAAW,yBAAyB;IACxC,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,yBAAyB,CAAC;IACnC,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,0BAA0B,GAAG,yBAAyB,CAoC1F"}
|