@things-factory/auth-base 4.3.671 → 4.3.672

package/dist-server/service/privilege/index.js

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolvers = exports.entities = void 0;
+const privilege_1 = require("./privilege");
+const privilege_query_1 = require("./privilege-query");
+const privilege_mutation_1 = require("./privilege-mutation");
+exports.entities = [privilege_1.Privilege];
+exports.resolvers = [privilege_query_1.PrivilegeQuery, privilege_mutation_1.PrivilegeMutation];
+//# sourceMappingURL=index.js.map

package/dist-server/service/privilege/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../server/service/privilege/index.ts"],"names":[],"mappings":";;;AAAA,2CAAuC;AACvC,uDAAkD;AAClD,6DAAwD;AAE3C,QAAA,QAAQ,GAAG,CAAC,qBAAS,CAAC,CAAA;AACtB,QAAA,SAAS,GAAG,CAAC,gCAAc,EAAE,sCAAiB,CAAC,CAAA"}

package/dist-server/service/privilege/privilege-directive.js

@@ -0,0 +1,85 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.privilegeDirectiveResolver = exports.privilegeDirectiveTypeDefs = void 0;
+const graphql_1 = require("graphql");
+const graphql_tag_1 = require("graphql-tag");
+const utils_1 = require("@graphql-tools/utils");
+const typeorm_1 = require("typeorm");
+const user_1 = require("../user/user");
+const debug = require('debug')('things-factory:shell:directive-privilege');
+process['PRIVILEGES'] = {};
+const DIRECTIVE = 'privilege';
+exports.privilegeDirectiveTypeDefs = (0, graphql_tag_1.gql) `
+  directive @privilege(
+    category: String
+    privilege: String
+    domainOwnerGranted: Boolean
+    superUserGranted: Boolean
+  ) on FIELD_DEFINITION
+`;
+const privilegeDirectiveResolver = (schema) => (0, utils_1.mapSchema)(schema, {
+    [utils_1.MapperKind.OBJECT_FIELD]: (fieldConfig, fieldName, typeName, schema) => {
+        var _a;
+        const privilegeDirective = (_a = (0, utils_1.getDirective)(schema, fieldConfig, DIRECTIVE)) === null || _a === void 0 ? void 0 : _a[0];
+        if (privilegeDirective) {
+            const { resolve = graphql_1.defaultFieldResolver, args } = fieldConfig;
+            if (!args) {
+                throw new Error(`Unexpected Error. args should be defined in @privilige directive for field ${fieldName}.`);
+            }
+            const { domainOwnerGranted, superUserGranted, category, privilege } = privilegeDirective;
+            if (category && privilege) {
+                process['PRIVILEGES'][`${category} ${privilege}`] = [category, privilege];
+            }
+            fieldConfig.resolve = async function (source, args, context, info) {
+                const { domain, user } = context.state;
+                if (domainOwnerGranted && (await process.domainOwnerGranted(domain, user))) {
+                    return await resolve.call(this, source, args, context, info);
+                }
+                if (superUserGranted && (await process.superUserGranted(domain, user))) {
+                    return await resolve.call(this, source, args, context, info);
+                }
+                if (!category || !privilege)
+                    throw new Error(`Unauthorized!`);
+                const result = await (0, typeorm_1.getRepository)(user_1.User).query(`
+                  SELECT 
+                    COUNT(1) AS has_privilege
+                  FROM
+                    privileges
+                  WHERE
+                    category = '${category}'
+                  AND
+                    name = '${privilege}'
+                  AND
+                    id
+                  IN (
+                    SELECT
+                      RP.privileges_id
+                    FROM
+                      users_roles UR
+                    INNER JOIN
+                      roles_privileges RP
+                    ON
+                      UR.roles_id = RP.roles_id
+                    LEFT JOIN
+                      roles R
+                    ON
+                      R.id = UR.roles_id
+                    WHERE
+                      UR.users_id = '${user === null || user === void 0 ? void 0 : user.id}'
+                    AND
+                      R.domain_id = '${domain === null || domain === void 0 ? void 0 : domain.id}'
+                  )
+                `);
+                if (result[0].has_privilege > 0) {
+                    return await resolve.call(this, source, args, context, info);
+                }
+                else {
+                    throw new Error(`Unauthorized!`);
+                }
+            };
+            return fieldConfig;
+        }
+    }
+});
+exports.privilegeDirectiveResolver = privilegeDirectiveResolver;
+//# sourceMappingURL=privilege-directive.js.map

package/dist-server/service/privilege/privilege-directive.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"privilege-directive.js","sourceRoot":"","sources":["../../../server/service/privilege/privilege-directive.ts"],"names":[],"mappings":";;;AAAA,qCAA6D;AAC7D,6CAAiC;AACjC,gDAA0E;AAC1E,qCAAuC;AACvC,uCAAmC;AAEnC,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,0CAA0C,CAAC,CAAA;AAE1E,OAAO,CAAC,YAAY,CAAC,GAAG,EAAE,CAAA;AAE1B,MAAM,SAAS,GAAG,WAAW,CAAA;AAEhB,QAAA,0BAA0B,GAAG,IAAA,iBAAG,EAAA;;;;;;;CAO5C,CAAA;AACM,MAAM,0BAA0B,GAAG,CAAC,MAAqB,EAAE,EAAE,CAClE,IAAA,iBAAS,EAAC,MAAM,EAAE;IAChB,CAAC,kBAAU,CAAC,YAAY,CAAC,EAAE,CAAC,WAAW,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE;;QACtE,MAAM,kBAAkB,GAAG,MAAA,IAAA,oBAAY,EAAC,MAAM,EAAE,WAAW,EAAE,SAAS,CAAC,0CAAG,CAAC,CAAC,CAAA;QAC5E,IAAI,kBAAkB,EAAE;YACtB,MAAM,EAAE,OAAO,GAAG,8BAAoB,EAAE,IAAI,EAAE,GAAG,WAAW,CAAA;YAE5D,IAAI,CAAC,IAAI,EAAE;gBACT,MAAM,IAAI,KAAK,CAAC,8EAA8E,SAAS,GAAG,CAAC,CAAA;aAC5G;YAED,MAAM,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,kBAAkB,CAAA;YACxF,IAAI,QAAQ,IAAI,SAAS,EAAE;gBACzB,OAAO,CAAC,YAAY,CAAC,CAAC,GAAG,QAAQ,IAAI,SAAS,EAAE,CAAC,GAAG,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAA;aAC1E;YAED,WAAW,CAAC,OAAO,GAAG,KAAK,WAAW,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI;gBAC/D,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;gBAEtC,IAAI,kBAAkB,IAAI,CAAC,MAAM,OAAO,CAAC,kBAAkB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,EAAE;oBAC1E,OAAO,MAAM,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,CAAA;iBAC7D;gBAED,IAAI,gBAAgB,IAAI,CAAC,MAAM,OAAO,CAAC,gBAAgB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,EAAE;oBACtE,OAAO,MAAM,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,CAAA;iBAC7D;gBAED,IAAI,CAAC,QAAQ,IAAI,CAAC,SAAS;oBAAE,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAA;gBAE7D,MAAM,MAAM,GAAG,MAAM,IAAA,uBAAa,EAAC,WAAI,CAAC,CAAC,KAAK,CAC5C;;;;;;kCAMsB,QAAQ;;8BAEZ,SAAS;;;;;;;;;;;;;;;;;uCAiBA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,EAAE;;uCAER,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,EAAE;;iBAEhC,CACN,CAAA;gBAED,IAAI,MAAM,CAAC,CAAC,CAAC,CAAC,aAAa,GAAG,CAAC,EAAE;oBAC/B,OAAO,MAAM,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,CAAA;iBAC7D;qBAAM;oBACL,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAA;iBACjC;YACH,CAAC,CAAA;YAED,OAAO,WAAW,CAAA;SACnB;IACH,CAAC;CACF,CAAC,CAAA;AAxES,QAAA,0BAA0B,8BAwEnC"}

package/dist-server/service/privilege/privilege-mutation.js

@@ -0,0 +1,80 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PrivilegeMutation = void 0;
+const type_graphql_1 = require("type-graphql");
+const typeorm_1 = require("typeorm");
+const role_1 = require("../role/role");
+const privilege_1 = require("./privilege");
+const privilege_types_1 = require("./privilege-types");
+let PrivilegeMutation = class PrivilegeMutation {
+    async createPrivilege(privilege, context) {
+        if (privilege.roles && privilege.roles.length) {
+            privilege.roles = await (0, typeorm_1.getRepository)(role_1.Role).findByIds(privilege.roles);
+        }
+        return await (0, typeorm_1.getRepository)(privilege_1.Privilege).save(Object.assign({ creator: context.state.user, updater: context.state.user }, privilege));
+    }
+    async updatePrivilege(name, category, patch, context) {
+        const repository = (0, typeorm_1.getRepository)(privilege_1.Privilege);
+        const privilege = await repository.findOne({
+            where: { name, category },
+            relations: ['roles', 'creator', 'updater']
+        });
+        const roleIds = privilege.roles.map(role => role.id);
+        if (patch.roles && patch.roles.length) {
+            patch.roles.forEach((roleId) => {
+                if (!roleIds.includes(roleId)) {
+                    roleIds.push(roleId);
+                }
+            });
+        }
+        return await repository.save(Object.assign(Object.assign(Object.assign({}, privilege), patch), { roles: await (0, typeorm_1.getRepository)(role_1.Role).findByIds(roleIds), updater: context.state.user }));
+    }
+    async deletePrivilege(name, category, context) {
+        await (0, typeorm_1.getRepository)(privilege_1.Privilege).delete({ name, category });
+        return true;
+    }
+};
+__decorate([
+    (0, type_graphql_1.Mutation)(returns => privilege_1.Privilege, { description: 'To create new privilege' }),
+    __param(0, (0, type_graphql_1.Arg)('privilege')),
+    __param(1, (0, type_graphql_1.Ctx)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [privilege_types_1.NewPrivilege, Object]),
+    __metadata("design:returntype", Promise)
+], PrivilegeMutation.prototype, "createPrivilege", null);
+__decorate([
+    (0, type_graphql_1.Mutation)(returns => privilege_1.Privilege, { description: 'To modify privilege information' }),
+    __param(0, (0, type_graphql_1.Arg)('name')),
+    __param(1, (0, type_graphql_1.Arg)('category')),
+    __param(2, (0, type_graphql_1.Arg)('patch')),
+    __param(3, (0, type_graphql_1.Ctx)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String, String, privilege_types_1.PrivilegePatch, Object]),
+    __metadata("design:returntype", Promise)
+], PrivilegeMutation.prototype, "updatePrivilege", null);
+__decorate([
+    (0, type_graphql_1.Mutation)(returns => Boolean, { description: 'To delete privilege' }),
+    __param(0, (0, type_graphql_1.Arg)('name')),
+    __param(1, (0, type_graphql_1.Arg)('category')),
+    __param(2, (0, type_graphql_1.Ctx)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String, String, Object]),
+    __metadata("design:returntype", Promise)
+], PrivilegeMutation.prototype, "deletePrivilege", null);
+PrivilegeMutation = __decorate([
+    (0, type_graphql_1.Resolver)(privilege_1.Privilege)
+], PrivilegeMutation);
+exports.PrivilegeMutation = PrivilegeMutation;
+//# sourceMappingURL=privilege-mutation.js.map

package/dist-server/service/privilege/privilege-mutation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"privilege-mutation.js","sourceRoot":"","sources":["../../../server/service/privilege/privilege-mutation.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,+CAA2D;AAC3D,qCAAuC;AACvC,uCAAmC;AACnC,2CAAuC;AACvC,uDAAgE;AAGzD,IAAM,iBAAiB,GAAvB,MAAM,iBAAiB;IAEtB,AAAN,KAAK,CAAC,eAAe,CAAmB,SAAuB,EAAS,OAAY;QAClF,IAAI,SAAS,CAAC,KAAK,IAAI,SAAS,CAAC,KAAK,CAAC,MAAM,EAAE;YAC7C,SAAS,CAAC,KAAK,GAAG,MAAM,IAAA,uBAAa,EAAC,WAAI,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;SACvE;QAED,OAAO,MAAM,IAAA,uBAAa,EAAC,qBAAS,CAAC,CAAC,IAAI,iBACxC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,IAAI,EAC3B,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,IAAI,IACxB,SAAS,EACZ,CAAA;IACJ,CAAC;IAGK,AAAN,KAAK,CAAC,eAAe,CACN,IAAY,EACR,QAAgB,EACnB,KAAqB,EAC5B,OAAY;QAEnB,MAAM,UAAU,GAAG,IAAA,uBAAa,EAAC,qBAAS,CAAC,CAAA;QAC3C,MAAM,SAAS,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC;YACzC,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;YACzB,SAAS,EAAE,CAAC,OAAO,EAAE,SAAS,EAAE,SAAS,CAAC;SAC3C,CAAC,CAAA;QAEF,MAAM,OAAO,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACpD,IAAI,KAAK,CAAC,KAAK,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,EAAE;YACrC,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,MAAc,EAAE,EAAE;gBACrC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE;oBAC7B,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;iBACrB;YACH,CAAC,CAAC,CAAA;SACH;QAED,OAAO,MAAM,UAAU,CAAC,IAAI,+CACvB,SAAS,GACT,KAAK,KACR,KAAK,EAAE,MAAM,IAAA,uBAAa,EAAC,WAAI,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,EACnD,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,IAAI,IAC3B,CAAA;IACJ,CAAC;IAGK,AAAN,KAAK,CAAC,eAAe,CACN,IAAY,EACR,QAAgB,EAC1B,OAAY;QAEnB,MAAM,IAAA,uBAAa,EAAC,qBAAS,CAAC,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAA;QACzD,OAAO,IAAI,CAAA;IACb,CAAC;CACF,CAAA;AAnDO;IADL,IAAA,uBAAQ,EAAC,OAAO,CAAC,EAAE,CAAC,qBAAS,EAAE,EAAE,WAAW,EAAE,yBAAyB,EAAE,CAAC;IACpD,WAAA,IAAA,kBAAG,EAAC,WAAW,CAAC,CAAA;IAA2B,WAAA,IAAA,kBAAG,GAAE,CAAA;;qCAApB,8BAAY;;wDAU9D;AAGK;IADL,IAAA,uBAAQ,EAAC,OAAO,CAAC,EAAE,CAAC,qBAAS,EAAE,EAAE,WAAW,EAAE,iCAAiC,EAAE,CAAC;IAEhF,WAAA,IAAA,kBAAG,EAAC,MAAM,CAAC,CAAA;IACX,WAAA,IAAA,kBAAG,EAAC,UAAU,CAAC,CAAA;IACf,WAAA,IAAA,kBAAG,EAAC,OAAO,CAAC,CAAA;IACZ,WAAA,IAAA,kBAAG,GAAE,CAAA;;qDADe,gCAAc;;wDAwBpC;AAGK;IADL,IAAA,uBAAQ,EAAC,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,qBAAqB,EAAE,CAAC;IAElE,WAAA,IAAA,kBAAG,EAAC,MAAM,CAAC,CAAA;IACX,WAAA,IAAA,kBAAG,EAAC,UAAU,CAAC,CAAA;IACf,WAAA,IAAA,kBAAG,GAAE,CAAA;;;;wDAIP;AApDU,iBAAiB;IAD7B,IAAA,uBAAQ,EAAC,qBAAS,CAAC;GACP,iBAAiB,CAqD7B;AArDY,8CAAiB"}

package/dist-server/service/privilege/privilege-query.js

@@ -0,0 +1,109 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+var _a;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PrivilegeQuery = void 0;
+const type_graphql_1 = require("type-graphql");
+const typeorm_1 = require("typeorm");
+const shell_1 = require("@things-factory/shell");
+const user_1 = require("../user/user");
+const role_1 = require("../role/role");
+const privilege_1 = require("./privilege");
+const privilege_types_1 = require("./privilege-types");
+let PrivilegeQuery = class PrivilegeQuery {
+    async privilege(name, category) {
+        return await (0, typeorm_1.getRepository)(privilege_1.Privilege).findOne({
+            where: { name, category }
+        });
+    }
+    async privileges(params, context) {
+        const queryBuilder = (0, typeorm_1.getRepository)(privilege_1.Privilege).createQueryBuilder();
+        (0, shell_1.buildQuery)(queryBuilder, params, context, false);
+        const [items, total] = await queryBuilder.getManyAndCount();
+        return { items, total };
+    }
+    async description(privilege, context) {
+        const { t } = context;
+        const { name, category } = privilege;
+        const keyname = `privilege.name.${name}`;
+        const keycategory = `privilege.category.${category}`;
+        const tname = t(keyname);
+        const tcategory = t(keycategory);
+        return t('privilege.description', {
+            name: tname === keyname ? name : tname,
+            category: tcategory === keycategory ? category : tcategory
+        });
+    }
+    async roles(privilege) {
+        return (await (0, typeorm_1.getRepository)(privilege_1.Privilege).findOne(privilege.id, {
+            relations: ['roles']
+        })).roles;
+    }
+    async updater(privilege) {
+        return await (0, typeorm_1.getRepository)(user_1.User).findOne(privilege.updaterId);
+    }
+    async creator(privilege) {
+        return await (0, typeorm_1.getRepository)(user_1.User).findOne(privilege.creatorId);
+    }
+};
+__decorate([
+    (0, type_graphql_1.Query)(returns => privilege_1.Privilege, { description: 'To fetch privilege' }),
+    __param(0, (0, type_graphql_1.Arg)('name')),
+    __param(1, (0, type_graphql_1.Arg)('category')),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String, String]),
+    __metadata("design:returntype", Promise)
+], PrivilegeQuery.prototype, "privilege", null);
+__decorate([
+    (0, type_graphql_1.Query)(returns => privilege_types_1.PrivilegeList, { description: 'To fetch multiple privileges' }),
+    __param(0, (0, type_graphql_1.Args)()),
+    __param(1, (0, type_graphql_1.Ctx)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [typeof (_a = typeof shell_1.ListParam !== "undefined" && shell_1.ListParam) === "function" ? _a : Object, Object]),
+    __metadata("design:returntype", Promise)
+], PrivilegeQuery.prototype, "privileges", null);
+__decorate([
+    (0, type_graphql_1.FieldResolver)(type => String),
+    __param(0, (0, type_graphql_1.Root)()),
+    __param(1, (0, type_graphql_1.Ctx)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [privilege_1.Privilege, Object]),
+    __metadata("design:returntype", Promise)
+], PrivilegeQuery.prototype, "description", null);
+__decorate([
+    (0, type_graphql_1.FieldResolver)(type => [role_1.Role]),
+    __param(0, (0, type_graphql_1.Root)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [privilege_1.Privilege]),
+    __metadata("design:returntype", Promise)
+], PrivilegeQuery.prototype, "roles", null);
+__decorate([
+    (0, type_graphql_1.FieldResolver)(type => user_1.User),
+    __param(0, (0, type_graphql_1.Root)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [privilege_1.Privilege]),
+    __metadata("design:returntype", Promise)
+], PrivilegeQuery.prototype, "updater", null);
+__decorate([
+    (0, type_graphql_1.FieldResolver)(type => user_1.User),
+    __param(0, (0, type_graphql_1.Root)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [privilege_1.Privilege]),
+    __metadata("design:returntype", Promise)
+], PrivilegeQuery.prototype, "creator", null);
+PrivilegeQuery = __decorate([
+    (0, type_graphql_1.Resolver)(privilege_1.Privilege)
+], PrivilegeQuery);
+exports.PrivilegeQuery = PrivilegeQuery;
+//# sourceMappingURL=privilege-query.js.map

package/dist-server/service/privilege/privilege-query.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"privilege-query.js","sourceRoot":"","sources":["../../../server/service/privilege/privilege-query.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,+CAAmF;AACnF,qCAAuC;AACvC,iDAA6D;AAC7D,uCAAmC;AACnC,uCAAmC;AACnC,2CAAuC;AACvC,uDAAiD;AAG1C,IAAM,cAAc,GAApB,MAAM,cAAc;IAEnB,AAAN,KAAK,CAAC,SAAS,CAAc,IAAY,EAAmB,QAAgB;QAC1E,OAAO,MAAM,IAAA,uBAAa,EAAC,qBAAS,CAAC,CAAC,OAAO,CAAC;YAC5C,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;SAC1B,CAAC,CAAA;IACJ,CAAC;IAGK,AAAN,KAAK,CAAC,UAAU,CAAS,MAAiB,EAAS,OAAY;QAC7D,MAAM,YAAY,GAAG,IAAA,uBAAa,EAAC,qBAAS,CAAC,CAAC,kBAAkB,EAAE,CAAA;QAClE,IAAA,kBAAU,EAAC,YAAY,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,CAAA;QAEhD,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,MAAM,YAAY,CAAC,eAAe,EAAE,CAAA;QAE3D,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAA;IACzB,CAAC;IAGK,AAAN,KAAK,CAAC,WAAW,CAAS,SAAoB,EAAS,OAAY;QACjE,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;QACrB,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,SAAS,CAAA;QAEpC,MAAM,OAAO,GAAG,kBAAkB,IAAI,EAAE,CAAA;QACxC,MAAM,WAAW,GAAG,sBAAsB,QAAQ,EAAE,CAAA;QACpD,MAAM,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,CAAA;QACxB,MAAM,SAAS,GAAG,CAAC,CAAC,WAAW,CAAC,CAAA;QAEhC,OAAO,CAAC,CAAC,uBAAuB,EAAE;YAChC,IAAI,EAAE,KAAK,KAAK,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK;YACtC,QAAQ,EAAE,SAAS,KAAK,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;SAC3D,CAAC,CAAA;IACJ,CAAC;IAGK,AAAN,KAAK,CAAC,KAAK,CAAS,SAAoB;QACtC,OAAO,CACL,MAAM,IAAA,uBAAa,EAAC,qBAAS,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,EAAE;YACnD,SAAS,EAAE,CAAC,OAAO,CAAC;SACrB,CAAC,CACH,CAAC,KAAK,CAAA;IACT,CAAC;IAGK,AAAN,KAAK,CAAC,OAAO,CAAS,SAAoB;QACxC,OAAO,MAAM,IAAA,uBAAa,EAAC,WAAI,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,SAAS,CAAC,CAAA;IAC/D,CAAC;IAGK,AAAN,KAAK,CAAC,OAAO,CAAS,SAAoB;QACxC,OAAO,MAAM,IAAA,uBAAa,EAAC,WAAI,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,SAAS,CAAC,CAAA;IAC/D,CAAC;CACF,CAAA;AAlDO;IADL,IAAA,oBAAK,EAAC,OAAO,CAAC,EAAE,CAAC,qBAAS,EAAE,EAAE,WAAW,EAAE,oBAAoB,EAAE,CAAC;IAClD,WAAA,IAAA,kBAAG,EAAC,MAAM,CAAC,CAAA;IAAgB,WAAA,IAAA,kBAAG,EAAC,UAAU,CAAC,CAAA;;;;+CAI1D;AAGK;IADL,IAAA,oBAAK,EAAC,OAAO,CAAC,EAAE,CAAC,+BAAa,EAAE,EAAE,WAAW,EAAE,8BAA8B,EAAE,CAAC;IAC/D,WAAA,IAAA,mBAAI,GAAE,CAAA;IAAqB,WAAA,IAAA,kBAAG,GAAE,CAAA;;yDAAjB,iBAAS,oBAAT,iBAAS;;gDAOzC;AAGK;IADL,IAAA,4BAAa,EAAC,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC;IACX,WAAA,IAAA,mBAAI,GAAE,CAAA;IAAwB,WAAA,IAAA,kBAAG,GAAE,CAAA;;qCAAjB,qBAAS;;iDAa7C;AAGK;IADL,IAAA,4BAAa,EAAC,IAAI,CAAC,EAAE,CAAC,CAAC,WAAI,CAAC,CAAC;IACjB,WAAA,IAAA,mBAAI,GAAE,CAAA;;qCAAY,qBAAS;;2CAMvC;AAGK;IADL,IAAA,4BAAa,EAAC,IAAI,CAAC,EAAE,CAAC,WAAI,CAAC;IACb,WAAA,IAAA,mBAAI,GAAE,CAAA;;qCAAY,qBAAS;;6CAEzC;AAGK;IADL,IAAA,4BAAa,EAAC,IAAI,CAAC,EAAE,CAAC,WAAI,CAAC;IACb,WAAA,IAAA,mBAAI,GAAE,CAAA;;qCAAY,qBAAS;;6CAEzC;AAnDU,cAAc;IAD1B,IAAA,uBAAQ,EAAC,qBAAS,CAAC;GACP,cAAc,CAoD1B;AApDY,wCAAc"}

package/dist-server/service/privilege/privilege-types.js

@@ -0,0 +1,100 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UserPrivilege = exports.PrivilegeList = exports.PrivilegePatch = exports.NewPrivilege = void 0;
+const type_graphql_1 = require("type-graphql");
+const shell_1 = require("@things-factory/shell");
+const privilege_1 = require("./privilege");
+let NewPrivilege = class NewPrivilege {
+};
+__decorate([
+    (0, type_graphql_1.Field)(),
+    __metadata("design:type", String)
+], NewPrivilege.prototype, "name", void 0);
+__decorate([
+    (0, type_graphql_1.Field)(),
+    __metadata("design:type", String)
+], NewPrivilege.prototype, "category", void 0);
+__decorate([
+    (0, type_graphql_1.Field)({ nullable: true }),
+    __metadata("design:type", String)
+], NewPrivilege.prototype, "description", void 0);
+__decorate([
+    (0, type_graphql_1.Field)(type => [shell_1.ObjectRef], { nullable: true }),
+    __metadata("design:type", Array)
+], NewPrivilege.prototype, "roles", void 0);
+NewPrivilege = __decorate([
+    (0, type_graphql_1.InputType)()
+], NewPrivilege);
+exports.NewPrivilege = NewPrivilege;
+let PrivilegePatch = class PrivilegePatch {
+};
+__decorate([
+    (0, type_graphql_1.Field)({ nullable: true }),
+    __metadata("design:type", String)
+], PrivilegePatch.prototype, "id", void 0);
+__decorate([
+    (0, type_graphql_1.Field)({ nullable: true }),
+    __metadata("design:type", String)
+], PrivilegePatch.prototype, "name", void 0);
+__decorate([
+    (0, type_graphql_1.Field)({ nullable: true }),
+    __metadata("design:type", String)
+], PrivilegePatch.prototype, "category", void 0);
+__decorate([
+    (0, type_graphql_1.Field)({ nullable: true }),
+    __metadata("design:type", String)
+], PrivilegePatch.prototype, "description", void 0);
+__decorate([
+    (0, type_graphql_1.Field)(type => [shell_1.ObjectRef], { nullable: true }),
+    __metadata("design:type", Array)
+], PrivilegePatch.prototype, "roles", void 0);
+PrivilegePatch = __decorate([
+    (0, type_graphql_1.InputType)()
+], PrivilegePatch);
+exports.PrivilegePatch = PrivilegePatch;
+let PrivilegeList = class PrivilegeList {
+};
+__decorate([
+    (0, type_graphql_1.Field)(type => [privilege_1.Privilege], { nullable: true }),
+    __metadata("design:type", Array)
+], PrivilegeList.prototype, "items", void 0);
+__decorate([
+    (0, type_graphql_1.Field)(type => type_graphql_1.Int, { nullable: true }),
+    __metadata("design:type", Number)
+], PrivilegeList.prototype, "total", void 0);
+PrivilegeList = __decorate([
+    (0, type_graphql_1.ObjectType)()
+], PrivilegeList);
+exports.PrivilegeList = PrivilegeList;
+let UserPrivilege = class UserPrivilege {
+};
+__decorate([
+    (0, type_graphql_1.Field)({ nullable: true }),
+    __metadata("design:type", String)
+], UserPrivilege.prototype, "id", void 0);
+__decorate([
+    (0, type_graphql_1.Field)({ nullable: true }),
+    __metadata("design:type", String)
+], UserPrivilege.prototype, "name", void 0);
+__decorate([
+    (0, type_graphql_1.Field)({ nullable: true }),
+    __metadata("design:type", String)
+], UserPrivilege.prototype, "description", void 0);
+__decorate([
+    (0, type_graphql_1.Field)({ nullable: true }),
+    __metadata("design:type", Boolean)
+], UserPrivilege.prototype, "assigned", void 0);
+UserPrivilege = __decorate([
+    (0, type_graphql_1.ObjectType)()
+], UserPrivilege);
+exports.UserPrivilege = UserPrivilege;
+//# sourceMappingURL=privilege-types.js.map

package/dist-server/service/privilege/privilege-types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"privilege-types.js","sourceRoot":"","sources":["../../../server/service/privilege/privilege-types.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,+CAAgE;AAChE,iDAAiD;AACjD,2CAAuC;AAGhC,IAAM,YAAY,GAAlB,MAAM,YAAY;CAYxB,CAAA;AAXC;IAAC,IAAA,oBAAK,GAAE;;0CACI;AAEZ;IAAC,IAAA,oBAAK,GAAE;;8CACQ;AAEhB;IAAC,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;iDACN;AAEpB;IAAC,IAAA,oBAAK,EAAC,IAAI,CAAC,EAAE,CAAC,CAAC,iBAAS,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;2CAC7B;AAXP,YAAY;IADxB,IAAA,wBAAS,GAAE;GACC,YAAY,CAYxB;AAZY,oCAAY;AAelB,IAAM,cAAc,GAApB,MAAM,cAAc;CAe1B,CAAA;AAdC;IAAC,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;0CACf;AAEX;IAAC,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;4CACb;AAEb;IAAC,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;gDACT;AAEjB;IAAC,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;mDACN;AAEpB;IAAC,IAAA,oBAAK,EAAC,IAAI,CAAC,EAAE,CAAC,CAAC,iBAAS,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;6CAC5B;AAdR,cAAc;IAD1B,IAAA,wBAAS,GAAE;GACC,cAAc,CAe1B;AAfY,wCAAc;AAkBpB,IAAM,aAAa,GAAnB,MAAM,aAAa;CAMzB,CAAA;AALC;IAAC,IAAA,oBAAK,EAAC,IAAI,CAAC,EAAE,CAAC,CAAC,qBAAS,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;4CAC7B;AAElB;IAAC,IAAA,oBAAK,EAAC,IAAI,CAAC,EAAE,CAAC,kBAAG,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;4CAC1B;AALF,aAAa;IADzB,IAAA,yBAAU,GAAE;GACA,aAAa,CAMzB;AANY,sCAAa;AASnB,IAAM,aAAa,GAAnB,MAAM,aAAa;CAYzB,CAAA;AAXC;IAAC,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;8BACtB,MAAM;yCAAA;AAEV;IAAC,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;8BACpB,MAAM;2CAAA;AAEZ;IAAC,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;8BACb,MAAM;kDAAA;AAEnB;IAAC,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;8BAChB,OAAO;+CAAA;AAXN,aAAa;IADzB,IAAA,yBAAU,GAAE;GACA,aAAa,CAYzB;AAZY,sCAAa"}

package/dist-server/service/privilege/privilege.js

@@ -0,0 +1,92 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Privilege = void 0;
+const typeorm_1 = require("typeorm");
+const type_graphql_1 = require("type-graphql");
+const role_1 = require("../role/role");
+const user_1 = require("../user/user");
+let Privilege = class Privilege {
+};
+__decorate([
+    (0, typeorm_1.PrimaryGeneratedColumn)('uuid'),
+    (0, type_graphql_1.Field)(type => type_graphql_1.ID),
+    __metadata("design:type", String)
+], Privilege.prototype, "id", void 0);
+__decorate([
+    (0, typeorm_1.Column)(),
+    (0, type_graphql_1.Field)(),
+    __metadata("design:type", String)
+], Privilege.prototype, "name", void 0);
+__decorate([
+    (0, typeorm_1.Column)(),
+    (0, type_graphql_1.Field)({ nullable: true }),
+    __metadata("design:type", String)
+], Privilege.prototype, "category", void 0);
+__decorate([
+    (0, typeorm_1.Column)({
+        nullable: true
+    }),
+    (0, type_graphql_1.Field)({ nullable: true }),
+    __metadata("design:type", String)
+], Privilege.prototype, "description", void 0);
+__decorate([
+    (0, typeorm_1.ManyToMany)(type => role_1.Role, role => role.privileges),
+    (0, typeorm_1.JoinTable)({
+        /* case M2M, JoinTable setting should be defined only one side (never set both side) */
+        name: 'roles_privileges',
+        joinColumns: [{ name: 'privileges_id', referencedColumnName: 'id' }],
+        inverseJoinColumns: [{ name: 'roles_id', referencedColumnName: 'id' }]
+    }),
+    (0, type_graphql_1.Field)(type => [role_1.Role], { nullable: true }),
+    __metadata("design:type", Array)
+], Privilege.prototype, "roles", void 0);
+__decorate([
+    (0, typeorm_1.ManyToOne)(type => user_1.User, {
+        nullable: true
+    }),
+    (0, type_graphql_1.Field)(type => user_1.User, { nullable: true }),
+    __metadata("design:type", user_1.User)
+], Privilege.prototype, "creator", void 0);
+__decorate([
+    (0, typeorm_1.RelationId)((privilege) => privilege.creator),
+    __metadata("design:type", String)
+], Privilege.prototype, "creatorId", void 0);
+__decorate([
+    (0, typeorm_1.ManyToOne)(type => user_1.User, {
+        nullable: true
+    }),
+    (0, type_graphql_1.Field)(type => user_1.User, { nullable: true }),
+    __metadata("design:type", user_1.User)
+], Privilege.prototype, "updater", void 0);
+__decorate([
+    (0, typeorm_1.RelationId)((privilege) => privilege.updater),
+    __metadata("design:type", String)
+], Privilege.prototype, "updaterId", void 0);
+__decorate([
+    (0, typeorm_1.CreateDateColumn)(),
+    (0, type_graphql_1.Field)({ nullable: true }),
+    __metadata("design:type", Date)
+], Privilege.prototype, "createdAt", void 0);
+__decorate([
+    (0, typeorm_1.UpdateDateColumn)(),
+    (0, type_graphql_1.Field)({ nullable: true }),
+    __metadata("design:type", Date)
+], Privilege.prototype, "updatedAt", void 0);
+Privilege = __decorate([
+    (0, typeorm_1.Entity)(),
+    (0, typeorm_1.Index)('ix_privilege_0', (privilege) => [privilege.name, privilege.category], {
+        unique: false
+    }),
+    (0, type_graphql_1.ObjectType)()
+], Privilege);
+exports.Privilege = Privilege;
+//# sourceMappingURL=privilege.js.map

package/dist-server/service/privilege/privilege.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"privilege.js","sourceRoot":"","sources":["../../../server/service/privilege/privilege.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qCAWgB;AAChB,+CAAoD;AACpD,uCAAmC;AACnC,uCAAmC;AAO5B,IAAM,SAAS,GAAf,MAAM,SAAS;CAsDrB,CAAA;AArDC;IAAC,IAAA,gCAAsB,EAAC,MAAM,CAAC;IAC9B,IAAA,oBAAK,EAAC,IAAI,CAAC,EAAE,CAAC,iBAAE,CAAC;;qCACR;AAEV;IAAC,IAAA,gBAAM,GAAE;IACR,IAAA,oBAAK,GAAE;;uCACI;AAEZ;IAAC,IAAA,gBAAM,GAAE;IACR,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;2CACV;AAEhB;IAAC,IAAA,gBAAM,EAAC;QACN,QAAQ,EAAE,IAAI;KACf,CAAC;IACD,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;8CACP;AAEnB;IAAC,IAAA,oBAAU,EAAC,IAAI,CAAC,EAAE,CAAC,WAAI,EAAE,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC;IACjD,IAAA,mBAAS,EAAC;QACT,uFAAuF;QACvF,IAAI,EAAE,kBAAkB;QACxB,WAAW,EAAE,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,oBAAoB,EAAE,IAAI,EAAE,CAAC;QACpE,kBAAkB,EAAE,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,oBAAoB,EAAE,IAAI,EAAE,CAAC;KACvE,CAAC;IACD,IAAA,oBAAK,EAAC,IAAI,CAAC,EAAE,CAAC,CAAC,WAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;wCAC7B;AAEb;IAAC,IAAA,mBAAS,EAAC,IAAI,CAAC,EAAE,CAAC,WAAI,EAAE;QACvB,QAAQ,EAAE,IAAI;KACf,CAAC;IACD,IAAA,oBAAK,EAAC,IAAI,CAAC,EAAE,CAAC,WAAI,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;8BAC/B,WAAI;0CAAA;AAEb;IAAC,IAAA,oBAAU,EAAC,CAAC,SAAoB,EAAE,EAAE,CAAC,SAAS,CAAC,OAAO,CAAC;;4CACvC;AAEjB;IAAC,IAAA,mBAAS,EAAC,IAAI,CAAC,EAAE,CAAC,WAAI,EAAE;QACvB,QAAQ,EAAE,IAAI;KACf,CAAC;IACD,IAAA,oBAAK,EAAC,IAAI,CAAC,EAAE,CAAC,WAAI,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;8BAC/B,WAAI;0CAAA;AAEb;IAAC,IAAA,oBAAU,EAAC,CAAC,SAAoB,EAAE,EAAE,CAAC,SAAS,CAAC,OAAO,CAAC;;4CACvC;AAEjB;IAAC,IAAA,0BAAgB,GAAE;IAClB,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;8BACf,IAAI;4CAAA;AAEf;IAAC,IAAA,0BAAgB,GAAE;IAClB,IAAA,oBAAK,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;8BACf,IAAI;4CAAA;AArDJ,SAAS;IALrB,IAAA,gBAAM,GAAE;IACR,IAAA,eAAK,EAAC,gBAAgB,EAAE,CAAC,SAAoB,EAAE,EAAE,CAAC,CAAC,SAAS,CAAC,IAAI,EAAE,SAAS,CAAC,QAAQ,CAAC,EAAE;QACvF,MAAM,EAAE,KAAK;KACd,CAAC;IACD,IAAA,yBAAU,GAAE;GACA,SAAS,CAsDrB;AAtDY,8BAAS"}

package/dist-server/service/role/index.js

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolvers = exports.entities = void 0;
+const role_1 = require("./role");
+const role_query_1 = require("./role-query");
+const role_mutation_1 = require("./role-mutation");
+exports.entities = [role_1.Role];
+exports.resolvers = [role_query_1.RoleQuery, role_mutation_1.RoleMutation];
+//# sourceMappingURL=index.js.map

package/dist-server/service/role/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../server/service/role/index.ts"],"names":[],"mappings":";;;AAAA,iCAA6B;AAC7B,6CAAwC;AACxC,mDAA8C;AAEjC,QAAA,QAAQ,GAAG,CAAC,WAAI,CAAC,CAAA;AACjB,QAAA,SAAS,GAAG,CAAC,sBAAS,EAAE,4BAAY,CAAC,CAAA"}

package/dist-server/service/role/role-mutation.js

@@ -0,0 +1,121 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RoleMutation = void 0;
+const type_graphql_1 = require("type-graphql");
+const typeorm_1 = require("typeorm");
+const user_1 = require("../user/user");
+const privilege_1 = require("../privilege/privilege");
+const role_1 = require("./role");
+const role_types_1 = require("./role-types");
+let RoleMutation = class RoleMutation {
+    async createRole(role, context) {
+        const { domain, user } = context.state;
+        const roleName = role.name.trim();
+        const existsRole = await (0, typeorm_1.getRepository)(role_1.Role).findOne({ where: { name: roleName, domain } });
+        if (existsRole) {
+            throw new Error('role name is duplicated');
+        }
+        if (role.privileges && role.privileges.length) {
+            role.privileges = await (0, typeorm_1.getRepository)(privilege_1.Privilege).findByIds(role.privileges.map(privilege => privilege.id));
+        }
+        if (role.users && role.users.length) {
+            role.users = await (0, typeorm_1.getRepository)(user_1.User).findByIds(role.users.map(user => user.id));
+        }
+        return await (0, typeorm_1.getRepository)(role_1.Role).save(Object.assign({ domain, updater: user, creator: user }, role));
+    }
+    async updateRole(id, patch, context) {
+        const { domain, user } = context.state;
+        const { name, description, privileges } = patch;
+        const roleRepository = (0, typeorm_1.getRepository)(role_1.Role);
+        const role = await roleRepository.findOne({
+            where: { domain, id },
+            relations: ['privileges', 'creator', 'updater']
+        });
+        if (name && role.name !== name) {
+            const roleName = name.trim();
+            const existsRole = await roleRepository.findOne({ where: { name: roleName, domain } });
+            if (existsRole) {
+                throw new Error('role name is duplicated');
+            }
+            role.name = roleName;
+        }
+        if (description) {
+            role.description = description;
+        }
+        return await roleRepository.save(Object.assign(Object.assign(Object.assign({}, role), patch), { privileges: await (0, typeorm_1.getRepository)(privilege_1.Privilege).findByIds(patch.privileges.map((privilege) => privilege.id)), updater: user }));
+    }
+    async deleteRole(id, context) {
+        const { tx, domain } = context.state;
+        let role = await tx.getRepository(role_1.Role).findOne({ where: { domain, id }, relations: ['users', 'privileges'] });
+        try {
+            if (role.users.length)
+                throw new Error('cannot delete role because it is currently in use');
+            role.privileges = [];
+            role = await tx.getRepository(role_1.Role).save(role);
+            await tx.getRepository(role_1.Role).delete(role.id);
+            return true;
+        }
+        catch (e) {
+            context.throw(401, 'cannot delete role because it is currently in use');
+        }
+    }
+    async deleteRoles(ids, _context) {
+        await (0, typeorm_1.getRepository)(role_1.Role).delete(ids);
+        return true;
+    }
+};
+__decorate([
+    (0, type_graphql_1.Directive)('@privilege(category: "user", privilege: "mutation", domainOwnerGranted: true)'),
+    (0, type_graphql_1.Mutation)(returns => user_1.User, { description: 'To create new user' }),
+    __param(0, (0, type_graphql_1.Arg)('role')),
+    __param(1, (0, type_graphql_1.Ctx)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [role_types_1.NewRole, Object]),
+    __metadata("design:returntype", Promise)
+], RoleMutation.prototype, "createRole", null);
+__decorate([
+    (0, type_graphql_1.Directive)('@privilege(category: "user", privilege: "mutation", domainOwnerGranted: true)'),
+    (0, type_graphql_1.Mutation)(returns => role_1.Role, { description: 'To modify role information' }),
+    __param(0, (0, type_graphql_1.Arg)('id')),
+    __param(1, (0, type_graphql_1.Arg)('patch')),
+    __param(2, (0, type_graphql_1.Ctx)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String, role_types_1.RolePatch, Object]),
+    __metadata("design:returntype", Promise)
+], RoleMutation.prototype, "updateRole", null);
+__decorate([
+    (0, type_graphql_1.Directive)('@privilege(category: "user", privilege: "mutation")'),
+    (0, type_graphql_1.Directive)('@transaction'),
+    (0, type_graphql_1.Mutation)(returns => Boolean, { description: 'To delete role' }),
+    __param(0, (0, type_graphql_1.Arg)('id')),
+    __param(1, (0, type_graphql_1.Ctx)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String, Object]),
+    __metadata("design:returntype", Promise)
+], RoleMutation.prototype, "deleteRole", null);
+__decorate([
+    (0, type_graphql_1.Directive)('@privilege(category: "user", privilege: "mutation", domainOwnerGranted: true)'),
+    (0, type_graphql_1.Mutation)(returns => Boolean, { description: 'To delete multiple roles' }),
+    __param(0, (0, type_graphql_1.Arg)('ids', type => [String])),
+    __param(1, (0, type_graphql_1.Ctx)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Array, Object]),
+    __metadata("design:returntype", Promise)
+], RoleMutation.prototype, "deleteRoles", null);
+RoleMutation = __decorate([
+    (0, type_graphql_1.Resolver)(role_1.Role)
+], RoleMutation);
+exports.RoleMutation = RoleMutation;
+//# sourceMappingURL=role-mutation.js.map