@things-factory/auth-base 6.2.49 → 6.2.51

package/dist-server/utils/check-permission.d.ts

@@ -0,0 +1,7 @@
+import { Domain } from '@things-factory/shell';
+import { PrivilegeObject } from '../service/privilege/privilege';
+import { User } from '../service/user/user';
+export declare function checkPermission(privilegeObject: PrivilegeObject, user: User, domain: Domain, unsafeIP?: boolean, prohibitedPrivileges?: {
+    category: string;
+    privilege: string;
+}[]): Promise<boolean>;

package/dist-server/utils/check-permission.js

@@ -0,0 +1,38 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkPermission = void 0;
+const user_1 = require("../service/user/user");
+async function checkPermission(privilegeObject, user, domain, unsafeIP, prohibitedPrivileges) {
+    if (!privilegeObject) {
+        return true;
+    }
+    const { owner: domainOwnerGranted, super: superUserGranted, category, privilege } = privilegeObject;
+    if (unsafeIP) {
+        if (privilege && category) {
+            // unsafeIP 상황에서는 ownership granted는 적용되지 않는다.
+            if ((prohibitedPrivileges || []).find(pp => pp.category == category && pp.privilege == privilege)) {
+                return false;
+            }
+            return await user_1.User.hasPrivilege(privilege, category, domain, user);
+        }
+        // privilege, category가 설정되지 않은 경우에는 ownership granted가 설정되었다면 허가하지 않는다.
+        return !domainOwnerGranted && !superUserGranted;
+    }
+    else {
+        if (!privilege || !category) {
+            // privilege, category가 설정되지 않은 경우에는 ownership granted만을 적용한다.
+            return ((domainOwnerGranted && (await process.domainOwnerGranted(domain, user))) ||
+                (superUserGranted && (await process.superUserGranted(domain, user))));
+        }
+        if ((domainOwnerGranted && (await process.domainOwnerGranted(domain, user))) ||
+            (superUserGranted && (await process.superUserGranted(domain, user)))) {
+            return true;
+        }
+        if ((prohibitedPrivileges || []).find(pp => pp.category == category && pp.privilege == privilege)) {
+            return false;
+        }
+        return await user_1.User.hasPrivilege(privilege, category, domain, user);
+    }
+}
+exports.checkPermission = checkPermission;
+//# sourceMappingURL=check-permission.js.map

package/dist-server/utils/check-permission.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-permission.js","sourceRoot":"","sources":["../../server/utils/check-permission.ts"],"names":[],"mappings":";;;AAEA,+CAA2C;AAEpC,KAAK,UAAU,eAAe,CACnC,eAAgC,EAChC,IAAU,EACV,MAAc,EACd,QAAkB,EAClB,oBAAgE;IAEhE,IAAI,CAAC,eAAe,EAAE;QACpB,OAAO,IAAI,CAAA;KACZ;IAED,MAAM,EAAE,KAAK,EAAE,kBAAkB,EAAE,KAAK,EAAE,gBAAgB,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,eAAe,CAAA;IAEnG,IAAI,QAAQ,EAAE;QACZ,IAAI,SAAS,IAAI,QAAQ,EAAE;YACzB,8CAA8C;YAC9C,IAAI,CAAC,oBAAoB,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,QAAQ,IAAI,QAAQ,IAAI,EAAE,CAAC,SAAS,IAAI,SAAS,CAAC,EAAE;gBACjG,OAAO,KAAK,CAAA;aACb;YAED,OAAO,MAAM,WAAI,CAAC,YAAY,CAAC,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,CAAC,CAAA;SAClE;QAED,wEAAwE;QACxE,OAAO,CAAC,kBAAkB,IAAI,CAAC,gBAAgB,CAAA;KAChD;SAAM;QACL,IAAI,CAAC,SAAS,IAAI,CAAC,QAAQ,EAAE;YAC3B,8DAA8D;YAC9D,OAAO,CACL,CAAC,kBAAkB,IAAI,CAAC,MAAM,OAAO,CAAC,kBAAkB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC;gBACxE,CAAC,gBAAgB,IAAI,CAAC,MAAM,OAAO,CAAC,gBAAgB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC,CACrE,CAAA;SACF;QAED,IACE,CAAC,kBAAkB,IAAI,CAAC,MAAM,OAAO,CAAC,kBAAkB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC;YACxE,CAAC,gBAAgB,IAAI,CAAC,MAAM,OAAO,CAAC,gBAAgB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC,EACpE;YACA,OAAO,IAAI,CAAA;SACZ;QAED,IAAI,CAAC,oBAAoB,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,QAAQ,IAAI,QAAQ,IAAI,EAAE,CAAC,SAAS,IAAI,SAAS,CAAC,EAAE;YACjG,OAAO,KAAK,CAAA;SACb;QAED,OAAO,MAAM,WAAI,CAAC,YAAY,CAAC,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,CAAC,CAAA;KAClE;AACH,CAAC;AA/CD,0CA+CC","sourcesContent":["import { Domain } from '@things-factory/shell'\nimport { PrivilegeObject } from '../service/privilege/privilege'\nimport { User } from '../service/user/user'\n\nexport async function checkPermission(\n  privilegeObject: PrivilegeObject,\n  user: User,\n  domain: Domain,\n  unsafeIP?: boolean,\n  prohibitedPrivileges?: { category: string; privilege: string }[]\n): Promise<boolean> {\n  if (!privilegeObject) {\n    return true\n  }\n\n  const { owner: domainOwnerGranted, super: superUserGranted, category, privilege } = privilegeObject\n\n  if (unsafeIP) {\n    if (privilege && category) {\n      // unsafeIP 상황에서는 ownership granted는 적용되지 않는다.\n      if ((prohibitedPrivileges || []).find(pp => pp.category == category && pp.privilege == privilege)) {\n        return false\n      }\n\n      return await User.hasPrivilege(privilege, category, domain, user)\n    }\n\n    // privilege, category가 설정되지 않은 경우에는 ownership granted가 설정되었다면 허가하지 않는다.\n    return !domainOwnerGranted && !superUserGranted\n  } else {\n    if (!privilege || !category) {\n      // privilege, category가 설정되지 않은 경우에는 ownership granted만을 적용한다.\n      return (\n        (domainOwnerGranted && (await process.domainOwnerGranted(domain, user))) ||\n        (superUserGranted && (await process.superUserGranted(domain, user)))\n      )\n    }\n\n    if (\n      (domainOwnerGranted && (await process.domainOwnerGranted(domain, user))) ||\n      (superUserGranted && (await process.superUserGranted(domain, user)))\n    ) {\n      return true\n    }\n\n    if ((prohibitedPrivileges || []).find(pp => pp.category == category && pp.privilege == privilege)) {\n      return false\n    }\n\n    return await User.hasPrivilege(privilege, category, domain, user)\n  }\n}\n"]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@things-factory/auth-base",
-  "version": "6.2.49",
+  "version": "6.2.51",
   "main": "dist-server/index.js",
   "browser": "dist-client/index.js",
   "things-factory": true,
@@ -30,10 +30,10 @@
     "migration:create": "node ../../node_modules/typeorm/cli.js migration:create -d ./server/migrations"
   },
   "dependencies": {
-    "@things-factory/email-base": "^6.2.48",
+    "@things-factory/email-base": "^6.2.51",
     "@things-factory/env": "^6.2.33",
-    "@things-factory/i18n-base": "^6.2.48",
-    "@things-factory/shell": "^6.2.48",
+    "@things-factory/i18n-base": "^6.2.51",
+    "@things-factory/shell": "^6.2.51",
     "@things-factory/utils": "^6.2.48",
     "jsonwebtoken": "^9.0.0",
     "koa-passport": "^6.0.0",
@@ -43,5 +43,5 @@
     "passport-local": "^1.0.0",
     "popsicle-cookie-jar": "^1.0.0"
   },
-  "gitHead": "57266c96220301729f9c5cd633af1a4e2a651096"
+  "gitHead": "365e8ae6475eede1a4fd51460c24569d13de14b6"
 }

package/server/constants/error-code.ts

@@ -14,4 +14,4 @@ export const CONFIRM_PASSWORD_NOT_MATCHED = 'confirm password not matched'
 export const PASSWORD_PATTERN_NOT_MATCHED = 'password should match the rule'
 export const USER_DUPLICATED = 'user duplicated'
 export const PASSWORD_USED_PAST = 'password used in the past'
-export const VERIFICATION_ERROR = 'user or verification token not found'
+export const VERIFICATION_ERROR = 'user or verification token not found'

package/server/index.ts

@@ -16,6 +16,8 @@ export * from './utils/get-secret'
 export * from './utils/check-user-belongs-domain'
 export * from './utils/access-token-cookie'
 export * from './utils/encrypt-state'
+export * from './utils/check-permission'
+
 export * from './errors'
 
 export * from './types'

package/server/router/auth-private-process-router.ts

@@ -67,11 +67,19 @@ authPrivateProcessRouter
     clearAccessTokenCookie(context)
   })
   .get('/profile', async (context, next) => {
-    const { domain, user, protected: protectedIP } = context.state
+    const { domain, user, unsafeIP, prohibitedPrivileges } = context.state
 
     let domains: Partial<Domain>[] = await getUserDomains(user)
     domains = domains.filter((d: Domain) => d.extType == domainType)
 
+    var privileges = await User.getPrivilegesByDomain(user, domain)
+
+    if (prohibitedPrivileges) {
+      prohibitedPrivileges.forEach(({ category, name }) => {
+        privileges = privileges.filter(p => p.category != category || p.name != name)
+      })
+    }
+
     context.body = {
       user: {
         email: user.email,
@@ -79,8 +87,8 @@ authPrivateProcessRouter
         userType: user.userType,
         owner: await process.domainOwnerGranted(domain, user),
         super: await process.superUserGranted(domain, user),
-        protected: protectedIP,
-        privileges: await User.getPrivilegesByDomain(user, domain)
+        unsafeIP,
+        privileges
       },
       domains,
       domain: domain && {

package/server/service/domain-generator/domain-generator-mutation.ts

@@ -11,7 +11,7 @@ import { DomainGeneratorInput, DomainUserRoleInput } from './domain-generator-ty
 
 @Resolver()
 export class DomainGeneratorMutation {
-  @Directive('@privilege(category: "system", privilege: "mutation", superUserGranted: true)')
+  @Directive('@privilege(superUserGranted: true)')
   @Directive('@transaction')
   @Mutation(returns => Domain)
   async domainRegister(

package/server/service/partner/partner-mutation.ts

@@ -46,7 +46,7 @@ export class PartnerMutation {
 
     // Find partner
     const partner: Partner = await tx.getRepository(Partner).findOne({
-      where: { domain: { id: domain.id }, partnerDomain }
+      where: { domain: { id: domain.id }, partnerDomain: { id: partnerDomain.id } }
     })
     if (!partner) throw new Error(context.t('error.failed to find x', { x: context.t('label.partner') }))
 

package/server/service/privilege/privilege-directive.ts

@@ -3,6 +3,7 @@ import gql from 'graphql-tag'
 
 import { getDirective, MapperKind, mapSchema } from '@graphql-tools/utils'
 import { User } from '../user/user'
+import { checkPermission } from '../../utils/check-permission'
 
 process['PRIVILEGES'] = {}
 
@@ -33,22 +34,29 @@ export const privilegeDirectiveResolver = (schema: GraphQLSchema) =>
         }
 
         fieldConfig.resolve = async function (source, args, context, info) {
-          const { domain, user } = context.state
+          const { domain, user, unsafeIP, prohibitedPrivileges } = context.state
 
-          if (domainOwnerGranted && (await process.domainOwnerGranted(domain, user))) {
-            return await resolve.call(this, source, args, context, info)
-          }
-
-          if (superUserGranted && (await process.superUserGranted(domain, user))) {
-            return await resolve.call(this, source, args, context, info)
-          }
-
-          if (!category || !privilege) throw new Error(`Unauthorized! ${category}-${privilege} privilege required`)
-
-          if (await User.hasPrivilege(privilege, category, domain, user)) {
+          if (
+            await checkPermission(
+              {
+                category,
+                privilege,
+                owner: domainOwnerGranted,
+                super: superUserGranted
+              },
+              user,
+              domain,
+              unsafeIP,
+              prohibitedPrivileges
+            )
+          ) {
             return await resolve.call(this, source, args, context, info)
           } else {
-            throw new Error(`Unauthorized! ${category}-${privilege} privilege required`)
+            throw new Error(
+              `Unauthorized! ${
+                category && privilege ? category + ':' + privilege + ' privilege' : 'ownership granted'
+              } required`
+            )
           }
         }
 

package/server/service/privilege/privilege-query.ts

@@ -8,14 +8,6 @@ import { PrivilegeList } from './privilege-types'
 
 @Resolver(Privilege)
 export class PrivilegeQuery {
-  @Directive('@privilege(category: "privilege", privilege: "query", domainOwnerGranted: true, superUserGranted: true)')
-  @Query(returns => Privilege, { description: 'To fetch privilege' })
-  async privilege(@Arg('name') name: string, @Arg('category') category: string): Promise<Privilege> {
-    return await getRepository(Privilege).findOne({
-      where: { name, category }
-    })
-  }
-
   @Directive('@privilege(category: "privilege", privilege: "query", domainOwnerGranted: true, superUserGranted: true)')
   @Query(returns => PrivilegeList, { description: 'To fetch multiple privileges' })
   async privileges(@Args() params: ListParam, @Ctx() context: ResolverContext): Promise<PrivilegeList> {
@@ -23,7 +15,12 @@ export class PrivilegeQuery {
       params,
       repository: getRepository(Privilege),
       alias: 'p',
-      searchables: ['name', 'category']
+      searchables: ['privilege', 'category'],
+      filtersMap: {
+        privilege: {
+          columnName: 'name'
+        }
+      }
     })
       .orderBy('p.category', 'ASC')
       .getManyAndCount()
@@ -42,22 +39,22 @@ export class PrivilegeQuery {
 
   @Query(returns => Boolean, { description: 'To query whether I have the given permission' })
   async hasPrivilege(
-    @Arg('name') name: string,
+    @Arg('privilege') privilege: string,
     @Arg('category') category: string,
     @Ctx() context: ResolverContext
   ): Promise<Boolean> {
     const { domain, user } = context.state
-    return await User.hasPrivilege(name, category, domain, user)
+    return await User.hasPrivilege(privilege, category, domain, user)
   }
 
   @Query(returns => [Domain], { description: 'To fetch domains with given privilege for user' })
   async domainsWithPrivilege(
-    @Arg('name') name: string,
+    @Arg('privilege') privilege: string,
     @Arg('category') category: string,
     @Ctx() context: ResolverContext
   ): Promise<Partial<Domain>[]> {
     const { user } = context.state
-    return await User.getDomainsWithPrivilege(name, category, user)
+    return await User.getDomainsWithPrivilege(privilege, category, user)
   }
 
   @FieldResolver(type => String)
@@ -76,6 +73,11 @@ export class PrivilegeQuery {
     })
   }
 
+  @FieldResolver(type => String)
+  async privilege(@Root() privilege: Privilege, @Ctx() context: ResolverContext) {
+    return privilege.name
+  }
+
   @FieldResolver(type => [Role])
   async roles(@Root() privilege: Privilege) {
     return (

package/server/service/privilege/privilege.ts

@@ -27,9 +27,6 @@ export class PrivilegeObject {
 
   @Field({ nullable: true })
   super?: boolean
-
-  @Field({ nullable: true })
-  protected?: boolean
 }
 
 @InputType()
@@ -45,9 +42,6 @@ export class PrivilegeInput {
 
   @Field({ nullable: true })
   super?: boolean
-
-  @Field({ nullable: true })
-  protected?: boolean
 }
 
 @Entity()

package/server/service/user/user.ts

@@ -312,12 +312,12 @@ export class User {
     }
   }
 
-  static async hasPrivilege(name: string, category: string, domain: Domain, user: User) {
+  static async hasPrivilege(privilege: string, category: string, domain: Domain, user: User) {
     const result = await getRepository(User).query(
       `
       SELECT COUNT(1) AS "has_privilege" FROM "privileges" "PRIVILEGES"
       WHERE "PRIVILEGES"."category" = '${category}'
-      AND "PRIVILEGES"."name" = '${name}'
+      AND "PRIVILEGES"."name" = '${privilege}'
       AND "PRIVILEGES"."id" IN (
         SELECT "RP"."privileges_id"
         FROM "users_roles" "UR"
@@ -334,7 +334,7 @@ export class User {
 
   static async getPrivilegesByDomain(user: User, domain: Domain) {
     const result = await getRepository(User).query(`
-      SELECT name, category FROM "privileges" "PRIVILEGES"
+      SELECT name privilege, category FROM "privileges" "PRIVILEGES"
       WHERE "PRIVILEGES"."id" IN (
         SELECT "RP"."privileges_id"
         FROM "users_roles" "UR"
@@ -347,7 +347,7 @@ export class User {
     return result
   }
 
-  static async getDomainsWithPrivilege(name: string, category: string, user: User) {
-    return getDomainsWithPrivilege(user, name, category)
+  static async getDomainsWithPrivilege(privilege: string, category: string, user: User) {
+    return getDomainsWithPrivilege(user, privilege, category)
   }
 }

package/server/utils/check-permission.ts

@@ -0,0 +1,52 @@
+import { Domain } from '@things-factory/shell'
+import { PrivilegeObject } from '../service/privilege/privilege'
+import { User } from '../service/user/user'
+
+export async function checkPermission(
+  privilegeObject: PrivilegeObject,
+  user: User,
+  domain: Domain,
+  unsafeIP?: boolean,
+  prohibitedPrivileges?: { category: string; privilege: string }[]
+): Promise<boolean> {
+  if (!privilegeObject) {
+    return true
+  }
+
+  const { owner: domainOwnerGranted, super: superUserGranted, category, privilege } = privilegeObject
+
+  if (unsafeIP) {
+    if (privilege && category) {
+      // unsafeIP 상황에서는 ownership granted는 적용되지 않는다.
+      if ((prohibitedPrivileges || []).find(pp => pp.category == category && pp.privilege == privilege)) {
+        return false
+      }
+
+      return await User.hasPrivilege(privilege, category, domain, user)
+    }
+
+    // privilege, category가 설정되지 않은 경우에는 ownership granted가 설정되었다면 허가하지 않는다.
+    return !domainOwnerGranted && !superUserGranted
+  } else {
+    if (!privilege || !category) {
+      // privilege, category가 설정되지 않은 경우에는 ownership granted만을 적용한다.
+      return (
+        (domainOwnerGranted && (await process.domainOwnerGranted(domain, user))) ||
+        (superUserGranted && (await process.superUserGranted(domain, user)))
+      )
+    }
+
+    if (
+      (domainOwnerGranted && (await process.domainOwnerGranted(domain, user))) ||
+      (superUserGranted && (await process.superUserGranted(domain, user)))
+    ) {
+      return true
+    }
+
+    if ((prohibitedPrivileges || []).find(pp => pp.category == category && pp.privilege == privilege)) {
+      return false
+    }
+
+    return await User.hasPrivilege(privilege, category, domain, user)
+  }
+}

package/translations/ms.json

@@ -1,55 +1,55 @@
 {
-  "field.email": "e-mel",
-  "field.password": "kata-laluan",
-  "field.token": "token",
-  "field.appliance_id": "perkakas",
-  "field.brand": "jenama",
-  "field.model": "model",
-  "field.active": "aktif",
-  "field.category": "kategori",
-  "field.roles": "peranan",
-  "field.privileges": "keistimewaan",
-  "field.user": "pengguna",
-  "field.user_type": "[ms] user type",
-  "field.user_account": "akaun pengguna",
-  "label.partner": "[ms] partner",
-  "text.account is reactivated": "[ms] account is reactivated",
-  "text.delete account succeed": "[ms] delete account succeed",
-  "text.inactive user": "[ms] inactive user",
-  "text.invalid verification token": "[ms] invalid verification token",
-  "text.invitation email sent": "[ms] invitation email sent",
-  "text.pattern_minimum_charaters": "[ms] minimum {length} charaters",
-  "text.pattern_atleast_1_lowercase": "[ms] at least 1 lowercase character",
-  "text.pattern_atleast_1_uppercase": "[ms] at least 1 uppercase character",
-  "text.pattern_atleast_1_digit": "[ms] at least 1 digit character",
-  "text.pattern_atleast_1_special": "[ms] at least 1 special character(!@#$%^&*())",
-  "text.pattern_not_allowed": "[ms] not allowed repeated charater",
-  "text.password reset succeed": "[ms] password reset succeed",
-  "text.password changed successfully": "[ms] password changed successfully",
-  "text.profile changed successfully": "[ms] profile changed successfully",
-  "text.result": "[ms] result",
-  "text.signout successfully": "[ms] signout successfully",
-  "text.user registered successfully": "[ms] user registered successfully. find your email to activate account",
-  "text.user activated successfully": "[ms] user activated successfully",
-  "text.password reset email sent": "[ms] password reset email sent",
-  "text.verification email sent": "[ms] verification email sent",
-  "error.confirm password not matched": "[ms] new password and confirm password is not matched",
-  "error.domain not allowed": "[ms] user not allowed domain `{subdomain}`",
-  "error.domain mismatch": "[ms] certificate is not for this domain",
-  "error.failed to find x": "[ms] failed to find {x}",
-  "error.password should match the rule": "[ms] password should match following rule. ${rule}",
-  "error.password used in the past": "[ms] password used in the past",
-  "error.subdomain not found": "[ms] domain not found",
-  "error.token or password is invalid": "[ms] token or password is invalid",
-  "error.unavailable-domain": "[ms] unavailable domain",
-  "error.user not found": "pengguna tidak wujud",
-  "error.user duplicated": "emel telah diguna oleh akaun lain",
-  "error.user or verification token not found": "[ms] user or verification token not found",
-  "error.user validation failed": "[ms] user validation failed",
-  "error.user not activated": "[ms] user is not activated",
-  "error.x is not a member of y": "[ms] {x} is not a member of {y}",
-  "privilege.category.system": "[ms] system setting",
-  "privilege.description": "[ms] to {name} {category} data",
-  "privilege.name.mutation": "[ms] edit",
-  "privilege.name.query": "[ms] read"
+  "error.confirm password not matched": "Kata laluan baru dan pengesahan kata laluan tidak sepadan",
+  "error.domain mismatch": "Sijil tidak sesuai untuk domain ini",
+  "error.domain not allowed": "Pengguna tidak dibenarkan domain `{subdomain}`",
+  "error.failed to find x": "Gagal mencari {x}",
+  "error.password should match the rule": "Kata laluan harus mematuhi peraturan berikut. ${rule}",
+  "error.password used in the past": "Kata laluan telah digunakan dalam masa lampau",
+  "error.subdomain not found": "Domain tidak ditemui",
+  "error.token or password is invalid": "Token atau kata laluan tidak sah",
+  "error.unavailable-domain": "Domain tidak tersedia",
+  "error.user duplicated": "Emel telah digunakan oleh akaun lain",
+  "error.user not activated": "Pengguna tidak diaktifkan",
+  "error.user not found": "Pengguna tidak ditemui",
+  "error.user or verification token not found": "Pengguna atau token pengesahan tidak ditemui",
+  "error.user validation failed": "Validasi pengguna gagal",
+  "error.x is not a member of y": "{x} bukan ahli {y}",
+  "field.active": "Aktif",
+  "field.appliance_id": "Perkakas",
+  "field.brand": "Jenama",
+  "field.category": "Kategori",
+  "field.email": "E-mel",
+  "field.model": "Model",
+  "field.password": "Kata laluan",
+  "field.privileges": "Keistimewaan",
+  "field.roles": "Peranan",
+  "field.token": "Token",
+  "field.user": "Pengguna",
+  "field.user_account": "Akaun pengguna",
+  "field.user_type": "Jenis pengguna",
+  "label.partner": "Rakan kongsi",
+  "privilege.category.system": "Tetapan sistem",
+  "privilege.description": "Untuk {name} data {category}",
+  "privilege.name.mutation": "Sunting",
+  "privilege.name.query": "Baca",
+  "text.account is reactivated": "Akaun telah diaktifkan semula",
+  "text.delete account succeed": "Berjaya memadam akaun",
+  "text.inactive user": "Pengguna tidak aktif",
+  "text.invalid verification token": "Token pengesahan tidak sah",
+  "text.invitation email sent": "E-mel jemputan telah dihantar",
+  "text.password changed successfully": "Kata laluan berjaya diubah",
+  "text.password reset email sent": "E-mel reset kata laluan telah dihantar",
+  "text.password reset succeed": "Reset kata laluan berjaya",
+  "text.pattern_atleast_1_digit": "Sekurang-kurangnya 1 aksara digit",
+  "text.pattern_atleast_1_lowercase": "Sekurang-kurangnya 1 aksara kecil",
+  "text.pattern_atleast_1_special": "Sekurang-kurangnya 1 aksara istimewa (!@#$%^&*())",
+  "text.pattern_atleast_1_uppercase": "Sekurang-kurangnya 1 aksara besar",
+  "text.pattern_minimum_charaters": "Minimum {length} aksara",
+  "text.pattern_not_allowed": "Tidak dibenarkan aksara berulang",
+  "text.profile changed successfully": "Profil berjaya diubah",
+  "text.result": "Hasil",
+  "text.signout successfully": "Berjaya keluar",
+  "text.user activated successfully": "Pengguna diaktifkan dengan berjaya",
+  "text.user registered successfully": "Pengguna berjaya didaftarkan. Cari e-mel anda untuk mengaktifkan akaun",
+  "text.verification email sent": "E-mel pengesahan telah dihantar"
 }

package/translations/zh.json

@@ -1,55 +1,55 @@
 {
-  "field.email": "电子邮件地址",
-  "field.password": "密码",
-  "field.token": "符记",
+  "error.confirm password not matched": "新密码与确认密码不匹配！",
+  "error.domain mismatch": "证书不适用于该域！",
+  "error.domain not allowed": "用户无权限使用`{subdomain}`域！",
+  "error.failed to find x": "查询{x}失败！",
+  "error.password should match the rule": "密码应符合以下规则。${rule}",
+  "error.password used in the past": "使用过的密码！",
+  "error.subdomain not found": "用户域查询失败！",
+  "error.token or password is invalid": "令牌或密码无效！",
+  "error.unavailable-domain": "不可用的域名",
+  "error.user duplicated": "有一个用户帐户使用相同的电子邮件",
+  "error.user not activated": "用户未激活！",
+  "error.user not found": "找不到用户",
+  "error.user or verification token not found": "找不到用户或验证令牌。",
+  "error.user validation failed": "用户验证失败！",
+  "error.x is not a member of y": "{x}不是{y}的成员",
+  "field.active": "激活",
   "field.appliance_id": "终端机ID",
   "field.brand": "品牌",
-  "field.model": "模型",
-  "field.active": "激活",
   "field.category": "分类",
-  "field.roles": "角色",
+  "field.email": "电子邮件地址",
+  "field.model": "模型",
+  "field.password": "密码",
   "field.privileges": "权限",
+  "field.roles": "角色",
+  "field.token": "符记",
   "field.user": "用户",
-  "field.user_type": "用户类型",
   "field.user_account": "用户账号",
+  "field.user_type": "用户类型",
   "label.partner": "合作伙伴",
+  "privilege.category.system": "系统配置",
+  "privilege.description": "{name} {category}数据",
+  "privilege.name.mutation": "编辑",
+  "privilege.name.query": "查询",
   "text.account is reactivated": "账户已经重新激活。",
   "text.delete account succeed": "已成功删除账号。",
   "text.inactive user": "未激活用账号。",
   "text.invalid verification token": "令牌无效。",
   "text.invitation email sent": "成功发送邀请电子邮件。",
-  "text.pattern_minimum_charaters": "最少未字符长度为{length}",
-  "text.pattern_atleast_1_lowercase": "至少1个小写字母",
-  "text.pattern_atleast_1_uppercase": "至少1个大写字母",
+  "text.password changed successfully": "密码更改成功。",
+  "text.password reset email sent": "已发送密码重置邮件。",
+  "text.password reset succeed": "密码重置成功。",
   "text.pattern_atleast_1_digit": "至少1位数字字符",
+  "text.pattern_atleast_1_lowercase": "至少1个小写字母",
   "text.pattern_atleast_1_special": "至少1个特殊字符（！@＃$％^＆*（））",
+  "text.pattern_atleast_1_uppercase": "至少1个大写字母",
+  "text.pattern_minimum_charaters": "最少未字符长度为{length}",
   "text.pattern_not_allowed": "不允许重复字符",
-  "text.password reset succeed": "密码重置成功。",
-  "text.password changed successfully": "密码更改成功。",
   "text.profile changed successfully": "个人资料更改成功。",
   "text.result": "结果",
   "text.signout successfully": "登出成功。",
-  "text.user registered successfully": "用户注册成功。 请查看电子邮件以激活帐户。",
   "text.user activated successfully": "用户激活成功",
-  "text.password reset email sent": "已发送密码重置邮件。",
-  "text.verification email sent": "验证邮件已发送",
-  "error.confirm password not matched": "新密码与确认密码不匹配！",
-  "error.domain not allowed": "用户无权限使用`{subdomain}`域！",
-  "error.domain mismatch": "证书不适用于该域！",
-  "error.failed to find x": "查询{x}失败！",
-  "error.password should match the rule": "密码应符合以下规则。${rule}",
-  "error.password used in the past": "使用过的密码！",
-  "error.subdomain not found": "用户域查询失败！",
-  "error.token or password is invalid": "令牌或密码无效！",
-  "error.unavailable-domain": "[zh] unavailable domain",
-  "error.user not found": "找不到用户",
-  "error.user duplicated": "有一个用户帐户使用相同的电子邮件",
-  "error.user or verification token not found": "找不到用户或验证令牌。",
-  "error.user validation failed": "用户验证失败！",
-  "error.user not activated": "用户未激活！",
-  "error.x is not a member of y": "{x}不是{y}的成员",
-  "privilege.category.system": "系统配置",
-  "privilege.description": "{name} {category}数据",
-  "privilege.name.mutation": "编辑",
-  "privilege.name.query": "查询"
-}
+  "text.user registered successfully": "用户注册成功。 请查看电子邮件以激活帐户。",
+  "text.verification email sent": "验证邮件已发送"
+}