@valentine-efagene/qshelter-common 2.0.88 → 2.0.89
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/generated/client/browser.d.ts +10 -2
- package/dist/generated/client/client.d.ts +10 -2
- package/dist/generated/client/commonInputTypes.d.ts +30 -0
- package/dist/generated/client/enums.d.ts +5 -0
- package/dist/generated/client/enums.js +4 -0
- package/dist/generated/client/internal/class.d.ts +11 -0
- package/dist/generated/client/internal/class.js +2 -2
- package/dist/generated/client/internal/prismaNamespace.d.ts +113 -16
- package/dist/generated/client/internal/prismaNamespace.js +38 -14
- package/dist/generated/client/internal/prismaNamespaceBrowser.d.ts +41 -15
- package/dist/generated/client/internal/prismaNamespaceBrowser.js +38 -14
- package/dist/generated/client/models/Permission.d.ts +333 -68
- package/dist/generated/client/models/Role.d.ts +403 -3
- package/dist/generated/client/models/Tenant.d.ts +761 -4
- package/dist/generated/client/models/TenantMembership.d.ts +1395 -0
- package/dist/generated/client/models/TenantMembership.js +1 -0
- package/dist/generated/client/models/User.d.ts +375 -0
- package/dist/generated/client/models/UserRole.d.ts +2 -1
- package/dist/generated/client/models.d.ts +1 -0
- package/dist/src/prisma/tenant.js +13 -5
- package/package.json +1 -1
- package/prisma/schema.prisma +84 -20
|
@@ -2,7 +2,8 @@ import type * as runtime from "@prisma/client/runtime/client";
|
|
|
2
2
|
import type * as Prisma from "../internal/prismaNamespace.js";
|
|
3
3
|
/**
|
|
4
4
|
* Model UserRole
|
|
5
|
-
*
|
|
5
|
+
* Legacy: Direct user-role assignment (global, not tenant-scoped)
|
|
6
|
+
* @deprecated Use TenantMembership for tenant-scoped role assignments
|
|
6
7
|
*/
|
|
7
8
|
export type UserRoleModel = runtime.Types.Result.DefaultSelection<Prisma.$UserRolePayload>;
|
|
8
9
|
export type AggregateUserRole = {
|
|
@@ -3,6 +3,7 @@ export type * from './models/Role.js';
|
|
|
3
3
|
export type * from './models/Permission.js';
|
|
4
4
|
export type * from './models/RolePermission.js';
|
|
5
5
|
export type * from './models/UserRole.js';
|
|
6
|
+
export type * from './models/TenantMembership.js';
|
|
6
7
|
export type * from './models/Tenant.js';
|
|
7
8
|
export type * from './models/ApiKey.js';
|
|
8
9
|
export type * from './models/RefreshToken.js';
|
|
@@ -9,16 +9,18 @@
|
|
|
9
9
|
* These models either:
|
|
10
10
|
* - Don't have a tenantId field (system tables)
|
|
11
11
|
* - Have optional tenantId but are designed to work across tenants (User)
|
|
12
|
+
* - Are cross-tenant lookup/join tables (TenantMembership)
|
|
12
13
|
*/
|
|
13
14
|
const GLOBAL_MODELS = [
|
|
14
|
-
// User can exist across tenants or without a tenant
|
|
15
|
+
// User can exist across tenants or without a tenant (federated)
|
|
15
16
|
"user",
|
|
17
|
+
// TenantMembership is the user-tenant join table (queries by userId or tenantId)
|
|
18
|
+
"tenantMembership",
|
|
16
19
|
// System/infrastructure tables without tenantId
|
|
17
20
|
"tenant",
|
|
18
|
-
|
|
19
|
-
"permission",
|
|
20
|
-
"rolePermission",
|
|
21
|
+
// Legacy role assignment (global, not tenant-scoped)
|
|
21
22
|
"userRole",
|
|
23
|
+
"rolePermission",
|
|
22
24
|
"refreshToken",
|
|
23
25
|
"passwordReset",
|
|
24
26
|
"wallet",
|
|
@@ -29,7 +31,13 @@ const GLOBAL_MODELS = [
|
|
|
29
31
|
* These can be global templates (tenantId = null) or tenant-specific.
|
|
30
32
|
* Queries will return both global AND tenant-specific records.
|
|
31
33
|
*/
|
|
32
|
-
const OPTIONAL_TENANT_MODELS = [
|
|
34
|
+
const OPTIONAL_TENANT_MODELS = [
|
|
35
|
+
"paymentPlan",
|
|
36
|
+
// Role can be global template (tenantId = null) or tenant-specific
|
|
37
|
+
"role",
|
|
38
|
+
// Permission can be global template or tenant-specific
|
|
39
|
+
"permission",
|
|
40
|
+
];
|
|
33
41
|
function isGlobalModel(model) {
|
|
34
42
|
return GLOBAL_MODELS.includes(model);
|
|
35
43
|
}
|
package/package.json
CHANGED
package/prisma/schema.prisma
CHANGED
|
@@ -292,29 +292,39 @@ enum ExecutionStatus {
|
|
|
292
292
|
SKIPPED
|
|
293
293
|
}
|
|
294
294
|
|
|
295
|
+
/// Permission effect (Allow/Deny)
|
|
296
|
+
enum PermissionEffect {
|
|
297
|
+
ALLOW
|
|
298
|
+
DENY
|
|
299
|
+
}
|
|
300
|
+
|
|
295
301
|
// =============================================================================
|
|
296
302
|
// USER & AUTH DOMAIN
|
|
297
303
|
// =============================================================================
|
|
298
304
|
|
|
299
305
|
model User {
|
|
300
|
-
id String
|
|
301
|
-
email String
|
|
306
|
+
id String @id @default(cuid())
|
|
307
|
+
email String @unique
|
|
302
308
|
password String?
|
|
303
|
-
phone String?
|
|
309
|
+
phone String? @unique
|
|
304
310
|
firstName String?
|
|
305
311
|
lastName String?
|
|
306
|
-
isActive Boolean
|
|
307
|
-
isEmailVerified Boolean
|
|
312
|
+
isActive Boolean @default(true)
|
|
313
|
+
isEmailVerified Boolean @default(false)
|
|
308
314
|
googleId String?
|
|
309
315
|
avatar String?
|
|
316
|
+
// Legacy: Optional direct tenant association (for backward compatibility)
|
|
317
|
+
// New: Use tenantMemberships for multi-tenant federation
|
|
310
318
|
tenantId String?
|
|
311
|
-
tenant Tenant?
|
|
312
|
-
//
|
|
319
|
+
tenant Tenant? @relation(fields: [tenantId], references: [id], onDelete: SetNull)
|
|
320
|
+
// Federated: User can belong to multiple tenants with different roles
|
|
321
|
+
tenantMemberships TenantMembership[]
|
|
322
|
+
// Legacy: Support multiple roles via explicit join table `UserRole`
|
|
313
323
|
userRoles UserRole[]
|
|
314
|
-
walletId String?
|
|
315
|
-
wallet Wallet?
|
|
316
|
-
createdAt DateTime
|
|
317
|
-
updatedAt DateTime
|
|
324
|
+
walletId String? @unique
|
|
325
|
+
wallet Wallet? @relation(fields: [walletId], references: [id])
|
|
326
|
+
createdAt DateTime @default(now())
|
|
327
|
+
updatedAt DateTime @updatedAt
|
|
318
328
|
emailVerifiedAt DateTime?
|
|
319
329
|
emailVerificationToken String?
|
|
320
330
|
lastLoginAt DateTime?
|
|
@@ -368,29 +378,51 @@ model User {
|
|
|
368
378
|
}
|
|
369
379
|
|
|
370
380
|
model Role {
|
|
371
|
-
id String
|
|
372
|
-
name String
|
|
381
|
+
id String @id @default(cuid())
|
|
382
|
+
name String
|
|
373
383
|
description String?
|
|
384
|
+
// Tenant-scoping: NULL = global template, set = tenant-specific role
|
|
385
|
+
tenantId String?
|
|
386
|
+
tenant Tenant? @relation(fields: [tenantId], references: [id], onDelete: Cascade)
|
|
387
|
+
// System roles cannot be deleted (admin, user, etc.)
|
|
388
|
+
isSystem Boolean @default(false)
|
|
389
|
+
isActive Boolean @default(true)
|
|
390
|
+
// Legacy: UserRole for backward compatibility
|
|
374
391
|
userRoles UserRole[]
|
|
392
|
+
// New: TenantMembership for federated users
|
|
393
|
+
memberships TenantMembership[]
|
|
375
394
|
permissions RolePermission[]
|
|
376
|
-
createdAt DateTime
|
|
377
|
-
updatedAt DateTime
|
|
395
|
+
createdAt DateTime @default(now())
|
|
396
|
+
updatedAt DateTime @updatedAt
|
|
378
397
|
|
|
398
|
+
@@unique([name, tenantId]) // Unique name per tenant (null tenantId = global)
|
|
399
|
+
@@index([tenantId])
|
|
379
400
|
@@map("roles")
|
|
380
401
|
}
|
|
381
402
|
|
|
403
|
+
/// Permission defines a path pattern + HTTP methods + effect
|
|
404
|
+
/// Supports path-based authorization matching the authorizer's policy structure
|
|
382
405
|
model Permission {
|
|
383
406
|
id String @id @default(cuid())
|
|
384
|
-
name String
|
|
407
|
+
name String // Descriptive name: "Read Users", "Manage Properties"
|
|
385
408
|
description String?
|
|
386
|
-
|
|
387
|
-
|
|
409
|
+
// Path pattern: /users, /users/:id, /properties/*, etc.
|
|
410
|
+
path String
|
|
411
|
+
// HTTP methods: ["GET"], ["GET", "POST"], ["*"] - stored as JSON
|
|
412
|
+
methods Json @default("[]")
|
|
413
|
+
// Allow or Deny this path/methods
|
|
414
|
+
effect PermissionEffect @default(ALLOW)
|
|
415
|
+
// Tenant-scoping: NULL = global template, set = tenant-specific
|
|
416
|
+
tenantId String?
|
|
417
|
+
tenant Tenant? @relation(fields: [tenantId], references: [id], onDelete: Cascade)
|
|
418
|
+
// System permissions cannot be deleted
|
|
419
|
+
isSystem Boolean @default(false)
|
|
388
420
|
roles RolePermission[]
|
|
389
421
|
createdAt DateTime @default(now())
|
|
390
422
|
updatedAt DateTime @updatedAt
|
|
391
423
|
|
|
392
|
-
@@unique([
|
|
393
|
-
@@index([
|
|
424
|
+
@@unique([path, tenantId]) // Unique path per tenant
|
|
425
|
+
@@index([tenantId])
|
|
394
426
|
@@map("permissions")
|
|
395
427
|
}
|
|
396
428
|
|
|
@@ -405,6 +437,8 @@ model RolePermission {
|
|
|
405
437
|
@@map("role_permissions")
|
|
406
438
|
}
|
|
407
439
|
|
|
440
|
+
/// Legacy: Direct user-role assignment (global, not tenant-scoped)
|
|
441
|
+
/// @deprecated Use TenantMembership for tenant-scoped role assignments
|
|
408
442
|
model UserRole {
|
|
409
443
|
userId String
|
|
410
444
|
roleId String
|
|
@@ -416,6 +450,30 @@ model UserRole {
|
|
|
416
450
|
@@map("user_roles")
|
|
417
451
|
}
|
|
418
452
|
|
|
453
|
+
/// Tenant Membership: Links users to tenants with specific roles
|
|
454
|
+
/// Enables federated users across multiple tenants with different roles per tenant
|
|
455
|
+
model TenantMembership {
|
|
456
|
+
id String @id @default(cuid())
|
|
457
|
+
userId String
|
|
458
|
+
tenantId String
|
|
459
|
+
roleId String
|
|
460
|
+
// Whether this membership is active
|
|
461
|
+
isActive Boolean @default(true)
|
|
462
|
+
// Whether this is the user's default tenant (for login without specifying tenant)
|
|
463
|
+
isDefault Boolean @default(false)
|
|
464
|
+
createdAt DateTime @default(now())
|
|
465
|
+
updatedAt DateTime @updatedAt
|
|
466
|
+
|
|
467
|
+
user User @relation(fields: [userId], references: [id], onDelete: Cascade)
|
|
468
|
+
tenant Tenant @relation(fields: [tenantId], references: [id], onDelete: Cascade)
|
|
469
|
+
role Role @relation(fields: [roleId], references: [id], onDelete: Restrict)
|
|
470
|
+
|
|
471
|
+
@@unique([userId, tenantId]) // User can only have one membership per tenant
|
|
472
|
+
@@index([tenantId])
|
|
473
|
+
@@index([userId])
|
|
474
|
+
@@map("tenant_memberships")
|
|
475
|
+
}
|
|
476
|
+
|
|
419
477
|
model Tenant {
|
|
420
478
|
id String @id @default(cuid())
|
|
421
479
|
name String
|
|
@@ -431,6 +489,12 @@ model Tenant {
|
|
|
431
489
|
paymentMethods PropertyPaymentMethod[]
|
|
432
490
|
contracts Contract[]
|
|
433
491
|
|
|
492
|
+
// RBAC: Tenant-scoped roles and permissions
|
|
493
|
+
roles Role[]
|
|
494
|
+
permissions Permission[]
|
|
495
|
+
// Federated user memberships
|
|
496
|
+
memberships TenantMembership[]
|
|
497
|
+
|
|
434
498
|
// Payment method changes
|
|
435
499
|
paymentMethodChangeRequests PaymentMethodChangeRequest[]
|
|
436
500
|
documentRequirementRules DocumentRequirementRule[]
|