@venizia/ignis 0.0.9-17 → 0.0.9-19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/base/models/enrichers/principal.enricher.d.ts +6 -5
- package/dist/base/models/enrichers/principal.enricher.d.ts.map +1 -1
- package/dist/base/models/enrichers/principal.enricher.js +8 -3
- package/dist/base/models/enrichers/principal.enricher.js.map +1 -1
- package/dist/components/auth/authorize/common/constants.d.ts +7 -1
- package/dist/components/auth/authorize/common/constants.d.ts.map +1 -1
- package/dist/components/auth/authorize/common/constants.js +14 -2
- package/dist/components/auth/authorize/common/constants.js.map +1 -1
- package/dist/components/auth/authorize/common/index.d.ts +2 -0
- package/dist/components/auth/authorize/common/index.d.ts.map +1 -1
- package/dist/components/auth/authorize/common/index.js +2 -0
- package/dist/components/auth/authorize/common/index.js.map +1 -1
- package/dist/components/auth/authorize/common/permission-builder.d.ts +92 -0
- package/dist/components/auth/authorize/common/permission-builder.d.ts.map +1 -0
- package/dist/components/auth/authorize/common/permission-builder.js +99 -0
- package/dist/components/auth/authorize/common/permission-builder.js.map +1 -0
- package/dist/components/auth/authorize/common/policy-builder.d.ts +183 -0
- package/dist/components/auth/authorize/common/policy-builder.d.ts.map +1 -0
- package/dist/components/auth/authorize/common/policy-builder.js +130 -0
- package/dist/components/auth/authorize/common/policy-builder.js.map +1 -0
- package/dist/components/auth/models/entities/permission.model.d.ts +1 -0
- package/dist/components/auth/models/entities/permission.model.d.ts.map +1 -1
- package/dist/components/auth/models/entities/permission.model.js +2 -0
- package/dist/components/auth/models/entities/permission.model.js.map +1 -1
- package/package.json +1 -1
|
@@ -1,19 +1,20 @@
|
|
|
1
1
|
import { PgIntegerBuilderInitial, PgTextBuilderInitial } from 'drizzle-orm/pg-core';
|
|
2
2
|
import { TColumnDefinitions } from '../common/types';
|
|
3
3
|
import { HasDefault, NotNull } from 'drizzle-orm';
|
|
4
|
-
export type TPrincipalEnricherOptions<Discriminator extends string = string, IdType extends 'number' | 'string' = 'number' | 'string'> = {
|
|
4
|
+
export type TPrincipalEnricherOptions<Discriminator extends string = string, IdType extends 'number' | 'string' = 'number' | 'string', Nullable extends boolean = false> = {
|
|
5
5
|
discriminator?: Discriminator;
|
|
6
6
|
defaultPolymorphic?: string;
|
|
7
7
|
polymorphicIdType: IdType;
|
|
8
|
+
isNullableId?: Nullable;
|
|
8
9
|
};
|
|
9
|
-
type TPrincipalColumnDef<Discriminator extends string, IdType extends 'number' | 'string'> = (IdType extends 'number' ? {
|
|
10
|
-
[K in `${Discriminator}Id`]: NotNull<PgIntegerBuilderInitial<string>>;
|
|
10
|
+
type TPrincipalColumnDef<Discriminator extends string, IdType extends 'number' | 'string', Nullable extends boolean = false> = (IdType extends 'number' ? {
|
|
11
|
+
[K in `${Discriminator}Id`]: Nullable extends true ? PgIntegerBuilderInitial<string> : NotNull<PgIntegerBuilderInitial<string>>;
|
|
11
12
|
} : {
|
|
12
|
-
[K in `${Discriminator}Id`]: NotNull<PgTextBuilderInitial<string, [string, ...string[]]>>;
|
|
13
|
+
[K in `${Discriminator}Id`]: Nullable extends true ? PgTextBuilderInitial<string, [string, ...string[]]> : NotNull<PgTextBuilderInitial<string, [string, ...string[]]>>;
|
|
13
14
|
}) & {
|
|
14
15
|
[K in `${Discriminator}Type`]: HasDefault<PgTextBuilderInitial<string, [string, ...string[]]>>;
|
|
15
16
|
};
|
|
16
|
-
export declare const generatePrincipalColumnDefs: <Discriminator extends string = "principal", IdType extends "number" | "string" = "number">(opts: TPrincipalEnricherOptions<Discriminator, IdType>) => TPrincipalColumnDef<Discriminator, IdType>;
|
|
17
|
+
export declare const generatePrincipalColumnDefs: <Discriminator extends string = "principal", IdType extends "number" | "string" = "number", Nullable extends boolean = false>(opts: TPrincipalEnricherOptions<Discriminator, IdType, Nullable>) => TPrincipalColumnDef<Discriminator, IdType, Nullable>;
|
|
17
18
|
export declare const enrichPrincipal: <ColumnDefinitions extends TColumnDefinitions = TColumnDefinitions>(baseSchema: ColumnDefinitions, opts: TPrincipalEnricherOptions) => (ColumnDefinitions & {
|
|
18
19
|
[x: `${string}Id`]: NotNull<PgTextBuilderInitial<string, [string, ...string[]]>>;
|
|
19
20
|
} & {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"principal.enricher.d.ts","sourceRoot":"","sources":["../../../../src/base/models/enrichers/principal.enricher.ts"],"names":[],"mappings":"AAAA,OAAO,EAAW,uBAAuB,EAAE,oBAAoB,EAAQ,MAAM,qBAAqB,CAAC;AACnG,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AACrD,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAElD,MAAM,MAAM,yBAAyB,CACnC,aAAa,SAAS,MAAM,GAAG,MAAM,EACrC,MAAM,SAAS,QAAQ,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,
|
|
1
|
+
{"version":3,"file":"principal.enricher.d.ts","sourceRoot":"","sources":["../../../../src/base/models/enrichers/principal.enricher.ts"],"names":[],"mappings":"AAAA,OAAO,EAAW,uBAAuB,EAAE,oBAAoB,EAAQ,MAAM,qBAAqB,CAAC;AACnG,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AACrD,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAElD,MAAM,MAAM,yBAAyB,CACnC,aAAa,SAAS,MAAM,GAAG,MAAM,EACrC,MAAM,SAAS,QAAQ,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,EACxD,QAAQ,SAAS,OAAO,GAAG,KAAK,IAC9B;IACF,aAAa,CAAC,EAAE,aAAa,CAAC;IAC9B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,YAAY,CAAC,EAAE,QAAQ,CAAC;CACzB,CAAC;AAEF,KAAK,mBAAmB,CACtB,aAAa,SAAS,MAAM,EAC5B,MAAM,SAAS,QAAQ,GAAG,QAAQ,EAClC,QAAQ,SAAS,OAAO,GAAG,KAAK,IAC9B,CAAC,MAAM,SAAS,QAAQ,GACxB;KACG,CAAC,IAAI,GAAG,aAAa,IAAI,GAAG,QAAQ,SAAS,IAAI,GAC9C,uBAAuB,CAAC,MAAM,CAAC,GAC/B,OAAO,CAAC,uBAAuB,CAAC,MAAM,CAAC,CAAC;CAC7C,GACD;KACG,CAAC,IAAI,GAAG,aAAa,IAAI,GAAG,QAAQ,SAAS,IAAI,GAC9C,oBAAoB,CAAC,MAAM,EAAE,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC,GACnD,OAAO,CAAC,oBAAoB,CAAC,MAAM,EAAE,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC,CAAC;CACjE,CAAC,GAAG;KACN,CAAC,IAAI,GAAG,aAAa,MAAM,GAAG,UAAU,CAAC,oBAAoB,CAAC,MAAM,EAAE,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC,CAAC;CAC/F,CAAC;AAEF,eAAO,MAAM,2BAA2B,GACtC,aAAa,SAAS,MAAM,GAAG,WAAW,EAC1C,MAAM,SAAS,QAAQ,GAAG,QAAQ,GAAG,QAAQ,EAC7C,QAAQ,SAAS,OAAO,GAAG,KAAK,EAEhC,MAAM,yBAAyB,CAAC,aAAa,EAAE,MAAM,EAAE,QAAQ,CAAC,KAC/D,mBAAmB,CAAC,aAAa,EAAE,MAAM,EAAE,QAAQ,CAwCrD,CAAC;AAEF,eAAO,MAAM,eAAe,GAAI,iBAAiB,SAAS,kBAAkB,GAAG,kBAAkB,EAC/F,YAAY,iBAAiB,EAC7B,MAAM,yBAAyB;;;;;;;;EAIhC,CAAC"}
|
|
@@ -3,25 +3,30 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.enrichPrincipal = exports.generatePrincipalColumnDefs = void 0;
|
|
4
4
|
const pg_core_1 = require("drizzle-orm/pg-core");
|
|
5
5
|
const generatePrincipalColumnDefs = (opts) => {
|
|
6
|
-
const { discriminator = 'principal', defaultPolymorphic = '', polymorphicIdType } = opts;
|
|
6
|
+
const { discriminator = 'principal', defaultPolymorphic = '', polymorphicIdType, isNullableId = false, } = opts;
|
|
7
7
|
const polymorphic = {
|
|
8
8
|
typeField: `${discriminator}Type`,
|
|
9
9
|
typeColumnName: `${discriminator}_type`,
|
|
10
10
|
idField: `${discriminator}Id`,
|
|
11
11
|
idType: polymorphicIdType,
|
|
12
12
|
idColumnName: `${discriminator}_id`,
|
|
13
|
+
isNullableId,
|
|
13
14
|
};
|
|
14
15
|
switch (polymorphic.idType) {
|
|
15
16
|
case 'number': {
|
|
16
17
|
return {
|
|
17
18
|
[polymorphic.typeField]: (0, pg_core_1.text)(polymorphic.typeColumnName).default(defaultPolymorphic),
|
|
18
|
-
[polymorphic.idField]:
|
|
19
|
+
[polymorphic.idField]: polymorphic.isNullableId
|
|
20
|
+
? (0, pg_core_1.integer)(polymorphic.idColumnName)
|
|
21
|
+
: (0, pg_core_1.integer)(polymorphic.idColumnName).notNull(),
|
|
19
22
|
};
|
|
20
23
|
}
|
|
21
24
|
case 'string': {
|
|
22
25
|
return {
|
|
23
26
|
[polymorphic.typeField]: (0, pg_core_1.text)(polymorphic.typeColumnName).default(defaultPolymorphic),
|
|
24
|
-
[polymorphic.idField]:
|
|
27
|
+
[polymorphic.idField]: polymorphic.isNullableId
|
|
28
|
+
? (0, pg_core_1.text)(polymorphic.idColumnName)
|
|
29
|
+
: (0, pg_core_1.text)(polymorphic.idColumnName).notNull(),
|
|
25
30
|
};
|
|
26
31
|
}
|
|
27
32
|
default: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"principal.enricher.js","sourceRoot":"","sources":["../../../../src/base/models/enrichers/principal.enricher.ts"],"names":[],"mappings":";;;AAAA,iDAAmG;
|
|
1
|
+
{"version":3,"file":"principal.enricher.js","sourceRoot":"","sources":["../../../../src/base/models/enrichers/principal.enricher.ts"],"names":[],"mappings":";;;AAAA,iDAAmG;AAiC5F,MAAM,2BAA2B,GAAG,CAKzC,IAAgE,EACV,EAAE;IACxD,MAAM,EACJ,aAAa,GAAG,WAAW,EAC3B,kBAAkB,GAAG,EAAE,EACvB,iBAAiB,EACjB,YAAY,GAAG,KAAK,GACrB,GAAG,IAAI,CAAC;IAET,MAAM,WAAW,GAAG;QAClB,SAAS,EAAE,GAAG,aAAa,MAAM;QACjC,cAAc,EAAE,GAAG,aAAa,OAAO;QACvC,OAAO,EAAE,GAAG,aAAa,IAAI;QAC7B,MAAM,EAAE,iBAAiB;QACzB,YAAY,EAAE,GAAG,aAAa,KAAK;QACnC,YAAY;KACb,CAAC;IAEF,QAAQ,WAAW,CAAC,MAAM,EAAE,CAAC;QAC3B,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,OAAO;gBACL,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,IAAA,cAAI,EAAC,WAAW,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,kBAAkB,CAAC;gBACrF,CAAC,WAAW,CAAC,OAAO,CAAC,EAAE,WAAW,CAAC,YAAY;oBAC7C,CAAC,CAAC,IAAA,iBAAO,EAAC,WAAW,CAAC,YAAY,CAAC;oBACnC,CAAC,CAAC,IAAA,iBAAO,EAAC,WAAW,CAAC,YAAY,CAAC,CAAC,OAAO,EAAE;aACQ,CAAC;QAC5D,CAAC;QACD,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,OAAO;gBACL,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,IAAA,cAAI,EAAC,WAAW,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,kBAAkB,CAAC;gBACrF,CAAC,WAAW,CAAC,OAAO,CAAC,EAAE,WAAW,CAAC,YAAY;oBAC7C,CAAC,CAAC,IAAA,cAAI,EAAC,WAAW,CAAC,YAAY,CAAC;oBAChC,CAAC,CAAC,IAAA,cAAI,EAAC,WAAW,CAAC,YAAY,CAAC,CAAC,OAAO,EAAE;aACW,CAAC;QAC5D,CAAC;QACD,OAAO,CAAC,CAAC,CAAC;YACR,MAAM,IAAI,KAAK,CACb,oEAAoE,WAAW,CAAC,MAAM,gCAAgC,CACvH,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC,CAAC;AA9CW,QAAA,2BAA2B,+BA8CtC;AAEK,MAAM,eAAe,GAAG,CAC7B,UAA6B,EAC7B,IAA+B,EAC/B,EAAE;IACF,MAAM,IAAI,GAAG,IAAA,mCAA2B,EAAC,IAAI,CAAC,CAAC;IAC/C,OAAO,EAAE,GAAG,UAAU,EAAE,GAAG,IAAI,EAAE,CAAC;AACpC,CAAC,CAAC;AANW,QAAA,eAAe,mBAM1B"}
|
|
@@ -8,11 +8,17 @@ export declare class Authorization {
|
|
|
8
8
|
}
|
|
9
9
|
export declare class AuthorizationActions {
|
|
10
10
|
static readonly CREATE = "create";
|
|
11
|
-
static readonly READ = "read";
|
|
12
11
|
static readonly UPDATE = "update";
|
|
13
12
|
static readonly DELETE = "delete";
|
|
14
13
|
static readonly EXECUTE = "execute";
|
|
14
|
+
static readonly READ = "read";
|
|
15
|
+
static readonly WRITE = "write";
|
|
16
|
+
static readonly MANAGE = "manage";
|
|
15
17
|
static readonly SCHEME_SET: Set<string>;
|
|
18
|
+
static readonly LATTICE: ReadonlyArray<{
|
|
19
|
+
child: TAuthorizationAction;
|
|
20
|
+
parent: TAuthorizationAction;
|
|
21
|
+
}>;
|
|
16
22
|
static isValid(input: string): boolean;
|
|
17
23
|
}
|
|
18
24
|
export type TAuthorizationAction = TConstValue<typeof AuthorizationActions>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/common/constants.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AACrD,OAAO,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AAEvE,qBAAa,aAAa;IACxB,MAAM,CAAC,QAAQ,CAAC,KAAK,yBAAyB;IAC9C,MAAM,CAAC,QAAQ,CAAC,kBAAkB,wBAAwB;IAC1D,MAAM,CAAC,QAAQ,CAAC,QAAQ,4BAA4B;IACpD,MAAM,CAAC,QAAQ,CAAC,MAAM,0BAA0B;CACjD;AAED,qBAAa,oBAAoB;IAC/B,MAAM,CAAC,QAAQ,CAAC,MAAM,YAAY;IAClC,MAAM,CAAC,QAAQ,CAAC,
|
|
1
|
+
{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/common/constants.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AACrD,OAAO,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AAEvE,qBAAa,aAAa;IACxB,MAAM,CAAC,QAAQ,CAAC,KAAK,yBAAyB;IAC9C,MAAM,CAAC,QAAQ,CAAC,kBAAkB,wBAAwB;IAC1D,MAAM,CAAC,QAAQ,CAAC,QAAQ,4BAA4B;IACpD,MAAM,CAAC,QAAQ,CAAC,MAAM,0BAA0B;CACjD;AAED,qBAAa,oBAAoB;IAC/B,MAAM,CAAC,QAAQ,CAAC,MAAM,YAAY;IAClC,MAAM,CAAC,QAAQ,CAAC,MAAM,YAAY;IAClC,MAAM,CAAC,QAAQ,CAAC,MAAM,YAAY;IAClC,MAAM,CAAC,QAAQ,CAAC,OAAO,aAAa;IAEpC,MAAM,CAAC,QAAQ,CAAC,IAAI,UAAU;IAC9B,MAAM,CAAC,QAAQ,CAAC,KAAK,WAAW;IAChC,MAAM,CAAC,QAAQ,CAAC,MAAM,YAAY;IAElC,MAAM,CAAC,QAAQ,CAAC,UAAU,cASvB;IAEH,MAAM,CAAC,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC;QACrC,KAAK,EAAE,oBAAoB,CAAC;QAC5B,MAAM,EAAE,oBAAoB,CAAC;KAC9B,CAAC,CAOA;IAEF,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;CAGvC;AACD,MAAM,MAAM,oBAAoB,GAAG,WAAW,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAE5E,qBAAa,sBAAsB;IACjC,MAAM,CAAC,QAAQ,CAAC,KAAK,WAAW;IAChC,MAAM,CAAC,QAAQ,CAAC,IAAI,UAAU;IAC9B,MAAM,CAAC,QAAQ,CAAC,OAAO,aAAa;IAEpC,MAAM,CAAC,QAAQ,CAAC,UAAU,cAAkD;IAE5E,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAItC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO;IAO/C,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO;IAO9C,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO;CAMlD;AACD,MAAM,MAAM,sBAAsB,GAAG,WAAW,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAEhF,qBAAa,kBAAkB;IAC7B,MAAM,CAAC,QAAQ,CAAC,WAAW,oBAGxB;IACH,MAAM,CAAC,QAAQ,CAAC,KAAK,oBAGlB;IACH,MAAM,CAAC,QAAQ,CAAC,IAAI,oBAGjB;IACH,MAAM,CAAC,QAAQ,CAAC,KAAK,oBAGlB;IACH,MAAM,CAAC,QAAQ,CAAC,YAAY,oBAGzB;IAEH,MAAM,CAAC,QAAQ,CAAC,UAAU,cAMvB;IAEH,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;CAGvC;AAED,qBAAa,0BAA0B;IACrC,MAAM,CAAC,QAAQ,CAAC,MAAM,YAAY;IAClC,MAAM,CAAC,QAAQ,CAAC,MAAM,YAAY;IAElC,MAAM,CAAC,QAAQ,CAAC,UAAU,cAAuC;IAEjE,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;CAGvC;AAED,MAAM,MAAM,0BAA0B,GAAG,WAAW,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAExF,qBAAa,2BAA2B;IACtC,MAAM,CAAC,QAAQ,CAAC,KAAK,WAAW;IAEhC,MAAM,CAAC,QAAQ,CAAC,UAAU,cAAyB;IAEnD,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;CAGvC;AAED,MAAM,MAAM,2BAA2B,GAAG,WAAW,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAE1F,qBAAa,0BAA0B;IACrC,MAAM,CAAC,QAAQ,CAAC,IAAI,UAAU;IAC9B,MAAM,CAAC,QAAQ,CAAC,IAAI,UAAU;IAE9B,MAAM,CAAC,QAAQ,CAAC,UAAU,cAAmC;IAE7D,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;CAGvC;AAED,MAAM,MAAM,0BAA0B,GAAG,WAAW,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAExF,qBAAa,6BAA6B;IACxC,+FAA+F;IAC/F,MAAM,CAAC,QAAQ,CAAC,SAAS,cAAc;IAEvC,+CAA+C;IAC/C,MAAM,CAAC,QAAQ,CAAC,WAAW,eAAe;IAE1C,uCAAuC;IACvC,MAAM,CAAC,QAAQ,CAAC,WAAW,eAAe;IAE1C,6DAA6D;IAC7D,MAAM,CAAC,QAAQ,CAAC,WAAW,eAAe;IAE1C,mEAAmE;IACnE,MAAM,CAAC,QAAQ,CAAC,WAAW,gBAAgB;IAE3C,MAAM,CAAC,QAAQ,CAAC,UAAU,cAMvB;IAEH,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;CAGvC;AAED,MAAM,MAAM,6BAA6B,GAAG,WAAW,CAAC,OAAO,6BAA6B,CAAC,CAAC;AAE9F,qBAAa,yBAAyB;IACpC,+FAA+F;IAC/F,MAAM,CAAC,QAAQ,CAAC,UAAU,gBAAgB;IAE1C,0EAA0E;IAC1E,MAAM,CAAC,QAAQ,CAAC,WAAW,iBAAiB;IAE5C,MAAM,CAAC,QAAQ,CAAC,UAAU,cAAgD;IAE1E,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;CAGvC;AACD,MAAM,MAAM,yBAAyB,GAAG,WAAW,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAEtF;;;;;GAKG;AACH,qBAAa,kBAAkB;IAC7B,8BAA8B;IAC9B,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO;IAExB;;;OAGG;IAEH,+FAA+F;IAC/F,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO;IAExB,uFAAuF;IACvF,MAAM,CAAC,QAAQ,CAAC,EAAE,QAAQ;IAE1B,gEAAgE;IAChE,MAAM,CAAC,QAAQ,CAAC,EAAE,QAAQ;IAE1B,wDAAwD;IACxD,MAAM,CAAC,QAAQ,CAAC,EAAE,QAAQ;IAE1B,sDAAsD;IACtD,MAAM,CAAC,QAAQ,CAAC,EAAE,QAAQ;CAC3B;AAED,MAAM,MAAM,kBAAkB,GAAG,WAAW,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAExE;;;;;;;;;;;;;GAaG;AACH,qBAAa,2BAA2B;IACtC;;;;OAIG;IACH,MAAM,CAAC,QAAQ,CAAC,KAAK;;;MAA4D;IAEjF;;;;OAIG;IACH,MAAM,CAAC,QAAQ,CAAC,WAAW;;;MAAkE;IAE7F;;;;;OAKG;IACH,MAAM,CAAC,QAAQ,CAAC,aAAa;;;MAAoE;IAEjG;;;;;OAKG;IACH,MAAM,CAAC,QAAQ,CAAC,WAAW;;;MAAmE;IAE9F;;;;;OAKG;IACH,MAAM,CAAC,QAAQ,CAAC,eAAe;;;MAGpB;IAEX;;;;;;OAMG;IACH,MAAM,CAAC,QAAQ,CAAC,iBAAiB;;;MAGtB;IAEX;;;;;;;OAOG;IACH,MAAM,CAAC,QAAQ,CAAC,eAAe;;;MAGpB;IAEX,MAAM,CAAC,QAAQ,CAAC,iBAAiB,cAQ9B;IAEH,MAAM,CAAC,QAAQ,CAAC,eAAe,cAQ5B;IAEH,MAAM,CAAC,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAI5C,MAAM,CAAC,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;CAG3C;AACD,MAAM,MAAM,2BAA2B,GAAG,WAAW,CAAC,OAAO,2BAA2B,CAAC,CAAC"}
|
|
@@ -11,17 +11,29 @@ class Authorization {
|
|
|
11
11
|
exports.Authorization = Authorization;
|
|
12
12
|
class AuthorizationActions {
|
|
13
13
|
static { this.CREATE = 'create'; }
|
|
14
|
-
static { this.READ = 'read'; }
|
|
15
14
|
static { this.UPDATE = 'update'; }
|
|
16
15
|
static { this.DELETE = 'delete'; }
|
|
17
16
|
static { this.EXECUTE = 'execute'; }
|
|
17
|
+
static { this.READ = 'read'; }
|
|
18
|
+
static { this.WRITE = 'write'; }
|
|
19
|
+
static { this.MANAGE = 'manage'; }
|
|
18
20
|
static { this.SCHEME_SET = new Set([
|
|
19
21
|
this.CREATE,
|
|
20
|
-
this.READ,
|
|
21
22
|
this.UPDATE,
|
|
22
23
|
this.DELETE,
|
|
23
24
|
this.EXECUTE,
|
|
25
|
+
this.READ,
|
|
26
|
+
this.WRITE,
|
|
27
|
+
this.MANAGE,
|
|
24
28
|
]); }
|
|
29
|
+
static { this.LATTICE = [
|
|
30
|
+
{ child: this.READ, parent: this.MANAGE },
|
|
31
|
+
{ child: this.WRITE, parent: this.MANAGE },
|
|
32
|
+
{ child: this.EXECUTE, parent: this.MANAGE },
|
|
33
|
+
{ child: this.CREATE, parent: this.WRITE },
|
|
34
|
+
{ child: this.UPDATE, parent: this.WRITE },
|
|
35
|
+
{ child: this.DELETE, parent: this.WRITE },
|
|
36
|
+
]; }
|
|
25
37
|
static isValid(input) {
|
|
26
38
|
return this.SCHEME_SET.has(input);
|
|
27
39
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/common/constants.ts"],"names":[],"mappings":";;;AACA,iFAAuE;AAEvE,MAAa,aAAa;aACR,UAAK,GAAG,qBAAqB,CAAC;aAC9B,uBAAkB,GAAG,oBAAoB,CAAC;aAC1C,aAAQ,GAAG,wBAAwB,CAAC;aACpC,WAAM,GAAG,sBAAsB,CAAC;;AAJlD,sCAKC;AAED,MAAa,oBAAoB;aACf,WAAM,GAAG,QAAQ,CAAC;aAClB,
|
|
1
|
+
{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/common/constants.ts"],"names":[],"mappings":";;;AACA,iFAAuE;AAEvE,MAAa,aAAa;aACR,UAAK,GAAG,qBAAqB,CAAC;aAC9B,uBAAkB,GAAG,oBAAoB,CAAC;aAC1C,aAAQ,GAAG,wBAAwB,CAAC;aACpC,WAAM,GAAG,sBAAsB,CAAC;;AAJlD,sCAKC;AAED,MAAa,oBAAoB;aACf,WAAM,GAAG,QAAQ,CAAC;aAClB,WAAM,GAAG,QAAQ,CAAC;aAClB,WAAM,GAAG,QAAQ,CAAC;aAClB,YAAO,GAAG,SAAS,CAAC;aAEpB,SAAI,GAAG,MAAM,CAAC;aACd,UAAK,GAAG,OAAO,CAAC;aAChB,WAAM,GAAG,QAAQ,CAAC;aAElB,eAAU,GAAG,IAAI,GAAG,CAAC;QACnC,IAAI,CAAC,MAAM;QACX,IAAI,CAAC,MAAM;QACX,IAAI,CAAC,MAAM;QACX,IAAI,CAAC,OAAO;QAEZ,IAAI,CAAC,IAAI;QACT,IAAI,CAAC,KAAK;QACV,IAAI,CAAC,MAAM;KACZ,CAAC,CAAC;aAEa,YAAO,GAGlB;QACH,EAAE,KAAK,EAAE,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE;QACzC,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE;QAC1C,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE;QAC5C,EAAE,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,CAAC,KAAK,EAAE;QAC1C,EAAE,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,CAAC,KAAK,EAAE;QAC1C,EAAE,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,CAAC,KAAK,EAAE;KAC3C,CAAC;IAEF,MAAM,CAAC,OAAO,CAAC,KAAa;QAC1B,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACpC,CAAC;;AAnCH,oDAoCC;AAGD,MAAa,sBAAsB;aACjB,UAAK,GAAG,OAAO,CAAC;aAChB,SAAI,GAAG,MAAM,CAAC;aACd,YAAO,GAAG,SAAS,CAAC;aAEpB,eAAU,GAAG,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;IAE5E,MAAM,CAAC,OAAO,CAAC,KAAa;QAC1B,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACpC,CAAC;IAED,MAAM,CAAC,OAAO,CAAC,KAAsB;QACnC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,GAAG,CAAC,CAAC;QACnB,CAAC;QACD,OAAO,KAAK,CAAC,WAAW,EAAE,KAAK,IAAI,CAAC,KAAK,CAAC;IAC5C,CAAC;IAED,MAAM,CAAC,MAAM,CAAC,KAAsB;QAClC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,GAAG,CAAC,CAAC;QACnB,CAAC;QACD,OAAO,KAAK,CAAC,WAAW,EAAE,KAAK,IAAI,CAAC,IAAI,CAAC;IAC3C,CAAC;IAED,MAAM,CAAC,SAAS,CAAC,KAAsB;QACrC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,KAAK,CAAC,CAAC;QACrB,CAAC;QACD,OAAO,KAAK,CAAC,WAAW,EAAE,KAAK,IAAI,CAAC,OAAO,CAAC;IAC9C,CAAC;;AA9BH,wDA+BC;AAGD,MAAa,kBAAkB;aACb,gBAAW,GAAG,4CAAiB,CAAC,KAAK,CAAC;QACpD,IAAI,EAAE,aAAa;QACnB,QAAQ,EAAE,GAAG;KACd,CAAC,CAAC;aACa,UAAK,GAAG,4CAAiB,CAAC,KAAK,CAAC;QAC9C,IAAI,EAAE,OAAO;QACb,QAAQ,EAAE,GAAG;KACd,CAAC,CAAC;aACa,SAAI,GAAG,4CAAiB,CAAC,KAAK,CAAC;QAC7C,IAAI,EAAE,MAAM;QACZ,QAAQ,EAAE,EAAE;KACb,CAAC,CAAC;aACa,UAAK,GAAG,4CAAiB,CAAC,KAAK,CAAC;QAC9C,IAAI,EAAE,OAAO;QACb,QAAQ,EAAE,CAAC;KACZ,CAAC,CAAC;aACa,iBAAY,GAAG,4CAAiB,CAAC,KAAK,CAAC;QACrD,IAAI,EAAE,cAAc;QACpB,QAAQ,EAAE,CAAC;KACZ,CAAC,CAAC;aAEa,eAAU,GAAG,IAAI,GAAG,CAAS;QAC3C,IAAI,CAAC,WAAW,CAAC,UAAU;QAC3B,IAAI,CAAC,KAAK,CAAC,UAAU;QACrB,IAAI,CAAC,IAAI,CAAC,UAAU;QACpB,IAAI,CAAC,KAAK,CAAC,UAAU;QACrB,IAAI,CAAC,YAAY,CAAC,UAAU;KAC7B,CAAC,CAAC;IAEH,MAAM,CAAC,OAAO,CAAC,KAAa;QAC1B,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACpC,CAAC;;AAhCH,gDAiCC;AAED,MAAa,0BAA0B;aACrB,WAAM,GAAG,QAAQ,CAAC;aAClB,WAAM,GAAG,QAAQ,CAAC;aAElB,eAAU,GAAG,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;IAEjE,MAAM,CAAC,OAAO,CAAC,KAAa;QAC1B,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACpC,CAAC;;AARH,gEASC;AAID,MAAa,2BAA2B;aACtB,UAAK,GAAG,OAAO,CAAC;aAEhB,eAAU,GAAG,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;IAEnD,MAAM,CAAC,OAAO,CAAC,KAAa;QAC1B,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACpC,CAAC;;AAPH,kEAQC;AAID,MAAa,0BAA0B;aACrB,SAAI,GAAG,MAAM,CAAC;aACd,SAAI,GAAG,MAAM,CAAC;aAEd,eAAU,GAAG,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAE7D,MAAM,CAAC,OAAO,CAAC,KAAa;QAC1B,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACpC,CAAC;;AARH,gEASC;AAID,MAAa,6BAA6B;IACxC,+FAA+F;aAC/E,cAAS,GAAG,UAAU,CAAC;IAEvC,+CAA+C;aAC/B,gBAAW,GAAG,WAAW,CAAC;IAE1C,uCAAuC;aACvB,gBAAW,GAAG,WAAW,CAAC;IAE1C,6DAA6D;aAC7C,gBAAW,GAAG,WAAW,CAAC;IAE1C,mEAAmE;aACnD,gBAAW,GAAG,YAAY,CAAC;aAE3B,eAAU,GAAG,IAAI,GAAG,CAAC;QACnC,IAAI,CAAC,SAAS;QACd,IAAI,CAAC,WAAW;QAChB,IAAI,CAAC,WAAW;QAChB,IAAI,CAAC,WAAW;QAChB,IAAI,CAAC,WAAW;KACjB,CAAC,CAAC;IAEH,MAAM,CAAC,OAAO,CAAC,KAAa;QAC1B,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACpC,CAAC;;AA1BH,sEA2BC;AAID,MAAa,yBAAyB;IACpC,+FAA+F;aAC/E,eAAU,GAAG,YAAY,CAAC;IAE1C,0EAA0E;aAC1D,gBAAW,GAAG,aAAa,CAAC;aAE5B,eAAU,GAAG,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;IAE1E,MAAM,CAAC,OAAO,CAAC,KAAa;QAC1B,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACpC,CAAC;;AAXH,8DAYC;AAGD;;;;;GAKG;AACH,MAAa,kBAAkB;IAC7B,8BAA8B;aACd,MAAC,GAAG,GAAG,CAAC;IAExB;;;OAGG;IAEH,+FAA+F;aAC/E,MAAC,GAAG,GAAG,CAAC;IAExB,uFAAuF;aACvE,OAAE,GAAG,IAAI,CAAC;IAE1B,gEAAgE;aAChD,OAAE,GAAG,IAAI,CAAC;IAE1B,wDAAwD;aACxC,OAAE,GAAG,IAAI,CAAC;IAE1B,sDAAsD;aACtC,OAAE,GAAG,IAAI,CAAC;;AAtB5B,gDAuBC;AAID;;;;;;;;;;;;;GAaG;AACH,MAAa,2BAA2B;IACtC;;;;OAIG;aACa,UAAK,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,kBAAkB,CAAC,CAAC,EAAW,CAAC;IAEjF;;;;OAIG;aACa,gBAAW,GAAG,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE,kBAAkB,CAAC,CAAC,EAAW,CAAC;IAE7F;;;;;OAKG;aACa,kBAAa,GAAG,EAAE,MAAM,EAAE,eAAe,EAAE,IAAI,EAAE,kBAAkB,CAAC,CAAC,EAAW,CAAC;IAEjG;;;;;OAKG;aACa,gBAAW,GAAG,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE,kBAAkB,CAAC,EAAE,EAAW,CAAC;IAE9F;;;;;OAKG;aACa,oBAAe,GAAG;QAChC,MAAM,EAAE,iBAAiB;QACzB,IAAI,EAAE,kBAAkB,CAAC,EAAE;KACnB,CAAC;IAEX;;;;;;OAMG;aACa,sBAAiB,GAAG;QAClC,MAAM,EAAE,mBAAmB;QAC3B,IAAI,EAAE,kBAAkB,CAAC,EAAE;KACnB,CAAC;IAEX;;;;;;;OAOG;aACa,oBAAe,GAAG;QAChC,MAAM,EAAE,iBAAiB;QACzB,IAAI,EAAE,kBAAkB,CAAC,EAAE;KACnB,CAAC;aAEK,sBAAiB,GAAG,IAAI,GAAG,CAAC;QAC1C,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE;QAC5B,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,QAAQ,EAAE;QAClC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,QAAQ,EAAE;QACpC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,QAAQ,EAAE;QAClC,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,QAAQ,EAAE;QACtC,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,QAAQ,EAAE;QACxC,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,QAAQ,EAAE;KACvC,CAAC,CAAC;aAEa,oBAAe,GAAG,IAAI,GAAG,CAAC;QACxC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE;QAC1B,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,EAAE;QAChC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,QAAQ,EAAE;QAClC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,EAAE;QAChC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,QAAQ,EAAE;QACpC,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,QAAQ,EAAE;QACtC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,QAAQ,EAAE;KACrC,CAAC,CAAC;IAEH,MAAM,CAAC,aAAa,CAAC,KAAa;QAChC,OAAO,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC3C,CAAC;IAED,MAAM,CAAC,WAAW,CAAC,KAAa;QAC9B,OAAO,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACzC,CAAC;;AA7FH,kEA8FC"}
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
export * from './constants';
|
|
2
2
|
export * from './keys';
|
|
3
3
|
export * from './object-match';
|
|
4
|
+
export * from './permission-builder';
|
|
5
|
+
export * from './policy-builder';
|
|
4
6
|
export * from './resolve-request-domain';
|
|
5
7
|
export * from './types';
|
|
6
8
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/common/index.ts"],"names":[],"mappings":"AAAA,cAAc,aAAa,CAAC;AAC5B,cAAc,QAAQ,CAAC;AACvB,cAAc,gBAAgB,CAAC;AAC/B,cAAc,0BAA0B,CAAC;AACzC,cAAc,SAAS,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/common/index.ts"],"names":[],"mappings":"AAAA,cAAc,aAAa,CAAC;AAC5B,cAAc,QAAQ,CAAC;AACvB,cAAc,gBAAgB,CAAC;AAC/B,cAAc,sBAAsB,CAAC;AACrC,cAAc,kBAAkB,CAAC;AACjC,cAAc,0BAA0B,CAAC;AACzC,cAAc,SAAS,CAAC"}
|
|
@@ -17,6 +17,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
17
17
|
__exportStar(require("./constants"), exports);
|
|
18
18
|
__exportStar(require("./keys"), exports);
|
|
19
19
|
__exportStar(require("./object-match"), exports);
|
|
20
|
+
__exportStar(require("./permission-builder"), exports);
|
|
21
|
+
__exportStar(require("./policy-builder"), exports);
|
|
20
22
|
__exportStar(require("./resolve-request-domain"), exports);
|
|
21
23
|
__exportStar(require("./types"), exports);
|
|
22
24
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/common/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,8CAA4B;AAC5B,yCAAuB;AACvB,iDAA+B;AAC/B,2DAAyC;AACzC,0CAAwB"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/common/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,8CAA4B;AAC5B,yCAAuB;AACvB,iDAA+B;AAC/B,uDAAqC;AACrC,mDAAiC;AACjC,2DAAyC;AACzC,0CAAwB"}
|
|
@@ -0,0 +1,92 @@
|
|
|
1
|
+
import { IdType } from '../../../../base';
|
|
2
|
+
import { TNullable } from '../../../../helpers';
|
|
3
|
+
import { TAuthorizationAction } from './constants';
|
|
4
|
+
/**
|
|
5
|
+
* Builders for `Permission` catalog rows (the `obj` axis the scoped matcher resolves).
|
|
6
|
+
*
|
|
7
|
+
* Generic over the name/description type (`TName`) so an app with i18n `name`/`description` columns and
|
|
8
|
+
* one with plain-text names both fit. Produces the framework-owned columns
|
|
9
|
+
* (code/subject/method/action/scope/description/parentId); `description` defaults to `null`.
|
|
10
|
+
* App-specific columns are added by the caller.
|
|
11
|
+
*/
|
|
12
|
+
export declare class AuthorizationPermissionBuilder {
|
|
13
|
+
/** Sentinel `method` for a coarse resource node (a grant target that is not a route). */
|
|
14
|
+
static readonly RESOURCE_NODE_METHOD = "*";
|
|
15
|
+
/** Standard repository method → base action. Unlisted methods (custom ops, aggregates) resolve to `execute`. */
|
|
16
|
+
static readonly METHOD_ACTIONS: Readonly<Record<string, TAuthorizationAction>>;
|
|
17
|
+
/** The CRUD methods {@link crud} generates by default. */
|
|
18
|
+
static readonly DEFAULT_CRUD_METHODS: ReadonlyArray<string>;
|
|
19
|
+
/** Base action for a method: a known CRUD method maps to read/create/update/delete; anything else → `execute`. */
|
|
20
|
+
static actionForMethod(method: string): TAuthorizationAction;
|
|
21
|
+
/** One operation-level permission, `code = <subject>.<method>`. `action` defaults to {@link actionForMethod}. */
|
|
22
|
+
static operation<TName>(opts: {
|
|
23
|
+
subject: string;
|
|
24
|
+
method: string;
|
|
25
|
+
scope: string;
|
|
26
|
+
name: TName;
|
|
27
|
+
description?: TNullable<TName>;
|
|
28
|
+
action?: TAuthorizationAction;
|
|
29
|
+
parentId?: TNullable<IdType>;
|
|
30
|
+
}): {
|
|
31
|
+
code: string;
|
|
32
|
+
subject: string;
|
|
33
|
+
method: string;
|
|
34
|
+
action: string;
|
|
35
|
+
scope: string;
|
|
36
|
+
description: NonNullable<TName> | null;
|
|
37
|
+
parentId: IdType | null;
|
|
38
|
+
name: TName;
|
|
39
|
+
};
|
|
40
|
+
/**
|
|
41
|
+
* A coarse resource node (module or subject) used as a grant target, e.g. `Sale` or `SaleOrder`.
|
|
42
|
+
* `code` is the bare name (no dotted method); `method` is the {@link RESOURCE_NODE_METHOD} sentinel.
|
|
43
|
+
* `action` defaults to `manage` (the broadest), though the grant on this node carries its own action.
|
|
44
|
+
*/
|
|
45
|
+
static resourceNode<TName>(opts: {
|
|
46
|
+
code: string;
|
|
47
|
+
subject?: string;
|
|
48
|
+
scope: string;
|
|
49
|
+
name: TName;
|
|
50
|
+
description?: TNullable<TName>;
|
|
51
|
+
action?: TAuthorizationAction;
|
|
52
|
+
parentId?: TNullable<IdType>;
|
|
53
|
+
}): {
|
|
54
|
+
code: string;
|
|
55
|
+
subject: string;
|
|
56
|
+
method: string;
|
|
57
|
+
action: string;
|
|
58
|
+
scope: string;
|
|
59
|
+
description: NonNullable<TName> | null;
|
|
60
|
+
parentId: IdType | null;
|
|
61
|
+
name: TName;
|
|
62
|
+
};
|
|
63
|
+
/**
|
|
64
|
+
* The CRUD permission set for a subject. `name` (and optional `description`) are per-method formatters,
|
|
65
|
+
* so the app supplies its own labels/i18n; the framework only owns the method→action map and code shape.
|
|
66
|
+
*/
|
|
67
|
+
static crud<TName>(opts: {
|
|
68
|
+
subject: string;
|
|
69
|
+
scope: string;
|
|
70
|
+
name: (ctx: {
|
|
71
|
+
subject: string;
|
|
72
|
+
method: string;
|
|
73
|
+
action: TAuthorizationAction;
|
|
74
|
+
}) => TName;
|
|
75
|
+
description?: (ctx: {
|
|
76
|
+
subject: string;
|
|
77
|
+
method: string;
|
|
78
|
+
action: TAuthorizationAction;
|
|
79
|
+
}) => TNullable<TName>;
|
|
80
|
+
methods?: ReadonlyArray<string>;
|
|
81
|
+
}): {
|
|
82
|
+
code: string;
|
|
83
|
+
subject: string;
|
|
84
|
+
method: string;
|
|
85
|
+
action: string;
|
|
86
|
+
scope: string;
|
|
87
|
+
description: NonNullable<TName> | null;
|
|
88
|
+
parentId: IdType | null;
|
|
89
|
+
name: TName;
|
|
90
|
+
}[];
|
|
91
|
+
}
|
|
92
|
+
//# sourceMappingURL=permission-builder.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"permission-builder.d.ts","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/common/permission-builder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAChC,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAwB,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAEzE;;;;;;;GAOG;AACH,qBAAa,8BAA8B;IACzC,yFAAyF;IACzF,MAAM,CAAC,QAAQ,CAAC,oBAAoB,OAAO;IAE3C,gHAAgH;IAChH,MAAM,CAAC,QAAQ,CAAC,cAAc,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAC,CAU5E;IAEF,0DAA0D;IAC1D,MAAM,CAAC,QAAQ,CAAC,oBAAoB,EAAE,aAAa,CAAC,MAAM,CAAC,CAUzD;IAEF,kHAAkH;IAClH,MAAM,CAAC,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,oBAAoB;IAI5D,iHAAiH;IACjH,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE;QAC5B,OAAO,EAAE,MAAM,CAAC;QAChB,MAAM,EAAE,MAAM,CAAC;QACf,KAAK,EAAE,MAAM,CAAC;QACd,IAAI,EAAE,KAAK,CAAC;QACZ,WAAW,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC;QAC/B,MAAM,CAAC,EAAE,oBAAoB,CAAC;QAC9B,QAAQ,CAAC,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;KAC9B;;;;;;;;;;IAaD;;;;OAIG;IACH,MAAM,CAAC,YAAY,CAAC,KAAK,EAAE,IAAI,EAAE;QAC/B,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,KAAK,EAAE,MAAM,CAAC;QACd,IAAI,EAAE,KAAK,CAAC;QACZ,WAAW,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC;QAC/B,MAAM,CAAC,EAAE,oBAAoB,CAAC;QAC9B,QAAQ,CAAC,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;KAC9B;;;;;;;;;;IAaD;;;OAGG;IACH,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,EAAE;QACvB,OAAO,EAAE,MAAM,CAAC;QAChB,KAAK,EAAE,MAAM,CAAC;QACd,IAAI,EAAE,CAAC,GAAG,EAAE;YAAE,OAAO,EAAE,MAAM,CAAC;YAAC,MAAM,EAAE,MAAM,CAAC;YAAC,MAAM,EAAE,oBAAoB,CAAA;SAAE,KAAK,KAAK,CAAC;QACxF,WAAW,CAAC,EAAE,CAAC,GAAG,EAAE;YAClB,OAAO,EAAE,MAAM,CAAC;YAChB,MAAM,EAAE,MAAM,CAAC;YACf,MAAM,EAAE,oBAAoB,CAAC;SAC9B,KAAK,SAAS,CAAC,KAAK,CAAC,CAAC;QACvB,OAAO,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;KACjC;;;;;;;;;;CAqBF"}
|
|
@@ -0,0 +1,99 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.AuthorizationPermissionBuilder = void 0;
|
|
4
|
+
const constants_1 = require("./constants");
|
|
5
|
+
/**
|
|
6
|
+
* Builders for `Permission` catalog rows (the `obj` axis the scoped matcher resolves).
|
|
7
|
+
*
|
|
8
|
+
* Generic over the name/description type (`TName`) so an app with i18n `name`/`description` columns and
|
|
9
|
+
* one with plain-text names both fit. Produces the framework-owned columns
|
|
10
|
+
* (code/subject/method/action/scope/description/parentId); `description` defaults to `null`.
|
|
11
|
+
* App-specific columns are added by the caller.
|
|
12
|
+
*/
|
|
13
|
+
class AuthorizationPermissionBuilder {
|
|
14
|
+
/** Sentinel `method` for a coarse resource node (a grant target that is not a route). */
|
|
15
|
+
static { this.RESOURCE_NODE_METHOD = '*'; }
|
|
16
|
+
/** Standard repository method → base action. Unlisted methods (custom ops, aggregates) resolve to `execute`. */
|
|
17
|
+
static { this.METHOD_ACTIONS = {
|
|
18
|
+
find: constants_1.AuthorizationActions.READ,
|
|
19
|
+
findById: constants_1.AuthorizationActions.READ,
|
|
20
|
+
findOne: constants_1.AuthorizationActions.READ,
|
|
21
|
+
count: constants_1.AuthorizationActions.READ,
|
|
22
|
+
create: constants_1.AuthorizationActions.CREATE,
|
|
23
|
+
updateById: constants_1.AuthorizationActions.UPDATE,
|
|
24
|
+
updateBy: constants_1.AuthorizationActions.UPDATE,
|
|
25
|
+
deleteById: constants_1.AuthorizationActions.DELETE,
|
|
26
|
+
deleteBy: constants_1.AuthorizationActions.DELETE,
|
|
27
|
+
}; }
|
|
28
|
+
/** The CRUD methods {@link crud} generates by default. */
|
|
29
|
+
static { this.DEFAULT_CRUD_METHODS = [
|
|
30
|
+
'find',
|
|
31
|
+
'findById',
|
|
32
|
+
'findOne',
|
|
33
|
+
'count',
|
|
34
|
+
'create',
|
|
35
|
+
'updateById',
|
|
36
|
+
'updateBy',
|
|
37
|
+
'deleteById',
|
|
38
|
+
'deleteBy',
|
|
39
|
+
]; }
|
|
40
|
+
/** Base action for a method: a known CRUD method maps to read/create/update/delete; anything else → `execute`. */
|
|
41
|
+
static actionForMethod(method) {
|
|
42
|
+
return AuthorizationPermissionBuilder.METHOD_ACTIONS[method] ?? constants_1.AuthorizationActions.EXECUTE;
|
|
43
|
+
}
|
|
44
|
+
/** One operation-level permission, `code = <subject>.<method>`. `action` defaults to {@link actionForMethod}. */
|
|
45
|
+
static operation(opts) {
|
|
46
|
+
return {
|
|
47
|
+
code: [opts.subject, opts.method].join('.'),
|
|
48
|
+
subject: opts.subject,
|
|
49
|
+
method: opts.method,
|
|
50
|
+
action: opts.action ?? AuthorizationPermissionBuilder.actionForMethod(opts.method),
|
|
51
|
+
scope: opts.scope,
|
|
52
|
+
description: opts.description ?? null,
|
|
53
|
+
parentId: opts.parentId ?? null,
|
|
54
|
+
name: opts.name,
|
|
55
|
+
};
|
|
56
|
+
}
|
|
57
|
+
/**
|
|
58
|
+
* A coarse resource node (module or subject) used as a grant target, e.g. `Sale` or `SaleOrder`.
|
|
59
|
+
* `code` is the bare name (no dotted method); `method` is the {@link RESOURCE_NODE_METHOD} sentinel.
|
|
60
|
+
* `action` defaults to `manage` (the broadest), though the grant on this node carries its own action.
|
|
61
|
+
*/
|
|
62
|
+
static resourceNode(opts) {
|
|
63
|
+
return {
|
|
64
|
+
code: opts.code,
|
|
65
|
+
subject: opts.subject ?? opts.code,
|
|
66
|
+
method: AuthorizationPermissionBuilder.RESOURCE_NODE_METHOD,
|
|
67
|
+
action: opts.action ?? constants_1.AuthorizationActions.MANAGE,
|
|
68
|
+
scope: opts.scope,
|
|
69
|
+
description: opts.description ?? null,
|
|
70
|
+
parentId: opts.parentId ?? null,
|
|
71
|
+
name: opts.name,
|
|
72
|
+
};
|
|
73
|
+
}
|
|
74
|
+
/**
|
|
75
|
+
* The CRUD permission set for a subject. `name` (and optional `description`) are per-method formatters,
|
|
76
|
+
* so the app supplies its own labels/i18n; the framework only owns the method→action map and code shape.
|
|
77
|
+
*/
|
|
78
|
+
static crud(opts) {
|
|
79
|
+
const methods = opts.methods ?? AuthorizationPermissionBuilder.DEFAULT_CRUD_METHODS;
|
|
80
|
+
return methods.map(method => {
|
|
81
|
+
const action = AuthorizationPermissionBuilder.actionForMethod(method);
|
|
82
|
+
const ctx = {
|
|
83
|
+
subject: opts.subject,
|
|
84
|
+
method,
|
|
85
|
+
action,
|
|
86
|
+
};
|
|
87
|
+
return AuthorizationPermissionBuilder.operation({
|
|
88
|
+
subject: opts.subject,
|
|
89
|
+
method,
|
|
90
|
+
scope: opts.scope,
|
|
91
|
+
action,
|
|
92
|
+
name: opts.name(ctx),
|
|
93
|
+
description: opts.description ? opts.description(ctx) : undefined,
|
|
94
|
+
});
|
|
95
|
+
});
|
|
96
|
+
}
|
|
97
|
+
}
|
|
98
|
+
exports.AuthorizationPermissionBuilder = AuthorizationPermissionBuilder;
|
|
99
|
+
//# sourceMappingURL=permission-builder.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"permission-builder.js","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/common/permission-builder.ts"],"names":[],"mappings":";;;AAEA,2CAAyE;AAEzE;;;;;;;GAOG;AACH,MAAa,8BAA8B;IACzC,yFAAyF;aACzE,yBAAoB,GAAG,GAAG,CAAC;IAE3C,gHAAgH;aAChG,mBAAc,GAAmD;QAC/E,IAAI,EAAE,gCAAoB,CAAC,IAAI;QAC/B,QAAQ,EAAE,gCAAoB,CAAC,IAAI;QACnC,OAAO,EAAE,gCAAoB,CAAC,IAAI;QAClC,KAAK,EAAE,gCAAoB,CAAC,IAAI;QAChC,MAAM,EAAE,gCAAoB,CAAC,MAAM;QACnC,UAAU,EAAE,gCAAoB,CAAC,MAAM;QACvC,QAAQ,EAAE,gCAAoB,CAAC,MAAM;QACrC,UAAU,EAAE,gCAAoB,CAAC,MAAM;QACvC,QAAQ,EAAE,gCAAoB,CAAC,MAAM;KACtC,CAAC;IAEF,0DAA0D;aAC1C,yBAAoB,GAA0B;QAC5D,MAAM;QACN,UAAU;QACV,SAAS;QACT,OAAO;QACP,QAAQ;QACR,YAAY;QACZ,UAAU;QACV,YAAY;QACZ,UAAU;KACX,CAAC;IAEF,kHAAkH;IAClH,MAAM,CAAC,eAAe,CAAC,MAAc;QACnC,OAAO,8BAA8B,CAAC,cAAc,CAAC,MAAM,CAAC,IAAI,gCAAoB,CAAC,OAAO,CAAC;IAC/F,CAAC;IAED,iHAAiH;IACjH,MAAM,CAAC,SAAS,CAAQ,IAQvB;QACC,OAAO;YACL,IAAI,EAAE,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;YAC3C,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,8BAA8B,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC;YAClF,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,WAAW,EAAE,IAAI,CAAC,WAAW,IAAI,IAAI;YACrC,QAAQ,EAAE,IAAI,CAAC,QAAQ,IAAI,IAAI;YAC/B,IAAI,EAAE,IAAI,CAAC,IAAI;SAChB,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,YAAY,CAAQ,IAQ1B;QACC,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,OAAO,EAAE,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI;YAClC,MAAM,EAAE,8BAA8B,CAAC,oBAAoB;YAC3D,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,gCAAoB,CAAC,MAAM;YAClD,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,WAAW,EAAE,IAAI,CAAC,WAAW,IAAI,IAAI;YACrC,QAAQ,EAAE,IAAI,CAAC,QAAQ,IAAI,IAAI;YAC/B,IAAI,EAAE,IAAI,CAAC,IAAI;SAChB,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,MAAM,CAAC,IAAI,CAAQ,IAUlB;QACC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,8BAA8B,CAAC,oBAAoB,CAAC;QAEpF,OAAO,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;YAC1B,MAAM,MAAM,GAAG,8BAA8B,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;YACtE,MAAM,GAAG,GAAsE;gBAC7E,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,MAAM;gBACN,MAAM;aACP,CAAC;YAEF,OAAO,8BAA8B,CAAC,SAAS,CAAQ;gBACrD,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,MAAM;gBACN,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,MAAM;gBACN,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;gBACpB,WAAW,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS;aAClE,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;;AArHH,wEAsHC"}
|
|
@@ -0,0 +1,183 @@
|
|
|
1
|
+
import { IdType } from '../../../../base';
|
|
2
|
+
import { TNullable } from '../../../../helpers';
|
|
3
|
+
import { TAuthorizationAction, TAuthorizationDecision } from './constants';
|
|
4
|
+
/** A grant/assignment domain: a scope literal (`SYSTEM_WIDE`/`ANY_MEMBER`) or a typed domain entity. */
|
|
5
|
+
export type TPolicyDomainInput = string | {
|
|
6
|
+
type: string;
|
|
7
|
+
id: IdType;
|
|
8
|
+
};
|
|
9
|
+
export declare class AuthorizationPolicyBuilder {
|
|
10
|
+
static readonly ACTION_PRINCIPAL = "Action";
|
|
11
|
+
/**
|
|
12
|
+
* Serialize a domain to the casbin token the matcher compares against {@link resolveRequestDomain}'s
|
|
13
|
+
* output: a scope literal (`SYSTEM_WIDE`/`ANY_MEMBER`) passes through unchanged; a typed domain becomes
|
|
14
|
+
* `<type>_<id>` so `g3(r.dom, p.dom)` cascades; null ⇒ null (the adapter then defaults grants to `ANY_MEMBER`).
|
|
15
|
+
*/
|
|
16
|
+
private static serializeDomain;
|
|
17
|
+
/**
|
|
18
|
+
* A grant (casbin `p`): role/user → permission, carrying action + effect + domain.
|
|
19
|
+
* `domain` null ⇒ `ANY_MEMBER` (adapter default). Pass a scope literal or a typed `{ type, id }` domain.
|
|
20
|
+
*/
|
|
21
|
+
static grant(opts: {
|
|
22
|
+
subject: {
|
|
23
|
+
type: string;
|
|
24
|
+
id: IdType;
|
|
25
|
+
};
|
|
26
|
+
permission: {
|
|
27
|
+
type: string;
|
|
28
|
+
id: IdType;
|
|
29
|
+
};
|
|
30
|
+
action: string;
|
|
31
|
+
domain?: TNullable<TPolicyDomainInput>;
|
|
32
|
+
effect: TAuthorizationDecision;
|
|
33
|
+
}): {
|
|
34
|
+
variant: "grant";
|
|
35
|
+
subjectType: string;
|
|
36
|
+
subjectId: IdType;
|
|
37
|
+
targetType: string;
|
|
38
|
+
targetId: IdType;
|
|
39
|
+
action: string;
|
|
40
|
+
effect: string;
|
|
41
|
+
domain: TNullable<string>;
|
|
42
|
+
};
|
|
43
|
+
/** Assign a role to a user (casbin `g`). `domain` null ⇒ `*` (every domain). */
|
|
44
|
+
static assignRole(opts: {
|
|
45
|
+
user: {
|
|
46
|
+
type: string;
|
|
47
|
+
id: IdType;
|
|
48
|
+
};
|
|
49
|
+
role: {
|
|
50
|
+
type: string;
|
|
51
|
+
id: IdType;
|
|
52
|
+
};
|
|
53
|
+
domain?: TNullable<TPolicyDomainInput>;
|
|
54
|
+
}): {
|
|
55
|
+
variant: "assign_role";
|
|
56
|
+
subjectType: string;
|
|
57
|
+
subjectId: IdType;
|
|
58
|
+
targetType: string;
|
|
59
|
+
targetId: IdType;
|
|
60
|
+
domain: TNullable<string>;
|
|
61
|
+
};
|
|
62
|
+
/** A user joins a domain (casbin `g2`) — backs the `ANY_MEMBER` grant scope. */
|
|
63
|
+
static joinDomain(opts: {
|
|
64
|
+
user: {
|
|
65
|
+
type: string;
|
|
66
|
+
id: IdType;
|
|
67
|
+
};
|
|
68
|
+
domain: {
|
|
69
|
+
type: string;
|
|
70
|
+
id: IdType;
|
|
71
|
+
};
|
|
72
|
+
}): {
|
|
73
|
+
variant: "join_domain";
|
|
74
|
+
subjectType: string;
|
|
75
|
+
subjectId: IdType;
|
|
76
|
+
targetType: string;
|
|
77
|
+
targetId: IdType;
|
|
78
|
+
};
|
|
79
|
+
/** A role inherits another role (casbin `g`, shared relation with assign_role). */
|
|
80
|
+
static roleInherits(opts: {
|
|
81
|
+
child: {
|
|
82
|
+
type: string;
|
|
83
|
+
id: IdType;
|
|
84
|
+
};
|
|
85
|
+
parent: {
|
|
86
|
+
type: string;
|
|
87
|
+
id: IdType;
|
|
88
|
+
};
|
|
89
|
+
}): {
|
|
90
|
+
variant: "role_inherits";
|
|
91
|
+
subjectType: string;
|
|
92
|
+
subjectId: IdType;
|
|
93
|
+
targetType: string;
|
|
94
|
+
targetId: IdType;
|
|
95
|
+
};
|
|
96
|
+
/**
|
|
97
|
+
* A resource inherits another (casbin `g4`): a grant on the PARENT covers the CHILD.
|
|
98
|
+
* e.g. `{ child: SaleOrder, parent: Sale }` — grant on module `Sale` covers subject `SaleOrder`.
|
|
99
|
+
* Many-to-many: a subject may inherit several module parents (add one edge each).
|
|
100
|
+
*/
|
|
101
|
+
static resourceInherits(opts: {
|
|
102
|
+
child: {
|
|
103
|
+
type: string;
|
|
104
|
+
id: IdType;
|
|
105
|
+
};
|
|
106
|
+
parent: {
|
|
107
|
+
type: string;
|
|
108
|
+
id: IdType;
|
|
109
|
+
};
|
|
110
|
+
}): {
|
|
111
|
+
variant: "resource_inherits";
|
|
112
|
+
subjectType: string;
|
|
113
|
+
subjectId: IdType;
|
|
114
|
+
targetType: string;
|
|
115
|
+
targetId: IdType;
|
|
116
|
+
};
|
|
117
|
+
/** An action inherits another (casbin `g5`): the child action is implied by the parent, e.g. read ⊂ manage. */
|
|
118
|
+
static actionInherits(opts: {
|
|
119
|
+
child: TAuthorizationAction;
|
|
120
|
+
parent: TAuthorizationAction;
|
|
121
|
+
}): {
|
|
122
|
+
variant: "action_inherits";
|
|
123
|
+
subjectType: string;
|
|
124
|
+
subjectId: string;
|
|
125
|
+
targetType: string;
|
|
126
|
+
targetId: string;
|
|
127
|
+
};
|
|
128
|
+
/** All `action_inherits` rows for the standard {@link AuthorizationActions.LATTICE}. Seed once, idempotently. */
|
|
129
|
+
static actionLattice(): {
|
|
130
|
+
variant: "action_inherits";
|
|
131
|
+
subjectType: string;
|
|
132
|
+
subjectId: string;
|
|
133
|
+
targetType: string;
|
|
134
|
+
targetId: string;
|
|
135
|
+
}[];
|
|
136
|
+
/** A domain inherits another (casbin `g3`): a grant in the parent domain cascades to the child. e.g. Merchant ⊂ Organizer. */
|
|
137
|
+
static domainInherits(opts: {
|
|
138
|
+
child: {
|
|
139
|
+
type: string;
|
|
140
|
+
id: IdType;
|
|
141
|
+
};
|
|
142
|
+
parent: {
|
|
143
|
+
type: string;
|
|
144
|
+
id: IdType;
|
|
145
|
+
};
|
|
146
|
+
}): {
|
|
147
|
+
variant: "domain_inherits";
|
|
148
|
+
subjectType: string;
|
|
149
|
+
subjectId: IdType;
|
|
150
|
+
targetType: string;
|
|
151
|
+
targetId: IdType;
|
|
152
|
+
};
|
|
153
|
+
/**
|
|
154
|
+
* Build a role's coarse grant rows from resolved permission ids. The caller resolves each
|
|
155
|
+
* `resourceCode` (subject/module) to a `Permission` and supplies the lookup; unresolved codes are skipped.
|
|
156
|
+
*/
|
|
157
|
+
static roleGrants(opts: {
|
|
158
|
+
role: {
|
|
159
|
+
type: string;
|
|
160
|
+
id: IdType;
|
|
161
|
+
};
|
|
162
|
+
permission: {
|
|
163
|
+
type: string;
|
|
164
|
+
idByCode: ReadonlyMap<string, string>;
|
|
165
|
+
};
|
|
166
|
+
grants: ReadonlyArray<{
|
|
167
|
+
resourceCode: string;
|
|
168
|
+
action: string;
|
|
169
|
+
domain?: TNullable<TPolicyDomainInput>;
|
|
170
|
+
effect: TAuthorizationDecision;
|
|
171
|
+
}>;
|
|
172
|
+
}): {
|
|
173
|
+
variant: "grant";
|
|
174
|
+
subjectType: string;
|
|
175
|
+
subjectId: IdType;
|
|
176
|
+
targetType: string;
|
|
177
|
+
targetId: IdType;
|
|
178
|
+
action: string;
|
|
179
|
+
effect: string;
|
|
180
|
+
domain: TNullable<string>;
|
|
181
|
+
}[];
|
|
182
|
+
}
|
|
183
|
+
//# sourceMappingURL=policy-builder.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"policy-builder.d.ts","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/common/policy-builder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAChC,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAGL,oBAAoB,EACpB,sBAAsB,EACvB,MAAM,aAAa,CAAC;AAErB,wGAAwG;AACxG,MAAM,MAAM,kBAAkB,GAAG,MAAM,GAAG;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,EAAE,EAAE,MAAM,CAAA;CAAE,CAAC;AAEvE,qBAAa,0BAA0B;IACrC,MAAM,CAAC,QAAQ,CAAC,gBAAgB,YAAY;IAE5C;;;;OAIG;IACH,OAAO,CAAC,MAAM,CAAC,eAAe;IAY9B;;;OAGG;IACH,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE;QACjB,OAAO,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC;QACtC,UAAU,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC;QACzC,MAAM,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,SAAS,CAAC,kBAAkB,CAAC,CAAC;QACvC,MAAM,EAAE,sBAAsB,CAAC;KAChC;;;;;;;;;;IAaD,gFAAgF;IAChF,MAAM,CAAC,UAAU,CAAC,IAAI,EAAE;QACtB,IAAI,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC;QACnC,IAAI,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC;QACnC,MAAM,CAAC,EAAE,SAAS,CAAC,kBAAkB,CAAC,CAAC;KACxC;;;;;;;;IAWD,gFAAgF;IAChF,MAAM,CAAC,UAAU,CAAC,IAAI,EAAE;QACtB,IAAI,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC;QACnC,MAAM,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC;KACtC;;;;;;;IAUD,mFAAmF;IACnF,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE;QACxB,KAAK,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC;QACpC,MAAM,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC;KACtC;;;;;;;IAUD;;;;OAIG;IACH,MAAM,CAAC,gBAAgB,CAAC,IAAI,EAAE;QAC5B,KAAK,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC;QACpC,MAAM,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC;KACtC;;;;;;;IAUD,+GAA+G;IAC/G,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE;QAAE,KAAK,EAAE,oBAAoB,CAAC;QAAC,MAAM,EAAE,oBAAoB,CAAA;KAAE;;;;;;;IAUzF,iHAAiH;IACjH,MAAM,CAAC,aAAa;;;;;;;IAIpB,8HAA8H;IAC9H,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE;QAC1B,KAAK,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC;QACpC,MAAM,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC;KACtC;;;;;;;IAUD;;;OAGG;IACH,MAAM,CAAC,UAAU,CAAC,IAAI,EAAE;QACtB,IAAI,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC;QACnC,UAAU,EAAE;YACV,IAAI,EAAE,MAAM,CAAC;YACb,QAAQ,EAAE,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;SACvC,CAAC;QAEF,MAAM,EAAE,aAAa,CAAC;YACpB,YAAY,EAAE,MAAM,CAAC;YACrB,MAAM,EAAE,MAAM,CAAC;YACf,MAAM,CAAC,EAAE,SAAS,CAAC,kBAAkB,CAAC,CAAC;YACvC,MAAM,EAAE,sBAAsB,CAAC;SAChC,CAAC,CAAC;KACJ;;;;;;;;;;CAsBF"}
|
|
@@ -0,0 +1,130 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.AuthorizationPolicyBuilder = void 0;
|
|
4
|
+
const constants_1 = require("./constants");
|
|
5
|
+
class AuthorizationPolicyBuilder {
|
|
6
|
+
static { this.ACTION_PRINCIPAL = 'Action'; }
|
|
7
|
+
/**
|
|
8
|
+
* Serialize a domain to the casbin token the matcher compares against {@link resolveRequestDomain}'s
|
|
9
|
+
* output: a scope literal (`SYSTEM_WIDE`/`ANY_MEMBER`) passes through unchanged; a typed domain becomes
|
|
10
|
+
* `<type>_<id>` so `g3(r.dom, p.dom)` cascades; null ⇒ null (the adapter then defaults grants to `ANY_MEMBER`).
|
|
11
|
+
*/
|
|
12
|
+
static serializeDomain(domain) {
|
|
13
|
+
if (domain == null) {
|
|
14
|
+
return null;
|
|
15
|
+
}
|
|
16
|
+
if (typeof domain === 'string') {
|
|
17
|
+
return domain;
|
|
18
|
+
}
|
|
19
|
+
return [domain.type, domain.id].join('_');
|
|
20
|
+
}
|
|
21
|
+
/**
|
|
22
|
+
* A grant (casbin `p`): role/user → permission, carrying action + effect + domain.
|
|
23
|
+
* `domain` null ⇒ `ANY_MEMBER` (adapter default). Pass a scope literal or a typed `{ type, id }` domain.
|
|
24
|
+
*/
|
|
25
|
+
static grant(opts) {
|
|
26
|
+
return {
|
|
27
|
+
variant: constants_1.AuthorizationPolicyVariants.GRANT.action,
|
|
28
|
+
subjectType: opts.subject.type,
|
|
29
|
+
subjectId: opts.subject.id,
|
|
30
|
+
targetType: opts.permission.type,
|
|
31
|
+
targetId: opts.permission.id,
|
|
32
|
+
action: opts.action,
|
|
33
|
+
effect: opts.effect,
|
|
34
|
+
domain: AuthorizationPolicyBuilder.serializeDomain(opts.domain),
|
|
35
|
+
};
|
|
36
|
+
}
|
|
37
|
+
/** Assign a role to a user (casbin `g`). `domain` null ⇒ `*` (every domain). */
|
|
38
|
+
static assignRole(opts) {
|
|
39
|
+
return {
|
|
40
|
+
variant: constants_1.AuthorizationPolicyVariants.ASSIGN_ROLE.action,
|
|
41
|
+
subjectType: opts.user.type,
|
|
42
|
+
subjectId: opts.user.id,
|
|
43
|
+
targetType: opts.role.type,
|
|
44
|
+
targetId: opts.role.id,
|
|
45
|
+
domain: AuthorizationPolicyBuilder.serializeDomain(opts.domain),
|
|
46
|
+
};
|
|
47
|
+
}
|
|
48
|
+
/** A user joins a domain (casbin `g2`) — backs the `ANY_MEMBER` grant scope. */
|
|
49
|
+
static joinDomain(opts) {
|
|
50
|
+
return {
|
|
51
|
+
variant: constants_1.AuthorizationPolicyVariants.JOIN_DOMAIN.action,
|
|
52
|
+
subjectType: opts.user.type,
|
|
53
|
+
subjectId: opts.user.id,
|
|
54
|
+
targetType: opts.domain.type,
|
|
55
|
+
targetId: opts.domain.id,
|
|
56
|
+
};
|
|
57
|
+
}
|
|
58
|
+
/** A role inherits another role (casbin `g`, shared relation with assign_role). */
|
|
59
|
+
static roleInherits(opts) {
|
|
60
|
+
return {
|
|
61
|
+
variant: constants_1.AuthorizationPolicyVariants.ROLE_INHERITS.action,
|
|
62
|
+
subjectType: opts.child.type,
|
|
63
|
+
subjectId: opts.child.id,
|
|
64
|
+
targetType: opts.parent.type,
|
|
65
|
+
targetId: opts.parent.id,
|
|
66
|
+
};
|
|
67
|
+
}
|
|
68
|
+
/**
|
|
69
|
+
* A resource inherits another (casbin `g4`): a grant on the PARENT covers the CHILD.
|
|
70
|
+
* e.g. `{ child: SaleOrder, parent: Sale }` — grant on module `Sale` covers subject `SaleOrder`.
|
|
71
|
+
* Many-to-many: a subject may inherit several module parents (add one edge each).
|
|
72
|
+
*/
|
|
73
|
+
static resourceInherits(opts) {
|
|
74
|
+
return {
|
|
75
|
+
variant: constants_1.AuthorizationPolicyVariants.RESOURCE_INHERITS.action,
|
|
76
|
+
subjectType: opts.child.type,
|
|
77
|
+
subjectId: opts.child.id,
|
|
78
|
+
targetType: opts.parent.type,
|
|
79
|
+
targetId: opts.parent.id,
|
|
80
|
+
};
|
|
81
|
+
}
|
|
82
|
+
/** An action inherits another (casbin `g5`): the child action is implied by the parent, e.g. read ⊂ manage. */
|
|
83
|
+
static actionInherits(opts) {
|
|
84
|
+
return {
|
|
85
|
+
variant: constants_1.AuthorizationPolicyVariants.ACTION_INHERITS.action,
|
|
86
|
+
subjectType: this.ACTION_PRINCIPAL,
|
|
87
|
+
subjectId: opts.child,
|
|
88
|
+
targetType: this.ACTION_PRINCIPAL,
|
|
89
|
+
targetId: opts.parent,
|
|
90
|
+
};
|
|
91
|
+
}
|
|
92
|
+
/** All `action_inherits` rows for the standard {@link AuthorizationActions.LATTICE}. Seed once, idempotently. */
|
|
93
|
+
static actionLattice() {
|
|
94
|
+
return constants_1.AuthorizationActions.LATTICE.map(action => this.actionInherits(action));
|
|
95
|
+
}
|
|
96
|
+
/** A domain inherits another (casbin `g3`): a grant in the parent domain cascades to the child. e.g. Merchant ⊂ Organizer. */
|
|
97
|
+
static domainInherits(opts) {
|
|
98
|
+
return {
|
|
99
|
+
variant: constants_1.AuthorizationPolicyVariants.DOMAIN_INHERITS.action,
|
|
100
|
+
subjectType: opts.child.type,
|
|
101
|
+
subjectId: opts.child.id,
|
|
102
|
+
targetType: opts.parent.type,
|
|
103
|
+
targetId: opts.parent.id,
|
|
104
|
+
};
|
|
105
|
+
}
|
|
106
|
+
/**
|
|
107
|
+
* Build a role's coarse grant rows from resolved permission ids. The caller resolves each
|
|
108
|
+
* `resourceCode` (subject/module) to a `Permission` and supplies the lookup; unresolved codes are skipped.
|
|
109
|
+
*/
|
|
110
|
+
static roleGrants(opts) {
|
|
111
|
+
const rows = [];
|
|
112
|
+
for (const grant of opts.grants) {
|
|
113
|
+
const permissionId = opts.permission.idByCode.get(grant.resourceCode);
|
|
114
|
+
if (!permissionId) {
|
|
115
|
+
continue;
|
|
116
|
+
}
|
|
117
|
+
const policy = AuthorizationPolicyBuilder.grant({
|
|
118
|
+
subject: { type: opts.role.type, id: opts.role.id },
|
|
119
|
+
permission: { type: opts.permission.type, id: permissionId },
|
|
120
|
+
action: grant.action,
|
|
121
|
+
domain: grant.domain,
|
|
122
|
+
effect: grant.effect,
|
|
123
|
+
});
|
|
124
|
+
rows.push(policy);
|
|
125
|
+
}
|
|
126
|
+
return rows;
|
|
127
|
+
}
|
|
128
|
+
}
|
|
129
|
+
exports.AuthorizationPolicyBuilder = AuthorizationPolicyBuilder;
|
|
130
|
+
//# sourceMappingURL=policy-builder.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"policy-builder.js","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/common/policy-builder.ts"],"names":[],"mappings":";;;AAEA,2CAKqB;AAKrB,MAAa,0BAA0B;aACrB,qBAAgB,GAAG,QAAQ,CAAC;IAE5C;;;;OAIG;IACK,MAAM,CAAC,eAAe,CAAC,MAAsC;QACnE,IAAI,MAAM,IAAI,IAAI,EAAE,CAAC;YACnB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC5C,CAAC;IAED;;;OAGG;IACH,MAAM,CAAC,KAAK,CAAC,IAMZ;QACC,OAAO;YACL,OAAO,EAAE,uCAA2B,CAAC,KAAK,CAAC,MAAM;YACjD,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI;YAC9B,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE;YAC1B,UAAU,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI;YAChC,QAAQ,EAAE,IAAI,CAAC,UAAU,CAAC,EAAE;YAC5B,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,MAAM,EAAE,0BAA0B,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC;SAChE,CAAC;IACJ,CAAC;IAED,gFAAgF;IAChF,MAAM,CAAC,UAAU,CAAC,IAIjB;QACC,OAAO;YACL,OAAO,EAAE,uCAA2B,CAAC,WAAW,CAAC,MAAM;YACvD,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI;YAC3B,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,EAAE;YACvB,UAAU,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI;YAC1B,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,EAAE;YACtB,MAAM,EAAE,0BAA0B,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC;SAChE,CAAC;IACJ,CAAC;IAED,gFAAgF;IAChF,MAAM,CAAC,UAAU,CAAC,IAGjB;QACC,OAAO;YACL,OAAO,EAAE,uCAA2B,CAAC,WAAW,CAAC,MAAM;YACvD,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI;YAC3B,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,EAAE;YACvB,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI;YAC5B,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE;SACzB,CAAC;IACJ,CAAC;IAED,mFAAmF;IACnF,MAAM,CAAC,YAAY,CAAC,IAGnB;QACC,OAAO;YACL,OAAO,EAAE,uCAA2B,CAAC,aAAa,CAAC,MAAM;YACzD,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI;YAC5B,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,EAAE;YACxB,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI;YAC5B,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE;SACzB,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,gBAAgB,CAAC,IAGvB;QACC,OAAO;YACL,OAAO,EAAE,uCAA2B,CAAC,iBAAiB,CAAC,MAAM;YAC7D,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI;YAC5B,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,EAAE;YACxB,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI;YAC5B,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE;SACzB,CAAC;IACJ,CAAC;IAED,+GAA+G;IAC/G,MAAM,CAAC,cAAc,CAAC,IAAmE;QACvF,OAAO;YACL,OAAO,EAAE,uCAA2B,CAAC,eAAe,CAAC,MAAM;YAC3D,WAAW,EAAE,IAAI,CAAC,gBAAgB;YAClC,SAAS,EAAE,IAAI,CAAC,KAAK;YACrB,UAAU,EAAE,IAAI,CAAC,gBAAgB;YACjC,QAAQ,EAAE,IAAI,CAAC,MAAM;SACtB,CAAC;IACJ,CAAC;IAED,iHAAiH;IACjH,MAAM,CAAC,aAAa;QAClB,OAAO,gCAAoB,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC;IACjF,CAAC;IAED,8HAA8H;IAC9H,MAAM,CAAC,cAAc,CAAC,IAGrB;QACC,OAAO;YACL,OAAO,EAAE,uCAA2B,CAAC,eAAe,CAAC,MAAM;YAC3D,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI;YAC5B,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,EAAE;YACxB,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI;YAC5B,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE;SACzB,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,MAAM,CAAC,UAAU,CAAC,IAajB;QACC,MAAM,IAAI,GAA+D,EAAE,CAAC;QAE5E,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChC,MAAM,YAAY,GAAG,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;YACtE,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,SAAS;YACX,CAAC;YAED,MAAM,MAAM,GAAG,0BAA0B,CAAC,KAAK,CAAC;gBAC9C,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE;gBACnD,UAAU,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,EAAE,EAAE,YAAY,EAAE;gBAC5D,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,MAAM,EAAE,KAAK,CAAC,MAAM;aACrB,CAAC,CAAC;YAEH,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACpB,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;;AA7KH,gEA8KC"}
|
|
@@ -10,6 +10,7 @@ export type TPermissionCommonColumns = {
|
|
|
10
10
|
subject: NotNull<PgTextBuilderInitial<string, [string, ...string[]]>>;
|
|
11
11
|
action: NotNull<PgTextBuilderInitial<string, [string, ...string[]]>>;
|
|
12
12
|
scope: NotNull<PgTextBuilderInitial<string, [string, ...string[]]>>;
|
|
13
|
+
description: PgTextBuilderInitial<string, [string, ...string[]]>;
|
|
13
14
|
};
|
|
14
15
|
type TPermissionColumnDef<Opts extends TPermissionOptions | undefined = undefined> = Opts extends {
|
|
15
16
|
idType: infer IdType;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permission.model.d.ts","sourceRoot":"","sources":["../../../../../src/components/auth/models/entities/permission.model.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AACtC,OAAO,EAAW,uBAAuB,EAAE,oBAAoB,EAAQ,MAAM,qBAAqB,CAAC;AAEnG,MAAM,MAAM,kBAAkB,GAAG;IAC/B,MAAM,CAAC,EAAE,QAAQ,GAAG,QAAQ,CAAC;CAC9B,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG;IACrC,IAAI,EAAE,OAAO,CAAC,oBAAoB,CAAC,MAAM,EAAE,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC;IACnE,IAAI,EAAE,OAAO,CAAC,oBAAoB,CAAC,MAAM,EAAE,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC;IACnE,MAAM,EAAE,OAAO,CAAC,oBAAoB,CAAC,MAAM,EAAE,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC;IACrE,OAAO,EAAE,OAAO,CAAC,oBAAoB,CAAC,MAAM,EAAE,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC;IACtE,MAAM,EAAE,OAAO,CAAC,oBAAoB,CAAC,MAAM,EAAE,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC;IACrE,KAAK,EAAE,OAAO,CAAC,oBAAoB,CAAC,MAAM,EAAE,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"permission.model.d.ts","sourceRoot":"","sources":["../../../../../src/components/auth/models/entities/permission.model.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AACtC,OAAO,EAAW,uBAAuB,EAAE,oBAAoB,EAAQ,MAAM,qBAAqB,CAAC;AAEnG,MAAM,MAAM,kBAAkB,GAAG;IAC/B,MAAM,CAAC,EAAE,QAAQ,GAAG,QAAQ,CAAC;CAC9B,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG;IACrC,IAAI,EAAE,OAAO,CAAC,oBAAoB,CAAC,MAAM,EAAE,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC;IACnE,IAAI,EAAE,OAAO,CAAC,oBAAoB,CAAC,MAAM,EAAE,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC;IACnE,MAAM,EAAE,OAAO,CAAC,oBAAoB,CAAC,MAAM,EAAE,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC;IACrE,OAAO,EAAE,OAAO,CAAC,oBAAoB,CAAC,MAAM,EAAE,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC;IACtE,MAAM,EAAE,OAAO,CAAC,oBAAoB,CAAC,MAAM,EAAE,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC;IACrE,KAAK,EAAE,OAAO,CAAC,oBAAoB,CAAC,MAAM,EAAE,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC;IACpE,WAAW,EAAE,oBAAoB,CAAC,MAAM,EAAE,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC,CAAC;CAClE,CAAC;AAEF,KAAK,oBAAoB,CAAC,IAAI,SAAS,kBAAkB,GAAG,SAAS,GAAG,SAAS,IAAI,IAAI,SAAS;IAChG,MAAM,EAAE,MAAM,MAAM,CAAC;CACtB,GACG,MAAM,SAAS,QAAQ,GACrB,wBAAwB,GAAG;IACzB,QAAQ,EAAE,oBAAoB,CAAC,MAAM,EAAE,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC,CAAC;CAC/D,GACD,wBAAwB,GAAG;IACzB,QAAQ,EAAE,uBAAuB,CAAC,MAAM,CAAC,CAAC;CAC3C,GACH,wBAAwB,GAAG;IACzB,QAAQ,EAAE,uBAAuB,CAAC,MAAM,CAAC,CAAC;CAC3C,CAAC;AAEN,eAAO,MAAM,sBAAsB,GAAI,IAAI,SAAS,kBAAkB,GAAG,SAAS,EAChF,OAAO,IAAI,KACV,oBAAoB,CAAC,IAAI,CAkC3B,CAAC"}
|
|
@@ -14,6 +14,7 @@ const extraPermissionColumns = (opts) => {
|
|
|
14
14
|
method: (0, pg_core_1.text)('method').notNull(),
|
|
15
15
|
action: (0, pg_core_1.text)('action').notNull(),
|
|
16
16
|
scope: (0, pg_core_1.text)('scope').notNull(),
|
|
17
|
+
description: (0, pg_core_1.text)('description'),
|
|
17
18
|
parentId: (0, pg_core_1.integer)('parent_id'),
|
|
18
19
|
};
|
|
19
20
|
}
|
|
@@ -25,6 +26,7 @@ const extraPermissionColumns = (opts) => {
|
|
|
25
26
|
method: (0, pg_core_1.text)('method').notNull(),
|
|
26
27
|
action: (0, pg_core_1.text)('action').notNull(),
|
|
27
28
|
scope: (0, pg_core_1.text)('scope').notNull(),
|
|
29
|
+
description: (0, pg_core_1.text)('description'),
|
|
28
30
|
parentId: (0, pg_core_1.text)('parent_id'),
|
|
29
31
|
};
|
|
30
32
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permission.model.js","sourceRoot":"","sources":["../../../../../src/components/auth/models/entities/permission.model.ts"],"names":[],"mappings":";;;AAAA,0DAAkD;AAElD,iDAAmG;
|
|
1
|
+
{"version":3,"file":"permission.model.js","sourceRoot":"","sources":["../../../../../src/components/auth/models/entities/permission.model.ts"],"names":[],"mappings":";;;AAAA,0DAAkD;AAElD,iDAAmG;AA8B5F,MAAM,sBAAsB,GAAG,CACpC,IAAW,EACiB,EAAE;IAC9B,MAAM,EAAE,MAAM,GAAG,QAAQ,EAAE,GAAG,IAAI,IAAI,EAAE,CAAC;IAEzC,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,OAAO;gBACL,IAAI,EAAE,IAAA,cAAI,EAAC,MAAM,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,EAAE;gBACrC,IAAI,EAAE,IAAA,cAAI,EAAC,MAAM,CAAC,CAAC,OAAO,EAAE;gBAC5B,OAAO,EAAE,IAAA,cAAI,EAAC,SAAS,CAAC,CAAC,OAAO,EAAE;gBAClC,MAAM,EAAE,IAAA,cAAI,EAAC,QAAQ,CAAC,CAAC,OAAO,EAAE;gBAChC,MAAM,EAAE,IAAA,cAAI,EAAC,QAAQ,CAAC,CAAC,OAAO,EAAE;gBAChC,KAAK,EAAE,IAAA,cAAI,EAAC,OAAO,CAAC,CAAC,OAAO,EAAE;gBAC9B,WAAW,EAAE,IAAA,cAAI,EAAC,aAAa,CAAC;gBAChC,QAAQ,EAAE,IAAA,iBAAO,EAAC,WAAW,CAAC;aACD,CAAC;QAClC,CAAC;QACD,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,OAAO;gBACL,IAAI,EAAE,IAAA,cAAI,EAAC,MAAM,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,EAAE;gBACrC,IAAI,EAAE,IAAA,cAAI,EAAC,MAAM,CAAC,CAAC,OAAO,EAAE;gBAC5B,OAAO,EAAE,IAAA,cAAI,EAAC,SAAS,CAAC,CAAC,OAAO,EAAE;gBAClC,MAAM,EAAE,IAAA,cAAI,EAAC,QAAQ,CAAC,CAAC,OAAO,EAAE;gBAChC,MAAM,EAAE,IAAA,cAAI,EAAC,QAAQ,CAAC,CAAC,OAAO,EAAE;gBAChC,KAAK,EAAE,IAAA,cAAI,EAAC,OAAO,CAAC,CAAC,OAAO,EAAE;gBAC9B,WAAW,EAAE,IAAA,cAAI,EAAC,aAAa,CAAC;gBAChC,QAAQ,EAAE,IAAA,cAAI,EAAC,WAAW,CAAC;aACE,CAAC;QAClC,CAAC;QACD,OAAO,CAAC,CAAC,CAAC;YACR,MAAM,IAAA,wBAAQ,EAAC;gBACb,OAAO,EAAE,qDAAqD,MAAM,EAAE;aACvE,CAAC,CAAC;QACL,CAAC;IACH,CAAC;AACH,CAAC,CAAC;AApCW,QAAA,sBAAsB,0BAoCjC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@venizia/ignis",
|
|
3
|
-
"version": "0.0.9-
|
|
3
|
+
"version": "0.0.9-19",
|
|
4
4
|
"description": "High-performance TypeScript server infrastructure combining LoopBack 4 enterprise architecture (decorator-based DI, repository pattern, component system) with Hono speed (~140k req/s). Features auto-generated OpenAPI docs, Drizzle ORM type-safe SQL, JWT/Basic authentication, Casbin authorization, convention-based bootstrapping, and pluggable components for health checks, Swagger UI, mail, Socket.IO, and static assets. Built for Bun and Node.js.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"access-control",
|