npm - @via-profit/ability - Versions diffs - 1.1.0 → 2.0.0-rc.2 - Mend

@via-profit/ability 1.1.0 → 2.0.0-rc.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

package/README.md +155 -310
package/assets/ability-01.drawio.png +0 -0
package/build/playground.js +910 -0
package/build/playground.js.map +1 -0
package/dist/AbilityCode.d.ts +7 -0
package/dist/AbilityCompare.d.ts +6 -0
package/dist/AbilityCondition.d.ts +12 -0
package/dist/AbilityError.d.ts +9 -0
package/dist/AbilityMatch.d.ts +7 -0
package/dist/AbilityParser.d.ts +33 -0
package/dist/AbilityPolicy.d.ts +42 -51
package/dist/AbilityPolicyEffect.d.ts +6 -0
package/dist/AbilityPolicyResult.d.ts +6 -0
package/dist/AbilityResolver.d.ts +30 -0
package/dist/AbilityRule.d.ts +24 -95
package/dist/AbilityRuleSet.d.ts +44 -0
package/dist/index.d.ts +9 -3
package/dist/index.js +626 -379
package/dist/playground.d.ts +26 -0
package/package.json +4 -2
package/dist/AbilityService.d.ts +0 -74

package/dist/index.js CHANGED Viewed

@@ -2,6 +2,254 @@
 /******/ 	"use strict";
 /******/ 	var __webpack_modules__ = ({
+/***/ 19:
+/***/ ((__unused_webpack_module, exports) => {
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.AbilityCode = void 0;
+class AbilityCode {
+    code;
+    constructor(code) {
+        this.code = code;
+    }
+    isEqual(compareWith) {
+        return compareWith !== null && this.code === compareWith.code;
+    }
+    isNotEqual(compareWith) {
+        return !this.isEqual(compareWith);
+    }
+}
+exports.AbilityCode = AbilityCode;
+exports["default"] = AbilityCode;
+/***/ }),
+/***/ 923:
+/***/ (function(__unused_webpack_module, exports, __webpack_require__) {
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.AbilityCompare = void 0;
+const AbilityCode_1 = __importDefault(__webpack_require__(19));
+class AbilityCompare extends AbilityCode_1.default {
+    static OR = new AbilityCompare(0);
+    static AND = new AbilityCompare(1);
+}
+exports.AbilityCompare = AbilityCompare;
+exports["default"] = AbilityCompare;
+/***/ }),
+/***/ 261:
+/***/ (function(__unused_webpack_module, exports, __webpack_require__) {
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.AbilityCondition = void 0;
+const AbilityCode_1 = __importDefault(__webpack_require__(19));
+class AbilityCondition extends AbilityCode_1.default {
+    static EQUAL = new AbilityCondition('=');
+    static NOT_EQUAL = new AbilityCondition('<>');
+    static MORE_THAN = new AbilityCondition('>');
+    static LESS_THAN = new AbilityCondition('<');
+    static LESS_OR_EQUAL = new AbilityCondition('<=');
+    static MORE_OR_EQUAL = new AbilityCondition('>=');
+    static IN = new AbilityCondition('in');
+    static NOT_IN = new AbilityCondition('not in');
+}
+exports.AbilityCondition = AbilityCondition;
+exports["default"] = AbilityCondition;
+/***/ }),
+/***/ 122:
+/***/ ((__unused_webpack_module, exports) => {
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.PermissionError = exports.AbilityParserError = exports.AbilityError = void 0;
+class AbilityError extends Error {
+    constructor(message) {
+        super(message);
+    }
+}
+exports.AbilityError = AbilityError;
+class AbilityParserError extends Error {
+    constructor(message) {
+        super(message);
+    }
+}
+exports.AbilityParserError = AbilityParserError;
+class PermissionError extends Error {
+    constructor(message) {
+        super(message);
+    }
+}
+exports.PermissionError = PermissionError;
+/***/ }),
+/***/ 909:
+/***/ (function(__unused_webpack_module, exports, __webpack_require__) {
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.AbilityMatch = void 0;
+const AbilityCode_1 = __importDefault(__webpack_require__(19));
+class AbilityMatch extends AbilityCode_1.default {
+    static PENDING = new AbilityMatch(2);
+    static MATCH = new AbilityMatch(1);
+    static MISMATCH = new AbilityMatch(0);
+}
+exports.AbilityMatch = AbilityMatch;
+exports["default"] = AbilityMatch;
+/***/ }),
+/***/ 189:
+/***/ (function(__unused_webpack_module, exports, __webpack_require__) {
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.AbilityParser = void 0;
+const AbilityError_1 = __webpack_require__(122);
+const AbilityCondition_1 = __importDefault(__webpack_require__(261));
+class AbilityParser {
+    /**
+     * Validates the configuration object based on the provided field validation configurations.
+     * @param config - The configuration object to validate.
+     * @param fields - An array of field validation configurations.
+     * @throws {AbilityParserError} If a required field is missing or if a field has an incorrect type.
+     */
+    static validateConfig(config, fields) {
+        fields.forEach(([field, type, isRequired]) => {
+            const value = config[field];
+            if (isRequired) {
+                if (typeof value === 'undefined') {
+                    throw new AbilityError_1.AbilityParserError(`Missing required field [${field}]`);
+                }
+            }
+            switch (type) {
+                case 'array':
+                    if (typeof value !== 'object' || !Array.isArray(value)) {
+                        throw new AbilityError_1.AbilityParserError(`Field [${field}] must be an type of [${type}], bit got [${typeof value}]`);
+                    }
+                    break;
+                default:
+                    if (typeof value !== type && typeof value !== 'undefined') {
+                        throw new AbilityError_1.AbilityParserError(`Field [${field}] must be a type of [${type}], bit got [${typeof value}]`);
+                    }
+                    break;
+            }
+        });
+    }
+    /**
+     * Prepares and validates the configuration object or JSON string.
+     * @param configOrJson - The configuration object or JSON string to validate.
+     * @param fields - An array of field validation configurations.
+     * @returns The validated configuration object.
+     */
+    static prepareAndValidateConfig(configOrJson, fields) {
+        const config = typeof configOrJson === 'string'
+            ? (JSON.parse(configOrJson))
+            : configOrJson;
+        AbilityParser.validateConfig(config, fields);
+        return config;
+    }
+    /*
+    *
+    *  readonly ['order.update']: {
+    *     readonly user: {
+    *       readonly roles: readonly string[];
+    *       readonly department: string;
+    *     };
+    *     readonly order: {
+    *       readonly estimatedArrivalAt: number;
+    *       readonly status: string;
+    *     }
+    *  }
+    *
+    * */
+    /**
+     * Sets a value in a nested object structure based on a dot/bracket notation path.
+     * @param object - The target object to modify.
+     * @param path - The path to the property in dot/bracket notation.
+     * @param value - The value to set at the specified path.
+     */
+    static setValueDotValue(object, path, value) {
+        const way = path.replace(/\[/g, '.').replace(/\]/g, '').split('.');
+        const last = way.pop();
+        if (!last) {
+            throw new AbilityError_1.AbilityParserError(`Invalid path provided on a [${path}]`);
+        }
+        way.reduce((o, k, i, kk) => {
+            if (!o[k]) {
+                o[k] = isFinite(Number(kk[i + 1])) ? [] : {};
+            }
+            return o[k];
+        }, object)[last] = value;
+    }
+    /**
+     * Generates TypeScript type definitions based on the provided policies.
+     * @param policies - An array of AbilityPolicy instances.
+     * @param outPath - The output path for the generated type definitions.
+     * @returns A record containing the generated type definitions.
+     */
+    static generateTypeDefs(policies, outPath) {
+        const record = {};
+        policies.forEach(policy => {
+            policy.ruleSet.forEach(ruleSet => {
+                ruleSet.rules.forEach(rule => {
+                    const [leftFieldPath, condition, rightFiledPath] = rule.matches;
+                    let value = 'any';
+                    switch (true) {
+                        case condition.isEqual(AbilityCondition_1.default.NOT_EQUAL):
+                        case condition.isEqual(AbilityCondition_1.default.EQUAL):
+                            value = typeof rightFiledPath;
+                            break;
+                        case condition.isEqual(AbilityCondition_1.default.IN):
+                        case condition.isEqual(AbilityCondition_1.default.NOT_IN):
+                            value = `${typeof rightFiledPath}[]`;
+                            break;
+                        case condition.isEqual(AbilityCondition_1.default.MORE_OR_EQUAL):
+                        case condition.isEqual(AbilityCondition_1.default.MORE_THAN):
+                        case condition.isEqual(AbilityCondition_1.default.LESS_OR_EQUAL):
+                        case condition.isEqual(AbilityCondition_1.default.LESS_THAN):
+                            value = 'number';
+                            break;
+                    }
+                    AbilityParser.setValueDotValue(record, leftFieldPath, value);
+                });
+            });
+        });
+        console.log(JSON.stringify(record));
+        return record;
+    }
+}
+exports.AbilityParser = AbilityParser;
+exports["default"] = AbilityParser;
+/***/ }),
 /***/ 844:
 /***/ (function(__unused_webpack_module, exports, __webpack_require__) {
@@ -12,183 +260,135 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", ({ value: true }));
 exports.AbilityPolicy = void 0;
 const AbilityRule_1 = __importDefault(__webpack_require__(476));
+const AbilityRuleSet_1 = __importDefault(__webpack_require__(402));
+const AbilityMatch_1 = __importDefault(__webpack_require__(909));
+const AbilityCompare_1 = __importDefault(__webpack_require__(923));
+const AbilityPolicyEffect_1 = __importDefault(__webpack_require__(277));
+const AbilityParser_1 = __importDefault(__webpack_require__(189));
 class AbilityPolicy {
+    matchState = AbilityMatch_1.default.PENDING;
     /**
      * List of rules
      */
-    rules = [];
+    ruleSet = [];
     /**
-     * Nested policies
+     * Policy effect
      */
-    policies = [];
+    effect;
     /**
      * Rules compare method.\
      * For the «and» method the rule will be permitted if all\
      * rules will be returns «permit» status and for the «or» - if\
      * one of the rules returns as «permit»
      */
-    rulesCompareMethod = 'and';
-    /**
-     * Policies compare method.\
-     * For the «and» method the policy will be permitted if all\
-     * policies will be returns «permit» status and for the «or» - if\
-     * one of the policies returns as «permit»
-     */
-    policiesCompareMethod = 'and';
+    compareMethod = AbilityCompare_1.default.AND;
     /**
      * Policy name
      */
     name;
-    /**
-     * Policy description
-     */
-    description = null;
     /**
      * Policy ID
      */
     id;
-    constructor(policyName, policyID, description) {
-        this.name = policyName || Symbol('name');
-        this.id = policyID || Symbol('id');
-        this.description = typeof description === 'string' ? description : null;
-    }
-    addRule(rule, compareMethod = 'and') {
-        this.rules.push(rule);
-        this.rulesCompareMethod = compareMethod;
-        return this;
-    }
-    addRules(rules, compareMethod = 'and') {
-        rules.forEach(rule => this.addRule(rule, compareMethod));
-        return this;
-    }
-    addPolicy(policy, compareMethod = 'and') {
-        this.policies.push(policy);
-        this.policiesCompareMethod = compareMethod;
-        return this;
+    /**
+     * Soon
+     */
+    action;
+    constructor(params) {
+        const { name, id, action, effect } = params;
+        this.name = name || Symbol('name');
+        this.id = id || Symbol('id');
+        this.action = action;
+        this.effect = effect;
     }
-    addPolicies(policies, compareMethod = 'and') {
-        policies.forEach(policy => this.addPolicy(policy, compareMethod));
+    /**
+     * Add rule set to the policy
+     * @param ruleSet - The rule set to add
+     */
+    addRuleSet(ruleSet) {
+        this.ruleSet.push(ruleSet);
         return this;
     }
-    getName() {
-        return this.name;
-    }
-    getID() {
-        return this.id;
-    }
-    getPolicies() {
-        return this.policies;
-    }
-    getRules() {
-        return this.rules;
-    }
-    setDescription(description) {
-        this.description = description;
+    /**
+     * Add rule to the policy
+     * @param rule - The rule to add
+     */
+    addRule(rule) {
+        this.addRuleSet(new AbilityRuleSet_1.default({
+            name: rule.name,
+        }).addRule(rule, AbilityCompare_1.default.AND));
         return this;
     }
-    enforce(subject, resource, environment) {
-        const { permission, deniedPolicies } = this.check(subject, resource, environment);
-        if (permission === 'deny') {
-            throw new Error(`Permission denied. ${deniedPolicies[0].getName().toString()}`);
-        }
-    }
-    isPermit(subject, resource, environment) {
-        const { permission } = this.check(subject, resource, environment);
-        return permission === 'permit';
-    }
-    isDeny(subject, resource, environment) {
-        const { permission } = this.check(subject, resource, environment);
-        return permission === 'deny';
-    }
-    check(subject, resource, environment) {
-        const deniedRules = [];
-        const deniedPolicies = [];
-        const ruleStatuses = [];
-        const policyStatuses = [];
-        AbilityPolicy.validatePolicy(this);
-        this.policies.forEach(policy => {
-            const policyResult = policy.check(subject, resource, environment);
-            policyStatuses.push(policyResult.permission);
-            if (policyResult.permission === 'deny') {
-                deniedPolicies.push(policy);
-            }
-            policyResult.deniedRules.forEach(rule => {
-                deniedRules.push(rule);
+    /**
+     * Check if the policy is matched
+     * @param resource - The resource to check
+     */
+    check(resource) {
+        this.matchState = AbilityMatch_1.default.MISMATCH;
+        /**
+         * If policy contain a rules
+         */
+        if (this.ruleSet.length) {
+            const ruleCheckStates = [];
+            this.ruleSet.forEach(rule => {
+                const ruleCheckState = rule.check(resource);
+                ruleCheckStates.push(ruleCheckState);
             });
-        });
-        this.rules.forEach(rule => {
-            const permission = rule.check(subject, resource, environment);
-            ruleStatuses.push(permission);
-            if (permission === 'deny') {
-                deniedRules.push(rule);
-                deniedPolicies.push(this);
+            if (AbilityCompare_1.default.AND.isEqual(this.compareMethod)) {
+                if (ruleCheckStates.every(ruleState => AbilityMatch_1.default.MATCH.isEqual(ruleState))) {
+                    this.matchState = AbilityMatch_1.default.MATCH;
+                }
+            }
+            if (AbilityCompare_1.default.OR.isEqual(this.compareMethod)) {
+                if (ruleCheckStates.some(ruleState => AbilityMatch_1.default.MATCH.isEqual(ruleState))) {
+                    this.matchState = AbilityMatch_1.default.MATCH;
+                }
             }
-        });
-        let res = 'deny';
-        if (policyStatuses.length) {
-            res = policyStatuses[this.policiesCompareMethod === 'and' ? 'every' : 'some'](status => status === 'permit')
-                ? 'permit'
-                : 'deny';
-        }
-        if (ruleStatuses.length) {
-            res = ruleStatuses[this.rulesCompareMethod === 'and' ? 'every' : 'some'](status => status === 'permit')
-                ? 'permit'
-                : 'deny';
         }
-        return {
-            permission: res,
-            deniedRules,
-            deniedPolicies,
-        };
+        return this.matchState;
     }
     /**
      * Parse the config JSON format to Policy class instance
      */
     static parse(configOrJson) {
-        const { id, name, description, rules, policies, rulesCompareMethod, policiesCompareMethod } = typeof configOrJson === 'string'
-            ? JSON.parse(configOrJson)
-            : configOrJson;
+        const config = AbilityParser_1.default.prepareAndValidateConfig(configOrJson, [
+            ['id', 'string', false],
+            ['name', 'string', true],
+            ['action', 'string', true],
+            ['effect', 'number', true],
+            ['compareMethod', 'number', true],
+            ['ruleSet', 'array', true],
+        ]);
+        const { id, name, ruleSet, compareMethod, action, effect } = config;
         // Create the empty policy
-        const policy = new AbilityPolicy(name, id, description);
-        if (policiesCompareMethod) {
-            policy.policiesCompareMethod = policiesCompareMethod;
-        }
-        if (rulesCompareMethod) {
-            policy.rulesCompareMethod = rulesCompareMethod;
-        }
-        if (description) {
-            policy.setDescription(description);
-        }
-        // Adding rules if exists
-        if (rules && rules.length > 0) {
-            const abilityRules = rules.map(ruleConfig => AbilityRule_1.default.parse(ruleConfig));
-            policy.addRules(abilityRules, rulesCompareMethod);
-        }
-        // Adding policies if exixts
-        if (policies && policies.length > 0) {
-            const nestedPolicies = policies.map(nestedConfig => AbilityPolicy.parse(nestedConfig));
-            policy.addPolicies(nestedPolicies, policiesCompareMethod);
-        }
+        const policy = new AbilityPolicy({
+            name,
+            id,
+            action,
+            effect: new AbilityPolicyEffect_1.default(effect),
+        });
+        policy.compareMethod = new AbilityCompare_1.default(compareMethod);
+        ruleSet.forEach(ruleOrRuleSet => {
+            // is ruleset
+            if ('rules' in ruleOrRuleSet) {
+                policy.addRuleSet(AbilityRuleSet_1.default.parse(ruleOrRuleSet));
+            }
+            // is simple rule
+            if (!('rules' in ruleOrRuleSet)) {
+                policy.addRule(AbilityRule_1.default.parse(ruleOrRuleSet));
+            }
+        });
         return policy;
     }
-    static export(policy) {
-        const config = {
-            id: policy.id.toString(),
-            name: policy.name.toString(),
-            rulesCompareMethod: policy.rulesCompareMethod,
-            policiesCompareMethod: policy.policiesCompareMethod,
-            policies: policy.policies ? policy.policies.map(p => AbilityPolicy.export(p)) : undefined,
-            rules: policy.rules ? policy.rules.map(rule => AbilityRule_1.default.export(rule)) : undefined,
+    export() {
+        return {
+            id: this.id.toString(),
+            name: this.name.toString(),
+            compareMethod: this.compareMethod.code,
+            ruleSet: this.ruleSet.map(rule => rule.export()),
+            action: this.action,
+            effect: this.effect.code,
         };
-        return config;
-    }
-    static validatePolicy(policy) {
-        if (policy.policies.length > 0 && policy.rules.length > 0) {
-            throw new Error("The policy can't have a policies and rules at the same time");
-        }
-        if (policy.policies.length === 0 && policy.rules.length === 0) {
-            throw new Error('The policy must have a nested policies or rules');
-        }
     }
 }
 exports.AbilityPolicy = AbilityPolicy;
@@ -197,129 +397,166 @@ exports["default"] = AbilityPolicy;
 /***/ }),
-/***/ 476:
-/***/ ((__unused_webpack_module, exports) => {
+/***/ 277:
+/***/ (function(__unused_webpack_module, exports, __webpack_require__) {
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", ({ value: true }));
-exports.AbilityRule = void 0;
-class AbilityRule {
-    matches;
-    name;
-    effect;
+exports.AbilityPolicyEffect = void 0;
+const AbilityCode_1 = __importDefault(__webpack_require__(19));
+class AbilityPolicyEffect extends AbilityCode_1.default {
+    static DENY = new AbilityPolicyEffect(0);
+    static PERMIT = new AbilityPolicyEffect(1);
+}
+exports.AbilityPolicyEffect = AbilityPolicyEffect;
+exports["default"] = AbilityPolicyEffect;
+/***/ }),
+/***/ 668:
+/***/ (function(__unused_webpack_module, exports, __webpack_require__) {
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.AbilityResolver = void 0;
+const AbilityPolicyEffect_1 = __importDefault(__webpack_require__(277));
+const AbilityMatch_1 = __importDefault(__webpack_require__(909));
+const AbilityError_1 = __webpack_require__(122);
+class AbilityResolver {
+    policies;
+    constructor(policies) {
+        this.policies = policies;
+    }
     /**
-     * Create the rule to compare
+     * Resolve policy for the resource and action
      *
-     * @param ruleName {string} - The rule name
-     * @param effect {AbilityRuleStatus} - Return value
-     * @param matches {AbilityRuleMatches} - The matching rule he matching rule can be on of the format:
-     * \
-     * For example, be compared two's data\
-     * \
-     * _The subject_
-     * ```json
-     * {"userID": "1", "userDepartament": "NBC"}
-     * ```
-     * and _The resource_
-     * ```json
-     * {"departamentID": "154", "departamentName": "NBC"}
-     * ```
-     * \
-     * Now we can make the matching rule:
-     * ```json
-     * ["subject.userDepartament", "=", "resource.departamentName"]
-     * ```
-     *
-     * \
-     * **Example 2.**\
-     * In this case will be compared resource and string:
-     * \
-     * _The subject_
-     * ```json
-     * {"userID": "1", "userDepartament": "NBC"}
-     * ```
-     * and _The resource_ will be «undefined».\
-     * Now we can make the matching rule:
-     * ```json
-     * ["subject.userDepartament", "=", "NBC"]
-     * ```
-     * \
-     * **Example 3.**\
-     * In this case will be compared resource and array of string:\
-     * \
-     * _The subject_
-     * ```json
-     * {"userID": "1", "userDepartament": "NBC"}
-     * ```
-     * and _The resource_
-     * ```json
-     * ["FOX", "NBC", "AONE"]
-     * ```
-     * \
-     * Now we can make the matching rule:
-     * ```json
-     * ["subject.userDepartament", "=", "resource"]
-     * ```
-     * **Note: In this rule whe set the resource field as the «resource» string.\
-     * This means that we will compare the entire resource as a whole,\
-     * and not search for it by field name.**
-     * \
-     * **Example 4.**\
-     * In this case will be compared resource and array of string:\
-     * \
-     * _The subject_
-     * ```json
-     * {"user": {"account": {"roles": ["admin", "viewer"]}}}
-     * ```
-     * and _The resource_
-     * ```json
-     * undefined
-     * ```
-     * \
-     * Now we can make the matching rule:
-     * ```json
-     * ["subject.user.account.roles", "in", "admin"]
+     @param action - Action
+     * @param resource - Resource
      */
-    constructor(matches, effect = 'permit', ruleName) {
-        this.name = ruleName || Symbol('name');
-        this.effect = effect;
-        this.matches = matches;
+    resolve(action, resource) {
+        const filteredPolicies = this.policies.filter(policy => {
+            return AbilityResolver.isInActionContain(policy.action, String(action));
+        });
+        filteredPolicies.map(policy => policy.check(resource));
+        this.policies = filteredPolicies;
+        return this;
     }
-    getName() {
-        return this.name;
+    enforce(action, resource) {
+        const resolver = this.resolve(action, resource);
+        if (resolver) {
+            if (resolver.isDeny()) {
+                throw new AbilityError_1.PermissionError(resolver.getPolicy()?.name?.toString() || 'Unknown permission error');
+            }
+        }
     }
+    /**
+     * Get the last effect of the policy
+     *
+     * @returns {AbilityPolicyEffect | null}
+     */
     getEffect() {
-        return this.effect;
+        const effects = this.policies.reduce((collect, policy, _index) => {
+            if (policy.matchState.isEqual(AbilityMatch_1.default.MATCH)) {
+                return collect.concat(policy.effect);
+            }
+            return collect;
+        }, []);
+        if (effects.length) {
+            return effects[effects.length - 1];
+        }
+        return null;
+    }
+    isPermit() {
+        const effect = this.getEffect();
+        return effect !== null && effect.isEqual(AbilityPolicyEffect_1.default.PERMIT);
     }
-    isPermit(subject, resource, environment) {
-        return 'permit' === this.check(subject, resource, environment);
+    isDeny() {
+        const effect = this.getEffect();
+        return effect !== null && effect.isEqual(AbilityPolicyEffect_1.default.DENY);
     }
-    isDeny(subject, resource, environment) {
-        return 'deny' === this.check(subject, resource, environment);
+    getPolicy() {
+        const lastPolicy = this.policies.length ? this.policies[this.policies.length - 1] : null;
+        return lastPolicy && lastPolicy.matchState.isEqual(AbilityMatch_1.default.MATCH) ? lastPolicy : null;
+    }
+    /**
+     * Check if the action is contained in another action
+     * @param actionA - The first action to check
+     * @param actionB - The second action to check
+     */
+    static isInActionContain(actionA, actionB) {
+        const actionAArray = String(actionA).split('.');
+        const actionBArray = String(actionB).split('.');
+        const a = actionAArray.length >= actionBArray.length ? actionAArray : actionBArray;
+        const b = actionBArray.length >= actionAArray.length ? actionBArray : actionAArray;
+        return a
+            .reduce((acc, chunk, index) => {
+            const iterationRes = chunk === b[index] || b[index] === '*' || chunk === '*';
+            return acc.concat(iterationRes);
+        }, [])
+            .every(Boolean);
+    }
+}
+exports.AbilityResolver = AbilityResolver;
+exports["default"] = AbilityResolver;
+/***/ }),
+/***/ 476:
+/***/ (function(__unused_webpack_module, exports, __webpack_require__) {
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.AbilityRule = void 0;
+const AbilityMatch_1 = __importDefault(__webpack_require__(909));
+const AbilityCondition_1 = __importDefault(__webpack_require__(261));
+const AbilityParser_1 = __importDefault(__webpack_require__(189));
+class AbilityRule {
+    matches;
+    name;
+    state = AbilityMatch_1.default.PENDING;
+    constructor(params) {
+        const { name, matches } = params;
+        this.name = name || Symbol('name');
+        this.matches = matches;
     }
-    check(subject, resource, environment) {
-        const [_subjectFieldName, condition, _resourceFieldName] = this.matches;
+    /**
+     * Check if the rule is matched
+     * @param resource - The resource to check
+     */
+    check(resource) {
+        const [_subjectPathName, condition, _staticValueOrPathName] = this.matches;
         let is = false;
-        const [valueS, valueO] = this.extractValues(subject, resource, environment);
-        if (condition === '<') {
+        const [valueS, valueO] = this.extractValues(resource);
+        if (AbilityCondition_1.default.LESS_THAN.isEqual(condition)) {
             is = Number(valueS) < Number(valueO);
         }
-        if (condition === '<=') {
+        if (AbilityCondition_1.default.LESS_OR_EQUAL.isEqual(condition)) {
             is = Number(valueS) <= Number(valueO);
         }
-        if (condition === '>') {
+        if (AbilityCondition_1.default.MORE_THAN.isEqual(condition)) {
             is = Number(valueS) > Number(valueO);
         }
-        if (condition === '>=') {
+        if (AbilityCondition_1.default.MORE_OR_EQUAL.isEqual(condition)) {
             is = Number(valueS) >= Number(valueO);
         }
-        if (condition === '=') {
+        if (AbilityCondition_1.default.EQUAL.isEqual(condition)) {
             is = valueS === valueO;
         }
-        if (condition === '<>') {
+        if (AbilityCondition_1.default.NOT_EQUAL.isEqual(condition)) {
             is = valueS !== valueO;
         }
-        if (condition === 'in') {
+        if (AbilityCondition_1.default.IN.isEqual(condition)) {
             // [<some>] and [<some>]
             if (Array.isArray(valueS) && Array.isArray(valueO)) {
                 is = valueS.some(v => valueO.find(v1 => v1 === v));
@@ -333,41 +570,53 @@ class AbilityRule {
                 is = valueS.includes(valueO);
             }
         }
-        return is ? this.effect : this.effect === 'permit' ? 'deny' : 'permit';
-    }
-    extractValues(sub, res, env) {
-        const [subjectFieldName, _condition, resourceFieldName] = this.matches;
-        const REGEXP = /^(subject|resource|environment)\./;
-        //  The subject field must be named at «subject.<field-name>»
-        if (!subjectFieldName.match(/^(subject|environment)\./)) {
-            throw new Error(`Matches error. The subject field must be named at «subject.<field-name>», but got ${subjectFieldName}`);
+        if (AbilityCondition_1.default.NOT_IN.isEqual(condition)) {
+            // [<some>] and [<some>]
+            if (Array.isArray(valueS) && Array.isArray(valueO)) {
+                is = !valueS.some(v => valueO.find(v1 => v1 === v));
+            }
+            // <some> and [<some>]
+            if ((typeof valueS === 'string' || typeof valueS === 'number') && Array.isArray(valueO)) {
+                is = !valueO.includes(valueS);
+            }
+            // [<some>] and <some>
+            if ((typeof valueO === 'string' || typeof valueO === 'number') && Array.isArray(valueS)) {
+                is = !valueS.includes(valueO);
+            }
         }
-        const sFieldName = subjectFieldName.replace(/^(subject|environment)\./, '');
-        const subject = typeof sub === 'undefined' || sub === null ? {} : sub;
-        const resource = typeof res === 'undefined' || res === null ? {} : res;
-        const sValue = subject
-            ? this.getDotNotationValue(subjectFieldName.match(/^subject\./)
-                ? subject
-                : subjectFieldName.match(/^environment\./)
-                    ? env
-                    : {}, sFieldName)
-            : subject;
-        // The resource field name can be «resource».
-        // In this case the resource be compare as is
-        if (resourceFieldName === 'resource') {
-            return [sValue, resource];
+        this.state = is ? AbilityMatch_1.default.MATCH : AbilityMatch_1.default.MISMATCH;
+        return this.state;
+    }
+    /**
+     * Extract values from the resource
+     * @param resource - The resource to extract values from
+     */
+    extractValues(resource) {
+        const [subjectPathName, _condition, staticValueOrPathName] = this.matches;
+        let leftSideValue;
+        let rightSideValue;
+        if (resource === null || typeof resource === 'undefined') {
+            return [NaN, NaN];
         }
-        // Object field name - is a «resource.<field-name>»
-        if (resource && String(resourceFieldName).match(REGEXP)) {
-            const oFieldName = String(resourceFieldName).replace(REGEXP, '');
-            return [sValue, this.getDotNotationValue(resource, oFieldName)];
+        const isPath = (str) => {
+            return typeof str === 'string' && str.match(/\./g) !== null;
+        };
+        if (isPath(subjectPathName)) {
+            leftSideValue = this.getDotNotationValue(resource, subjectPathName);
         }
-        // The resource field abne can be «<some-value>» only
-        if (String(resourceFieldName).match(REGEXP) === null) {
-            return [sValue, resourceFieldName];
+        if (isPath(staticValueOrPathName)) {
+            rightSideValue = this.getDotNotationValue(resource, staticValueOrPathName);
         }
-        return [NaN, NaN];
+        else {
+            rightSideValue = staticValueOrPathName;
+        }
+        return [leftSideValue, rightSideValue];
     }
+    /**
+     * Get the value of the object by dot notation
+     * @param resource - The object to get the value from
+     * @param desc - The dot notation string
+     */
     getDotNotationValue(resource, desc) {
         const arr = desc.split('.');
         while (arr.length && resource) {
@@ -391,26 +640,28 @@ class AbilityRule {
         }
         return resource;
     }
-    /**
-     * Parsing the rule config object or JSON string\
-     * of config and returns the AbilityRule class instance
-     */
     static parse(configOrJson) {
-        const { name, effect, matches } = typeof configOrJson === 'string'
-            ? JSON.parse(configOrJson)
-            : configOrJson;
-        return new AbilityRule(matches, effect, name);
+        const config = AbilityParser_1.default.prepareAndValidateConfig(configOrJson, [
+            ['id', 'string', false],
+            ['name', 'string', true],
+            ['matches', 'array', true],
+        ]);
+        const { name, matches } = config;
+        const [leftField, condition, rightField] = matches;
+        return new AbilityRule({
+            name,
+            matches: [leftField, new AbilityCondition_1.default(condition), rightField],
+        });
     }
     /**
      * Export the rule to config object
      */
-    static export(rule) {
-        const config = {
-            name: rule.name,
-            effect: rule.effect,
-            matches: rule.matches,
+    export() {
+        const [leftField, condition, rightField] = this.matches;
+        return {
+            name: this.name,
+            matches: [leftField, condition.code, rightField],
         };
-        return config;
     }
 }
 exports.AbilityRule = AbilityRule;
@@ -419,7 +670,7 @@ exports["default"] = AbilityRule;
 /***/ }),
-/***/ 31:
+/***/ 402:
 /***/ (function(__unused_webpack_module, exports, __webpack_require__) {
@@ -427,107 +678,100 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.AbilityRuleSet = void 0;
 const AbilityRule_1 = __importDefault(__webpack_require__(476));
-const AbilityPolicy_1 = __importDefault(__webpack_require__(844));
-class AbilityService {
+const AbilityCompare_1 = __importDefault(__webpack_require__(923));
+const AbilityMatch_1 = __importDefault(__webpack_require__(909));
+const AbilityParser_1 = __importDefault(__webpack_require__(189));
+class AbilityRuleSet {
+    state = AbilityMatch_1.default.PENDING;
     /**
-     * Create the rule to compare
-     *
-     * @param ruleName {string} - The rule name
-     * @param effect {AbilityRuleStatus} - Return value
-     * @param matches {AbilityRuleMatches} - The matching rule he matching rule can be on of the format:
-     * \
-     * For example, be compared two's data\
-     * \
-     * _The subject_
-     * ```json
-     * {"userID": "1", "userDepartament": "NBC"}
-     * ```
-     * and _The resource_
-     * ```json
-     * {"departamentID": "154", "departamentName": "NBC"}
-     * ```
-     * \
-     * Now we can make the matching rule:
-     * ```json
-     * ["subject.userDepartament", "=", "resource.departamentName"]
-     * ```
-     *
-     * \
-     * **Example 2.**\
-     * In this case will be compared resource and string:
-     * \
-     * _The subject_
-     * ```json
-     * {"userID": "1", "userDepartament": "NBC"}
-     * ```
-     * and _The resource_ will be «undefined».\
-     * Now we can make the matching rule:
-     * ```json
-     * ["subject.userDepartament", "=", "NBC"]
-     * ```
-     * \
-     * **Example 3.**\
-     * In this case will be compared resource and array of string:\
-     * \
-     * _The subject_
-     * ```json
-     * {"userID": "1", "userDepartament": "NBC"}
-     * ```
-     * and _The resource_
-     * ```json
-     * ["FOX", "NBC", "AONE"]
-     * ```
-     * \
-     * Now we can make the matching rule:
-     * ```json
-     * ["subject.userDepartament", "=", "resource"]
-     * ```
-     * **Note: In this rule whe set the resource field as the «resource» string.\
-     * This means that we will compare the entire resource as a whole,\
-     * and not search for it by field name.**
+     * List of rules
      */
-    createRule(...args) {
-        return new AbilityRule_1.default(...args);
-    }
+    rules = [];
+    /**
+     * Rules compare method.\
+     * For the «and» method the rule will be permitted if all\
+     * rules will be returns «permit» status and for the «or» - if\
+     * one of the rules returns as «permit»
+     */
+    compareMethod = AbilityCompare_1.default.AND;
     /**
-     * Create the Policy class instance
+     * Group name
      */
-    createPolicy(...args) {
-        return new AbilityPolicy_1.default(...args);
-    }
-    checkPolicies(policiesResult, compareMethod) {
-        const deniedRules = [];
-        const deniedPolicies = [];
-        const statuses = [];
-        policiesResult.forEach(policyResult => {
-            statuses.push(policyResult.permission);
-            if (policyResult.permission === 'deny') {
-                policyResult.deniedRules.forEach(rule => {
-                    deniedRules.push(rule);
-                });
-                policyResult.deniedRules.forEach(st => {
-                    deniedRules.push(st);
-                });
+    name;
+    /**
+     * Group ID
+     */
+    id;
+    constructor(params) {
+        const { name, id } = params || {};
+        this.name = name || Symbol('name');
+        this.id = id || Symbol('id');
+    }
+    addRule(rule, compareMethod) {
+        this.rules.push(rule);
+        this.compareMethod = compareMethod;
+        return this;
+    }
+    addRules(rules, compareMethod) {
+        rules.forEach(rule => this.addRule(rule, compareMethod));
+        return this;
+    }
+    check(resources) {
+        this.state = AbilityMatch_1.default.MISMATCH;
+        if (!this.rules.length) {
+            return this.state;
+        }
+        const ruleCheckStates = this.rules.reduce((collect, rule) => {
+            return collect.concat(rule.check(resources));
+        }, []);
+        if (AbilityCompare_1.default.AND.isEqual(this.compareMethod)) {
+            if (ruleCheckStates.every(ruleState => AbilityMatch_1.default.MATCH.isEqual(ruleState))) {
+                this.state = AbilityMatch_1.default.MATCH;
             }
+        }
+        if (AbilityCompare_1.default.OR.isEqual(this.compareMethod)) {
+            if (ruleCheckStates.some(ruleState => AbilityMatch_1.default.MATCH.isEqual(ruleState))) {
+                this.state = AbilityMatch_1.default.MATCH;
+            }
+        }
+        return this.state;
+    }
+    /**
+     * Parse the config JSON format to Group class instance
+     */
+    static parse(configOrJson) {
+        const config = AbilityParser_1.default.prepareAndValidateConfig(configOrJson, [
+            ['id', 'string', false],
+            ['name', 'string', true],
+            ['compareMethod', 'number', true],
+            ['rules', 'array', true],
+        ]);
+        const { id, name, rules, compareMethod } = config;
+        const ruleSet = new AbilityRuleSet({
+            name,
+            id,
         });
-        const permission = statuses[compareMethod === 'and' ? 'every' : 'some'](status => status === 'permit')
-            ? 'permit'
-            : 'deny';
+        ruleSet.compareMethod = new AbilityCompare_1.default(compareMethod);
+        // Adding rules if exists
+        if (rules && rules.length > 0) {
+            const abilityRules = rules.map(ruleConfig => AbilityRule_1.default.parse(ruleConfig));
+            ruleSet.addRules(abilityRules, ruleSet.compareMethod);
+        }
+        return ruleSet;
+    }
+    export() {
         return {
-            permission,
-            deniedRules,
-            deniedPolicies,
+            id: this.id.toString(),
+            name: this.name.toString(),
+            compareMethod: this.compareMethod.code,
+            rules: this.rules.map(rule => rule.export()),
         };
     }
-    enforcePolicies(policiesResult, compareMethod) {
-        const { permission, deniedRules } = this.checkPolicies(policiesResult, compareMethod);
-        if (permission === 'deny') {
-            throw new Error(`Permission denied. ${deniedRules[0].getName().toString()}`);
-        }
-    }
 }
-exports["default"] = AbilityService;
+exports.AbilityRuleSet = AbilityRuleSet;
+exports["default"] = AbilityRuleSet;
 /***/ }),
@@ -550,15 +794,18 @@ var __createBinding = (this && this.__createBinding) || (Object.create ? (functi
 var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", ({ value: true }));
-const AbilityService_1 = __importDefault(__webpack_require__(31));
+__exportStar(__webpack_require__(19), exports);
+__exportStar(__webpack_require__(923), exports);
+__exportStar(__webpack_require__(261), exports);
+__exportStar(__webpack_require__(122), exports);
+__exportStar(__webpack_require__(909), exports);
+__exportStar(__webpack_require__(189), exports);
 __exportStar(__webpack_require__(844), exports);
-__exportStar(__webpack_require__(31), exports);
+__exportStar(__webpack_require__(277), exports);
+__exportStar(__webpack_require__(668), exports);
 __exportStar(__webpack_require__(476), exports);
-exports["default"] = AbilityService_1.default;
+__exportStar(__webpack_require__(402), exports);
 /***/ })