@via-profit/ability 1.1.0 → 2.0.0-rc.3

package/dist/index.js

@@ -2,6 +2,254 @@
 /******/ 	"use strict";
 /******/ 	var __webpack_modules__ = ({
 
+/***/ 19:
+/***/ ((__unused_webpack_module, exports) => {
+
+
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.AbilityCode = void 0;
+class AbilityCode {
+    code;
+    constructor(code) {
+        this.code = code;
+    }
+    isEqual(compareWith) {
+        return compareWith !== null && this.code === compareWith.code;
+    }
+    isNotEqual(compareWith) {
+        return !this.isEqual(compareWith);
+    }
+}
+exports.AbilityCode = AbilityCode;
+exports["default"] = AbilityCode;
+
+
+/***/ }),
+
+/***/ 923:
+/***/ (function(__unused_webpack_module, exports, __webpack_require__) {
+
+
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.AbilityCompare = void 0;
+const AbilityCode_1 = __importDefault(__webpack_require__(19));
+class AbilityCompare extends AbilityCode_1.default {
+    static OR = new AbilityCompare(0);
+    static AND = new AbilityCompare(1);
+}
+exports.AbilityCompare = AbilityCompare;
+exports["default"] = AbilityCompare;
+
+
+/***/ }),
+
+/***/ 261:
+/***/ (function(__unused_webpack_module, exports, __webpack_require__) {
+
+
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.AbilityCondition = void 0;
+const AbilityCode_1 = __importDefault(__webpack_require__(19));
+class AbilityCondition extends AbilityCode_1.default {
+    static EQUAL = new AbilityCondition('=');
+    static NOT_EQUAL = new AbilityCondition('<>');
+    static MORE_THAN = new AbilityCondition('>');
+    static LESS_THAN = new AbilityCondition('<');
+    static LESS_OR_EQUAL = new AbilityCondition('<=');
+    static MORE_OR_EQUAL = new AbilityCondition('>=');
+    static IN = new AbilityCondition('in');
+    static NOT_IN = new AbilityCondition('not in');
+}
+exports.AbilityCondition = AbilityCondition;
+exports["default"] = AbilityCondition;
+
+
+/***/ }),
+
+/***/ 122:
+/***/ ((__unused_webpack_module, exports) => {
+
+
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.PermissionError = exports.AbilityParserError = exports.AbilityError = void 0;
+class AbilityError extends Error {
+    constructor(message) {
+        super(message);
+    }
+}
+exports.AbilityError = AbilityError;
+class AbilityParserError extends Error {
+    constructor(message) {
+        super(message);
+    }
+}
+exports.AbilityParserError = AbilityParserError;
+class PermissionError extends Error {
+    constructor(message) {
+        super(message);
+    }
+}
+exports.PermissionError = PermissionError;
+
+
+/***/ }),
+
+/***/ 909:
+/***/ (function(__unused_webpack_module, exports, __webpack_require__) {
+
+
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.AbilityMatch = void 0;
+const AbilityCode_1 = __importDefault(__webpack_require__(19));
+class AbilityMatch extends AbilityCode_1.default {
+    static PENDING = new AbilityMatch(2);
+    static MATCH = new AbilityMatch(1);
+    static MISMATCH = new AbilityMatch(0);
+}
+exports.AbilityMatch = AbilityMatch;
+exports["default"] = AbilityMatch;
+
+
+/***/ }),
+
+/***/ 189:
+/***/ (function(__unused_webpack_module, exports, __webpack_require__) {
+
+
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.AbilityParser = void 0;
+const AbilityError_1 = __webpack_require__(122);
+const AbilityCondition_1 = __importDefault(__webpack_require__(261));
+class AbilityParser {
+    /**
+     * Validates the configuration object based on the provided field validation configurations.
+     * @param config - The configuration object to validate.
+     * @param fields - An array of field validation configurations.
+     * @throws {AbilityParserError} If a required field is missing or if a field has an incorrect type.
+     */
+    static validateConfig(config, fields) {
+        fields.forEach(([field, type, isRequired]) => {
+            const value = config[field];
+            if (isRequired) {
+                if (typeof value === 'undefined') {
+                    throw new AbilityError_1.AbilityParserError(`Missing required field [${field}]`);
+                }
+            }
+            switch (type) {
+                case 'array':
+                    if (typeof value !== 'object' || !Array.isArray(value)) {
+                        throw new AbilityError_1.AbilityParserError(`Field [${field}] must be an type of [${type}], bit got [${typeof value}]`);
+                    }
+                    break;
+                default:
+                    if (typeof value !== type && typeof value !== 'undefined') {
+                        throw new AbilityError_1.AbilityParserError(`Field [${field}] must be a type of [${type}], bit got [${typeof value}]`);
+                    }
+                    break;
+            }
+        });
+    }
+    /**
+     * Prepares and validates the configuration object or JSON string.
+     * @param configOrJson - The configuration object or JSON string to validate.
+     * @param fields - An array of field validation configurations.
+     * @returns The validated configuration object.
+     */
+    static prepareAndValidateConfig(configOrJson, fields) {
+        const config = typeof configOrJson === 'string'
+            ? (JSON.parse(configOrJson))
+            : configOrJson;
+        AbilityParser.validateConfig(config, fields);
+        return config;
+    }
+    /*
+    *
+    *  readonly ['order.update']: {
+    *     readonly user: {
+    *       readonly roles: readonly string[];
+    *       readonly department: string;
+    *     };
+    *     readonly order: {
+    *       readonly estimatedArrivalAt: number;
+    *       readonly status: string;
+    *     }
+    *  }
+    *
+    * */
+    /**
+     * Sets a value in a nested object structure based on a dot/bracket notation path.
+     * @param object - The target object to modify.
+     * @param path - The path to the property in dot/bracket notation.
+     * @param value - The value to set at the specified path.
+     */
+    static setValueDotValue(object, path, value) {
+        const way = path.replace(/\[/g, '.').replace(/\]/g, '').split('.');
+        const last = way.pop();
+        if (!last) {
+            throw new AbilityError_1.AbilityParserError(`Invalid path provided on a [${path}]`);
+        }
+        way.reduce((o, k, i, kk) => {
+            if (!o[k]) {
+                o[k] = isFinite(Number(kk[i + 1])) ? [] : {};
+            }
+            return o[k];
+        }, object)[last] = value;
+    }
+    /**
+     * Generates TypeScript type definitions based on the provided policies.
+     * @param policies - An array of AbilityPolicy instances.
+     * @param outPath - The output path for the generated type definitions.
+     * @returns A record containing the generated type definitions.
+     */
+    static generateTypeDefs(policies, outPath) {
+        const record = {};
+        policies.forEach(policy => {
+            policy.ruleSet.forEach(ruleSet => {
+                ruleSet.rules.forEach(rule => {
+                    const [leftFieldPath, condition, rightFiledPath] = rule.matches;
+                    let value = 'any';
+                    switch (true) {
+                        case condition.isEqual(AbilityCondition_1.default.NOT_EQUAL):
+                        case condition.isEqual(AbilityCondition_1.default.EQUAL):
+                            value = typeof rightFiledPath;
+                            break;
+                        case condition.isEqual(AbilityCondition_1.default.IN):
+                        case condition.isEqual(AbilityCondition_1.default.NOT_IN):
+                            value = `${typeof rightFiledPath}[]`;
+                            break;
+                        case condition.isEqual(AbilityCondition_1.default.MORE_OR_EQUAL):
+                        case condition.isEqual(AbilityCondition_1.default.MORE_THAN):
+                        case condition.isEqual(AbilityCondition_1.default.LESS_OR_EQUAL):
+                        case condition.isEqual(AbilityCondition_1.default.LESS_THAN):
+                            value = 'number';
+                            break;
+                    }
+                    AbilityParser.setValueDotValue(record, leftFieldPath, value);
+                });
+            });
+        });
+        console.log(JSON.stringify(record));
+        return record;
+    }
+}
+exports.AbilityParser = AbilityParser;
+exports["default"] = AbilityParser;
+
+
+/***/ }),
+
 /***/ 844:
 /***/ (function(__unused_webpack_module, exports, __webpack_require__) {
 
@@ -11,184 +259,129 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", ({ value: true }));
 exports.AbilityPolicy = void 0;
-const AbilityRule_1 = __importDefault(__webpack_require__(476));
+const AbilityRuleSet_1 = __importDefault(__webpack_require__(402));
+const AbilityMatch_1 = __importDefault(__webpack_require__(909));
+const AbilityCompare_1 = __importDefault(__webpack_require__(923));
+const AbilityPolicyEffect_1 = __importDefault(__webpack_require__(277));
+const AbilityParser_1 = __importDefault(__webpack_require__(189));
 class AbilityPolicy {
+    matchState = AbilityMatch_1.default.PENDING;
     /**
      * List of rules
      */
-    rules = [];
+    ruleSet = [];
     /**
-     * Nested policies
+     * Policy effect
      */
-    policies = [];
+    effect;
     /**
      * Rules compare method.\
      * For the «and» method the rule will be permitted if all\
      * rules will be returns «permit» status and for the «or» - if\
      * one of the rules returns as «permit»
      */
-    rulesCompareMethod = 'and';
-    /**
-     * Policies compare method.\
-     * For the «and» method the policy will be permitted if all\
-     * policies will be returns «permit» status and for the «or» - if\
-     * one of the policies returns as «permit»
-     */
-    policiesCompareMethod = 'and';
+    compareMethod = AbilityCompare_1.default.AND;
     /**
      * Policy name
      */
     name;
-    /**
-     * Policy description
-     */
-    description = null;
     /**
      * Policy ID
      */
     id;
-    constructor(policyName, policyID, description) {
-        this.name = policyName || Symbol('name');
-        this.id = policyID || Symbol('id');
-        this.description = typeof description === 'string' ? description : null;
-    }
-    addRule(rule, compareMethod = 'and') {
-        this.rules.push(rule);
-        this.rulesCompareMethod = compareMethod;
-        return this;
-    }
-    addRules(rules, compareMethod = 'and') {
-        rules.forEach(rule => this.addRule(rule, compareMethod));
-        return this;
-    }
-    addPolicy(policy, compareMethod = 'and') {
-        this.policies.push(policy);
-        this.policiesCompareMethod = compareMethod;
-        return this;
+    /**
+     * Soon
+     */
+    action;
+    constructor(params) {
+        const { name, id, action, effect } = params;
+        this.name = name;
+        this.id = id;
+        this.action = action;
+        this.effect = effect;
     }
-    addPolicies(policies, compareMethod = 'and') {
-        policies.forEach(policy => this.addPolicy(policy, compareMethod));
+    /**
+     * Add rule set to the policy
+     * @param ruleSet - The rule set to add
+     */
+    addRuleSet(ruleSet) {
+        this.ruleSet.push(ruleSet);
         return this;
     }
-    getName() {
-        return this.name;
-    }
-    getID() {
-        return this.id;
-    }
-    getPolicies() {
-        return this.policies;
-    }
-    getRules() {
-        return this.rules;
-    }
-    setDescription(description) {
-        this.description = description;
+    /**
+     * Add rule to the policy
+     * @param rule - The rule to add
+     */
+    addRule(rule) {
+        this.addRuleSet(new AbilityRuleSet_1.default({
+            id: rule.id,
+            name: rule.name,
+        }).addRule(rule, AbilityCompare_1.default.AND));
         return this;
     }
-    enforce(subject, resource, environment) {
-        const { permission, deniedPolicies } = this.check(subject, resource, environment);
-        if (permission === 'deny') {
-            throw new Error(`Permission denied. ${deniedPolicies[0].getName().toString()}`);
-        }
-    }
-    isPermit(subject, resource, environment) {
-        const { permission } = this.check(subject, resource, environment);
-        return permission === 'permit';
-    }
-    isDeny(subject, resource, environment) {
-        const { permission } = this.check(subject, resource, environment);
-        return permission === 'deny';
-    }
-    check(subject, resource, environment) {
-        const deniedRules = [];
-        const deniedPolicies = [];
-        const ruleStatuses = [];
-        const policyStatuses = [];
-        AbilityPolicy.validatePolicy(this);
-        this.policies.forEach(policy => {
-            const policyResult = policy.check(subject, resource, environment);
-            policyStatuses.push(policyResult.permission);
-            if (policyResult.permission === 'deny') {
-                deniedPolicies.push(policy);
-            }
-            policyResult.deniedRules.forEach(rule => {
-                deniedRules.push(rule);
+    /**
+     * Check if the policy is matched
+     * @param resource - The resource to check
+     */
+    check(resource) {
+        this.matchState = AbilityMatch_1.default.MISMATCH;
+        /**
+         * If policy contain a rules
+         */
+        if (this.ruleSet.length) {
+            const ruleCheckStates = [];
+            this.ruleSet.forEach(rule => {
+                const ruleCheckState = rule.check(resource);
+                ruleCheckStates.push(ruleCheckState);
             });
-        });
-        this.rules.forEach(rule => {
-            const permission = rule.check(subject, resource, environment);
-            ruleStatuses.push(permission);
-            if (permission === 'deny') {
-                deniedRules.push(rule);
-                deniedPolicies.push(this);
+            if (AbilityCompare_1.default.AND.isEqual(this.compareMethod)) {
+                if (ruleCheckStates.every(ruleState => AbilityMatch_1.default.MATCH.isEqual(ruleState))) {
+                    this.matchState = AbilityMatch_1.default.MATCH;
+                }
+            }
+            if (AbilityCompare_1.default.OR.isEqual(this.compareMethod)) {
+                if (ruleCheckStates.some(ruleState => AbilityMatch_1.default.MATCH.isEqual(ruleState))) {
+                    this.matchState = AbilityMatch_1.default.MATCH;
+                }
             }
-        });
-        let res = 'deny';
-        if (policyStatuses.length) {
-            res = policyStatuses[this.policiesCompareMethod === 'and' ? 'every' : 'some'](status => status === 'permit')
-                ? 'permit'
-                : 'deny';
-        }
-        if (ruleStatuses.length) {
-            res = ruleStatuses[this.rulesCompareMethod === 'and' ? 'every' : 'some'](status => status === 'permit')
-                ? 'permit'
-                : 'deny';
         }
-        return {
-            permission: res,
-            deniedRules,
-            deniedPolicies,
-        };
+        return this.matchState;
     }
     /**
      * Parse the config JSON format to Policy class instance
      */
     static parse(configOrJson) {
-        const { id, name, description, rules, policies, rulesCompareMethod, policiesCompareMethod } = typeof configOrJson === 'string'
-            ? JSON.parse(configOrJson)
-            : configOrJson;
+        const config = AbilityParser_1.default.prepareAndValidateConfig(configOrJson, [
+            ['id', 'string', true],
+            ['name', 'string', true],
+            ['action', 'string', true],
+            ['effect', 'number', true],
+            ['compareMethod', 'number', true],
+            ['ruleSet', 'array', true],
+        ]);
+        const { id, name, ruleSet, compareMethod, action, effect } = config;
         // Create the empty policy
-        const policy = new AbilityPolicy(name, id, description);
-        if (policiesCompareMethod) {
-            policy.policiesCompareMethod = policiesCompareMethod;
-        }
-        if (rulesCompareMethod) {
-            policy.rulesCompareMethod = rulesCompareMethod;
-        }
-        if (description) {
-            policy.setDescription(description);
-        }
-        // Adding rules if exists
-        if (rules && rules.length > 0) {
-            const abilityRules = rules.map(ruleConfig => AbilityRule_1.default.parse(ruleConfig));
-            policy.addRules(abilityRules, rulesCompareMethod);
-        }
-        // Adding policies if exixts
-        if (policies && policies.length > 0) {
-            const nestedPolicies = policies.map(nestedConfig => AbilityPolicy.parse(nestedConfig));
-            policy.addPolicies(nestedPolicies, policiesCompareMethod);
-        }
+        const policy = new AbilityPolicy({
+            name,
+            id,
+            action,
+            effect: new AbilityPolicyEffect_1.default(effect),
+        });
+        policy.compareMethod = new AbilityCompare_1.default(compareMethod);
+        ruleSet.forEach(ruleSetConfig => {
+            policy.addRuleSet(AbilityRuleSet_1.default.parse(ruleSetConfig));
+        });
         return policy;
     }
-    static export(policy) {
-        const config = {
-            id: policy.id.toString(),
-            name: policy.name.toString(),
-            rulesCompareMethod: policy.rulesCompareMethod,
-            policiesCompareMethod: policy.policiesCompareMethod,
-            policies: policy.policies ? policy.policies.map(p => AbilityPolicy.export(p)) : undefined,
-            rules: policy.rules ? policy.rules.map(rule => AbilityRule_1.default.export(rule)) : undefined,
+    export() {
+        return {
+            id: this.id.toString(),
+            name: this.name.toString(),
+            compareMethod: this.compareMethod.code,
+            ruleSet: this.ruleSet.map(rule => rule.export()),
+            action: this.action,
+            effect: this.effect.code,
         };
-        return config;
-    }
-    static validatePolicy(policy) {
-        if (policy.policies.length > 0 && policy.rules.length > 0) {
-            throw new Error("The policy can't have a policies and rules at the same time");
-        }
-        if (policy.policies.length === 0 && policy.rules.length === 0) {
-            throw new Error('The policy must have a nested policies or rules');
-        }
     }
 }
 exports.AbilityPolicy = AbilityPolicy;
@@ -197,129 +390,168 @@ exports["default"] = AbilityPolicy;
 
 /***/ }),
 
-/***/ 476:
-/***/ ((__unused_webpack_module, exports) => {
+/***/ 277:
+/***/ (function(__unused_webpack_module, exports, __webpack_require__) {
 
 
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", ({ value: true }));
-exports.AbilityRule = void 0;
-class AbilityRule {
-    matches;
-    name;
-    effect;
+exports.AbilityPolicyEffect = void 0;
+const AbilityCode_1 = __importDefault(__webpack_require__(19));
+class AbilityPolicyEffect extends AbilityCode_1.default {
+    static DENY = new AbilityPolicyEffect(0);
+    static PERMIT = new AbilityPolicyEffect(1);
+}
+exports.AbilityPolicyEffect = AbilityPolicyEffect;
+exports["default"] = AbilityPolicyEffect;
+
+
+/***/ }),
+
+/***/ 668:
+/***/ (function(__unused_webpack_module, exports, __webpack_require__) {
+
+
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.AbilityResolver = void 0;
+const AbilityPolicyEffect_1 = __importDefault(__webpack_require__(277));
+const AbilityMatch_1 = __importDefault(__webpack_require__(909));
+const AbilityError_1 = __webpack_require__(122);
+class AbilityResolver {
+    policies;
+    constructor(policies) {
+        this.policies = policies;
+    }
     /**
-     * Create the rule to compare
-     *
-     * @param ruleName {string} - The rule name
-     * @param effect {AbilityRuleStatus} - Return value
-     * @param matches {AbilityRuleMatches} - The matching rule he matching rule can be on of the format:
-     * \
-     * For example, be compared two's data\
-     * \
-     * _The subject_
-     * ```json
-     * {"userID": "1", "userDepartament": "NBC"}
-     * ```
-     * and _The resource_
-     * ```json
-     * {"departamentID": "154", "departamentName": "NBC"}
-     * ```
-     * \
-     * Now we can make the matching rule:
-     * ```json
-     * ["subject.userDepartament", "=", "resource.departamentName"]
-     * ```
+     * Resolve policy for the resource and action
      *
-     * \
-     * **Example 2.**\
-     * In this case will be compared resource and string:
-     * \
-     * _The subject_
-     * ```json
-     * {"userID": "1", "userDepartament": "NBC"}
-     * ```
-     * and _The resource_ will be «undefined».\
-     * Now we can make the matching rule:
-     * ```json
-     * ["subject.userDepartament", "=", "NBC"]
-     * ```
-     * \
-     * **Example 3.**\
-     * In this case will be compared resource and array of string:\
-     * \
-     * _The subject_
-     * ```json
-     * {"userID": "1", "userDepartament": "NBC"}
-     * ```
-     * and _The resource_
-     * ```json
-     * ["FOX", "NBC", "AONE"]
-     * ```
-     * \
-     * Now we can make the matching rule:
-     * ```json
-     * ["subject.userDepartament", "=", "resource"]
-     * ```
-     * **Note: In this rule whe set the resource field as the «resource» string.\
-     * This means that we will compare the entire resource as a whole,\
-     * and not search for it by field name.**
-     * \
-     * **Example 4.**\
-     * In this case will be compared resource and array of string:\
-     * \
-     * _The subject_
-     * ```json
-     * {"user": {"account": {"roles": ["admin", "viewer"]}}}
-     * ```
-     * and _The resource_
-     * ```json
-     * undefined
-     * ```
-     * \
-     * Now we can make the matching rule:
-     * ```json
-     * ["subject.user.account.roles", "in", "admin"]
+     @param action - Action
+     * @param resource - Resource
      */
-    constructor(matches, effect = 'permit', ruleName) {
-        this.name = ruleName || Symbol('name');
-        this.effect = effect;
-        this.matches = matches;
+    resolve(action, resource) {
+        const filteredPolicies = this.policies.filter(policy => {
+            return AbilityResolver.isInActionContain(policy.action, String(action));
+        });
+        filteredPolicies.map(policy => policy.check(resource));
+        this.policies = filteredPolicies;
+        return this;
     }
-    getName() {
-        return this.name;
+    enforce(action, resource) {
+        const resolver = this.resolve(action, resource);
+        if (resolver) {
+            if (resolver.isDeny()) {
+                throw new AbilityError_1.PermissionError(resolver.getPolicy()?.name?.toString() || 'Unknown permission error');
+            }
+        }
     }
+    /**
+     * Get the last effect of the policy
+     *
+     * @returns {AbilityPolicyEffect | null}
+     */
     getEffect() {
-        return this.effect;
+        const effects = this.policies.reduce((collect, policy, _index) => {
+            if (policy.matchState.isEqual(AbilityMatch_1.default.MATCH)) {
+                return collect.concat(policy.effect);
+            }
+            return collect;
+        }, []);
+        if (effects.length) {
+            return effects[effects.length - 1];
+        }
+        return null;
     }
-    isPermit(subject, resource, environment) {
-        return 'permit' === this.check(subject, resource, environment);
+    isPermit() {
+        const effect = this.getEffect();
+        return effect !== null && effect.isEqual(AbilityPolicyEffect_1.default.PERMIT);
     }
-    isDeny(subject, resource, environment) {
-        return 'deny' === this.check(subject, resource, environment);
+    isDeny() {
+        const effect = this.getEffect();
+        return effect !== null && effect.isEqual(AbilityPolicyEffect_1.default.DENY);
+    }
+    getPolicy() {
+        const lastPolicy = this.policies.length ? this.policies[this.policies.length - 1] : null;
+        return lastPolicy && lastPolicy.matchState.isEqual(AbilityMatch_1.default.MATCH) ? lastPolicy : null;
+    }
+    /**
+     * Check if the action is contained in another action
+     * @param actionA - The first action to check
+     * @param actionB - The second action to check
+     */
+    static isInActionContain(actionA, actionB) {
+        const actionAArray = String(actionA).split('.');
+        const actionBArray = String(actionB).split('.');
+        const a = actionAArray.length >= actionBArray.length ? actionAArray : actionBArray;
+        const b = actionBArray.length >= actionAArray.length ? actionBArray : actionAArray;
+        return a
+            .reduce((acc, chunk, index) => {
+            const iterationRes = chunk === b[index] || b[index] === '*' || chunk === '*';
+            return acc.concat(iterationRes);
+        }, [])
+            .every(Boolean);
+    }
+}
+exports.AbilityResolver = AbilityResolver;
+exports["default"] = AbilityResolver;
+
+
+/***/ }),
+
+/***/ 476:
+/***/ (function(__unused_webpack_module, exports, __webpack_require__) {
+
+
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.AbilityRule = void 0;
+const AbilityMatch_1 = __importDefault(__webpack_require__(909));
+const AbilityCondition_1 = __importDefault(__webpack_require__(261));
+const AbilityParser_1 = __importDefault(__webpack_require__(189));
+class AbilityRule {
+    matches;
+    name;
+    id;
+    state = AbilityMatch_1.default.PENDING;
+    constructor(params) {
+        const { id, name, matches } = params;
+        this.id = id;
+        this.name = name;
+        this.matches = matches;
     }
-    check(subject, resource, environment) {
-        const [_subjectFieldName, condition, _resourceFieldName] = this.matches;
+    /**
+     * Check if the rule is matched
+     * @param resource - The resource to check
+     */
+    check(resource) {
+        const [_subjectPathName, condition, _staticValueOrPathName] = this.matches;
         let is = false;
-        const [valueS, valueO] = this.extractValues(subject, resource, environment);
-        if (condition === '<') {
+        const [valueS, valueO] = this.extractValues(resource);
+        if (AbilityCondition_1.default.LESS_THAN.isEqual(condition)) {
             is = Number(valueS) < Number(valueO);
         }
-        if (condition === '<=') {
+        if (AbilityCondition_1.default.LESS_OR_EQUAL.isEqual(condition)) {
             is = Number(valueS) <= Number(valueO);
         }
-        if (condition === '>') {
+        if (AbilityCondition_1.default.MORE_THAN.isEqual(condition)) {
             is = Number(valueS) > Number(valueO);
         }
-        if (condition === '>=') {
+        if (AbilityCondition_1.default.MORE_OR_EQUAL.isEqual(condition)) {
             is = Number(valueS) >= Number(valueO);
         }
-        if (condition === '=') {
+        if (AbilityCondition_1.default.EQUAL.isEqual(condition)) {
             is = valueS === valueO;
         }
-        if (condition === '<>') {
+        if (AbilityCondition_1.default.NOT_EQUAL.isEqual(condition)) {
             is = valueS !== valueO;
         }
-        if (condition === 'in') {
+        if (AbilityCondition_1.default.IN.isEqual(condition)) {
             // [<some>] and [<some>]
             if (Array.isArray(valueS) && Array.isArray(valueO)) {
                 is = valueS.some(v => valueO.find(v1 => v1 === v));
@@ -333,41 +565,53 @@ class AbilityRule {
                 is = valueS.includes(valueO);
             }
         }
-        return is ? this.effect : this.effect === 'permit' ? 'deny' : 'permit';
-    }
-    extractValues(sub, res, env) {
-        const [subjectFieldName, _condition, resourceFieldName] = this.matches;
-        const REGEXP = /^(subject|resource|environment)\./;
-        //  The subject field must be named at «subject.<field-name>»
-        if (!subjectFieldName.match(/^(subject|environment)\./)) {
-            throw new Error(`Matches error. The subject field must be named at «subject.<field-name>», but got ${subjectFieldName}`);
+        if (AbilityCondition_1.default.NOT_IN.isEqual(condition)) {
+            // [<some>] and [<some>]
+            if (Array.isArray(valueS) && Array.isArray(valueO)) {
+                is = !valueS.some(v => valueO.find(v1 => v1 === v));
+            }
+            // <some> and [<some>]
+            if ((typeof valueS === 'string' || typeof valueS === 'number') && Array.isArray(valueO)) {
+                is = !valueO.includes(valueS);
+            }
+            // [<some>] and <some>
+            if ((typeof valueO === 'string' || typeof valueO === 'number') && Array.isArray(valueS)) {
+                is = !valueS.includes(valueO);
+            }
         }
-        const sFieldName = subjectFieldName.replace(/^(subject|environment)\./, '');
-        const subject = typeof sub === 'undefined' || sub === null ? {} : sub;
-        const resource = typeof res === 'undefined' || res === null ? {} : res;
-        const sValue = subject
-            ? this.getDotNotationValue(subjectFieldName.match(/^subject\./)
-                ? subject
-                : subjectFieldName.match(/^environment\./)
-                    ? env
-                    : {}, sFieldName)
-            : subject;
-        // The resource field name can be «resource».
-        // In this case the resource be compare as is
-        if (resourceFieldName === 'resource') {
-            return [sValue, resource];
+        this.state = is ? AbilityMatch_1.default.MATCH : AbilityMatch_1.default.MISMATCH;
+        return this.state;
+    }
+    /**
+     * Extract values from the resource
+     * @param resource - The resource to extract values from
+     */
+    extractValues(resource) {
+        const [subjectPathName, _condition, staticValueOrPathName] = this.matches;
+        let leftSideValue;
+        let rightSideValue;
+        if (resource === null || typeof resource === 'undefined') {
+            return [NaN, NaN];
         }
-        // Object field name - is a «resource.<field-name>»
-        if (resource && String(resourceFieldName).match(REGEXP)) {
-            const oFieldName = String(resourceFieldName).replace(REGEXP, '');
-            return [sValue, this.getDotNotationValue(resource, oFieldName)];
+        const isPath = (str) => {
+            return typeof str === 'string' && str.match(/\./g) !== null;
+        };
+        if (isPath(subjectPathName)) {
+            leftSideValue = this.getDotNotationValue(resource, subjectPathName);
         }
-        // The resource field abne can be «<some-value>» only
-        if (String(resourceFieldName).match(REGEXP) === null) {
-            return [sValue, resourceFieldName];
+        if (isPath(staticValueOrPathName)) {
+            rightSideValue = this.getDotNotationValue(resource, staticValueOrPathName);
         }
-        return [NaN, NaN];
+        else {
+            rightSideValue = staticValueOrPathName;
+        }
+        return [leftSideValue, rightSideValue];
     }
+    /**
+     * Get the value of the object by dot notation
+     * @param resource - The object to get the value from
+     * @param desc - The dot notation string
+     */
     getDotNotationValue(resource, desc) {
         const arr = desc.split('.');
         while (arr.length && resource) {
@@ -391,26 +635,30 @@ class AbilityRule {
         }
         return resource;
     }
-    /**
-     * Parsing the rule config object or JSON string\
-     * of config and returns the AbilityRule class instance
-     */
     static parse(configOrJson) {
-        const { name, effect, matches } = typeof configOrJson === 'string'
-            ? JSON.parse(configOrJson)
-            : configOrJson;
-        return new AbilityRule(matches, effect, name);
+        const config = AbilityParser_1.default.prepareAndValidateConfig(configOrJson, [
+            ['id', 'string', true],
+            ['name', 'string', true],
+            ['matches', 'array', true],
+        ]);
+        const { id, name, matches } = config;
+        const [leftField, condition, rightField] = matches;
+        return new AbilityRule({
+            id,
+            name,
+            matches: [leftField, new AbilityCondition_1.default(condition), rightField],
+        });
     }
     /**
      * Export the rule to config object
      */
-    static export(rule) {
-        const config = {
-            name: rule.name,
-            effect: rule.effect,
-            matches: rule.matches,
+    export() {
+        const [leftField, condition, rightField] = this.matches;
+        return {
+            id: this.id,
+            name: this.name,
+            matches: [leftField, condition.code, rightField],
         };
-        return config;
     }
 }
 exports.AbilityRule = AbilityRule;
@@ -419,7 +667,7 @@ exports["default"] = AbilityRule;
 
 /***/ }),
 
-/***/ 31:
+/***/ 402:
 /***/ (function(__unused_webpack_module, exports, __webpack_require__) {
 
 
@@ -427,107 +675,100 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.AbilityRuleSet = void 0;
 const AbilityRule_1 = __importDefault(__webpack_require__(476));
-const AbilityPolicy_1 = __importDefault(__webpack_require__(844));
-class AbilityService {
+const AbilityCompare_1 = __importDefault(__webpack_require__(923));
+const AbilityMatch_1 = __importDefault(__webpack_require__(909));
+const AbilityParser_1 = __importDefault(__webpack_require__(189));
+class AbilityRuleSet {
+    state = AbilityMatch_1.default.PENDING;
     /**
-     * Create the rule to compare
-     *
-     * @param ruleName {string} - The rule name
-     * @param effect {AbilityRuleStatus} - Return value
-     * @param matches {AbilityRuleMatches} - The matching rule he matching rule can be on of the format:
-     * \
-     * For example, be compared two's data\
-     * \
-     * _The subject_
-     * ```json
-     * {"userID": "1", "userDepartament": "NBC"}
-     * ```
-     * and _The resource_
-     * ```json
-     * {"departamentID": "154", "departamentName": "NBC"}
-     * ```
-     * \
-     * Now we can make the matching rule:
-     * ```json
-     * ["subject.userDepartament", "=", "resource.departamentName"]
-     * ```
-     *
-     * \
-     * **Example 2.**\
-     * In this case will be compared resource and string:
-     * \
-     * _The subject_
-     * ```json
-     * {"userID": "1", "userDepartament": "NBC"}
-     * ```
-     * and _The resource_ will be «undefined».\
-     * Now we can make the matching rule:
-     * ```json
-     * ["subject.userDepartament", "=", "NBC"]
-     * ```
-     * \
-     * **Example 3.**\
-     * In this case will be compared resource and array of string:\
-     * \
-     * _The subject_
-     * ```json
-     * {"userID": "1", "userDepartament": "NBC"}
-     * ```
-     * and _The resource_
-     * ```json
-     * ["FOX", "NBC", "AONE"]
-     * ```
-     * \
-     * Now we can make the matching rule:
-     * ```json
-     * ["subject.userDepartament", "=", "resource"]
-     * ```
-     * **Note: In this rule whe set the resource field as the «resource» string.\
-     * This means that we will compare the entire resource as a whole,\
-     * and not search for it by field name.**
+     * List of rules
      */
-    createRule(...args) {
-        return new AbilityRule_1.default(...args);
-    }
+    rules = [];
+    /**
+     * Rules compare method.\
+     * For the «and» method the rule will be permitted if all\
+     * rules will be returns «permit» status and for the «or» - if\
+     * one of the rules returns as «permit»
+     */
+    compareMethod = AbilityCompare_1.default.AND;
     /**
-     * Create the Policy class instance
+     * Group name
      */
-    createPolicy(...args) {
-        return new AbilityPolicy_1.default(...args);
-    }
-    checkPolicies(policiesResult, compareMethod) {
-        const deniedRules = [];
-        const deniedPolicies = [];
-        const statuses = [];
-        policiesResult.forEach(policyResult => {
-            statuses.push(policyResult.permission);
-            if (policyResult.permission === 'deny') {
-                policyResult.deniedRules.forEach(rule => {
-                    deniedRules.push(rule);
-                });
-                policyResult.deniedRules.forEach(st => {
-                    deniedRules.push(st);
-                });
+    name;
+    /**
+     * Group ID
+     */
+    id;
+    constructor(params) {
+        const { name, id } = params;
+        this.name = name;
+        this.id = id;
+    }
+    addRule(rule, compareMethod) {
+        this.rules.push(rule);
+        this.compareMethod = compareMethod;
+        return this;
+    }
+    addRules(rules, compareMethod) {
+        rules.forEach(rule => this.addRule(rule, compareMethod));
+        return this;
+    }
+    check(resources) {
+        this.state = AbilityMatch_1.default.MISMATCH;
+        if (!this.rules.length) {
+            return this.state;
+        }
+        const ruleCheckStates = this.rules.reduce((collect, rule) => {
+            return collect.concat(rule.check(resources));
+        }, []);
+        if (AbilityCompare_1.default.AND.isEqual(this.compareMethod)) {
+            if (ruleCheckStates.every(ruleState => AbilityMatch_1.default.MATCH.isEqual(ruleState))) {
+                this.state = AbilityMatch_1.default.MATCH;
             }
+        }
+        if (AbilityCompare_1.default.OR.isEqual(this.compareMethod)) {
+            if (ruleCheckStates.some(ruleState => AbilityMatch_1.default.MATCH.isEqual(ruleState))) {
+                this.state = AbilityMatch_1.default.MATCH;
+            }
+        }
+        return this.state;
+    }
+    /**
+     * Parse the config JSON format to Group class instance
+     */
+    static parse(configOrJson) {
+        const config = AbilityParser_1.default.prepareAndValidateConfig(configOrJson, [
+            ['id', 'string', true],
+            ['name', 'string', true],
+            ['compareMethod', 'number', true],
+            ['rules', 'array', true],
+        ]);
+        const { id, name, rules, compareMethod } = config;
+        const ruleSet = new AbilityRuleSet({
+            name,
+            id,
         });
-        const permission = statuses[compareMethod === 'and' ? 'every' : 'some'](status => status === 'permit')
-            ? 'permit'
-            : 'deny';
+        ruleSet.compareMethod = new AbilityCompare_1.default(compareMethod);
+        // Adding rules if exists
+        if (rules && rules.length > 0) {
+            const abilityRules = rules.map(ruleConfig => AbilityRule_1.default.parse(ruleConfig));
+            ruleSet.addRules(abilityRules, ruleSet.compareMethod);
+        }
+        return ruleSet;
+    }
+    export() {
         return {
-            permission,
-            deniedRules,
-            deniedPolicies,
+            id: this.id.toString(),
+            name: this.name.toString(),
+            compareMethod: this.compareMethod.code,
+            rules: this.rules.map(rule => rule.export()),
         };
     }
-    enforcePolicies(policiesResult, compareMethod) {
-        const { permission, deniedRules } = this.checkPolicies(policiesResult, compareMethod);
-        if (permission === 'deny') {
-            throw new Error(`Permission denied. ${deniedRules[0].getName().toString()}`);
-        }
-    }
 }
-exports["default"] = AbilityService;
+exports.AbilityRuleSet = AbilityRuleSet;
+exports["default"] = AbilityRuleSet;
 
 
 /***/ }),
@@ -550,15 +791,18 @@ var __createBinding = (this && this.__createBinding) || (Object.create ? (functi
 var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", ({ value: true }));
-const AbilityService_1 = __importDefault(__webpack_require__(31));
+__exportStar(__webpack_require__(19), exports);
+__exportStar(__webpack_require__(923), exports);
+__exportStar(__webpack_require__(261), exports);
+__exportStar(__webpack_require__(122), exports);
+__exportStar(__webpack_require__(909), exports);
+__exportStar(__webpack_require__(189), exports);
 __exportStar(__webpack_require__(844), exports);
-__exportStar(__webpack_require__(31), exports);
+__exportStar(__webpack_require__(277), exports);
+__exportStar(__webpack_require__(668), exports);
 __exportStar(__webpack_require__(476), exports);
-exports["default"] = AbilityService_1.default;
+__exportStar(__webpack_require__(402), exports);
 
 
 /***/ })