@via-profit/ability 3.2.0 → 3.3.0

package/SECURITY.md

@@ -1,33 +1,33 @@
-# Security Policy
-
-## Reporting a Vulnerability
-
-I take the security of `@via-profit/ability` seriously. If you discover a security vulnerability, please report it responsibly.
-
-### How to Report a Vulnerability
-
-**Please DO NOT create a public GitHub issue for security vulnerabilities.**
-
-Instead, send the details directly to me:
-
-- **Email**: [delhsmail@gmail.com](mailto:delhsmail@gmail.com)
-- **Author**: Vasily Novosad
-- **Timezone**: UTC+5 (for coordinating response time)
-
-### What to Include
-
-To help me address the issue quickly, please include:
-
-- Description of the vulnerability
-- Steps to reproduce (if applicable)
-- Potential impact
-- Suggestions for fixing (if any)
-
-### Process
-
-1. I will acknowledge your report within 48 hours
-2. I will assess the vulnerability
-3. Work on a fix will begin depending on severity
-4. After the fix is released, I will notify you and acknowledge your contribution (if you agree)
-
-Thank you for helping keep this project secure!
+# Security Policy
+
+## Reporting a Vulnerability
+
+I take the security of `@via-profit/ability` seriously. If you discover a security vulnerability, please report it responsibly.
+
+### How to Report a Vulnerability
+
+**Please DO NOT create a public GitHub issue for security vulnerabilities.**
+
+Instead, send the details directly to me:
+
+- **Email**: [delhsmail@gmail.com](mailto:delhsmail@gmail.com)
+- **Author**: Vasily Novosad
+- **Timezone**: UTC+5 (for coordinating response time)
+
+### What to Include
+
+To help me address the issue quickly, please include:
+
+- Description of the vulnerability
+- Steps to reproduce (if applicable)
+- Potential impact
+- Suggestions for fixing (if any)
+
+### Process
+
+1. I will acknowledge your report within 48 hours
+2. I will assess the vulnerability
+3. Work on a fix will begin depending on severity
+4. After the fix is released, I will notify you and acknowledge your contribution (if you agree)
+
+Thank you for helping keep this project secure!

package/dist/core/AbilityPolicy.d.ts

@@ -3,7 +3,7 @@ import AbilityMatch from './AbilityMatch';
 import AbilityCompare, { AbilityCompareCodeType } from './AbilityCompare';
 import AbilityPolicyEffect, { AbilityPolicyEffectCodeType } from './AbilityPolicyEffect';
 import { AbilityExplain } from './AbilityExplain';
-import { ResourceObject } from './AbilityParser';
+import { ResourceObject } from './AbilityTypeGenerator';
 export type AbilityPolicyConfig = {
     readonly permission: string;
     readonly effect: AbilityPolicyEffectCodeType;

package/dist/core/AbilityResolver.d.ts

@@ -1,6 +1,6 @@
 import AbilityPolicy from './AbilityPolicy';
 import { AbilityResult } from './AbilityResult';
-import { ResourcesMap } from './AbilityParser';
+import { ResourcesMap } from './AbilityTypeGenerator';
 import { AbilityCacheAdapter } from '../cache/AbilityCacheAdapter';
 export type AbilityResolverOptions = {
     readonly cache?: AbilityCacheAdapter | null;

package/dist/core/AbilityResult.d.ts

@@ -1,5 +1,5 @@
 import { AbilityExplain } from './AbilityExplain';
-import { ResourceObject } from './AbilityParser';
+import { ResourceObject } from './AbilityTypeGenerator';
 import AbilityPolicy from './AbilityPolicy';
 import AbilityPolicyEffect from './AbilityPolicyEffect';
 export declare class AbilityResult<Resource extends ResourceObject = Record<string, unknown>> {

package/dist/core/AbilityRuleSet.d.ts

@@ -1,7 +1,7 @@
 import AbilityRule, { AbilityRuleConfig } from './AbilityRule';
 import AbilityCompare, { AbilityCompareCodeType } from './AbilityCompare';
 import AbilityMatch from './AbilityMatch';
-import { ResourceObject } from './AbilityParser';
+import { ResourceObject } from './AbilityTypeGenerator';
 export type AbilityRuleSetConfig = {
     readonly id?: string | null;
     readonly name?: string | null;

package/dist/core/AbilityTypeGenerator.d.ts

@@ -0,0 +1,55 @@
+import AbilityPolicy from './AbilityPolicy';
+export type Primitive = string | number | boolean | null | undefined;
+export type NestedDict<T = Primitive> = {
+    [key: string]: NestedDict<T> | T;
+};
+export type ResourceObject = Record<string, unknown>;
+export type ResourcesMap = Record<string, ResourceObject>;
+export declare class AbilityTypeGenerator {
+    readonly policies: readonly AbilityPolicy[];
+    constructor(policies: readonly AbilityPolicy[]);
+    /**
+     * Generates TypeScript type definitions based on the provided policies.
+     * @returns A generated type definitions.
+     */
+    generateTypeDefs(): string;
+    /**
+     * Determines TypeScript type based on the rule
+     * @param rule - The rule to analyze
+     * @returns TypeScript type as string
+     */
+    private determineTypeFromRule;
+    /**
+     * Gets TypeScript type for array values
+     * @param resource - The resource value to analyze
+     * @returns TypeScript array type as string
+     */
+    private getArrayType;
+    /**
+     * Gets primitive TypeScript type for a value
+     * @param value - The value to analyze
+     * @returns TypeScript primitive type as string
+     */
+    private getPrimitiveType;
+    /**
+     * Builds nested structure from flat paths
+     * Example: 'user.profile.name' -> { user: { profile: { name: 'string' } } }
+     * @param flatStructure - Flat structure with dot notation paths
+     * @returns Nested object structure
+     */
+    private buildNestedStructure;
+    /**
+     * Formats type structure into a string
+     * @param structure - Nested type structure
+     * @returns Formatted TypeScript type definition string
+     */
+    private formatTypeDefinitions;
+    /**
+     * Recursively formats nested object
+     * @param obj - Object to format
+     * @param indent - Current indentation level
+     * @returns Formatted string
+     */
+    private formatNestedObject;
+}
+export default AbilityTypeGenerator;

package/dist/index.d.ts

@@ -3,7 +3,7 @@ export * from './core/AbilityCompare';
 export * from './core/AbilityCondition';
 export * from './core/AbilityError';
 export * from './core/AbilityMatch';
-export * from './core/AbilityParser';
+export * from './core/AbilityTypeGenerator';
 export * from './core/AbilityPolicy';
 export * from './core/AbilityPolicyEffect';
 export * from './core/AbilityResolver';

package/dist/index.js

@@ -94,56 +94,20 @@ class AbilityMatch extends AbilityCode {
     static mismatch = new AbilityMatch('mismatch');
 }
 
-class AbilityParser {
-    /**
-     * Sets a value in a nested object structure based on a dot/bracket notation path.
-     * @param object - The target object to modify.
-     * @param path - The path to the property in dot/bracket notation.
-     * @param value - The value to set at the specified path.
-     */
-    static setValueDotValue(object, path, value) {
-        if (!path || path.trim().length === 0) {
-            throw new AbilityParserError(`Invalid path provided on a [${path}]`);
-        }
-        const way = path.replace(/\[/g, '.').replace(/]/g, '').split('.');
-        const last = way.pop();
-        if (!last) {
-            throw new AbilityParserError(`Invalid path provided on a [${path}]`);
-        }
-        const lastObj = way.reduce((acc, key, index, array) => {
-            const currentValue = acc[key];
-            const nextKey = array[index + 1];
-            const shouldBeArray = nextKey !== undefined && isFinite(Number(nextKey));
-            if (currentValue === undefined || currentValue === null) {
-                // Create missing property
-                const newValue = shouldBeArray ? [] : {};
-                acc[key] = newValue;
-                return newValue;
-            }
-            if (typeof currentValue !== 'object') {
-                throw new AbilityParserError(`Cannot set property '${key}' on non-object value at path: ${path}`);
-            }
-            return currentValue;
-        }, object);
-        const existingValue = lastObj[last];
-        if (existingValue !== undefined &&
-            typeof existingValue === 'object' &&
-            existingValue !== null &&
-            !Array.isArray(existingValue)) {
-            throw new AbilityParserError(`Cannot set primitive value on existing object at path: ${path}`);
-        }
-        lastObj[last] = value;
+class AbilityTypeGenerator {
+    policies;
+    constructor(policies) {
+        this.policies = policies;
     }
     /**
      * Generates TypeScript type definitions based on the provided policies.
-     * @param policies - An array of AbilityPolicy instances.
      * @returns A generated type definitions.
      */
-    static generateTypeDefs(policies) {
+    generateTypeDefs() {
         // Structure to store types: { [action]: { [subjectPath]: type } }
         const typeStructure = {};
         // Iterate through all policies
-        policies.forEach(policy => {
+        this.policies.forEach(policy => {
             const action = policy.permission;
             // Initialize object for action if it doesn't exist
             if (!typeStructure[action]) {
@@ -175,7 +139,7 @@ class AbilityParser {
      * @param rule - The rule to analyze
      * @returns TypeScript type as string
      */
-    static determineTypeFromRule(rule) {
+    determineTypeFromRule(rule) {
         // Numeric comparisons - always number
         if (rule.condition.isEqual(AbilityCondition.greater_than) ||
             rule.condition.isEqual(AbilityCondition.less_than) ||
@@ -200,7 +164,7 @@ class AbilityParser {
      * @param resource - The resource value to analyze
      * @returns TypeScript array type as string
      */
-    static getArrayType(resource) {
+    getArrayType(resource) {
         if (Array.isArray(resource)) {
             if (resource.length === 0)
                 return 'any[]';
@@ -209,18 +173,18 @@ class AbilityParser {
             const elementType = elementTypes.size === 1
                 ? Array.from(elementTypes)[0]
                 : `(${Array.from(elementTypes).join(' | ')})`;
-            return `${elementType}[]`;
+            return `readonly ${elementType}[]`;
         }
         // If resource is not an array but condition is in/not_in,
         // it expects an array of such elements
-        return `${this.getPrimitiveType(resource)}[]`;
+        return `readonly ${this.getPrimitiveType(resource)}[]`;
     }
     /**
      * Gets primitive TypeScript type for a value
      * @param value - The value to analyze
      * @returns TypeScript primitive type as string
      */
-    static getPrimitiveType(value) {
+    getPrimitiveType(value) {
         if (value === null)
             return 'null';
         if (value === undefined)
@@ -247,7 +211,7 @@ class AbilityParser {
      * @param flatStructure - Flat structure with dot notation paths
      * @returns Nested object structure
      */
-    static buildNestedStructure(flatStructure) {
+    buildNestedStructure(flatStructure) {
         const result = {};
         Object.entries(flatStructure).forEach(([action, paths]) => {
             result[action] = {};
@@ -279,10 +243,9 @@ class AbilityParser {
      * @param structure - Nested type structure
      * @returns Formatted TypeScript type definition string
      */
-    static formatTypeDefinitions(structure) {
+    formatTypeDefinitions(structure) {
         let output = '// Automatically generated by via-profit/ability\n';
         output += '// Do not edit manually\n';
-        output += '\n/* eslint-disable */\n\n';
         output += 'export type Resources = {\n';
         // Sort actions for stable output
         const sortedActions = Object.keys(structure).sort();
@@ -300,7 +263,7 @@ class AbilityParser {
      * @param indent - Current indentation level
      * @returns Formatted string
      */
-    static formatNestedObject(obj, indent) {
+    formatNestedObject(obj, indent) {
         const spaces = ' '.repeat(indent);
         let output = '';
         // Sort keys for stable output
@@ -587,8 +550,12 @@ class AbilityResolver {
     async enforce(permission, resource, environment) {
         const result = await this.resolve(permission, resource, environment);
         if (result.isDenied()) {
-            const policyName = result.getLastMatchedPolicy()?.name?.toString() || 'unknown';
-            throw new AbilityError(`Permission denied by policy "${policyName}"`);
+            const lastPolicy = result.getLastMatchedPolicy();
+            if (lastPolicy) {
+                throw new AbilityError(`Permission denied by policy "${lastPolicy.name.toString()}"`);
+            }
+            // No policy matched → implicit deny
+            throw new AbilityError(`Permission denied: no matching policy found (implicit deny)`);
         }
     }
     /**
@@ -2235,7 +2202,6 @@ exports.AbilityExplainRuleSet = AbilityExplainRuleSet;
 exports.AbilityInMemoryCache = AbilityInMemoryCache;
 exports.AbilityJSONParser = AbilityJSONParser;
 exports.AbilityMatch = AbilityMatch;
-exports.AbilityParser = AbilityParser;
 exports.AbilityParserError = AbilityParserError;
 exports.AbilityPolicy = AbilityPolicy;
 exports.AbilityPolicyEffect = AbilityPolicyEffect;
@@ -2243,3 +2209,4 @@ exports.AbilityResolver = AbilityResolver;
 exports.AbilityResult = AbilityResult;
 exports.AbilityRule = AbilityRule;
 exports.AbilityRuleSet = AbilityRuleSet;
+exports.AbilityTypeGenerator = AbilityTypeGenerator;

package/dist/parsers/dsl/AbilityDSLParser.d.ts

@@ -1,5 +1,5 @@
 import AbilityPolicy from '../../core/AbilityPolicy';
-import { ResourceObject } from '../../core/AbilityParser';
+import { ResourceObject } from '../../core/AbilityTypeGenerator';
 /**
  * Parser for the Ability DSL.
  *

package/dist/parsers/json/AbilityJSONParser.d.ts

@@ -1,6 +1,6 @@
 import { AbilityRule, AbilityRuleConfig } from '../../core/AbilityRule';
 import { AbilityRuleSet, AbilityRuleSetConfig } from '../../core/AbilityRuleSet';
-import { ResourceObject } from '../../core/AbilityParser';
+import { ResourceObject } from '../../core/AbilityTypeGenerator';
 import { AbilityPolicy, AbilityPolicyConfig } from '../../core/AbilityPolicy';
 export declare class AbilityJSONParser {
     /**

package/package.json

@@ -1,73 +1,73 @@
-{
-  "name": "@via-profit/ability",
-  "support": "https://via-profit.ru",
-  "version": "3.2.0",
-  "description": "Via-Profit Ability service",
-  "keywords": [
-    "ability",
-    "access",
-    "via-profit"
-  ],
-  "main": "./dist/index.js",
-  "engines": {
-    "node": ">= 17.0.0",
-    "npm": ">= 8.19.3"
-  },
-  "files": [
-    "dist",
-    "README.md",
-    "LICENSE",
-    "CHANGELOG.md",
-    "CONTRIBUTING.md",
-    "SECURITY.md"
-  ],
-  "scripts": {
-    "build": "rollup -c",
-    "build:dev": "cross-env NODE_ENV=development rollup -c -w",
-    "bench": "npm run build && node ./bench/benchmark.js",
-    "test": "jest",
-    "lint": "tsc --noEmit && eslint --fix .",
-    "pretty": "prettier --write ./src"
-  },
-  "repository": {
-    "type": "git",
-    "url": "https://github.com/via-profit/ability.git"
-  },
-  "author": {
-    "name": "Via Profit",
-    "url": "https://dev.via-profit.ru"
-  },
-  "contributors": [
-    "Vasily Novosad <delhsmail@gmail.com>",
-    "Pavel Natalin <trubonru@gmail.com>"
-  ],
-  "license": "MIT",
-  "devDependencies": {
-    "@eslint/js": "^9.13.0",
-    "@jagi/jest-transform-graphql": "^1.0.2",
-    "@jest/types": "^29.6.3",
-    "@rollup/plugin-alias": "^6.0.0",
-    "@rollup/plugin-commonjs": "^29.0.2",
-    "@rollup/plugin-node-resolve": "^16.0.3",
-    "@rollup/plugin-typescript": "^12.3.0",
-    "@types/jest": "^29.5.13",
-    "@types/node": "^22.7.7",
-    "@types/nodemon": "^1.19.6",
-    "concurrently": "^9.0.1",
-    "cross-env": "^7.0.3",
-    "eslint": "^9.13.0",
-    "globals": "^15.11.0",
-    "jest": "^29.7.0",
-    "jest-transform-graphql": "^2.1.0",
-    "nodemon": "^3.1.7",
-    "prettier": "^3.3.3",
-    "rollup": "^4.60.0",
-    "rollup-plugin-copy": "^3.5.0",
-    "tinybench": "^6.0.0",
-    "ts-jest": "^29.2.5",
-    "ts-loader": "^9.5.1",
-    "ts-node": "^10.9.2",
-    "typescript": "^5.6.3",
-    "typescript-eslint": "^8.10.0"
-  }
-}
+{
+  "name": "@via-profit/ability",
+  "support": "https://via-profit.ru",
+  "version": "3.3.0",
+  "description": "Via-Profit Ability service",
+  "keywords": [
+    "ability",
+    "access",
+    "via-profit"
+  ],
+  "main": "./dist/index.js",
+  "engines": {
+    "node": ">= 17.0.0",
+    "npm": ">= 8.19.3"
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE",
+    "CHANGELOG.md",
+    "CONTRIBUTING.md",
+    "SECURITY.md"
+  ],
+  "scripts": {
+    "build": "rollup -c",
+    "build:dev": "cross-env NODE_ENV=development rollup -c -w",
+    "bench": "npm run build && node ./bench/benchmark.js",
+    "test": "jest",
+    "lint": "tsc --noEmit && eslint --fix .",
+    "pretty": "prettier --write ./src"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/via-profit/ability.git"
+  },
+  "author": {
+    "name": "Via Profit",
+    "url": "https://dev.via-profit.ru"
+  },
+  "contributors": [
+    "Vasily Novosad <delhsmail@gmail.com>",
+    "Pavel Natalin <trubonru@gmail.com>"
+  ],
+  "license": "MIT",
+  "devDependencies": {
+    "@eslint/js": "^9.13.0",
+    "@jagi/jest-transform-graphql": "^1.0.2",
+    "@jest/types": "^29.6.3",
+    "@rollup/plugin-alias": "^6.0.0",
+    "@rollup/plugin-commonjs": "^29.0.2",
+    "@rollup/plugin-node-resolve": "^16.0.3",
+    "@rollup/plugin-typescript": "^12.3.0",
+    "@types/jest": "^29.5.13",
+    "@types/node": "^22.7.7",
+    "@types/nodemon": "^1.19.6",
+    "concurrently": "^9.0.1",
+    "cross-env": "^7.0.3",
+    "eslint": "^9.13.0",
+    "globals": "^15.11.0",
+    "jest": "^29.7.0",
+    "jest-transform-graphql": "^2.1.0",
+    "nodemon": "^3.1.7",
+    "prettier": "^3.3.3",
+    "rollup": "^4.60.0",
+    "rollup-plugin-copy": "^3.5.0",
+    "tinybench": "^6.0.0",
+    "ts-jest": "^29.2.5",
+    "ts-loader": "^9.5.1",
+    "ts-node": "^10.9.2",
+    "typescript": "^5.6.3",
+    "typescript-eslint": "^8.10.0"
+  }
+}