@via-profit/ability 3.3.0 → 3.4.0

package/SECURITY.md

@@ -1,33 +1,33 @@
-# Security Policy
-
-## Reporting a Vulnerability
-
-I take the security of `@via-profit/ability` seriously. If you discover a security vulnerability, please report it responsibly.
-
-### How to Report a Vulnerability
-
-**Please DO NOT create a public GitHub issue for security vulnerabilities.**
-
-Instead, send the details directly to me:
-
-- **Email**: [delhsmail@gmail.com](mailto:delhsmail@gmail.com)
-- **Author**: Vasily Novosad
-- **Timezone**: UTC+5 (for coordinating response time)
-
-### What to Include
-
-To help me address the issue quickly, please include:
-
-- Description of the vulnerability
-- Steps to reproduce (if applicable)
-- Potential impact
-- Suggestions for fixing (if any)
-
-### Process
-
-1. I will acknowledge your report within 48 hours
-2. I will assess the vulnerability
-3. Work on a fix will begin depending on severity
-4. After the fix is released, I will notify you and acknowledge your contribution (if you agree)
-
-Thank you for helping keep this project secure!
+# Security Policy
+
+## Reporting a Vulnerability
+
+I take the security of `@via-profit/ability` seriously. If you discover a security vulnerability, please report it responsibly.
+
+### How to Report a Vulnerability
+
+**Please DO NOT create a public GitHub issue for security vulnerabilities.**
+
+Instead, send the details directly to me:
+
+- **Email**: [delhsmail@gmail.com](mailto:delhsmail@gmail.com)
+- **Author**: Vasily Novosad
+- **Timezone**: UTC+5 (for coordinating response time)
+
+### What to Include
+
+To help me address the issue quickly, please include:
+
+- Description of the vulnerability
+- Steps to reproduce (if applicable)
+- Potential impact
+- Suggestions for fixing (if any)
+
+### Process
+
+1. I will acknowledge your report within 48 hours
+2. I will assess the vulnerability
+3. Work on a fix will begin depending on severity
+4. After the fix is released, I will notify you and acknowledge your contribution (if you agree)
+
+Thank you for helping keep this project secure!

package/dist/core/AbilityCondition.d.ts

@@ -1,6 +1,6 @@
 import AbilityCode from './AbilityCode';
-export type AbilityConditionCodeType = '=' | '<>' | '>' | '<' | '>=' | '<=' | 'in' | 'not in' | 'contains' | 'not contains' | 'length greater than' | 'length less than' | 'length equals';
-export type AbilityConditionLiteralType = 'equals' | 'not_equals' | 'contains' | 'no_contains' | 'in' | 'not_in' | 'greater_than' | 'less_than' | 'less_or_equal' | 'greater_or_equal' | 'length_greater_than' | 'length_less_than' | 'length_equals';
+export type AbilityConditionCodeType = '=' | '<>' | '>' | '<' | '>=' | '<=' | 'in' | 'not in' | 'contains' | 'not contains' | 'length greater than' | 'length less than' | 'length equals' | 'always' | 'never';
+export type AbilityConditionLiteralType = 'equals' | 'not_equals' | 'contains' | 'no_contains' | 'in' | 'not_in' | 'greater_than' | 'less_than' | 'less_or_equal' | 'greater_or_equal' | 'length_greater_than' | 'length_less_than' | 'length_equals' | 'always' | 'never';
 export declare class AbilityCondition extends AbilityCode<AbilityConditionCodeType> {
     static equals: AbilityCondition;
     static not_equals: AbilityCondition;
@@ -15,6 +15,8 @@ export declare class AbilityCondition extends AbilityCode<AbilityConditionCodeTy
     static length_greater_than: AbilityCondition;
     static length_less_than: AbilityCondition;
     static length_equals: AbilityCondition;
+    static always: AbilityCondition;
+    static never: AbilityCondition;
     static fromLiteral(literal: AbilityConditionLiteralType): AbilityCondition;
     get literal(): AbilityConditionLiteralType;
 }

package/dist/index.js

@@ -46,6 +46,8 @@ class AbilityCondition extends AbilityCode {
     static length_greater_than = new AbilityCondition('length greater than');
     static length_less_than = new AbilityCondition('length less than');
     static length_equals = new AbilityCondition('length equals');
+    static always = new AbilityCondition('always');
+    static never = new AbilityCondition('never');
     static fromLiteral(literal) {
         switch (literal) {
             case 'equals':
@@ -72,6 +74,10 @@ class AbilityCondition extends AbilityCode {
                 return this.length_greater_than;
             case 'length_equals':
                 return this.length_equals;
+            case 'always':
+                return this.always;
+            case 'never':
+                return this.never;
             default:
                 throw new AbilityParserError(`Literal ${literal} does not found in AbilityCondition class`);
         }
@@ -627,6 +633,10 @@ class AbilityRule {
         let is = false;
         const [subjectValue, resourceValue] = this.extractValues(resource, environment);
         const isValue = (v) => typeof v === 'string' || typeof v === 'number' || typeof v === 'boolean' || v === null;
+        // always
+        if (AbilityCondition.always.isEqual(this.condition)) {
+            is = true;
+        }
         // equals
         if (AbilityCondition.equals.isEqual(this.condition)) {
             is = subjectValue === resourceValue;
@@ -1221,6 +1231,8 @@ class AbilityDSLToken extends AbilityCode {
     static LEN_LT = 'LEN_LT';
     static LEN_EQ = 'LEN_EQ';
     static NOT_EQ = 'NOT_EQ';
+    static ALWAYS = 'ALWAYS';
+    static NEVER = 'NEVER';
     static STRING = 'STRING';
     static NUMBER = 'NUMBER';
     static BOOLEAN = 'BOOLEAN';
@@ -1263,6 +1275,8 @@ class AbilityDSLLexer {
         'is',
         'or',
         'than',
+        'always',
+        'never',
     ]);
     constructor(input) {
         this.input = input;
@@ -1408,6 +1422,12 @@ class AbilityDSLLexer {
             }
         }
         const word = this.input.slice(start, this.pos);
+        if (word === 'always') {
+            return new AbilityDSLToken(AbilityDSLToken.ALWAYS, word, startLine, startColumn);
+        }
+        if (word === 'never') {
+            return new AbilityDSLToken(AbilityDSLToken.NEVER, word, startLine, startColumn);
+        }
         // Если есть точка — это путь (identifier или permission)
         if (word.includes('.')) {
             const last = this.tokens[this.tokens.length - 1];
@@ -1670,7 +1690,9 @@ class AbilityDSLParser {
                 if (this.isStartOfGroup() || this.isStartOfPolicy()) {
                     break;
                 }
-                if (this.check(AbilityDSLToken.IDENTIFIER)) {
+                if (this.check(AbilityDSLToken.IDENTIFIER) ||
+                    this.check(AbilityDSLToken.ALWAYS) ||
+                    this.check(AbilityDSLToken.NEVER)) {
                     group.addRule(this.parseRule());
                 }
                 else {
@@ -1687,7 +1709,7 @@ class AbilityDSLParser {
     parseGroup() {
         this.consumeLeadingComments();
         const meta = this.takeAnnotations();
-        const compareToken = this.consumeOneOf([AbilityDSLToken.ALL, AbilityDSLToken.ANY], 'Expected "all" or "any"');
+        const compareToken = this.consumeOneOf([AbilityDSLToken.ALL, AbilityDSLToken.ANY, AbilityDSLToken.ALWAYS, AbilityDSLToken.NEVER], 'Expected "all" or "any" or "always" or "never"');
         const compareMethod = compareToken.code === AbilityDSLToken.ALL ? AbilityCompare.and : AbilityCompare.or;
         if (this.check(AbilityDSLToken.OF)) {
             this.advance();
@@ -1717,11 +1739,26 @@ class AbilityDSLParser {
     parseRule() {
         this.consumeLeadingComments();
         const meta = this.takeAnnotations();
-        if (!this.check(AbilityDSLToken.IDENTIFIER)) {
-            this.syntaxError(`Expected identifier, got ${this.peek().code}`, this.peek());
+        // if (this.check(AbilityDSLToken.ALWAYS) || this.check(AbilityDSLToken.NEVER)) {
+        //   // Checking that there are no extra tokens after the value
+        //   // (skip comments)
+        //   this.consumeLeadingComments();
+        //   const specOperator = this.consume();
+        //   // return new AbilityRule({
+        //   //   subject: '',
+        //   //   resource,
+        //   //   condition,
+        //   //   name: meta.name,
+        //   // });
+        // }
+        const isNeverAlways = this.check(AbilityDSLToken.ALWAYS) || this.check(AbilityDSLToken.NEVER);
+        if (!isNeverAlways && !this.check(AbilityDSLToken.IDENTIFIER)) {
+            this.syntaxError(`Expected identifier, but got ${this.peek().code}`, this.peek());
         }
         // Subject (e.g., "user.roles")
-        const subject = this.consume(AbilityDSLToken.IDENTIFIER, 'Expected field').value;
+        const subject = isNeverAlways
+            ? ''
+            : this.consume(AbilityDSLToken.IDENTIFIER, 'Expected field').value;
         // Operator (e.g., "contains", "equals", "is not null")
         const { condition, operator } = this.parseConditionOperator();
         let resource;
@@ -1729,7 +1766,9 @@ class AbilityDSLParser {
         // Special operators that don't consume a value token.
         if (operator === AbilityDSLToken.EQ_NULL ||
             operator === AbilityDSLToken.NOT_EQ_NULL ||
-            operator === AbilityDSLToken.NULL) {
+            operator === AbilityDSLToken.NULL ||
+            operator === AbilityDSLToken.ALWAYS ||
+            operator === AbilityDSLToken.NEVER) {
             resource = null;
         }
         else {
@@ -1761,6 +1800,16 @@ class AbilityDSLParser {
      */
     parseConditionOperator() {
         const savedPos = this.pos;
+        // "always"
+        if (this.matchWord('always')) {
+            return { condition: AbilityCondition.always, operator: AbilityDSLToken.ALWAYS };
+        }
+        this.pos = savedPos;
+        // "never"
+        if (this.matchWord('never')) {
+            return { condition: AbilityCondition.never, operator: AbilityDSLToken.NEVER };
+        }
+        this.pos = savedPos;
         // "length equals"
         if (this.matchWord('length') && this.matchWord('equals')) {
             return { condition: AbilityCondition.length_equals, operator: AbilityDSLToken.LEN_EQ };
@@ -1956,7 +2005,10 @@ class AbilityDSLParser {
             return false;
         }
         const token = this.peek();
-        if ((token.code === AbilityDSLToken.KEYWORD || token.code === AbilityDSLToken.IDENTIFIER) &&
+        if ((token.code === AbilityDSLToken.KEYWORD ||
+            token.code === AbilityDSLToken.IDENTIFIER ||
+            token.code === AbilityDSLToken.ALWAYS ||
+            token.code === AbilityDSLToken.NEVER) &&
             token.value === word) {
             this.advance();
             return true;
@@ -2101,9 +2153,6 @@ class AbilityDSLParser {
         }
         throw new AbilityDSLSyntaxError(token.line, token.column, context + '\n', finalDetails);
     }
-    getLine(lineNumber) {
-        return this.dsl.split(/\r?\n/)[lineNumber - 1] ?? '';
-    }
     suggest(actual, expectedTypes) {
         const candidates = [];
         for (const type of expectedTypes) {

package/dist/parsers/dsl/AbilityDSLParser.d.ts

@@ -72,7 +72,6 @@ export declare class AbilityDSLParser<Resource extends ResourceObject = Record<s
     private processCommentToken;
     private takeAnnotations;
     private syntaxError;
-    private getLine;
     private suggest;
     private levenshteinDistance;
     private consumeOneOf;

package/dist/parsers/dsl/AbilityDSLToken.d.ts

@@ -1,5 +1,5 @@
 import AbilityCode from '../../core/AbilityCode';
-export type TokenType = 'EFFECT' | 'IF' | 'PERMISSION' | 'IDENTIFIER' | 'COLON' | 'COMMA' | 'DOT' | 'LBRACKET' | 'RBRACKET' | 'ALL' | 'ANY' | 'OF' | 'EOF' | 'COMMENT' | 'EQ' | 'CONTAINS' | 'IN' | 'NOT_IN' | 'NOT_CONTAINS' | 'GT' | 'GTE' | 'LT' | 'LTE' | 'NULL' | 'EQ_NULL' | 'NOT_EQ_NULL' | 'NOT_EQ' | 'LEN_GT' | 'LEN_LT' | 'LEN_EQ' | 'STRING' | 'NUMBER' | 'BOOLEAN' | 'SYMBOL' | 'KEYWORD' | 'UNKNOWN';
+export type TokenType = 'EFFECT' | 'IF' | 'PERMISSION' | 'IDENTIFIER' | 'COLON' | 'COMMA' | 'DOT' | 'LBRACKET' | 'RBRACKET' | 'ALL' | 'ANY' | 'OF' | 'EOF' | 'COMMENT' | 'EQ' | 'CONTAINS' | 'IN' | 'NOT_IN' | 'NOT_CONTAINS' | 'GT' | 'GTE' | 'LT' | 'LTE' | 'NULL' | 'EQ_NULL' | 'NOT_EQ_NULL' | 'NOT_EQ' | 'LEN_GT' | 'LEN_LT' | 'LEN_EQ' | 'ALWAYS' | 'NEVER' | 'STRING' | 'NUMBER' | 'BOOLEAN' | 'SYMBOL' | 'KEYWORD' | 'UNKNOWN';
 /**
  * Represents a single token produced by the Ability DSL lexer.
  * Each token carries a type (e.g., EFFECT, IDENTIFIER, STRING) and its raw string value.
@@ -47,6 +47,8 @@ export declare class AbilityDSLToken<Code extends TokenType = TokenType> extends
     static readonly LEN_LT: TokenType;
     static readonly LEN_EQ: TokenType;
     static readonly NOT_EQ: TokenType;
+    static readonly ALWAYS: TokenType;
+    static readonly NEVER: TokenType;
     static readonly STRING: TokenType;
     static readonly NUMBER: TokenType;
     static readonly BOOLEAN: TokenType;

package/package.json

@@ -1,73 +1,73 @@
-{
-  "name": "@via-profit/ability",
-  "support": "https://via-profit.ru",
-  "version": "3.3.0",
-  "description": "Via-Profit Ability service",
-  "keywords": [
-    "ability",
-    "access",
-    "via-profit"
-  ],
-  "main": "./dist/index.js",
-  "engines": {
-    "node": ">= 17.0.0",
-    "npm": ">= 8.19.3"
-  },
-  "files": [
-    "dist",
-    "README.md",
-    "LICENSE",
-    "CHANGELOG.md",
-    "CONTRIBUTING.md",
-    "SECURITY.md"
-  ],
-  "scripts": {
-    "build": "rollup -c",
-    "build:dev": "cross-env NODE_ENV=development rollup -c -w",
-    "bench": "npm run build && node ./bench/benchmark.js",
-    "test": "jest",
-    "lint": "tsc --noEmit && eslint --fix .",
-    "pretty": "prettier --write ./src"
-  },
-  "repository": {
-    "type": "git",
-    "url": "https://github.com/via-profit/ability.git"
-  },
-  "author": {
-    "name": "Via Profit",
-    "url": "https://dev.via-profit.ru"
-  },
-  "contributors": [
-    "Vasily Novosad <delhsmail@gmail.com>",
-    "Pavel Natalin <trubonru@gmail.com>"
-  ],
-  "license": "MIT",
-  "devDependencies": {
-    "@eslint/js": "^9.13.0",
-    "@jagi/jest-transform-graphql": "^1.0.2",
-    "@jest/types": "^29.6.3",
-    "@rollup/plugin-alias": "^6.0.0",
-    "@rollup/plugin-commonjs": "^29.0.2",
-    "@rollup/plugin-node-resolve": "^16.0.3",
-    "@rollup/plugin-typescript": "^12.3.0",
-    "@types/jest": "^29.5.13",
-    "@types/node": "^22.7.7",
-    "@types/nodemon": "^1.19.6",
-    "concurrently": "^9.0.1",
-    "cross-env": "^7.0.3",
-    "eslint": "^9.13.0",
-    "globals": "^15.11.0",
-    "jest": "^29.7.0",
-    "jest-transform-graphql": "^2.1.0",
-    "nodemon": "^3.1.7",
-    "prettier": "^3.3.3",
-    "rollup": "^4.60.0",
-    "rollup-plugin-copy": "^3.5.0",
-    "tinybench": "^6.0.0",
-    "ts-jest": "^29.2.5",
-    "ts-loader": "^9.5.1",
-    "ts-node": "^10.9.2",
-    "typescript": "^5.6.3",
-    "typescript-eslint": "^8.10.0"
-  }
-}
+{
+  "name": "@via-profit/ability",
+  "support": "https://via-profit.ru",
+  "version": "3.4.0",
+  "description": "Via-Profit Ability service",
+  "keywords": [
+    "ability",
+    "access",
+    "via-profit"
+  ],
+  "main": "./dist/index.js",
+  "engines": {
+    "node": ">= 17.0.0",
+    "npm": ">= 8.19.3"
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE",
+    "CHANGELOG.md",
+    "CONTRIBUTING.md",
+    "SECURITY.md"
+  ],
+  "scripts": {
+    "build": "rollup -c",
+    "build:dev": "cross-env NODE_ENV=development rollup -c -w",
+    "bench": "npm run build && node ./bench/benchmark.js",
+    "test": "jest",
+    "lint": "tsc --noEmit && eslint --fix .",
+    "pretty": "prettier --write ./src"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/via-profit/ability.git"
+  },
+  "author": {
+    "name": "Via Profit",
+    "url": "https://dev.via-profit.ru"
+  },
+  "contributors": [
+    "Vasily Novosad <delhsmail@gmail.com>",
+    "Pavel Natalin <trubonru@gmail.com>"
+  ],
+  "license": "MIT",
+  "devDependencies": {
+    "@eslint/js": "^9.13.0",
+    "@jagi/jest-transform-graphql": "^1.0.2",
+    "@jest/types": "^29.6.3",
+    "@rollup/plugin-alias": "^6.0.0",
+    "@rollup/plugin-commonjs": "^29.0.2",
+    "@rollup/plugin-node-resolve": "^16.0.3",
+    "@rollup/plugin-typescript": "^12.3.0",
+    "@types/jest": "^29.5.13",
+    "@types/node": "^22.7.7",
+    "@types/nodemon": "^1.19.6",
+    "concurrently": "^9.0.1",
+    "cross-env": "^7.0.3",
+    "eslint": "^9.13.0",
+    "globals": "^15.11.0",
+    "jest": "^29.7.0",
+    "jest-transform-graphql": "^2.1.0",
+    "nodemon": "^3.1.7",
+    "prettier": "^3.3.3",
+    "rollup": "^4.60.0",
+    "rollup-plugin-copy": "^3.5.0",
+    "tinybench": "^6.0.0",
+    "ts-jest": "^29.2.5",
+    "ts-loader": "^9.5.1",
+    "ts-node": "^10.9.2",
+    "typescript": "^5.6.3",
+    "typescript-eslint": "^8.10.0"
+  }
+}