@via-profit/ability 3.4.1 → 3.5.0

package/dist/index.js

@@ -130,7 +130,7 @@ class AbilityCondition extends AbilityCode {
             case 'never':
                 return 'never';
             default:
-                throw new Error(`Unknown condition code: ${this.code}`);
+                throw new Error(`Unknown condition code: ${String(this.code)}`);
         }
     }
 }
@@ -167,8 +167,11 @@ class AbilityTypeGenerator {
                     const subjectPath = rule.subject;
                     const existingType = typeStructure[action][subjectPath];
                     const ruleType = this.determineTypeFromRule(rule);
-                    // If a type already exists for this path, create a union
+                    if (!ruleType) {
+                        return;
+                    }
                     if (existingType && existingType !== ruleType) {
+                        // If a type already exists for this path, create a union
                         typeStructure[action][subjectPath] = `${existingType} | ${ruleType}`;
                     }
                     else {
@@ -187,6 +190,10 @@ class AbilityTypeGenerator {
      * @returns TypeScript type as string
      */
     determineTypeFromRule(rule) {
+        if (rule.condition.isEqual(AbilityCondition.never) ||
+            rule.condition.isEqual(AbilityCondition.always)) {
+            return null;
+        }
         // Numeric comparisons - always number
         if (rule.condition.isEqual(AbilityCondition.greater_than) ||
             rule.condition.isEqual(AbilityCondition.less_than) ||
@@ -213,8 +220,9 @@ class AbilityTypeGenerator {
      */
     getArrayType(resource) {
         if (Array.isArray(resource)) {
-            if (resource.length === 0)
+            if (resource.length === 0) {
                 return 'any[]';
+            }
             // Determine types of array elements
             const elementTypes = new Set(resource.map(item => this.getPrimitiveType(item)));
             const elementType = elementTypes.size === 1
@@ -232,10 +240,12 @@ class AbilityTypeGenerator {
      * @returns TypeScript primitive type as string
      */
     getPrimitiveType(value) {
-        if (value === null)
+        if (value === null) {
             return 'null';
-        if (value === undefined)
+        }
+        if (value === undefined) {
             return 'undefined';
+        }
         switch (typeof value) {
             case 'string':
                 return 'string';
@@ -294,12 +304,20 @@ class AbilityTypeGenerator {
         let output = '// Automatically generated by via-profit/ability\n';
         output += '// Do not edit manually\n';
         output += 'export type Resources = {\n';
-        // Sort actions for stable output
         const sortedActions = Object.keys(structure).sort();
         sortedActions.forEach(action => {
-            output += `  ['${action}']: {\n`;
-            output += this.formatNestedObject(structure[action], 4);
-            output += '  };\n';
+            const actionObj = structure[action];
+            const isEmpty = Object.keys(actionObj).length === 0;
+            if (isEmpty) {
+                // Пустой объект → undefined
+                output += `  ['${action}']: undefined;\n`;
+            }
+            else {
+                // Непустой объект → как раньше
+                output += `  ['${action}']: {\n`;
+                output += this.formatNestedObject(actionObj, 4);
+                output += '  };\n';
+            }
         });
         output += '}\n';
         return output;
@@ -444,14 +462,14 @@ class AbilityPolicy {
      * @param resource - The resource to check
      * @param environment - The user environment object
      */
-    async check(resource, environment) {
+    check(resource, environment) {
         this.matchState = AbilityMatch.mismatch;
         if (!this.ruleSet.length) {
             return this.matchState;
         }
         const rulesetCheckStates = [];
         for (const ruleSet of this.ruleSet) {
-            const state = await ruleSet.check(resource, environment);
+            const state = ruleSet.check(resource, environment);
             rulesetCheckStates.push(state);
             if (AbilityCompare.and.isEqual(this.compareMethod) && AbilityMatch.mismatch.isEqual(state)) {
                 return this.matchState; // mismatch
@@ -553,14 +571,11 @@ class AbilityResult {
 
 class AbilityResolver {
     policies;
-    cache;
     constructor(
     /**
      * `Important!` The incorrect Resources type was intentionally passed to AbilityPolicy so that TypeScript could suggest the name of the permission and the structure of its resource in the parse method.
      */
-    policyOrListOfPolicies, options) {
-        const { cache } = options || {};
-        this.cache = cache;
+    policyOrListOfPolicies) {
         this.policies = Array.isArray(policyOrListOfPolicies)
             ? policyOrListOfPolicies
             : [policyOrListOfPolicies];
@@ -572,30 +587,18 @@ class AbilityResolver {
      * @param resource - Resource
      * @param environment
      */
-    async resolve(permission, resource, environment) {
+    resolve(permission, resource, environment) {
         const filteredPolicies = this.policies.filter(policy => AbilityResolver.isInPermissionContain(policy.permission, String(permission).replace(/^permission\./, '')));
         for (const policy of filteredPolicies) {
-            const cacheKey = this.cache ? this.makeCacheKey(policy.id, resource, environment) : '';
-            // cache
-            if (this.cache) {
-                const cached = await this.cache.get(cacheKey);
-                if (cached !== undefined) {
-                    policy.matchState = cached;
-                    continue;
-                }
-            }
-            const policyMatchState = await policy.check(resource, environment);
+            const policyMatchState = policy.check(resource, environment);
             if (policyMatchState === AbilityMatch.pending) {
                 throw new AbilityError(`The policy "${policy.name}" is still in a pending state. Make sure to call "check" to evaluate the policy before resolving permissions.`);
             }
-            if (this.cache) {
-                await this.cache.set(cacheKey, policyMatchState);
-            }
         }
         return new AbilityResult(filteredPolicies);
     }
-    async enforce(permission, resource, environment) {
-        const result = await this.resolve(permission, resource, environment);
+    enforce(permission, resource, environment) {
+        const result = this.resolve(permission, resource, environment);
         if (result.isDenied()) {
             const lastPolicy = result.getLastMatchedPolicy();
             if (lastPolicy) {
@@ -618,18 +621,6 @@ class AbilityResolver {
             return chunk === '*' || longer[i] === '*' || chunk === longer[i];
         });
     }
-    makeCacheKey(policyId, resource, environment) {
-        if (!this.cache) {
-            return '';
-        }
-        return `policy:${policyId}:res:${this.cache.serialize(resource)}:env:${this.cache.serialize(environment)}`;
-    }
-    async invalidatePolicy(policyId) {
-        await this.cache?.deleteByPrefix(policyId);
-    }
-    async invalidateCache() {
-        await this.cache?.clear();
-    }
 }
 
 /**
@@ -776,7 +767,7 @@ class AbilityRule {
      * @param resource - The resource to check
      * @param environment
      */
-    async check(resource, environment) {
+    check(resource, environment) {
         const [subjectValue, resourceValue] = this.extractValues(resource, environment);
         const handler = this.operatorHandlers[this.condition.literal];
         const result = handler(subjectValue, resourceValue);
@@ -979,14 +970,14 @@ class AbilityRuleSet {
         rules.forEach(rule => this.addRule(rule));
         return this;
     }
-    async check(resources, environment) {
+    check(resources, environment) {
         this.state = AbilityMatch.mismatch;
         if (!this.rules.length) {
             return this.state;
         }
         const ruleCheckStates = [];
         for (const rule of this.rules) {
-            const state = await rule.check(resources, environment);
+            const state = rule.check(resources, environment);
             ruleCheckStates.push(state);
             if (AbilityCompare.and.isEqual(this.compareMethod) && AbilityMatch.mismatch.isEqual(state)) {
                 return this.state; // mismatch
@@ -1035,79 +1026,6 @@ class AbilityRuleSet {
     }
 }
 
-class AbilityInMemoryCache {
-    store = new Map();
-    async get(key) {
-        const entry = this.store.get(key);
-        if (!entry)
-            return undefined;
-        if (Date.now() > entry.expires) {
-            this.store.delete(key);
-            return undefined;
-        }
-        return entry.value;
-    }
-    async set(key, value, ttlSeconds = 60) {
-        this.store.set(key, {
-            value,
-            expires: Date.now() + ttlSeconds * 1000,
-        });
-    }
-    serialize(input) {
-        return this.fastHash(this.stableStringify(input));
-    }
-    async delete(key) {
-        this.store.delete(key);
-    }
-    async clear() {
-        this.store.clear();
-    }
-    async deleteByPrefix(prefix) {
-        for (const key of this.store.keys()) {
-            if (key.startsWith(prefix)) {
-                this.store.delete(key);
-            }
-        }
-    }
-    fastHash(str) {
-        let hash = 5381;
-        for (let i = 0; i < str.length; i++) {
-            hash = (hash * 33) ^ str.charCodeAt(i);
-        }
-        return (hash >>> 0).toString(36);
-    }
-    stableStringify(obj) {
-        if (obj === null)
-            return 'null';
-        const type = typeof obj;
-        if (type === 'string')
-            return JSON.stringify(obj);
-        if (type === 'number' || type === 'boolean')
-            return String(obj);
-        if (type === 'undefined')
-            return 'undefined';
-        if (Array.isArray(obj)) {
-            let out = '[';
-            for (let i = 0; i < obj.length; i++) {
-                if (i > 0)
-                    out += ',';
-                out += this.stableStringify(obj[i]);
-            }
-            return out + ']';
-        }
-        const keys = Object.keys(obj);
-        keys.sort();
-        let out = '{';
-        for (let i = 0; i < keys.length; i++) {
-            const k = keys[i];
-            if (i > 0)
-                out += ',';
-            out += k + ':' + this.stableStringify(obj[k]);
-        }
-        return out + '}';
-    }
-}
-
 class AbilityJSONParser {
     /**
      * Parses an array of policy configurations into an array of AbilityPolicy instances.
@@ -2185,9 +2103,7 @@ class AbilityDSLParser {
         return best;
     }
     levenshteinDistance(a, b) {
-        const matrix = Array(b.length + 1)
-            .fill(null)
-            .map(() => Array(a.length + 1).fill(null));
+        const matrix = Array.from({ length: b.length + 1 }, () => Array.from({ length: a.length + 1 }, () => 0));
         for (let i = 0; i <= a.length; i++)
             matrix[0][i] = i;
         for (let j = 0; j <= b.length; j++)
@@ -2262,7 +2178,6 @@ exports.AbilityExplain = AbilityExplain;
 exports.AbilityExplainPolicy = AbilityExplainPolicy;
 exports.AbilityExplainRule = AbilityExplainRule;
 exports.AbilityExplainRuleSet = AbilityExplainRuleSet;
-exports.AbilityInMemoryCache = AbilityInMemoryCache;
 exports.AbilityJSONParser = AbilityJSONParser;
 exports.AbilityMatch = AbilityMatch;
 exports.AbilityParserError = AbilityParserError;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@via-profit/ability",
   "support": "https://via-profit.ru",
-  "version": "3.4.1",
+  "version": "3.5.0",
   "description": "Via-Profit Ability service",
   "keywords": [
     "ability",
@@ -43,31 +43,32 @@
   ],
   "license": "MIT",
   "devDependencies": {
-    "@eslint/js": "^9.13.0",
+    "@eslint/js": "^10.0.1",
     "@jagi/jest-transform-graphql": "^1.0.2",
-    "@jest/types": "^29.6.3",
+    "@jest/types": "^30.3.0",
     "@rollup/plugin-alias": "^6.0.0",
     "@rollup/plugin-commonjs": "^29.0.2",
     "@rollup/plugin-node-resolve": "^16.0.3",
     "@rollup/plugin-typescript": "^12.3.0",
-    "@types/jest": "^29.5.13",
-    "@types/node": "^22.7.7",
-    "@types/nodemon": "^1.19.6",
-    "concurrently": "^9.0.1",
-    "cross-env": "^7.0.3",
-    "eslint": "^9.13.0",
-    "globals": "^15.11.0",
-    "jest": "^29.7.0",
+    "@types/jest": "^30.0.0",
+    "@types/node": "^25.5.0",
+    "concurrently": "^9.2.1",
+    "cross-env": "^10.1.0",
+    "eslint": "^10.1.0",
+    "eslint-plugin-jest": "^29.15.1",
+    "globals": "^17.4.0",
+    "jest": "^30.3.0",
     "jest-transform-graphql": "^2.1.0",
-    "nodemon": "^3.1.7",
-    "prettier": "^3.3.3",
-    "rollup": "^4.60.0",
+    "nodemon": "^3.1.14",
+    "prettier": "^3.8.1",
+    "rollup": "^4.60.1",
     "rollup-plugin-copy": "^3.5.0",
+    "rollup-plugin-dts": "^6.4.1",
     "tinybench": "^6.0.0",
-    "ts-jest": "^29.2.5",
-    "ts-loader": "^9.5.1",
+    "ts-jest": "^29.4.9",
+    "ts-loader": "^9.5.4",
     "ts-node": "^10.9.2",
-    "typescript": "^5.6.3",
-    "typescript-eslint": "^8.10.0"
+    "typescript": "^6.0.2",
+    "typescript-eslint": "^8.58.0"
   }
 }

package/dist/cache/AbilityCacheAdapter.d.ts

@@ -1,8 +0,0 @@
-export interface AbilityCacheAdapter {
-    get<T = unknown>(key: string): Promise<T | undefined>;
-    set<T = unknown>(key: string, value: T, ttlSeconds?: number): Promise<void>;
-    serialize<T = unknown>(input: T): string;
-    delete(key: string): Promise<void>;
-    clear(): Promise<void>;
-    deleteByPrefix(prefix: string): Promise<void>;
-}

package/dist/cache/AbilityInMemoryCache.d.ts

@@ -1,12 +0,0 @@
-import { AbilityCacheAdapter } from '../cache/AbilityCacheAdapter';
-export declare class AbilityInMemoryCache implements AbilityCacheAdapter {
-    private store;
-    get<T>(key: string): Promise<T | undefined>;
-    set<T>(key: string, value: T, ttlSeconds?: number): Promise<void>;
-    serialize(input: unknown): string;
-    delete(key: string): Promise<void>;
-    clear(): Promise<void>;
-    deleteByPrefix(prefix: string): Promise<void>;
-    private fastHash;
-    private stableStringify;
-}

package/dist/core/AbilityCode.d.ts

@@ -1,8 +0,0 @@
-export declare class AbilityCode<Code extends string | number> {
-    _code: Code;
-    constructor(code: Code);
-    get code(): Code;
-    isEqual(compareWith: AbilityCode<Code> | null): boolean;
-    isNotEqual(compareWith: AbilityCode<Code> | null): boolean;
-}
-export default AbilityCode;

package/dist/core/AbilityCompare.d.ts

@@ -1,7 +0,0 @@
-import AbilityCode from './AbilityCode';
-export type AbilityCompareCodeType = 'and' | 'or';
-export declare class AbilityCompare extends AbilityCode<AbilityCompareCodeType> {
-    static and: AbilityCompare;
-    static or: AbilityCompare;
-}
-export default AbilityCompare;

package/dist/core/AbilityCondition.d.ts

@@ -1,23 +0,0 @@
-import AbilityCode from './AbilityCode';
-export type AbilityConditionCodeType = '=' | '<>' | '>' | '<' | '>=' | '<=' | 'in' | 'not in' | 'contains' | 'not contains' | 'length greater than' | 'length less than' | 'length equals' | 'always' | 'never';
-export type AbilityConditionLiteralType = 'equals' | 'not_equals' | 'contains' | 'not_contains' | 'in' | 'not_in' | 'greater_than' | 'less_than' | 'less_or_equal' | 'greater_or_equal' | 'length_greater_than' | 'length_less_than' | 'length_equals' | 'always' | 'never';
-export declare class AbilityCondition extends AbilityCode<AbilityConditionCodeType> {
-    static equals: AbilityCondition;
-    static not_equals: AbilityCondition;
-    static greater_than: AbilityCondition;
-    static less_than: AbilityCondition;
-    static less_or_equal: AbilityCondition;
-    static greater_or_equal: AbilityCondition;
-    static in: AbilityCondition;
-    static not_in: AbilityCondition;
-    static contains: AbilityCondition;
-    static not_contains: AbilityCondition;
-    static length_greater_than: AbilityCondition;
-    static length_less_than: AbilityCondition;
-    static length_equals: AbilityCondition;
-    static always: AbilityCondition;
-    static never: AbilityCondition;
-    static fromLiteral(literal: AbilityConditionLiteralType): AbilityCondition;
-    get literal(): AbilityConditionLiteralType;
-}
-export default AbilityCondition;

package/dist/core/AbilityError.d.ts

@@ -1,6 +0,0 @@
-export declare class AbilityError extends Error {
-    constructor(message: string, options?: ErrorOptions);
-}
-export declare class AbilityParserError extends Error {
-    constructor(message: string, options?: ErrorOptions);
-}

package/dist/core/AbilityExplain.d.ts

@@ -1,27 +0,0 @@
-import AbilityRule from './AbilityRule';
-import AbilityRuleSet from '../core/AbilityRuleSet';
-import AbilityPolicy from '../core/AbilityPolicy';
-import AbilityMatch from '../core/AbilityMatch';
-export type AbilityExplainConfig = {
-    readonly type: AbilityExplainType;
-    readonly name: string;
-    readonly match: AbilityMatch;
-};
-export declare class AbilityExplain {
-    readonly type: AbilityExplainType;
-    readonly children: AbilityExplain[];
-    readonly name: string;
-    readonly match: AbilityMatch;
-    constructor(config: AbilityExplainConfig, children?: AbilityExplain[]);
-    toString(indent?: number): string;
-}
-export declare class AbilityExplainRule extends AbilityExplain {
-    constructor(rule: AbilityRule);
-}
-export declare class AbilityExplainRuleSet extends AbilityExplain {
-    constructor(ruleSet: AbilityRuleSet);
-}
-export declare class AbilityExplainPolicy extends AbilityExplain {
-    constructor(policy: AbilityPolicy);
-}
-export type AbilityExplainType = 'policy' | 'rule' | 'ruleSet';

package/dist/core/AbilityMatch.d.ts

@@ -1,8 +0,0 @@
-import AbilityCode from './AbilityCode';
-export type AbilityMatchCodeType = 'pending' | 'match' | 'mismatch';
-export declare class AbilityMatch extends AbilityCode<AbilityMatchCodeType> {
-    static pending: AbilityMatch;
-    static match: AbilityMatch;
-    static mismatch: AbilityMatch;
-}
-export default AbilityMatch;

package/dist/core/AbilityPolicy.d.ts

@@ -1,79 +0,0 @@
-import AbilityRuleSet, { AbilityRuleSetConfig } from './AbilityRuleSet';
-import AbilityMatch from './AbilityMatch';
-import AbilityCompare, { AbilityCompareCodeType } from './AbilityCompare';
-import AbilityPolicyEffect, { AbilityPolicyEffectCodeType } from './AbilityPolicyEffect';
-import { AbilityExplain } from './AbilityExplain';
-import { ResourceObject } from './AbilityTypeGenerator';
-export type AbilityPolicyConfig = {
-    readonly permission: string;
-    readonly effect: AbilityPolicyEffectCodeType;
-    readonly compareMethod: AbilityCompareCodeType;
-    readonly ruleSet: readonly AbilityRuleSetConfig[];
-    readonly id: string;
-    readonly name: string;
-};
-export type AbilityPolicyConstructorProps = {
-    id: string;
-    name: string;
-    permission: string;
-    effect: AbilityPolicyEffect;
-    compareMethod?: AbilityCompare;
-};
-export declare class AbilityPolicy<Resource extends ResourceObject = Record<string, unknown>, Environment = unknown> {
-    matchState: AbilityMatch;
-    /**
-     * List of rules
-     */
-    ruleSet: AbilityRuleSet<Resource, Environment>[];
-    /**
-     * Policy effect
-     */
-    effect: AbilityPolicyEffect;
-    /**
-     * Rules compare method.\
-     * For the «and» method the rule will be permitted if all\
-     * rules will be returns «permit» status and for the «or» - if\
-     * one of the rules returns as «permit»
-     */
-    compareMethod: AbilityCompare;
-    /**
-     * Policy name
-     */
-    name: string;
-    /**
-     * Policy ID
-     */
-    id: string;
-    /**
-     * Running the `enforce` or `resolve` method
-     * will select only those from all passed policies that fall under the specified permission key.
-     */
-    permission: string;
-    constructor(params: AbilityPolicyConstructorProps);
-    /**
-     * Add rule set to the policy
-     * @param ruleSet - The rule set to add
-     */
-    addRuleSet(ruleSet: AbilityRuleSet<Resource, Environment>): this;
-    /**
-     * Add rule set to the policy
-     * @param ruleSets - The array of rule set to add
-     */
-    addRuleSets(ruleSets: readonly AbilityRuleSet<Resource, Environment>[]): this;
-    /**
-     * Check if the policy is matched
-     * @param resource - The resource to check
-     * @param environment - The user environment object
-     */
-    check(resource: Resource, environment?: Environment): Promise<AbilityMatch>;
-    explain(): AbilityExplain;
-    copyWith(props: Partial<{
-        id: string;
-        name: string;
-        permission: string;
-        effect: AbilityPolicyEffect;
-        compareMethod: AbilityCompare;
-        ruleSet: AbilityRuleSet<Resource, Environment>[];
-    }>): AbilityPolicy<Resource, Environment>;
-}
-export default AbilityPolicy;

package/dist/core/AbilityPolicyEffect.d.ts

@@ -1,7 +0,0 @@
-import AbilityCode from './AbilityCode';
-export type AbilityPolicyEffectCodeType = 'deny' | 'permit';
-export declare class AbilityPolicyEffect extends AbilityCode<AbilityPolicyEffectCodeType> {
-    static deny: AbilityPolicyEffect;
-    static permit: AbilityPolicyEffect;
-}
-export default AbilityPolicyEffect;

package/dist/core/AbilityResolver.d.ts

@@ -1,35 +0,0 @@
-import AbilityPolicy from './AbilityPolicy';
-import { AbilityResult } from './AbilityResult';
-import { ResourcesMap } from './AbilityTypeGenerator';
-import { AbilityCacheAdapter } from '../cache/AbilityCacheAdapter';
-export type AbilityResolverOptions = {
-    readonly cache?: AbilityCacheAdapter | null;
-};
-export declare class AbilityResolver<Resources extends ResourcesMap, Environment = unknown> {
-    private policies;
-    private readonly cache?;
-    constructor(
-    /**
-     * `Important!` The incorrect Resources type was intentionally passed to AbilityPolicy so that TypeScript could suggest the name of the permission and the structure of its resource in the parse method.
-     */
-    policyOrListOfPolicies: readonly AbilityPolicy<Resources>[] | AbilityPolicy<Resources>, options?: AbilityResolverOptions);
-    /**
-     * Resolve policy for the resource and permission key
-     *
-     * @param permission - Permission key
-     * @param resource - Resource
-     * @param environment
-     */
-    resolve<Permission extends keyof Resources>(permission: Permission, resource: Resources[Permission], environment?: Environment): Promise<AbilityResult<Resources[Permission]>>;
-    enforce<Permission extends keyof Resources>(permission: Permission, resource: Resources[Permission], environment?: Environment): Promise<void | never>;
-    /**
-     * Check if the permission key is contained in another permission key
-     * @param permissionA - The first permission to check
-     * @param permissionB - The second permission to check
-     */
-    static isInPermissionContain(permissionA: string, permissionB: string): boolean;
-    private makeCacheKey;
-    invalidatePolicy(policyId: string): Promise<void>;
-    invalidateCache(): Promise<void>;
-}
-export default AbilityResolver;

package/dist/core/AbilityResult.d.ts

@@ -1,27 +0,0 @@
-import { AbilityExplain } from './AbilityExplain';
-import { ResourceObject } from './AbilityTypeGenerator';
-import AbilityPolicy from './AbilityPolicy';
-import AbilityPolicyEffect from './AbilityPolicyEffect';
-export declare class AbilityResult<Resource extends ResourceObject = Record<string, unknown>> {
-    /**
-     * Already checked policies (after call the policy.check())
-     */
-    readonly policies: readonly AbilityPolicy<Resource>[];
-    constructor(policies: readonly AbilityPolicy<Resource>[]);
-    /**
-     * Returns a list of explanations for each policy involved in the ability evaluation.
-     * Each item describes how a specific policy contributed to the final permission result.
-     *
-     * Useful for debugging, logging, or building UI tools that visualize permission logic.
-     */
-    explain(): readonly AbilityExplain[];
-    getLastMatchedPolicy(): AbilityPolicy<Resource> | null;
-    isAllowed(): boolean;
-    isDenied(): boolean;
-    /**
-     * Get the last effect of the policy
-     *
-     * @returns {AbilityPolicyEffect | null}
-     */
-    getLastEffectOfMatchedPolicy(): AbilityPolicyEffect | null;
-}