@vsaas/loopback 10.0.0

package/dist/_virtual/_rolldown/runtime.cjs

@@ -0,0 +1,32 @@
+//#region \0rolldown/runtime.js
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __esmMin = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
+var __commonJSMin = (cb, mod) => () => (mod || cb((mod = { exports: {} }).exports, mod), mod.exports);
+var __exportAll = (all, no_symbols) => {
+	let target = {};
+	for (var name in all) __defProp(target, name, {
+		get: all[name],
+		enumerable: true
+	});
+	if (!no_symbols) __defProp(target, Symbol.toStringTag, { value: "Module" });
+	return target;
+};
+var __copyProps = (to, from, except, desc) => {
+	if (from && typeof from === "object" || typeof from === "function") for (var keys = __getOwnPropNames(from), i = 0, n = keys.length, key; i < n; i++) {
+		key = keys[i];
+		if (!__hasOwnProp.call(to, key) && key !== except) __defProp(to, key, {
+			get: ((k) => from[k]).bind(null, key),
+			enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
+		});
+	}
+	return to;
+};
+var __toCommonJS = (mod) => __hasOwnProp.call(mod, "module.exports") ? mod["module.exports"] : __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+//#endregion
+exports.__commonJSMin = __commonJSMin;
+exports.__esmMin = __esmMin;
+exports.__exportAll = __exportAll;
+exports.__toCommonJS = __toCommonJS;

package/dist/common/models/access-token.cjs

@@ -0,0 +1,144 @@
+"use strict";
+const require_runtime = require("../../_virtual/_rolldown/runtime.cjs");
+const require_lib_globalize = require("../../lib/globalize.cjs");
+const require_lib_utils = require("../../lib/utils.cjs");
+//#region src/common/models/access-token.ts
+var require_access_token = /* @__PURE__ */ require_runtime.__commonJSMin(((exports, module) => {
+	const g = require_lib_globalize;
+	const utils = require_lib_utils;
+	const assert = require("assert");
+	const crypto = require("crypto");
+	const DEFAULT_TOKEN_LEN = 64;
+	function createRandomToken(length, callback) {
+		let token = "";
+		function appendChunk() {
+			const remainingLength = length - token.length;
+			if (remainingLength <= 0) {
+				callback(null, token);
+				return;
+			}
+			const byteLength = Math.max(1, Math.ceil(remainingLength * 3 / 4));
+			crypto.randomBytes(byteLength, function(err, buffer) {
+				if (err) {
+					callback(err);
+					return;
+				}
+				token += buffer.toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/g, "");
+				if (token.length >= length) {
+					callback(null, token.slice(0, length));
+					return;
+				}
+				appendChunk();
+			});
+		}
+		appendChunk();
+	}
+	function configureAccessToken(AccessToken) {
+		AccessToken.ANONYMOUS = new AccessToken({ id: "$anonymous" });
+		AccessToken.createAccessTokenId = function(fn) {
+			createRandomToken(this.settings.accessTokenIdLength || DEFAULT_TOKEN_LEN, fn);
+		};
+		AccessToken.observe("before save", function(ctx, next) {
+			if (!ctx.instance || ctx.instance.id) return next();
+			AccessToken.createAccessTokenId(function(err, id) {
+				if (err) return next(err);
+				ctx.instance.id = id;
+				next();
+			});
+		});
+		AccessToken.getIdForRequest = function(req, options) {
+			options = options || {};
+			let params = options.params || [];
+			let headers = options.headers || [];
+			let cookies = options.cookies || [];
+			let i = 0;
+			let length;
+			let id;
+			if (options.searchDefaultTokenKeys !== false) {
+				params = params.concat(["access_token"]);
+				headers = headers.concat(["X-Access-Token", "authorization"]);
+				cookies = cookies.concat(["access_token", "authorization"]);
+			}
+			for (length = params.length; i < length; i++) {
+				const param = params[i];
+				id = req.params && req.params[param] !== void 0 ? req.params[param] : req.body && req.body[param] !== void 0 ? req.body[param] : req.query && req.query[param] !== void 0 ? req.query[param] : void 0;
+				if (typeof id === "string") return id;
+			}
+			for (i = 0, length = headers.length; i < length; i++) {
+				id = req.header(headers[i]);
+				if (typeof id === "string") {
+					if (id === "") continue;
+					if (id.indexOf("Bearer ") === 0) {
+						id = id.substring(7);
+						if (options.bearerTokenBase64Encoded) id = Buffer.from(id, "base64").toString("utf8");
+					} else if (/^Basic /i.test(id)) {
+						id = id.substring(6);
+						id = Buffer.from(id, "base64").toString("utf8");
+						const parts = /^([^:]*):(.*)$/.exec(id);
+						if (parts) id = parts[2].length > parts[1].length ? parts[2] : parts[1];
+					}
+					return id;
+				}
+			}
+			if (req.signedCookies) for (i = 0, length = cookies.length; i < length; i++) {
+				id = req.signedCookies[cookies[i]];
+				if (typeof id === "string") return id;
+			}
+			return null;
+		};
+		AccessToken.resolve = function(id, cb) {
+			return promiseOrCallback(this.findById(id).then(function(token) {
+				if (!token) return null;
+				return token.validate().then(function(isValid) {
+					if (isValid) return token;
+					const e = new Error(g.f("Invalid Access Token"));
+					e.status = e.statusCode = 401;
+					e.code = "INVALID_TOKEN";
+					throw e;
+				});
+			}), cb);
+		};
+		AccessToken.findForRequest = function(req, options, cb) {
+			if (cb === void 0 && typeof options === "function") {
+				cb = options;
+				options = {};
+			}
+			const id = this.getIdForRequest(req, options);
+			return promiseOrCallback(id ? utils.invokeWithCallback(this.resolve, this, [id]) : Promise.resolve(null), cb);
+		};
+		AccessToken.prototype.validate = function(cb) {
+			const token = this;
+			return promiseOrCallback((async function() {
+				assert(token.created && typeof token.created.getTime === "function", "token.created must be a valid Date");
+				assert(token.ttl !== 0, "token.ttl must be not be 0");
+				assert(token.ttl, "token.ttl must exist");
+				assert(token.ttl >= -1, "token.ttl must be >= -1");
+				const AccessToken = token.constructor;
+				const userRelation = AccessToken.relations.user;
+				let User = userRelation && userRelation.modelTo;
+				if (token.principalType) {
+					User = AccessToken.registry.findModel(token.principalType);
+					if (!User) return false;
+				}
+				const elapsedSeconds = (Date.now() - token.created.getTime()) / 1e3;
+				const secondsToLive = token.ttl;
+				const eternalTokensAllowed = !!(User && User.settings.allowEternalTokens);
+				if (secondsToLive === -1 ? eternalTokensAllowed : elapsedSeconds < secondsToLive) return true;
+				await token.destroy();
+				return false;
+			})(), cb);
+		};
+	}
+	function promiseOrCallback(promise, cb) {
+		if (typeof cb === "function") {
+			promise.then(function(result) {
+				cb(null, result);
+			}, cb);
+			return;
+		}
+		return promise;
+	}
+	module.exports = configureAccessToken;
+}));
+//#endregion
+module.exports = require_access_token();

package/dist/common/models/access-token2.cjs

@@ -0,0 +1,43 @@
+//#region common/models/access-token.json
+var require_access_token = /* @__PURE__ */ require("../../_virtual/_rolldown/runtime.cjs").__commonJSMin(((exports, module) => {
+	module.exports = {
+		"name": "AccessToken",
+		"properties": {
+			"id": {
+				"type": "string",
+				"id": true
+			},
+			"ttl": {
+				"type": "number",
+				"ttl": true,
+				"default": 1209600,
+				"description": "time to live in seconds (2 weeks by default)"
+			},
+			"scopes": {
+				"type": ["string"],
+				"description": "Array of scopes granted to this access token."
+			},
+			"created": {
+				"type": "Date",
+				"defaultFn": "now"
+			}
+		},
+		"relations": { "user": {
+			"type": "belongsTo",
+			"model": "User",
+			"foreignKey": "userId"
+		} },
+		"acls": [{
+			"principalType": "ROLE",
+			"principalId": "$everyone",
+			"permission": "DENY"
+		}]
+	};
+}));
+//#endregion
+Object.defineProperty(exports, "default", {
+	enumerable: true,
+	get: function() {
+		return require_access_token();
+	}
+});

package/dist/common/models/acl.cjs

@@ -0,0 +1,428 @@
+"use strict";
+const require_runtime$1 = require("../../_virtual/_rolldown/runtime.cjs");
+const require_lib_globalize = require("../../lib/globalize.cjs");
+const require_lib_runtime = require("../../lib/runtime.cjs");
+const require_lib_utils = require("../../lib/utils.cjs");
+const require_lib_access_context = require("../../lib/access-context.cjs");
+//#region src/common/models/acl.ts
+var require_acl = /* @__PURE__ */ require_runtime$1.__commonJSMin(((exports, module) => {
+	const g = require_lib_globalize;
+	const runtime = require_lib_runtime;
+	const utils = require_lib_utils;
+	const assert = require("assert");
+	const debug = require("debug")("loopback:security:acl");
+	const ctx = (require_lib_access_context.init_access_context(), require_runtime$1.__toCommonJS(require_lib_access_context.access_context_exports));
+	const AccessContext = ctx.AccessContext;
+	const Principal = ctx.Principal;
+	const AccessRequest = ctx.AccessRequest;
+	module.exports = function(ACL) {
+		const Role = runtime.loopback.Role;
+		assert(Role, "Role model must be defined before ACL model");
+		ACL.ALL = AccessContext.ALL;
+		ACL.DEFAULT = AccessContext.DEFAULT;
+		ACL.ALLOW = AccessContext.ALLOW;
+		ACL.ALARM = AccessContext.ALARM;
+		ACL.AUDIT = AccessContext.AUDIT;
+		ACL.DENY = AccessContext.DENY;
+		ACL.READ = AccessContext.READ;
+		ACL.REPLICATE = AccessContext.REPLICATE;
+		ACL.WRITE = AccessContext.WRITE;
+		ACL.EXECUTE = AccessContext.EXECUTE;
+		ACL.USER = Principal.USER;
+		ACL.APP = ACL.APPLICATION = Principal.APPLICATION;
+		ACL.ROLE = Principal.ROLE;
+		ACL.SCOPE = Principal.SCOPE;
+		ACL.DEFAULT_SCOPE = ctx.DEFAULT_SCOPES[0];
+		ACL.getMatchingScore = function getMatchingScore(rule, req) {
+			const props = [
+				"model",
+				"property",
+				"accessType"
+			];
+			let score = 0;
+			for (let i = 0; i < props.length; i++) {
+				score = score * 4;
+				const ruleValue = rule[props[i]] || ACL.ALL;
+				const requestedValue = req[props[i]] || ACL.ALL;
+				const isMatchingMethodName = props[i] === "property" && req.methodNames.indexOf(ruleValue) !== -1;
+				let isMatchingAccessType = ruleValue === requestedValue;
+				if (props[i] === "accessType" && !isMatchingAccessType) switch (ruleValue) {
+					case ACL.EXECUTE:
+						isMatchingAccessType = true;
+						break;
+					case ACL.WRITE:
+						isMatchingAccessType = requestedValue === ACL.REPLICATE;
+						break;
+				}
+				if (isMatchingMethodName || isMatchingAccessType) score += 3;
+				else if (ruleValue === ACL.ALL) score += 2;
+				else if (requestedValue === ACL.ALL) score += 1;
+				else return -1;
+			}
+			score = score * 4;
+			switch (rule.principalType) {
+				case ACL.USER:
+					score += 4;
+					break;
+				case ACL.APP:
+					score += 3;
+					break;
+				case ACL.ROLE:
+					score += 2;
+					break;
+				default: score += 1;
+			}
+			score = score * 8;
+			if (rule.principalType === ACL.ROLE) switch (rule.principalId) {
+				case Role.OWNER:
+					score += 4;
+					break;
+				case Role.RELATED:
+					score += 3;
+					break;
+				case Role.AUTHENTICATED:
+				case Role.UNAUTHENTICATED:
+					score += 2;
+					break;
+				case Role.EVERYONE:
+					score += 1;
+					break;
+				default: score += 5;
+			}
+			score = score * 4;
+			score += AccessContext.permissionOrder[rule.permission || ACL.ALLOW] - 1;
+			return score;
+		};
+		ACL.prototype.score = function(req) {
+			return this.constructor.getMatchingScore(this, req);
+		};
+		ACL.resolvePermission = function resolvePermission(acls, req) {
+			if (!(req instanceof AccessRequest)) {
+				req.registry = this.registry;
+				req = new AccessRequest(req);
+			}
+			const scoredACLs = acls.map(function(acl, index) {
+				return {
+					acl,
+					index,
+					score: ACL.getMatchingScore(acl, req)
+				};
+			}).sort(function(rule1, rule2) {
+				return rule2.score - rule1.score || rule1.index - rule2.index;
+			});
+			let permission = ACL.DEFAULT;
+			for (let i = 0; i < scoredACLs.length; i++) {
+				const candidate = scoredACLs[i].acl;
+				if (scoredACLs[i].score < 0) break;
+				if (!req.isWildcard()) {
+					permission = candidate.permission;
+					break;
+				} else {
+					if (req.exactlyMatches(candidate)) {
+						permission = candidate.permission;
+						break;
+					}
+					if (AccessContext.permissionOrder[candidate.permission] > AccessContext.permissionOrder[permission]) {
+						permission = candidate.permission;
+						break;
+					}
+				}
+			}
+			if (debug.enabled) {
+				debug("The following ACLs were searched: ");
+				scoredACLs.forEach(function(result) {
+					result.acl.debug();
+					debug("with score:", result.score);
+				});
+			}
+			const res = new AccessRequest({
+				model: req.model,
+				property: req.property,
+				accessType: req.accessType,
+				permission: permission || ACL.DEFAULT,
+				registry: this.registry
+			});
+			res.settleDefaultPermission();
+			return res;
+		};
+		ACL.getStaticACLs = function getStaticACLs(model, property) {
+			const modelClass = this.registry.findModel(model);
+			const staticACLs = [];
+			if (modelClass && modelClass.settings.acls) modelClass.settings.acls.forEach(function(acl) {
+				let prop = acl.property;
+				if (Array.isArray(prop) && prop.indexOf(property) >= 0) prop = property;
+				if (!prop || prop === ACL.ALL || property === prop) staticACLs.push(new ACL({
+					model,
+					property: prop || ACL.ALL,
+					principalType: acl.principalType,
+					principalId: acl.principalId,
+					accessType: acl.accessType || ACL.ALL,
+					permission: acl.permission
+				}));
+			});
+			const prop = modelClass && (modelClass.definition.properties[property] || modelClass._scopeMeta && modelClass._scopeMeta[property] || modelClass[property] || modelClass.prototype[property]);
+			if (prop && prop.acls) prop.acls.forEach(function(acl) {
+				staticACLs.push(new ACL({
+					model: modelClass.modelName,
+					property,
+					principalType: acl.principalType,
+					principalId: acl.principalId,
+					accessType: acl.accessType,
+					permission: acl.permission
+				}));
+			});
+			return staticACLs;
+		};
+		ACL.checkPermission = function checkPermission(principalType, principalId, model, property, accessType, callback) {
+			if (!callback) callback = utils.createPromiseCallback();
+			if (principalId !== null && principalId !== void 0 && typeof principalId !== "string") principalId = principalId.toString();
+			property = property || ACL.ALL;
+			const propertyQuery = property === ACL.ALL ? void 0 : { inq: [property, ACL.ALL] };
+			accessType = accessType || ACL.ALL;
+			const accessTypeQuery = accessType === ACL.ALL ? void 0 : { inq: [
+				accessType,
+				ACL.ALL,
+				ACL.EXECUTE
+			] };
+			const req = new AccessRequest({
+				model,
+				property,
+				accessType,
+				registry: this.registry
+			});
+			let acls = this.getStaticACLs(model, property);
+			let resolved = this.resolvePermission(acls, req);
+			if (resolved && resolved.permission === ACL.DENY) {
+				debug("Permission denied by statically resolved permission");
+				debug(" Resolved Permission: %j", resolved);
+				process.nextTick(function() {
+					callback(null, resolved);
+				});
+				return callback.promise;
+			}
+			this.find({ where: {
+				principalType,
+				principalId,
+				model,
+				property: propertyQuery,
+				accessType: accessTypeQuery
+			} }, (err, dynACLs) => {
+				if (err) return callback(err);
+				acls = acls.concat(dynACLs);
+				resolved = this.resolvePermission(acls, req);
+				return callback(null, resolved);
+			});
+			return callback.promise;
+		};
+		ACL.prototype.debug = function() {
+			if (debug.enabled) {
+				debug("---ACL---");
+				debug("model %s", this.model);
+				debug("property %s", this.property);
+				debug("principalType %s", this.principalType);
+				debug("principalId %s", this.principalId);
+				debug("accessType %s", this.accessType);
+				debug("permission %s", this.permission);
+			}
+		};
+		ACL.isAllowed = function(permission, defaultPermission) {
+			if (permission === ACL.DEFAULT) permission = defaultPermission || ACL.ALLOW;
+			return permission !== ACL.DENY;
+		};
+		ACL.prototype.isAllowed = function(defaultPermission) {
+			return this.constructor.isAllowed(this.permission, defaultPermission);
+		};
+		ACL.checkAccessForContext = function(context, callback) {
+			if (!callback) callback = utils.createPromiseCallback();
+			this.resolveRelatedModels();
+			const roleModel = this.roleModel;
+			if (!(context instanceof AccessContext)) {
+				context.registry = this.registry;
+				context = new AccessContext(context);
+			}
+			let authorizedRoles = {};
+			const remotingContext = context.remotingContext;
+			const model = context.model;
+			const modelDefaultPermission = model && model.settings.defaultPermission;
+			const property = context.property;
+			const accessType = context.accessType;
+			const modelName = context.modelName;
+			const methodNames = context.methodNames;
+			const propertyQuery = property === ACL.ALL ? void 0 : { inq: methodNames.concat([ACL.ALL]) };
+			const accessTypeQuery = accessType === ACL.ALL ? void 0 : accessType === ACL.REPLICATE ? { inq: [
+				ACL.REPLICATE,
+				ACL.WRITE,
+				ACL.ALL
+			] } : { inq: [accessType, ACL.ALL] };
+			const req = new AccessRequest({
+				model: modelName,
+				property,
+				accessType,
+				permission: ACL.DEFAULT,
+				methodNames,
+				registry: this.registry
+			});
+			if (!context.isScopeAllowed()) {
+				req.permission = ACL.DENY;
+				debug("--Denied by scope config--");
+				debug("Scopes allowed:", context.accessToken.scopes || ctx.DEFAULT_SCOPES);
+				debug("Scope required:", context.getScopes());
+				context.debug();
+				callback(null, req);
+				return callback.promise;
+			}
+			const effectiveACLs = [];
+			const staticACLs = this.getStaticACLs(model.modelName, property);
+			const principalLookup = buildPrincipalLookup(context.principals);
+			const query = { where: {
+				model: { inq: [model.modelName, ACL.ALL] },
+				property: propertyQuery,
+				accessType: accessTypeQuery
+			} };
+			this.find(query, (err, acls) => {
+				if (err) return callback(err);
+				const roleCheckResults = Object.create(null);
+				const roleChecks = Object.create(null);
+				const inRoleChecks = [];
+				const pendingRoleACLs = [];
+				for (let i = 0; i < staticACLs.length; i++) acls.push(staticACLs[i]);
+				for (let i = 0; i < acls.length; i++) {
+					const acl = acls[i];
+					if (hasExactPrincipalMatch(principalLookup, acl)) {
+						effectiveACLs.push(acl);
+						continue;
+					}
+					if (acl.principalType !== ACL.ROLE) continue;
+					pendingRoleACLs.push(acl);
+					if (!roleChecks[acl.principalId]) {
+						const principalId = acl.principalId;
+						roleChecks[principalId] = utils.invokeWithCallback(roleModel.isInRole, roleModel, [principalId, context]).then(function(inRole) {
+							roleCheckResults[principalId] = inRole;
+							return inRole;
+						});
+						inRoleChecks.push(roleChecks[principalId]);
+					}
+				}
+				Promise.all(inRoleChecks).then(() => {
+					for (let i = 0; i < pendingRoleACLs.length; i++) {
+						const acl = pendingRoleACLs[i];
+						if (!roleCheckResults[acl.principalId]) continue;
+						effectiveACLs.push(acl);
+						if (acl.isAllowed(modelDefaultPermission)) authorizedRoles[acl.principalId] = true;
+					}
+					const resolved = this.resolvePermission(effectiveACLs, req);
+					debug("---Resolved---");
+					resolved.debug();
+					authorizedRoles = resolved.isAllowed() ? authorizedRoles : {};
+					saveAuthorizedRolesToRemotingContext(remotingContext, authorizedRoles);
+					return callback(null, resolved);
+				}).catch(function(error) {
+					return callback(error, null);
+				});
+			});
+			return callback.promise;
+		};
+		function buildPrincipalLookup(principals) {
+			const lookup = Object.create(null);
+			for (let i = 0; i < principals.length; i++) {
+				const principal = principals[i];
+				lookup[getPrincipalLookupKey(principal.type, principal.id)] = true;
+			}
+			return lookup;
+		}
+		function hasExactPrincipalMatch(principalLookup, acl) {
+			return principalLookup[getPrincipalLookupKey(acl.principalType, acl.principalId)] === true;
+		}
+		function getPrincipalLookupKey(type, id) {
+			return String(type) + ":" + String(id);
+		}
+		function saveAuthorizedRolesToRemotingContext(remotingContext, authorizedRoles) {
+			const options = remotingContext && remotingContext.args && remotingContext.args.options;
+			if (options && typeof options === "object") options.authorizedRoles = authorizedRoles;
+		}
+		ACL.checkAccessForToken = function(token, model, modelId, method, callback) {
+			assert(token, "Access token is required");
+			if (!callback) callback = utils.createPromiseCallback();
+			const context = new AccessContext({
+				registry: this.registry,
+				accessToken: token,
+				model,
+				property: method,
+				method,
+				modelId
+			});
+			this.checkAccessForContext(context, function(err, accessRequest) {
+				if (err) callback(err);
+				else callback(null, accessRequest.isAllowed());
+			});
+			return callback.promise;
+		};
+		ACL.resolveRelatedModels = function() {
+			if (!this.roleModel) {
+				const reg = this.registry;
+				this.roleModel = reg.getModelByType("Role");
+				this.roleMappingModel = reg.getModelByType("RoleMapping");
+				this.userModel = reg.getModelByType("User");
+				this.applicationModel = reg.getModelByType("Application");
+			}
+		};
+		ACL.resolvePrincipal = function(type, id, cb) {
+			cb = cb || utils.createPromiseCallback();
+			type = type || ACL.ROLE;
+			this.resolveRelatedModels();
+			switch (type) {
+				case ACL.ROLE:
+					this.roleModel.findOne({ where: { or: [{ name: id }, { id }] } }, cb);
+					break;
+				case ACL.USER:
+					this.userModel.findOne({ where: { or: [
+						{ username: id },
+						{ email: id },
+						{ id }
+					] } }, cb);
+					break;
+				case ACL.APP:
+					this.applicationModel.findOne({ where: { or: [
+						{ name: id },
+						{ email: id },
+						{ id }
+					] } }, cb);
+					break;
+				default:
+					const userModel = this.registry.findModel(type);
+					if (userModel) userModel.findOne({ where: { or: [
+						{ username: id },
+						{ email: id },
+						{ id }
+					] } }, cb);
+					else process.nextTick(function() {
+						const err = new Error(g.f("Invalid principal type: %s", type));
+						err.statusCode = 400;
+						err.code = "INVALID_PRINCIPAL_TYPE";
+						cb(err);
+					});
+			}
+			return cb.promise;
+		};
+		ACL.isMappedToRole = function(principalType, principalId, role, cb) {
+			cb = cb || utils.createPromiseCallback();
+			(async () => {
+				const principal = await utils.invokeWithCallback(this.resolvePrincipal, this, [principalType, principalId]);
+				if (principal != null) principalId = principal.id;
+				principalType = principalType || "ROLE";
+				const resolvedRole = await utils.invokeWithCallback(this.resolvePrincipal, this, ["ROLE", role]);
+				if (!resolvedRole) return null;
+				return utils.invokeWithCallback(this.roleMappingModel.findOne, this.roleMappingModel, [{ where: {
+					roleId: resolvedRole.id,
+					principalType,
+					principalId: String(principalId)
+				} }]);
+			})().then(function(result) {
+				cb(null, !!result);
+			}, cb);
+			return cb.promise;
+		};
+	};
+}));
+//#endregion
+module.exports = require_acl();

package/dist/common/models/acl2.cjs

@@ -0,0 +1,27 @@
+//#region common/models/acl.json
+var require_acl = /* @__PURE__ */ require("../../_virtual/_rolldown/runtime.cjs").__commonJSMin(((exports, module) => {
+	module.exports = {
+		"name": "ACL",
+		"properties": {
+			"model": {
+				"type": "string",
+				"description": "The name of the model"
+			},
+			"property": {
+				"type": "string",
+				"description": "The name of the property, method, scope, or relation"
+			},
+			"accessType": "string",
+			"permission": "string",
+			"principalType": "string",
+			"principalId": "string"
+		}
+	};
+}));
+//#endregion
+Object.defineProperty(exports, "default", {
+	enumerable: true,
+	get: function() {
+		return require_acl();
+	}
+});