aws-service-stack 0.18.371 → 0.18.372

package/dist/_examples/controller/property/property.config.js

@@ -1,55 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.CONFIG_PROPERTY = exports.PropertyConfig = exports.path = exports.openSearch_order = void 0;
-const base_config_1 = require("../../../model/base.config");
-const core_1 = require("../../../index.js");
-const order_repo_db_interface_1 = require("../../repositories/order/order-repo-db.interface");
-// OpenSearch configuration
-exports.openSearch_order = {
-    domain: "https://search-amplify-opense-1ddfdekgbbpwe-kgxh6aum57h2wc4moozm2jcvom.ap-southeast-1.es.amazonaws.com",
-    index: "order",
-};
-exports.path = "/property"; // url path base
-// Order configuration
-class PropertyConfig extends base_config_1.EntityConfigImpl {
-    constructor() {
-        // DYNAMODB
-        const tableName = "Property-dev";
-        const ownerFieldName = "ownerId";
-        const indexMap = new core_1.DynamoIndexMap()
-            .setFields("ownerId")
-            .set("byAgent", { field: "agentId", rFields: ["agentId"] })
-            .set("propertyByBranch", { field: "branchId", rFields: ["branchId"] })
-            .set("byOrg", { field: "organizationId", rFields: ["organizationId"] });
-        // PERMISSIONS
-        const adminGroupNames = ["adminUsers"];
-        const policyList = [
-            { method: core_1.HttpMethod.GET, path: `${exports.path}`, access: [core_1.Access.USER, core_1.Access.PUBLIC, core_1.Access.ADMIN] },
-            { method: core_1.HttpMethod.GET, path: `${exports.path}/search`, access: [core_1.Access.USER], response: order_repo_db_interface_1.RESPONSE_FIELDS_LIST },
-            { method: core_1.HttpMethod.GET, path: `${exports.path}/search/query`, access: [core_1.Access.USER], response: order_repo_db_interface_1.RESPONSE_FIELDS_LIST },
-            { method: core_1.HttpMethod.GET, path: `${exports.path}/search/query/total-count`, access: [core_1.Access.USER] },
-            { method: core_1.HttpMethod.GET, path: `${exports.path}/{id}`, access: [core_1.Access.USER], response: order_repo_db_interface_1.RESPONSE_FIELDS_DETAILS },
-            { method: core_1.HttpMethod.POST, path: `${exports.path}`, access: [core_1.Access.USER], validator: order_repo_db_interface_1.CREATE, response: order_repo_db_interface_1.RESPONSE_FIELDS_DETAILS },
-            { method: core_1.HttpMethod.PUT, path: `${exports.path}/{id}`, access: [core_1.Access.USER], validator: order_repo_db_interface_1.REPLACE, response: order_repo_db_interface_1.RESPONSE_FIELDS_DETAILS },
-            { method: core_1.HttpMethod.PATCH, path: `${exports.path}/{id}`, access: [core_1.Access.USER], validator: order_repo_db_interface_1.UPDATE, response: order_repo_db_interface_1.RESPONSE_FIELDS_DETAILS },
-            { method: core_1.HttpMethod.DELETE, path: `${exports.path}/{id}`, access: [core_1.Access.USER] },
-        ];
-        // SCOPES
-        const scopeMap = new core_1.ScopeMap()
-            .set("branch", { filterField: "branchId", claimKey: "sub" })
-            .set("agent", { filterField: "agentId", claimKey: "custom:agent" })
-            .set("org", { filterField: "organizationId", claimKey: "custom:org" });
-        // INIT
-        super(exports.path, adminGroupNames);
-        this.setDynamoDB(tableName, ownerFieldName, indexMap)
-            .setOpenSearch(exports.openSearch_order.domain, exports.openSearch_order.index)
-            .setPolicies(policyList)
-            .setScopes(scopeMap)
-            .setRoleTable("Permission-dev")
-            .setRolePath("/permission/plp");
-    }
-}
-exports.PropertyConfig = PropertyConfig;
-// Export default Order configuration
-exports.CONFIG_PROPERTY = new PropertyConfig();
-//# sourceMappingURL=property.config.js.map

package/dist/_examples/controller/property/property.config.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"property.config.js","sourceRoot":"","sources":["../../../../src/_examples/controller/property/property.config.ts"],"names":[],"mappings":";;;AAAA,4DAA8D;AAC9D,yCAAwG;AACxG,8FAM0D;AAE1D,2BAA2B;AACd,QAAA,gBAAgB,GAAG;IAC9B,MAAM,EAAE,wGAAwG;IAChH,KAAK,EAAE,OAAO;CACf,CAAC;AACW,QAAA,IAAI,GAAG,WAAW,CAAC,CAAC,gBAAgB;AAEjD,sBAAsB;AACtB,MAAa,cAAe,SAAQ,8BAAgB;IAClD;QACE,WAAW;QACX,MAAM,SAAS,GAAG,cAAc,CAAC;QACjC,MAAM,cAAc,GAAG,SAAS,CAAC;QACjC,MAAM,QAAQ,GAAG,IAAI,qBAAc,EAAE;aAClC,SAAS,CAAC,SAAS,CAAC;aACpB,GAAG,CAAC,SAAS,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC;aAC1D,GAAG,CAAC,kBAAkB,EAAE,EAAE,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC;aACrE,GAAG,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,gBAAgB,EAAE,OAAO,EAAE,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC;QAE1E,cAAc;QACd,MAAM,eAAe,GAAG,CAAC,YAAY,CAAC,CAAC;QAEvC,MAAM,UAAU,GAAqB;YACnC,EAAE,MAAM,EAAE,iBAAC,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,YAAI,EAAE,EAAE,MAAM,EAAE,CAAC,aAAC,CAAC,IAAI,EAAE,aAAC,CAAC,MAAM,EAAE,aAAC,CAAC,KAAK,CAAC,EAAE;YACvE,EAAE,MAAM,EAAE,iBAAC,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,YAAI,SAAS,EAAE,MAAM,EAAE,CAAC,aAAC,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,8CAAQ,EAAE;YAC/E,EAAE,MAAM,EAAE,iBAAC,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,YAAI,eAAe,EAAE,MAAM,EAAE,CAAC,aAAC,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,8CAAQ,EAAE;YACrF,EAAE,MAAM,EAAE,iBAAC,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,YAAI,2BAA2B,EAAE,MAAM,EAAE,CAAC,aAAC,CAAC,IAAI,CAAC,EAAE;YAC7E,EAAE,MAAM,EAAE,iBAAC,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,YAAI,OAAO,EAAE,MAAM,EAAE,CAAC,aAAC,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,iDAAQ,EAAE;YAC7E,EAAE,MAAM,EAAE,iBAAC,CAAC,IAAI,EAAE,IAAI,EAAE,GAAG,YAAI,EAAE,EAAE,MAAM,EAAE,CAAC,aAAC,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,gCAAM,EAAE,QAAQ,EAAE,iDAAQ,EAAE;YAC5F,EAAE,MAAM,EAAE,iBAAC,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,YAAI,OAAO,EAAE,MAAM,EAAE,CAAC,aAAC,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,iCAAO,EAAE,QAAQ,EAAE,iDAAQ,EAAE;YACjG,EAAE,MAAM,EAAE,iBAAC,CAAC,KAAK,EAAE,IAAI,EAAE,GAAG,YAAI,OAAO,EAAE,MAAM,EAAE,CAAC,aAAC,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,gCAAM,EAAE,QAAQ,EAAE,iDAAQ,EAAE;YAClG,EAAE,MAAM,EAAE,iBAAC,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,YAAI,OAAO,EAAE,MAAM,EAAE,CAAC,aAAC,CAAC,IAAI,CAAC,EAAE;SAC7D,CAAC;QAEF,SAAS;QACT,MAAM,QAAQ,GAAG,IAAI,eAAQ,EAAE;aAC5B,GAAG,CAAC,QAAQ,EAAE,EAAE,WAAW,EAAE,UAAU,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;aAC3D,GAAG,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,SAAS,EAAE,QAAQ,EAAE,cAAc,EAAE,CAAC;aAClE,GAAG,CAAC,KAAK,EAAE,EAAE,WAAW,EAAE,gBAAgB,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC,CAAC;QAEzE,OAAO;QACP,KAAK,CAAC,YAAI,EAAE,eAAe,CAAC,CAAC;QAC7B,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,cAAc,EAAE,QAAQ,CAAC;aAClD,aAAa,CAAC,wBAAgB,CAAC,MAAM,EAAE,wBAAgB,CAAC,KAAK,CAAC;aAC9D,WAAW,CAAC,UAAU,CAAC;aACvB,SAAS,CAAC,QAAQ,CAAC;aACnB,YAAY,CAAC,gBAAgB,CAAC;aAC9B,WAAW,CAAC,iBAAiB,CAAC,CAAC;IACpC,CAAC;CACF;AAzCD,wCAyCC;AAED,qCAAqC;AACxB,QAAA,eAAe,GAAG,IAAI,cAAc,EAAE,CAAC","sourcesContent":["import { EntityConfigImpl } from \"../../../model/base.config\";\nimport { Access as a, DynamoIndexMap, EndpointPolicy, HttpMethod as m, ScopeMap } from \"@chinggis/core\";\nimport {\n  CREATE,\n  REPLACE,\n  RESPONSE_FIELDS_DETAILS as FIELDS_D,\n  RESPONSE_FIELDS_LIST as FIELDS_L,\n  UPDATE,\n} from \"../../repositories/order/order-repo-db.interface\";\n\n// OpenSearch configuration\nexport const openSearch_order = {\n  domain: \"https://search-amplify-opense-1ddfdekgbbpwe-kgxh6aum57h2wc4moozm2jcvom.ap-southeast-1.es.amazonaws.com\",\n  index: \"order\",\n};\nexport const path = \"/property\"; // url path base\n\n// Order configuration\nexport class PropertyConfig extends EntityConfigImpl {\n  constructor() {\n    // DYNAMODB\n    const tableName = \"Property-dev\";\n    const ownerFieldName = \"ownerId\";\n    const indexMap = new DynamoIndexMap()\n      .setFields(\"ownerId\")\n      .set(\"byAgent\", { field: \"agentId\", rFields: [\"agentId\"] })\n      .set(\"propertyByBranch\", { field: \"branchId\", rFields: [\"branchId\"] })\n      .set(\"byOrg\", { field: \"organizationId\", rFields: [\"organizationId\"] });\n\n    // PERMISSIONS\n    const adminGroupNames = [\"adminUsers\"];\n\n    const policyList: EndpointPolicy[] = [\n      { method: m.GET, path: `${path}`, access: [a.USER, a.PUBLIC, a.ADMIN] },\n      { method: m.GET, path: `${path}/search`, access: [a.USER], response: FIELDS_L },\n      { method: m.GET, path: `${path}/search/query`, access: [a.USER], response: FIELDS_L },\n      { method: m.GET, path: `${path}/search/query/total-count`, access: [a.USER] },\n      { method: m.GET, path: `${path}/{id}`, access: [a.USER], response: FIELDS_D },\n      { method: m.POST, path: `${path}`, access: [a.USER], validator: CREATE, response: FIELDS_D },\n      { method: m.PUT, path: `${path}/{id}`, access: [a.USER], validator: REPLACE, response: FIELDS_D },\n      { method: m.PATCH, path: `${path}/{id}`, access: [a.USER], validator: UPDATE, response: FIELDS_D },\n      { method: m.DELETE, path: `${path}/{id}`, access: [a.USER] },\n    ];\n\n    // SCOPES\n    const scopeMap = new ScopeMap()\n      .set(\"branch\", { filterField: \"branchId\", claimKey: \"sub\" })\n      .set(\"agent\", { filterField: \"agentId\", claimKey: \"custom:agent\" })\n      .set(\"org\", { filterField: \"organizationId\", claimKey: \"custom:org\" });\n\n    // INIT\n    super(path, adminGroupNames);\n    this.setDynamoDB(tableName, ownerFieldName, indexMap)\n      .setOpenSearch(openSearch_order.domain, openSearch_order.index)\n      .setPolicies(policyList)\n      .setScopes(scopeMap)\n      .setRoleTable(\"Permission-dev\")\n      .setRolePath(\"/permission/plp\");\n  }\n}\n\n// Export default Order configuration\nexport const CONFIG_PROPERTY = new PropertyConfig();\n"]}

package/dist/_examples/controller/property/property.controller.d.ts

@@ -1,14 +0,0 @@
-import { OrderService } from "../../service/order-service.interface";
-import "../../service/order-service";
-import { Order } from "src/_examples/model-shared/example.model";
-import { HttpRequest } from "src/utils";
-import { ControllerApi } from "src/controller";
-/**
- * Example Controller for Profile: Validator (Zod) is set centrally.
- * Scopes are configured in PropertyConfig via ScopeMap.
- */
-export declare class PropertyController extends ControllerApi<Order, OrderService> {
-    protected processCrudRequest(event: HttpRequest): Promise<any>;
-    constructor();
-    getPermission(permission: string): Promise<boolean>;
-}

package/dist/_examples/controller/property/property.controller.js

@@ -1,72 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
-    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-    return c > 3 && r && Object.defineProperty(target, key, r), r;
-};
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
-var __metadata = (this && this.__metadata) || function (k, v) {
-    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.PropertyController = void 0;
-const typedi_1 = __importStar(require("typedi"));
-const property_config_1 = require("./property.config");
-require("../../service/order-service");
-const controller_1 = require("src/controller");
-const property_permissions_1 = require("./property.permissions");
-/**
- * Example Controller for Profile: Validator (Zod) is set centrally.
- * Scopes are configured in PropertyConfig via ScopeMap.
- */
-let PropertyController = class PropertyController extends controller_1.ControllerApi {
-    processCrudRequest(event) {
-        return undefined;
-    }
-    constructor() {
-        const service = typedi_1.default.get("OrderService");
-        super(service, property_config_1.CONFIG_PROPERTY.toObject());
-    }
-    async getPermission(permission) {
-        return (0, property_permissions_1.hasPropertyPermission)(permission);
-    }
-};
-exports.PropertyController = PropertyController;
-exports.PropertyController = PropertyController = __decorate([
-    (0, typedi_1.Service)("PropertyController"),
-    __metadata("design:paramtypes", [])
-], PropertyController);
-//# sourceMappingURL=property.controller.js.map

package/dist/_examples/controller/property/property.controller.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"property.controller.js","sourceRoot":"","sources":["../../../../src/_examples/controller/property/property.controller.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAA4C;AAG5C,uDAAoD;AAEpD,uCAAqC;AAGrC,+CAA+C;AAC/C,iEAA+D;AAE/D;;;GAGG;AAEI,IAAM,kBAAkB,GAAxB,MAAM,kBAAmB,SAAQ,0BAAkC;IAC9D,kBAAkB,CAAC,KAAkB;QAC7C,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;QACE,MAAM,OAAO,GAAiB,gBAAS,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAC5D,KAAK,CAAC,OAAO,EAAE,iCAAe,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,UAAkB;QACpC,OAAO,IAAA,4CAAqB,EAAC,UAAU,CAAC,CAAC;IAC3C,CAAC;CACF,CAAA;AAbY,gDAAkB;6BAAlB,kBAAkB;IAD9B,IAAA,gBAAO,EAAC,oBAAoB,CAAC;;GACjB,kBAAkB,CAa9B","sourcesContent":["import Container, { Service } from \"typedi\";\nimport {} from \"../../../controller/base-controller\";\n\nimport { CONFIG_PROPERTY } from \"./property.config\";\nimport { OrderService } from \"../../service/order-service.interface\";\nimport \"../../service/order-service\";\nimport { Order } from \"src/_examples/model-shared/example.model\";\nimport { HttpRequest } from \"src/utils\";\nimport { ControllerApi } from \"src/controller\";\nimport { hasPropertyPermission } from \"./property.permissions\";\n\n/**\n * Example Controller for Profile: Validator (Zod) is set centrally.\n * Scopes are configured in PropertyConfig via ScopeMap.\n */\n@Service(\"PropertyController\")\nexport class PropertyController extends ControllerApi<Order, OrderService> {\n  protected processCrudRequest(event: HttpRequest): Promise<any> {\n    return undefined;\n  }\n\n  constructor() {\n    const service: OrderService = Container.get(\"OrderService\");\n    super(service, CONFIG_PROPERTY.toObject());\n  }\n\n  async getPermission(permission: string): Promise<boolean> {\n    return hasPropertyPermission(permission);\n  }\n}\n"]}

package/dist/_examples/controller/property/property.permissions.d.ts

@@ -1,2 +0,0 @@
-export declare const PROPERTY_PERMISSION_KEYS: Set<string>;
-export declare function hasPropertyPermission(permission: string): boolean;

package/dist/_examples/controller/property/property.permissions.js

@@ -1,19 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.PROPERTY_PERMISSION_KEYS = void 0;
-exports.hasPropertyPermission = hasPropertyPermission;
-exports.PROPERTY_PERMISSION_KEYS = new Set([
-    "adminusers.property.branch.GET",
-    "adminusers.property.branch.POST",
-    "user.property.branch.GET",
-    "user.property.agent.GET",
-    "user.property.agent.POST",
-    "owner.property.branch.GET",
-    "owner.property.branch.POST",
-    "owner.property.agent.GET",
-    "owner.property.agent.POST",
-]);
-function hasPropertyPermission(permission) {
-    return exports.PROPERTY_PERMISSION_KEYS.has(permission);
-}
-//# sourceMappingURL=property.permissions.js.map

package/dist/_examples/controller/property/property.permissions.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"property.permissions.js","sourceRoot":"","sources":["../../../../src/_examples/controller/property/property.permissions.ts"],"names":[],"mappings":";;;AAYA,sDAEC;AAdY,QAAA,wBAAwB,GAAG,IAAI,GAAG,CAAS;IACtD,gCAAgC;IAChC,iCAAiC;IACjC,0BAA0B;IAC1B,yBAAyB;IACzB,0BAA0B;IAC1B,2BAA2B;IAC3B,4BAA4B;IAC5B,0BAA0B;IAC1B,2BAA2B;CAC5B,CAAC,CAAC;AAEH,SAAgB,qBAAqB,CAAC,UAAkB;IACtD,OAAO,gCAAwB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;AAClD,CAAC","sourcesContent":["export const PROPERTY_PERMISSION_KEYS = new Set<string>([\n  \"adminusers.property.branch.GET\",\n  \"adminusers.property.branch.POST\",\n  \"user.property.branch.GET\",\n  \"user.property.agent.GET\",\n  \"user.property.agent.POST\",\n  \"owner.property.branch.GET\",\n  \"owner.property.branch.POST\",\n  \"owner.property.agent.GET\",\n  \"owner.property.agent.POST\",\n]);\n\nexport function hasPropertyPermission(permission: string): boolean {\n  return PROPERTY_PERMISSION_KEYS.has(permission);\n}\n"]}

package/dist/controller/controller-role.d.ts

@@ -1,56 +0,0 @@
-import { Permission } from "../model/role.model";
-import { ScopeMap } from "../model/base.model";
-import { HttpRequest } from "../utils/http/http.util";
-import { PermissionService } from "../service/permission.service";
-/**
- * ControllerRole — centralized Permission CRUD + RBAC access enforcement.
- *
- * All caching and DB orchestration lives in PermissionService.
- *
- * Scope validation, scope filtering, and permission checks are centralized here
- * so that ControllerApi (and any other consumer) delegates without duplicating logic.
- */
-export declare class ControllerRole {
-    protected readonly permissionService: PermissionService;
-    constructor(roleTableName: string);
-    addPermission(input: {
-        role: string;
-        resource: string;
-        scope: string;
-        method: Permission["method"];
-    }): Promise<Permission>;
-    updatePermission(id: string, updates: Partial<Pick<Permission, "role" | "resource" | "scope" | "method">>): Promise<Permission>;
-    deletePermission(id: string): Promise<boolean>;
-    getPermission(id: string): Promise<Permission | null>;
-    listPermissions(): Promise<Permission[]>;
-    addRole(userPoolId: string, groupName: string, description?: string): Promise<{
-        groupName: string;
-        description?: string;
-    }>;
-    assignRole(userPoolId: string, username: string, groupName: string): Promise<void>;
-    hasPermission(role: string, resource: string, scope: string, method: string): Promise<boolean>;
-    getPermissionByKey(permissionKey: string): Promise<Permission | null>;
-    /**
-     * Centralized RBAC check: validates scope, checks permission via DB, applies scope filter.
-     *
-     * Only runs when both `role` and `scope` are present in the request.
-     * When either is absent, scope filters are cleared to block user injection.
-     *
-     * @param req       The parsed HTTP request
-     * @param resource  The resource name (e.g. "property")
-     * @param scopeMap  The scope configuration from EntityConfig
-     */
-    checkRbacAccess(req: HttpRequest, resource: string, scopeMap: ScopeMap): Promise<void>;
-    /** Extract user role from JWT groups. */
-    private extractRole;
-    /** Resolve and validate the scope query param against the ScopeMap. */
-    private resolveScope;
-    /**
-     * Apply scope-based data filter from identity claims.
-     * Clears ALL scope-controlled filter fields first (block injection),
-     * then sets only the matched scope's claim value.
-     */
-    private applyScopeFilter;
-    /** Clear all scope-controlled filter fields — prevents user injection when no RBAC applies. */
-    private removeScopeFilter;
-}

package/dist/controller/controller-role.js

@@ -1,140 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.ControllerRole = void 0;
-const exception_1 = require("../exception");
-const permission_service_1 = require("../service/permission.service");
-const cognito_1 = require("../function/cognito");
-/**
- * ControllerRole — centralized Permission CRUD + RBAC access enforcement.
- *
- * All caching and DB orchestration lives in PermissionService.
- *
- * Scope validation, scope filtering, and permission checks are centralized here
- * so that ControllerApi (and any other consumer) delegates without duplicating logic.
- */
-class ControllerRole {
-    permissionService;
-    constructor(roleTableName) {
-        this.permissionService = new permission_service_1.PermissionService(roleTableName);
-    }
-    // ---------------------------------------------------------------------------
-    // CRUD
-    // ---------------------------------------------------------------------------
-    async addPermission(input) {
-        return this.permissionService.createPermission(input);
-    }
-    async updatePermission(id, updates) {
-        return this.permissionService.updatePermission(id, updates);
-    }
-    async deletePermission(id) {
-        return this.permissionService.deletePermission(id);
-    }
-    async getPermission(id) {
-        if (!id)
-            throw new exception_1.ErrorHttp({ code: 400, error: "BadRequest" }, "Permission id is required");
-        return this.permissionService.getPermissionById(id);
-    }
-    async listPermissions() {
-        return this.permissionService.listPermissions();
-    }
-    // ---------------------------------------------------------------------------
-    // Role (Cognito group)
-    // ---------------------------------------------------------------------------
-    async addRole(userPoolId, groupName, description) {
-        return (0, cognito_1.createGroup)(userPoolId, groupName, description);
-    }
-    async assignRole(userPoolId, username, groupName) {
-        return (0, cognito_1.addUserToGroup)(userPoolId, username, groupName);
-    }
-    // ---------------------------------------------------------------------------
-    // Permission check
-    // ---------------------------------------------------------------------------
-    async hasPermission(role, resource, scope, method) {
-        return this.permissionService.hasPermission(role, resource, scope, method);
-    }
-    async getPermissionByKey(permissionKey) {
-        return this.permissionService.getPermissionByKey(permissionKey);
-    }
-    // ---------------------------------------------------------------------------
-    // RBAC access enforcement (used by ControllerApi)
-    // ---------------------------------------------------------------------------
-    /**
-     * Centralized RBAC check: validates scope, checks permission via DB, applies scope filter.
-     *
-     * Only runs when both `role` and `scope` are present in the request.
-     * When either is absent, scope filters are cleared to block user injection.
-     *
-     * @param req       The parsed HTTP request
-     * @param resource  The resource name (e.g. "property")
-     * @param scopeMap  The scope configuration from EntityConfig
-     */
-    async checkRbacAccess(req, resource, scopeMap) {
-        const role = this.extractRole(req);
-        const scope = this.resolveScope(req, scopeMap);
-        const method = req.methode.toUpperCase();
-        if (role && scope) {
-            const allowed = await this.permissionService.hasPermission(role, resource, scope, method);
-            if (!allowed) {
-                const key = `${role}#${resource}#${scope}`;
-                throw new exception_1.ErrorHttp({ code: 403, error: "PermissionDenied" }, `Permission denied: role="${role}" lacks "${key}.${method}"`);
-            }
-            this.applyScopeFilter(req, scope, scopeMap);
-        }
-        else {
-            this.removeScopeFilter(req, scopeMap);
-        }
-    }
-    // ---------------------------------------------------------------------------
-    // Scope helpers (private — single source of truth)
-    // ---------------------------------------------------------------------------
-    /** Extract user role from JWT groups. */
-    extractRole(req) {
-        return req.identity?.groups?.[0];
-    }
-    /** Resolve and validate the scope query param against the ScopeMap. */
-    resolveScope(req, scopeMap) {
-        if (!scopeMap?.size)
-            return undefined;
-        const scope = req.queryStringParameters?.scope || req.customQueryParameters?.scope;
-        if (!scope)
-            return undefined;
-        if (!scopeMap.has(scope)) {
-            const allowed = Array.from(scopeMap.keys()).join(", ");
-            throw new exception_1.ErrorHttp({ code: 400, error: "BadRequest" }, `Invalid scope "${scope}". Allowed: ${allowed}`);
-        }
-        return scope;
-    }
-    /**
-     * Apply scope-based data filter from identity claims.
-     * Clears ALL scope-controlled filter fields first (block injection),
-     * then sets only the matched scope's claim value.
-     */
-    applyScopeFilter(req, scope, scopeMap) {
-        if (!req.filter)
-            req.filter = {};
-        for (const [, entry] of scopeMap) {
-            delete req.filter[entry.filterField];
-        }
-        const mapping = scopeMap.get(scope);
-        if (!mapping)
-            return;
-        const claimKey = mapping.claimKey ?? "custom:" + scope;
-        const claimValue = req.identity?.[claimKey] || req.identity?.attributes?.[claimKey];
-        if (!claimValue) {
-            throw new exception_1.ErrorHttp({ code: 403, error: "PermissionDenied" }, `Missing claim "${claimKey}" for scope "${scope}"`);
-        }
-        req.filter[mapping.filterField] = claimValue;
-        delete req.filter?.scope;
-    }
-    /** Clear all scope-controlled filter fields — prevents user injection when no RBAC applies. */
-    removeScopeFilter(req, scopeMap) {
-        if (!req.filter)
-            req.filter = {};
-        for (const [, entry] of scopeMap) {
-            delete req.filter[entry.filterField];
-        }
-        delete req.filter["scope"];
-    }
-}
-exports.ControllerRole = ControllerRole;
-//# sourceMappingURL=controller-role.js.map

package/dist/controller/controller-role.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"controller-role.js","sourceRoot":"","sources":["../../src/controller/controller-role.ts"],"names":[],"mappings":";;;AAAA,4CAAyC;AAIzC,sEAAkE;AAClE,iDAAkE;AAElE;;;;;;;GAOG;AACH,MAAa,cAAc;IACN,iBAAiB,CAAoB;IAExD,YAAY,aAAqB;QAC/B,IAAI,CAAC,iBAAiB,GAAG,IAAI,sCAAiB,CAAC,aAAa,CAAC,CAAC;IAChE,CAAC;IAED,8EAA8E;IAC9E,OAAO;IACP,8EAA8E;IAE9E,KAAK,CAAC,aAAa,CAAC,KAKnB;QACC,OAAO,IAAI,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;IACxD,CAAC;IAED,KAAK,CAAC,gBAAgB,CACpB,EAAU,EACV,OAA4E;QAE5E,OAAO,IAAI,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;IAC9D,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,EAAU;QAC/B,OAAO,IAAI,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC;IACrD,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,EAAU;QAC5B,IAAI,CAAC,EAAE;YAAE,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,2BAA2B,CAAC,CAAC;QAC9F,OAAO,IAAI,CAAC,iBAAiB,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;IACtD,CAAC;IAED,KAAK,CAAC,eAAe;QACnB,OAAO,IAAI,CAAC,iBAAiB,CAAC,eAAe,EAAE,CAAC;IAClD,CAAC;IAED,8EAA8E;IAC9E,uBAAuB;IACvB,8EAA8E;IAE9E,KAAK,CAAC,OAAO,CAAC,UAAkB,EAAE,SAAiB,EAAE,WAAoB;QACvE,OAAO,IAAA,qBAAW,EAAC,UAAU,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;IACzD,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,UAAkB,EAAE,QAAgB,EAAE,SAAiB;QACtE,OAAO,IAAA,wBAAc,EAAC,UAAU,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IACzD,CAAC;IAED,8EAA8E;IAC9E,mBAAmB;IACnB,8EAA8E;IAE9E,KAAK,CAAC,aAAa,CAAC,IAAY,EAAE,QAAgB,EAAE,KAAa,EAAE,MAAc;QAC/E,OAAO,IAAI,CAAC,iBAAiB,CAAC,aAAa,CAAC,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAC7E,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,aAAqB;QAC5C,OAAO,IAAI,CAAC,iBAAiB,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC;IAClE,CAAC;IAED,8EAA8E;IAC9E,kDAAkD;IAClD,8EAA8E;IAE9E;;;;;;;;;OASG;IACH,KAAK,CAAC,eAAe,CAAC,GAAgB,EAAE,QAAgB,EAAE,QAAkB;QAC1E,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QACnC,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAC/C,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;QAEzC,IAAI,IAAI,IAAI,KAAK,EAAE,CAAC;YAClB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,aAAa,CAAC,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;YAE1F,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,GAAG,GAAG,GAAG,IAAI,IAAI,QAAQ,IAAI,KAAK,EAAE,CAAC;gBAC3C,MAAM,IAAI,qBAAS,CACjB,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,kBAAkB,EAAE,EACxC,4BAA4B,IAAI,YAAY,GAAG,IAAI,MAAM,GAAG,CAC7D,CAAC;YACJ,CAAC;YAED,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;IAED,8EAA8E;IAC9E,mDAAmD;IACnD,8EAA8E;IAE9E,yCAAyC;IACjC,WAAW,CAAC,GAAgB;QAClC,OAAO,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC;IACnC,CAAC;IAED,uEAAuE;IAC/D,YAAY,CAAC,GAAgB,EAAE,QAAkB;QACvD,IAAI,CAAC,QAAQ,EAAE,IAAI;YAAE,OAAO,SAAS,CAAC;QAEtC,MAAM,KAAK,GAAG,GAAG,CAAC,qBAAqB,EAAE,KAAK,IAAI,GAAG,CAAC,qBAAqB,EAAE,KAAK,CAAC;QACnF,IAAI,CAAC,KAAK;YAAE,OAAO,SAAS,CAAC;QAE7B,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACvD,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,kBAAkB,KAAK,eAAe,OAAO,EAAE,CAAC,CAAC;QAC3G,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;;OAIG;IACK,gBAAgB,CAAC,GAAgB,EAAE,KAAa,EAAE,QAAkB;QAC1E,IAAI,CAAC,GAAG,CAAC,MAAM;YAAE,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC;QAEjC,KAAK,MAAM,CAAC,EAAE,KAAK,CAAC,IAAI,QAAQ,EAAE,CAAC;YACjC,OAAO,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QACvC,CAAC;QAED,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACpC,IAAI,CAAC,OAAO;YAAE,OAAO;QAErB,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,SAAS,GAAG,KAAK,CAAC;QACvD,MAAM,UAAU,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,QAAQ,EAAE,UAAU,EAAE,CAAC,QAAQ,CAAC,CAAC;QAEpF,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,kBAAkB,EAAE,EAAE,kBAAkB,QAAQ,gBAAgB,KAAK,GAAG,CAAC,CAAC;QACpH,CAAC;QAED,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,GAAG,UAAU,CAAC;QAC7C,OAAO,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC;IAC3B,CAAC;IAED,+FAA+F;IACvF,iBAAiB,CAAC,GAAgB,EAAE,QAAkB;QAC5D,IAAI,CAAC,GAAG,CAAC,MAAM;YAAE,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC;QAEjC,KAAK,MAAM,CAAC,EAAE,KAAK,CAAC,IAAI,QAAQ,EAAE,CAAC;YACjC,OAAO,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QACvC,CAAC;QACD,OAAO,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;CACF;AA/JD,wCA+JC","sourcesContent":["import { ErrorHttp } from \"../exception\";\nimport { Permission } from \"../model/role.model\";\nimport { ScopeMap } from \"../model/base.model\";\nimport { HttpRequest } from \"../utils/http/http.util\";\nimport { PermissionService } from \"../service/permission.service\";\nimport { createGroup, addUserToGroup } from \"../function/cognito\";\n\n/**\n * ControllerRole — centralized Permission CRUD + RBAC access enforcement.\n *\n * All caching and DB orchestration lives in PermissionService.\n *\n * Scope validation, scope filtering, and permission checks are centralized here\n * so that ControllerApi (and any other consumer) delegates without duplicating logic.\n */\nexport class ControllerRole {\n  protected readonly permissionService: PermissionService;\n\n  constructor(roleTableName: string) {\n    this.permissionService = new PermissionService(roleTableName);\n  }\n\n  // ---------------------------------------------------------------------------\n  // CRUD\n  // ---------------------------------------------------------------------------\n\n  async addPermission(input: {\n    role: string;\n    resource: string;\n    scope: string;\n    method: Permission[\"method\"];\n  }): Promise<Permission> {\n    return this.permissionService.createPermission(input);\n  }\n\n  async updatePermission(\n    id: string,\n    updates: Partial<Pick<Permission, \"role\" | \"resource\" | \"scope\" | \"method\">>,\n  ): Promise<Permission> {\n    return this.permissionService.updatePermission(id, updates);\n  }\n\n  async deletePermission(id: string): Promise<boolean> {\n    return this.permissionService.deletePermission(id);\n  }\n\n  async getPermission(id: string): Promise<Permission | null> {\n    if (!id) throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"Permission id is required\");\n    return this.permissionService.getPermissionById(id);\n  }\n\n  async listPermissions(): Promise<Permission[]> {\n    return this.permissionService.listPermissions();\n  }\n\n  // ---------------------------------------------------------------------------\n  // Role (Cognito group)\n  // ---------------------------------------------------------------------------\n\n  async addRole(userPoolId: string, groupName: string, description?: string) {\n    return createGroup(userPoolId, groupName, description);\n  }\n\n  async assignRole(userPoolId: string, username: string, groupName: string): Promise<void> {\n    return addUserToGroup(userPoolId, username, groupName);\n  }\n\n  // ---------------------------------------------------------------------------\n  // Permission check\n  // ---------------------------------------------------------------------------\n\n  async hasPermission(role: string, resource: string, scope: string, method: string): Promise<boolean> {\n    return this.permissionService.hasPermission(role, resource, scope, method);\n  }\n\n  async getPermissionByKey(permissionKey: string): Promise<Permission | null> {\n    return this.permissionService.getPermissionByKey(permissionKey);\n  }\n\n  // ---------------------------------------------------------------------------\n  // RBAC access enforcement (used by ControllerApi)\n  // ---------------------------------------------------------------------------\n\n  /**\n   * Centralized RBAC check: validates scope, checks permission via DB, applies scope filter.\n   *\n   * Only runs when both `role` and `scope` are present in the request.\n   * When either is absent, scope filters are cleared to block user injection.\n   *\n   * @param req       The parsed HTTP request\n   * @param resource  The resource name (e.g. \"property\")\n   * @param scopeMap  The scope configuration from EntityConfig\n   */\n  async checkRbacAccess(req: HttpRequest, resource: string, scopeMap: ScopeMap): Promise<void> {\n    const role = this.extractRole(req);\n    const scope = this.resolveScope(req, scopeMap);\n    const method = req.methode.toUpperCase();\n\n    if (role && scope) {\n      const allowed = await this.permissionService.hasPermission(role, resource, scope, method);\n\n      if (!allowed) {\n        const key = `${role}#${resource}#${scope}`;\n        throw new ErrorHttp(\n          { code: 403, error: \"PermissionDenied\" },\n          `Permission denied: role=\"${role}\" lacks \"${key}.${method}\"`,\n        );\n      }\n\n      this.applyScopeFilter(req, scope, scopeMap);\n    } else {\n      this.removeScopeFilter(req, scopeMap);\n    }\n  }\n\n  // ---------------------------------------------------------------------------\n  // Scope helpers (private — single source of truth)\n  // ---------------------------------------------------------------------------\n\n  /** Extract user role from JWT groups. */\n  private extractRole(req: HttpRequest): string | undefined {\n    return req.identity?.groups?.[0];\n  }\n\n  /** Resolve and validate the scope query param against the ScopeMap. */\n  private resolveScope(req: HttpRequest, scopeMap: ScopeMap): string | undefined {\n    if (!scopeMap?.size) return undefined;\n\n    const scope = req.queryStringParameters?.scope || req.customQueryParameters?.scope;\n    if (!scope) return undefined;\n\n    if (!scopeMap.has(scope)) {\n      const allowed = Array.from(scopeMap.keys()).join(\", \");\n      throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, `Invalid scope \"${scope}\". Allowed: ${allowed}`);\n    }\n\n    return scope;\n  }\n\n  /**\n   * Apply scope-based data filter from identity claims.\n   * Clears ALL scope-controlled filter fields first (block injection),\n   * then sets only the matched scope's claim value.\n   */\n  private applyScopeFilter(req: HttpRequest, scope: string, scopeMap: ScopeMap): void {\n    if (!req.filter) req.filter = {};\n\n    for (const [, entry] of scopeMap) {\n      delete req.filter[entry.filterField];\n    }\n\n    const mapping = scopeMap.get(scope);\n    if (!mapping) return;\n\n    const claimKey = mapping.claimKey ?? \"custom:\" + scope;\n    const claimValue = req.identity?.[claimKey] || req.identity?.attributes?.[claimKey];\n\n    if (!claimValue) {\n      throw new ErrorHttp({ code: 403, error: \"PermissionDenied\" }, `Missing claim \"${claimKey}\" for scope \"${scope}\"`);\n    }\n\n    req.filter[mapping.filterField] = claimValue;\n    delete req.filter?.scope;\n  }\n\n  /** Clear all scope-controlled filter fields — prevents user injection when no RBAC applies. */\n  private removeScopeFilter(req: HttpRequest, scopeMap: ScopeMap): void {\n    if (!req.filter) req.filter = {};\n\n    for (const [, entry] of scopeMap) {\n      delete req.filter[entry.filterField];\n    }\n    delete req.filter[\"scope\"];\n  }\n}\n"]}

package/dist/model/role.model.d.ts

@@ -1,20 +0,0 @@
-import { BaseEntity } from "./base.model";
-export interface Permission extends BaseEntity {
-    role: string;
-    resource: string;
-    scope: string;
-    method: {
-        get?: boolean;
-        post?: boolean;
-        patch?: boolean;
-        put?: boolean;
-        delete?: boolean;
-    };
-    permissionKey: string;
-}
-/**
- * Build a fully-qualified permission key.
- * Format: `${role}.${resource}.${scope}.${method}`
- * Example: `OwnerRole.PropertyTable.BranchScope.GET`
- */
-export declare function buildPermissionKey(role: string, resource: string, scope: string, method: string): string;

package/dist/model/role.model.js

@@ -1,12 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.buildPermissionKey = buildPermissionKey;
-/**
- * Build a fully-qualified permission key.
- * Format: `${role}.${resource}.${scope}.${method}`
- * Example: `OwnerRole.PropertyTable.BranchScope.GET`
- */
-function buildPermissionKey(role, resource, scope, method) {
-    return `${role}.${resource}.${scope}.${method}`;
-}
-//# sourceMappingURL=role.model.js.map

package/dist/model/role.model.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"role.model.js","sourceRoot":"","sources":["../../src/model/role.model.ts"],"names":[],"mappings":";;AAqBA,gDAEC;AAPD;;;;GAIG;AACH,SAAgB,kBAAkB,CAAC,IAAY,EAAE,QAAgB,EAAE,KAAa,EAAE,MAAc;IAC9F,OAAO,GAAG,IAAI,IAAI,QAAQ,IAAI,KAAK,IAAI,MAAM,EAAE,CAAC;AAClD,CAAC","sourcesContent":["import { BaseEntity } from \"./base.model\";\n\nexport interface Permission extends BaseEntity {\n  role: string; // DB Index: Manager | User etc\n  resource: string; // DB Index: Property | Profile etc\n  scope: string; // DB Index: Organization | Branch | Agent\n  method: {\n    get?: boolean;\n    post?: boolean;\n    patch?: boolean;\n    put?: boolean;\n    delete?: boolean;\n  };\n  permissionKey: string; // DB Index: role#resourse#scope Manager#Property#Branch\n}\n\n/**\n * Build a fully-qualified permission key.\n * Format: `${role}.${resource}.${scope}.${method}`\n * Example: `OwnerRole.PropertyTable.BranchScope.GET`\n */\nexport function buildPermissionKey(role: string, resource: string, scope: string, method: string): string {\n  return `${role}.${resource}.${scope}.${method}`;\n}\n"]}

package/dist/service/permission.cache.d.ts

@@ -1,24 +0,0 @@
-import { Permission } from "../model/role.model";
-/**
- * In-memory read-through cache for Permission entities.
- *
- * - Keyed by permissionKey (deterministic, namespaced).
- * - TTL-based expiry per entry.
- * - Survives across warm Lambda invocations (module-level singleton).
- * - Handles concurrent fetches for the same key via in-flight dedup.
- */
-export declare class PermissionCache {
-    private readonly store;
-    private readonly inflight;
-    private readonly ttlMs;
-    constructor(ttlMs?: number);
-    get(key: string): Permission | null;
-    set(key: string, value: Permission): void;
-    /**
-     * Read-through: returns cached value or calls `fetcher` exactly once.
-     * Concurrent calls for the same key share a single in-flight promise.
-     */
-    getOrFetch(key: string, fetcher: () => Promise<Permission | null>): Promise<Permission | null>;
-    invalidate(key: string): void;
-    clear(): void;
-}

package/dist/service/permission.cache.js

@@ -1,61 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.PermissionCache = void 0;
-const DEFAULT_TTL_MS = 15 * 60 * 1000; // 15 minutes
-/**
- * In-memory read-through cache for Permission entities.
- *
- * - Keyed by permissionKey (deterministic, namespaced).
- * - TTL-based expiry per entry.
- * - Survives across warm Lambda invocations (module-level singleton).
- * - Handles concurrent fetches for the same key via in-flight dedup.
- */
-class PermissionCache {
-    store = new Map();
-    inflight = new Map();
-    ttlMs;
-    constructor(ttlMs = DEFAULT_TTL_MS) {
-        this.ttlMs = ttlMs;
-    }
-    get(key) {
-        const entry = this.store.get(key);
-        if (!entry)
-            return null;
-        if (Date.now() > entry.expiresAt) {
-            this.store.delete(key);
-            return null;
-        }
-        return entry.value;
-    }
-    set(key, value) {
-        this.store.set(key, { value, expiresAt: Date.now() + this.ttlMs });
-    }
-    /**
-     * Read-through: returns cached value or calls `fetcher` exactly once.
-     * Concurrent calls for the same key share a single in-flight promise.
-     */
-    async getOrFetch(key, fetcher) {
-        const cached = this.get(key);
-        if (cached)
-            return cached;
-        const existing = this.inflight.get(key);
-        if (existing)
-            return existing;
-        const promise = fetcher().then((result) => {
-            this.inflight.delete(key);
-            if (result)
-                this.set(key, result);
-            return result;
-        });
-        this.inflight.set(key, promise);
-        return promise;
-    }
-    invalidate(key) {
-        this.store.delete(key);
-    }
-    clear() {
-        this.store.clear();
-    }
-}
-exports.PermissionCache = PermissionCache;
-//# sourceMappingURL=permission.cache.js.map

package/dist/service/permission.cache.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"permission.cache.js","sourceRoot":"","sources":["../../src/service/permission.cache.ts"],"names":[],"mappings":";;;AAOA,MAAM,cAAc,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,aAAa;AAEpD;;;;;;;GAOG;AACH,MAAa,eAAe;IACT,KAAK,GAAG,IAAI,GAAG,EAAsB,CAAC;IACtC,QAAQ,GAAG,IAAI,GAAG,EAAsC,CAAC;IACzD,KAAK,CAAS;IAE/B,YAAY,QAAgB,cAAc;QACxC,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;IAED,GAAG,CAAC,GAAW;QACb,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QACxB,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;YACjC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACvB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,KAAK,CAAC,KAAK,CAAC;IACrB,CAAC;IAED,GAAG,CAAC,GAAW,EAAE,KAAiB;QAChC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IACrE,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,UAAU,CAAC,GAAW,EAAE,OAAyC;QACrE,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC7B,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAE1B,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACxC,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAC;QAE9B,MAAM,OAAO,GAAG,OAAO,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;YACxC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC1B,IAAI,MAAM;gBAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YAClC,OAAO,MAAM,CAAC;QAChB,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QAChC,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,UAAU,CAAC,GAAW;QACpB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IAED,KAAK;QACH,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;IACrB,CAAC;CACF;AAnDD,0CAmDC","sourcesContent":["import { Permission } from \"../model/role.model\";\n\ninterface CacheEntry {\n  value: Permission;\n  expiresAt: number;\n}\n\nconst DEFAULT_TTL_MS = 15 * 60 * 1000; // 15 minutes\n\n/**\n * In-memory read-through cache for Permission entities.\n *\n * - Keyed by permissionKey (deterministic, namespaced).\n * - TTL-based expiry per entry.\n * - Survives across warm Lambda invocations (module-level singleton).\n * - Handles concurrent fetches for the same key via in-flight dedup.\n */\nexport class PermissionCache {\n  private readonly store = new Map<string, CacheEntry>();\n  private readonly inflight = new Map<string, Promise<Permission | null>>();\n  private readonly ttlMs: number;\n\n  constructor(ttlMs: number = DEFAULT_TTL_MS) {\n    this.ttlMs = ttlMs;\n  }\n\n  get(key: string): Permission | null {\n    const entry = this.store.get(key);\n    if (!entry) return null;\n    if (Date.now() > entry.expiresAt) {\n      this.store.delete(key);\n      return null;\n    }\n    return entry.value;\n  }\n\n  set(key: string, value: Permission): void {\n    this.store.set(key, { value, expiresAt: Date.now() + this.ttlMs });\n  }\n\n  /**\n   * Read-through: returns cached value or calls `fetcher` exactly once.\n   * Concurrent calls for the same key share a single in-flight promise.\n   */\n  async getOrFetch(key: string, fetcher: () => Promise<Permission | null>): Promise<Permission | null> {\n    const cached = this.get(key);\n    if (cached) return cached;\n\n    const existing = this.inflight.get(key);\n    if (existing) return existing;\n\n    const promise = fetcher().then((result) => {\n      this.inflight.delete(key);\n      if (result) this.set(key, result);\n      return result;\n    });\n\n    this.inflight.set(key, promise);\n    return promise;\n  }\n\n  invalidate(key: string): void {\n    this.store.delete(key);\n  }\n\n  clear(): void {\n    this.store.clear();\n  }\n}\n"]}

package/dist/service/permission.repo.d.ts

@@ -1,16 +0,0 @@
-import { Permission } from "../model/role.model";
-import { List } from "../model/base.model";
-/**
- * Repository layer for Permission table.
- * Pure DB operations — no caching, no business logic.
- */
-export declare class PermissionRepo {
-    private readonly db;
-    constructor(tableName: string);
-    findById(id: string): Promise<Permission | null>;
-    findByPermissionKey(permissionKey: string): Promise<Permission | null>;
-    save(permission: Partial<Permission>): Promise<Permission>;
-    update(permission: Partial<Permission>): Promise<Permission>;
-    delete(id: string): Promise<boolean>;
-    scan(): Promise<List<Partial<Permission>>>;
-}

package/dist/service/permission.repo.js

@@ -1,63 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.PermissionRepo = void 0;
-const base_db_repo_1 = require("../repositories/base-db.repo");
-const dynamodb_model_1 = require("../model/dynamodb.model");
-const dynamodb_utils_1 = require("../utils/dynamodb.utils");
-function createPermissionIndexMap() {
-    const map = new dynamodb_model_1.DynamoIndexMap();
-    map.partitionKey = "id";
-    map.set("byPermissionKey", { field: "permissionKey", rFields: ["role", "resource", "scope"], fieldSeparator: "#" });
-    map.mapFields = ["method"];
-    return map;
-}
-/**
- * Repository layer for Permission table.
- * Pure DB operations — no caching, no business logic.
- */
-class PermissionRepo {
-    db;
-    constructor(tableName) {
-        this.db = new base_db_repo_1.BaseRepoDBImpl();
-        this.db.setTable(tableName);
-        this.db.setIndexMap(createPermissionIndexMap());
-    }
-    async findById(id) {
-        return this.db.findById(id);
-    }
-    async findByPermissionKey(permissionKey) {
-        return this.db.findOne({
-            indexName: "byPermissionKey",
-            indexValue: permissionKey,
-        });
-    }
-    async save(permission) {
-        if (!permission.id)
-            permission.id = (0, dynamodb_utils_1.generateUUID)();
-        const now = new Date().toISOString();
-        if (!permission.createdAt)
-            permission.createdAt = now;
-        permission.updatedAt = now;
-        // Build composite key: role#resource#scope
-        if (permission.role && permission.resource && permission.scope) {
-            permission.permissionKey = `${permission.role}#${permission.resource}#${permission.scope}`;
-        }
-        return this.db.save(permission);
-    }
-    async update(permission) {
-        permission.updatedAt = new Date().toISOString();
-        // Rebuild composite key if components changed
-        if (permission.role && permission.resource && permission.scope) {
-            permission.permissionKey = `${permission.role}#${permission.resource}#${permission.scope}`;
-        }
-        return this.db.update(permission);
-    }
-    async delete(id) {
-        return this.db.delete(id);
-    }
-    async scan() {
-        return this.db.scan({});
-    }
-}
-exports.PermissionRepo = PermissionRepo;
-//# sourceMappingURL=permission.repo.js.map