aws-service-stack 0.18.396 → 0.18.397

package/dist/model/role.model.d.ts

@@ -12,9 +12,3 @@ export interface Permission extends BaseEntity {
     };
     permissionKey: string;
 }
-/**
- * Build a fully-qualified permission key.
- * Format: `${role}.${resource}.${scope}.${method}`
- * Example: `OwnerRole.PropertyTable.BranchScope.GET`
- */
-export declare function buildPermissionKey(role: string, resource: string, scope: string, method: string): string;

package/dist/model/role.model.js

@@ -1,12 +1,3 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.buildPermissionKey = buildPermissionKey;
-/**
- * Build a fully-qualified permission key.
- * Format: `${role}.${resource}.${scope}.${method}`
- * Example: `OwnerRole.PropertyTable.BranchScope.GET`
- */
-function buildPermissionKey(role, resource, scope, method) {
-    return `${role}.${resource}.${scope}.${method}`;
-}
 //# sourceMappingURL=role.model.js.map

package/dist/model/role.model.js.map

@@ -1 +1 @@
-{"version":3,"file":"role.model.js","sourceRoot":"","sources":["../../src/model/role.model.ts"],"names":[],"mappings":";;AAqBA,gDAEC;AAPD;;;;GAIG;AACH,SAAgB,kBAAkB,CAAC,IAAY,EAAE,QAAgB,EAAE,KAAa,EAAE,MAAc;IAC9F,OAAO,GAAG,IAAI,IAAI,QAAQ,IAAI,KAAK,IAAI,MAAM,EAAE,CAAC;AAClD,CAAC","sourcesContent":["import { BaseEntity } from \"./base.model\";\n\nexport interface Permission extends BaseEntity {\n  role: string; // DB Index: Manager | User etc\n  resource: string; // DB Index: Property | Profile etc\n  scope: string; // DB Index: Organization | Branch | Agent\n  method: {\n    get?: boolean;\n    post?: boolean;\n    patch?: boolean;\n    put?: boolean;\n    delete?: boolean;\n  };\n  permissionKey: string; // DB Index: role#resourse#scope Manager#Property#Branch\n}\n\n/**\n * Build a fully-qualified permission key.\n * Format: `${role}.${resource}.${scope}.${method}`\n * Example: `OwnerRole.PropertyTable.BranchScope.GET`\n */\nexport function buildPermissionKey(role: string, resource: string, scope: string, method: string): string {\n  return `${role}.${resource}.${scope}.${method}`;\n}\n"]}
+{"version":3,"file":"role.model.js","sourceRoot":"","sources":["../../src/model/role.model.ts"],"names":[],"mappings":"","sourcesContent":["import { BaseEntity } from \"./base.model\";\n\nexport interface Permission extends BaseEntity {\n  role: string; // DB Index: Manager | User etc\n  resource: string; // DB Index: Property | Profile etc\n  scope: string; // DB Index: Organization | Branch | Agent\n  method: {\n    get?: boolean;\n    post?: boolean;\n    patch?: boolean;\n    put?: boolean;\n    delete?: boolean;\n  };\n  permissionKey: string; // DB Index: role#resourse#scope Manager#Property#Branch\n}\n"]}

package/dist/service/permission.service.js

@@ -50,7 +50,7 @@ class PermissionService {
     async hasPermission(role, resource, scope, method) {
         if (!role || !resource || !scope || !method)
             return false;
-        const permissionKey = `${role}.${resource}.${scope}.${method}`;
+        const permissionKey = `${role}#${resource}#${scope}`;
         const permission = await this.getPermissionByKey(permissionKey);
         if (!permission?.method)
             return false;

package/dist/service/permission.service.js.map

@@ -1 +1 @@
-{"version":3,"file":"permission.service.js","sourceRoot":"","sources":["../../src/service/permission.service.ts"],"names":[],"mappings":";;;AACA,4CAAyC;AACzC,yDAAqD;AACrD,uDAAmD;AAGnD;;;;;;;;;GASG;AACH,MAAa,iBAAiB;IACX,IAAI,CAAiB;IACrB,KAAK,CAAkB;IAExC,YAAY,SAAiB,EAAE,UAAmB;QAChD,IAAI,CAAC,IAAI,GAAG,IAAI,gCAAc,CAAC,SAAS,CAAC,CAAC;QAC1C,IAAI,CAAC,KAAK,GAAG,IAAI,kCAAe,CAAC,UAAU,CAAC,CAAC;IAC/C,CAAC;IAED,8EAA8E;IAC9E,cAAc;IACd,8EAA8E;IAE9E,oFAAoF;IACpF,KAAK,CAAC,kBAAkB,CAAC,aAAqB;QAC5C,IAAI,CAAC,aAAa;YAAE,OAAO,IAAI,CAAC;QAEhC,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,aAAa,EAAE,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,CAAC,CAAC;IAC5G,CAAC;IAED,mDAAmD;IACnD,KAAK,CAAC,iBAAiB,CAAC,EAAU;QAChC,IAAI,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QAErB,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;IACzE,CAAC;IAED,8EAA8E;IAC9E,mBAAmB;IACnB,8EAA8E;IAE9E;;;;;;;OAOG;IACH,KAAK,CAAC,aAAa,CAAC,IAAY,EAAE,QAAgB,EAAE,KAAa,EAAE,MAAc;QAC/E,IAAI,CAAC,IAAI,IAAI,CAAC,QAAQ,IAAI,CAAC,KAAK,IAAI,CAAC,MAAM;YAAE,OAAO,KAAK,CAAC;QAE1D,MAAM,aAAa,GAAG,GAAG,IAAI,IAAI,QAAQ,IAAI,KAAK,IAAI,MAAM,EAAE,CAAC;QAC/D,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC;QAChE,IAAI,CAAC,UAAU,EAAE,MAAM;YAAE,OAAO,KAAK,CAAC;QAEtC,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,EAAgC,CAAC;QAEvE,OAAO,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,KAAK,IAAI,CAAC;IACjD,CAAC;IAED,8EAA8E;IAC9E,gBAAgB;IAChB,8EAA8E;IAE9E,KAAK,CAAC,gBAAgB,CAAC,KAKtB;QACC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC;YACxB,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,kBAAkB,CAAC,CAAC;QAC9E,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,IAAI,EAAE,EAAE,CAAC;YAC5B,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,sBAAsB,CAAC,CAAC;QAClF,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC;YACzB,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,mBAAmB,CAAC,CAAC;QAC/E,CAAC;QAED,kBAAkB;QAClB,MAAM,aAAa,GAAG,GAAG,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,QAAQ,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QACvE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,CAAC;QACpE,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE,eAAe,aAAa,kBAAkB,CAAC,CAAC;QACxG,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;YACjC,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE;YACvB,QAAQ,EAAE,KAAK,CAAC,QAAQ,CAAC,IAAI,EAAE;YAC/B,KAAK,EAAE,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE;YACzB,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,EAAE;YAC1B,aAAa;SACd,CAAC,CAAC;QAEH,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACnB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,8EAA8E;IAC9E,gBAAgB;IAChB,8EAA8E;IAE9E,KAAK,CAAC,gBAAgB,CACpB,EAAU,EACV,OAA4E;QAE5E,IAAI,CAAC,EAAE;YAAE,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,2BAA2B,CAAC,CAAC;QAE9F,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;QAC9C,IAAI,CAAC,QAAQ;YAAE,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE,eAAe,EAAE,aAAa,CAAC,CAAC;QAErG,MAAM,IAAI,GAAwB,EAAE,EAAE,EAAE,CAAC;QACzC,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS;YAAE,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAChE,IAAI,OAAO,CAAC,QAAQ,KAAK,SAAS;YAAE,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC5E,IAAI,OAAO,CAAC,KAAK,KAAK,SAAS;YAAE,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QACnE,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS;YAAE,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAE/D,2CAA2C;QAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,QAAQ,CAAC,IAAI,CAAC;QACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,QAAQ,CAAC;QACpD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,QAAQ,CAAC,KAAK,CAAC;QAC3C,IAAI,CAAC,aAAa,GAAG,GAAG,IAAI,IAAI,QAAQ,IAAI,KAAK,EAAE,CAAC;QAEpD,gDAAgD;QAChD,IAAI,IAAI,CAAC,aAAa,KAAK,QAAQ,CAAC,aAAa,EAAE,CAAC;YAClD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;YACzE,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE,eAAe,IAAI,CAAC,aAAa,kBAAkB,CAAC,CAAC;YAC7G,CAAC;QACH,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAE7C,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACnB,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,8EAA8E;IAC9E,gBAAgB;IAChB,8EAA8E;IAE9E,KAAK,CAAC,gBAAgB,CAAC,EAAU;QAC/B,IAAI,CAAC,EAAE;YAAE,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,2BAA2B,CAAC,CAAC;QAE9F,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;QAC9C,IAAI,CAAC,QAAQ;YAAE,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE,eAAe,EAAE,aAAa,CAAC,CAAC;QAErG,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAE1C,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACnB,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,8EAA8E;IAC9E,cAAc;IACd,8EAA8E;IAE9E,KAAK,CAAC,eAAe,CAAC,MAAe;QACnC,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;IACvC,CAAC;IAED,8EAA8E;IAC9E,8BAA8B;IAC9B,8EAA8E;IAE9E,UAAU;QACR,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;IACrB,CAAC;CACF;AAhKD,8CAgKC","sourcesContent":["import { Permission } from \"../model/role.model\";\nimport { ErrorHttp } from \"../exception\";\nimport { PermissionCache } from \"./permission.cache\";\nimport { PermissionRepo } from \"./permission.repo\";\nimport { Filter, List } from \"@chinggis/types\";\n\n/**\n * PermissionService — cache + orchestration layer for Permission entities.\n *\n * Design decisions:\n * - Read-through cache via PermissionCache (in-flight dedup, TTL).\n * - Repository handles only DB I/O.\n * - Cache invalidation on every mutation.\n * - ~100 roles total, read-heavy → caching makes sense.\n * - Cache keyed by `perm:{permissionKey}` for deterministic, namespaced lookup.\n */\nexport class PermissionService {\n  private readonly repo: PermissionRepo;\n  private readonly cache: PermissionCache;\n\n  constructor(tableName: string, cacheTtlMs?: number) {\n    this.repo = new PermissionRepo(tableName);\n    this.cache = new PermissionCache(cacheTtlMs);\n  }\n\n  // ---------------------------------------------------------------------------\n  // Core lookup\n  // ---------------------------------------------------------------------------\n\n  /** Fetch Permission by composite key (role#resource#scope). Read-through cached. */\n  async getPermissionByKey(permissionKey: string): Promise<Permission | null> {\n    if (!permissionKey) return null;\n\n    return this.cache.getOrFetch(`perm:${permissionKey}`, () => this.repo.findByPermissionKey(permissionKey));\n  }\n\n  /** Fetch Permission by id. Read-through cached. */\n  async getPermissionById(id: string): Promise<Permission | null> {\n    if (!id) return null;\n\n    return this.cache.getOrFetch(`id:${id}`, () => this.repo.findById(id));\n  }\n\n  // ---------------------------------------------------------------------------\n  // Permission check\n  // ---------------------------------------------------------------------------\n\n  /**\n   * Check if the given role+resource+scope has a specific HTTP method allowed.\n   *\n   * Builds the permissionKey `role#resource#scope`, fetches the Permission,\n   * and checks the method map.\n   *\n   * @returns `true` if allowed, `false` otherwise.\n   */\n  async hasPermission(role: string, resource: string, scope: string, method: string): Promise<boolean> {\n    if (!role || !resource || !scope || !method) return false;\n\n    const permissionKey = `${role}.${resource}.${scope}.${method}`;\n    const permission = await this.getPermissionByKey(permissionKey);\n    if (!permission?.method) return false;\n\n    const methodLower = method.toUpperCase() as keyof Permission[\"method\"];\n\n    return permission.method[methodLower] === true;\n  }\n\n  // ---------------------------------------------------------------------------\n  // CRUD — create\n  // ---------------------------------------------------------------------------\n\n  async createPermission(input: {\n    role: string;\n    resource: string;\n    scope: string;\n    method: Permission[\"method\"];\n  }): Promise<Permission> {\n    if (!input.role?.trim()) {\n      throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"Role is required\");\n    }\n    if (!input.resource?.trim()) {\n      throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"Resource is required\");\n    }\n    if (!input.scope?.trim()) {\n      throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"Scope is required\");\n    }\n\n    // Duplicate check\n    const permissionKey = `${input.role}#${input.resource}#${input.scope}`;\n    const existing = await this.repo.findByPermissionKey(permissionKey);\n    if (existing) {\n      throw new ErrorHttp({ code: 409, error: \"Conflict\" }, `Permission \"${permissionKey}\" already exists`);\n    }\n\n    const saved = await this.repo.save({\n      role: input.role.trim(),\n      resource: input.resource.trim(),\n      scope: input.scope.trim(),\n      method: input.method ?? {},\n      permissionKey,\n    });\n\n    this.cache.clear();\n    return saved;\n  }\n\n  // ---------------------------------------------------------------------------\n  // CRUD — update\n  // ---------------------------------------------------------------------------\n\n  async updatePermission(\n    id: string,\n    updates: Partial<Pick<Permission, \"role\" | \"resource\" | \"scope\" | \"method\">>,\n  ): Promise<Permission> {\n    if (!id) throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"Permission id is required\");\n\n    const existing = await this.repo.findById(id);\n    if (!existing) throw new ErrorHttp({ code: 404, error: \"NotFound\" }, `Permission \"${id}\" not found`);\n\n    const data: Partial<Permission> = { id };\n    if (updates.role !== undefined) data.role = updates.role.trim();\n    if (updates.resource !== undefined) data.resource = updates.resource.trim();\n    if (updates.scope !== undefined) data.scope = updates.scope.trim();\n    if (updates.method !== undefined) data.method = updates.method;\n\n    // Rebuild key if any key component changed\n    const role = data.role ?? existing.role;\n    const resource = data.resource ?? existing.resource;\n    const scope = data.scope ?? existing.scope;\n    data.permissionKey = `${role}#${resource}#${scope}`;\n\n    // Check for duplicate key if components changed\n    if (data.permissionKey !== existing.permissionKey) {\n      const conflict = await this.repo.findByPermissionKey(data.permissionKey);\n      if (conflict) {\n        throw new ErrorHttp({ code: 409, error: \"Conflict\" }, `Permission \"${data.permissionKey}\" already exists`);\n      }\n    }\n\n    const updated = await this.repo.update(data);\n\n    this.cache.clear();\n    return updated;\n  }\n\n  // ---------------------------------------------------------------------------\n  // CRUD — delete\n  // ---------------------------------------------------------------------------\n\n  async deletePermission(id: string): Promise<boolean> {\n    if (!id) throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"Permission id is required\");\n\n    const existing = await this.repo.findById(id);\n    if (!existing) throw new ErrorHttp({ code: 404, error: \"NotFound\" }, `Permission \"${id}\" not found`);\n\n    const result = await this.repo.delete(id);\n\n    this.cache.clear();\n    return result;\n  }\n\n  // ---------------------------------------------------------------------------\n  // CRUD — list\n  // ---------------------------------------------------------------------------\n\n  async listPermissions(filter?: Filter): Promise<List<Partial<Permission>>> {\n    return this.repo.findByIndex(filter);\n  }\n\n  // ---------------------------------------------------------------------------\n  // Cache control (for testing)\n  // ---------------------------------------------------------------------------\n\n  clearCache(): void {\n    this.cache.clear();\n  }\n}\n"]}
+{"version":3,"file":"permission.service.js","sourceRoot":"","sources":["../../src/service/permission.service.ts"],"names":[],"mappings":";;;AACA,4CAAyC;AACzC,yDAAqD;AACrD,uDAAmD;AAGnD;;;;;;;;;GASG;AACH,MAAa,iBAAiB;IACX,IAAI,CAAiB;IACrB,KAAK,CAAkB;IAExC,YAAY,SAAiB,EAAE,UAAmB;QAChD,IAAI,CAAC,IAAI,GAAG,IAAI,gCAAc,CAAC,SAAS,CAAC,CAAC;QAC1C,IAAI,CAAC,KAAK,GAAG,IAAI,kCAAe,CAAC,UAAU,CAAC,CAAC;IAC/C,CAAC;IAED,8EAA8E;IAC9E,cAAc;IACd,8EAA8E;IAE9E,oFAAoF;IACpF,KAAK,CAAC,kBAAkB,CAAC,aAAqB;QAC5C,IAAI,CAAC,aAAa;YAAE,OAAO,IAAI,CAAC;QAEhC,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,aAAa,EAAE,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,CAAC,CAAC;IAC5G,CAAC;IAED,mDAAmD;IACnD,KAAK,CAAC,iBAAiB,CAAC,EAAU;QAChC,IAAI,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QAErB,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;IACzE,CAAC;IAED,8EAA8E;IAC9E,mBAAmB;IACnB,8EAA8E;IAE9E;;;;;;;OAOG;IACH,KAAK,CAAC,aAAa,CAAC,IAAY,EAAE,QAAgB,EAAE,KAAa,EAAE,MAAc;QAC/E,IAAI,CAAC,IAAI,IAAI,CAAC,QAAQ,IAAI,CAAC,KAAK,IAAI,CAAC,MAAM;YAAE,OAAO,KAAK,CAAC;QAE1D,MAAM,aAAa,GAAG,GAAG,IAAI,IAAI,QAAQ,IAAI,KAAK,EAAE,CAAC;QACrD,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC;QAChE,IAAI,CAAC,UAAU,EAAE,MAAM;YAAE,OAAO,KAAK,CAAC;QAEtC,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,EAAgC,CAAC;QAEvE,OAAO,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,KAAK,IAAI,CAAC;IACjD,CAAC;IAED,8EAA8E;IAC9E,gBAAgB;IAChB,8EAA8E;IAE9E,KAAK,CAAC,gBAAgB,CAAC,KAKtB;QACC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC;YACxB,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,kBAAkB,CAAC,CAAC;QAC9E,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,IAAI,EAAE,EAAE,CAAC;YAC5B,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,sBAAsB,CAAC,CAAC;QAClF,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC;YACzB,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,mBAAmB,CAAC,CAAC;QAC/E,CAAC;QAED,kBAAkB;QAClB,MAAM,aAAa,GAAG,GAAG,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,QAAQ,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QACvE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,CAAC;QACpE,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE,eAAe,aAAa,kBAAkB,CAAC,CAAC;QACxG,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;YACjC,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE;YACvB,QAAQ,EAAE,KAAK,CAAC,QAAQ,CAAC,IAAI,EAAE;YAC/B,KAAK,EAAE,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE;YACzB,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,EAAE;YAC1B,aAAa;SACd,CAAC,CAAC;QAEH,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACnB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,8EAA8E;IAC9E,gBAAgB;IAChB,8EAA8E;IAE9E,KAAK,CAAC,gBAAgB,CACpB,EAAU,EACV,OAA4E;QAE5E,IAAI,CAAC,EAAE;YAAE,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,2BAA2B,CAAC,CAAC;QAE9F,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;QAC9C,IAAI,CAAC,QAAQ;YAAE,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE,eAAe,EAAE,aAAa,CAAC,CAAC;QAErG,MAAM,IAAI,GAAwB,EAAE,EAAE,EAAE,CAAC;QACzC,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS;YAAE,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAChE,IAAI,OAAO,CAAC,QAAQ,KAAK,SAAS;YAAE,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC5E,IAAI,OAAO,CAAC,KAAK,KAAK,SAAS;YAAE,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QACnE,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS;YAAE,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAE/D,2CAA2C;QAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,QAAQ,CAAC,IAAI,CAAC;QACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,QAAQ,CAAC;QACpD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,QAAQ,CAAC,KAAK,CAAC;QAC3C,IAAI,CAAC,aAAa,GAAG,GAAG,IAAI,IAAI,QAAQ,IAAI,KAAK,EAAE,CAAC;QAEpD,gDAAgD;QAChD,IAAI,IAAI,CAAC,aAAa,KAAK,QAAQ,CAAC,aAAa,EAAE,CAAC;YAClD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;YACzE,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE,eAAe,IAAI,CAAC,aAAa,kBAAkB,CAAC,CAAC;YAC7G,CAAC;QACH,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAE7C,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACnB,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,8EAA8E;IAC9E,gBAAgB;IAChB,8EAA8E;IAE9E,KAAK,CAAC,gBAAgB,CAAC,EAAU;QAC/B,IAAI,CAAC,EAAE;YAAE,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,2BAA2B,CAAC,CAAC;QAE9F,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;QAC9C,IAAI,CAAC,QAAQ;YAAE,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE,eAAe,EAAE,aAAa,CAAC,CAAC;QAErG,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAE1C,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACnB,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,8EAA8E;IAC9E,cAAc;IACd,8EAA8E;IAE9E,KAAK,CAAC,eAAe,CAAC,MAAe;QACnC,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;IACvC,CAAC;IAED,8EAA8E;IAC9E,8BAA8B;IAC9B,8EAA8E;IAE9E,UAAU;QACR,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;IACrB,CAAC;CACF;AAhKD,8CAgKC","sourcesContent":["import { Permission } from \"../model/role.model\";\nimport { ErrorHttp } from \"../exception\";\nimport { PermissionCache } from \"./permission.cache\";\nimport { PermissionRepo } from \"./permission.repo\";\nimport { Filter, List } from \"@chinggis/types\";\n\n/**\n * PermissionService — cache + orchestration layer for Permission entities.\n *\n * Design decisions:\n * - Read-through cache via PermissionCache (in-flight dedup, TTL).\n * - Repository handles only DB I/O.\n * - Cache invalidation on every mutation.\n * - ~100 roles total, read-heavy → caching makes sense.\n * - Cache keyed by `perm:{permissionKey}` for deterministic, namespaced lookup.\n */\nexport class PermissionService {\n  private readonly repo: PermissionRepo;\n  private readonly cache: PermissionCache;\n\n  constructor(tableName: string, cacheTtlMs?: number) {\n    this.repo = new PermissionRepo(tableName);\n    this.cache = new PermissionCache(cacheTtlMs);\n  }\n\n  // ---------------------------------------------------------------------------\n  // Core lookup\n  // ---------------------------------------------------------------------------\n\n  /** Fetch Permission by composite key (role#resource#scope). Read-through cached. */\n  async getPermissionByKey(permissionKey: string): Promise<Permission | null> {\n    if (!permissionKey) return null;\n\n    return this.cache.getOrFetch(`perm:${permissionKey}`, () => this.repo.findByPermissionKey(permissionKey));\n  }\n\n  /** Fetch Permission by id. Read-through cached. */\n  async getPermissionById(id: string): Promise<Permission | null> {\n    if (!id) return null;\n\n    return this.cache.getOrFetch(`id:${id}`, () => this.repo.findById(id));\n  }\n\n  // ---------------------------------------------------------------------------\n  // Permission check\n  // ---------------------------------------------------------------------------\n\n  /**\n   * Check if the given role+resource+scope has a specific HTTP method allowed.\n   *\n   * Builds the permissionKey `role#resource#scope`, fetches the Permission,\n   * and checks the method map.\n   *\n   * @returns `true` if allowed, `false` otherwise.\n   */\n  async hasPermission(role: string, resource: string, scope: string, method: string): Promise<boolean> {\n    if (!role || !resource || !scope || !method) return false;\n\n    const permissionKey = `${role}#${resource}#${scope}`;\n    const permission = await this.getPermissionByKey(permissionKey);\n    if (!permission?.method) return false;\n\n    const methodLower = method.toUpperCase() as keyof Permission[\"method\"];\n\n    return permission.method[methodLower] === true;\n  }\n\n  // ---------------------------------------------------------------------------\n  // CRUD — create\n  // ---------------------------------------------------------------------------\n\n  async createPermission(input: {\n    role: string;\n    resource: string;\n    scope: string;\n    method: Permission[\"method\"];\n  }): Promise<Permission> {\n    if (!input.role?.trim()) {\n      throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"Role is required\");\n    }\n    if (!input.resource?.trim()) {\n      throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"Resource is required\");\n    }\n    if (!input.scope?.trim()) {\n      throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"Scope is required\");\n    }\n\n    // Duplicate check\n    const permissionKey = `${input.role}#${input.resource}#${input.scope}`;\n    const existing = await this.repo.findByPermissionKey(permissionKey);\n    if (existing) {\n      throw new ErrorHttp({ code: 409, error: \"Conflict\" }, `Permission \"${permissionKey}\" already exists`);\n    }\n\n    const saved = await this.repo.save({\n      role: input.role.trim(),\n      resource: input.resource.trim(),\n      scope: input.scope.trim(),\n      method: input.method ?? {},\n      permissionKey,\n    });\n\n    this.cache.clear();\n    return saved;\n  }\n\n  // ---------------------------------------------------------------------------\n  // CRUD — update\n  // ---------------------------------------------------------------------------\n\n  async updatePermission(\n    id: string,\n    updates: Partial<Pick<Permission, \"role\" | \"resource\" | \"scope\" | \"method\">>,\n  ): Promise<Permission> {\n    if (!id) throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"Permission id is required\");\n\n    const existing = await this.repo.findById(id);\n    if (!existing) throw new ErrorHttp({ code: 404, error: \"NotFound\" }, `Permission \"${id}\" not found`);\n\n    const data: Partial<Permission> = { id };\n    if (updates.role !== undefined) data.role = updates.role.trim();\n    if (updates.resource !== undefined) data.resource = updates.resource.trim();\n    if (updates.scope !== undefined) data.scope = updates.scope.trim();\n    if (updates.method !== undefined) data.method = updates.method;\n\n    // Rebuild key if any key component changed\n    const role = data.role ?? existing.role;\n    const resource = data.resource ?? existing.resource;\n    const scope = data.scope ?? existing.scope;\n    data.permissionKey = `${role}#${resource}#${scope}`;\n\n    // Check for duplicate key if components changed\n    if (data.permissionKey !== existing.permissionKey) {\n      const conflict = await this.repo.findByPermissionKey(data.permissionKey);\n      if (conflict) {\n        throw new ErrorHttp({ code: 409, error: \"Conflict\" }, `Permission \"${data.permissionKey}\" already exists`);\n      }\n    }\n\n    const updated = await this.repo.update(data);\n\n    this.cache.clear();\n    return updated;\n  }\n\n  // ---------------------------------------------------------------------------\n  // CRUD — delete\n  // ---------------------------------------------------------------------------\n\n  async deletePermission(id: string): Promise<boolean> {\n    if (!id) throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"Permission id is required\");\n\n    const existing = await this.repo.findById(id);\n    if (!existing) throw new ErrorHttp({ code: 404, error: \"NotFound\" }, `Permission \"${id}\" not found`);\n\n    const result = await this.repo.delete(id);\n\n    this.cache.clear();\n    return result;\n  }\n\n  // ---------------------------------------------------------------------------\n  // CRUD — list\n  // ---------------------------------------------------------------------------\n\n  async listPermissions(filter?: Filter): Promise<List<Partial<Permission>>> {\n    return this.repo.findByIndex(filter);\n  }\n\n  // ---------------------------------------------------------------------------\n  // Cache control (for testing)\n  // ---------------------------------------------------------------------------\n\n  clearCache(): void {\n    this.cache.clear();\n  }\n}\n"]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "aws-service-stack",
-  "version": "0.18.396",
+  "version": "0.18.397",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "author": "chinggis.systems",