easywork-common-lib 1.0.1022 → 1.0.1024

package/dist/modules/authorization/interfaces/authorization.interface.d.ts

@@ -0,0 +1,23 @@
+import { PermissionAction, PermissionContextType, PermissionResult, ResourcePermission } from "../../../common/";
+export interface IPermissionEvaluator {
+    evaluate(context: PermissionContextType): Promise<PermissionResult>;
+}
+export interface IPermissionProvider {
+    getPermissions(userId: string, resource: string): Promise<ResourcePermission[]>;
+    hasPermission(userId: string, resource: string, action: PermissionAction): Promise<boolean>;
+}
+export interface IResourceAccessFilter {
+    applyFilters(queryBuilder: any, context: PermissionContextType): any;
+    buildWhereConditions(context: PermissionContextType): Record<string, any>;
+}
+export interface IPermissionCache {
+    get(key: string): Promise<any>;
+    set(key: string, value: any, ttl?: number): Promise<void>;
+    delete(key: string): Promise<void>;
+    clear(pattern: string): Promise<void>;
+}
+export interface IAuthorizationService {
+    canAccess(context: PermissionContextType): Promise<PermissionResult>;
+    filterQuery(queryBuilder: any, context: PermissionContextType): Promise<any>;
+    validateAccess(context: PermissionContextType): Promise<void>;
+}

package/dist/modules/authorization/interfaces/authorization.interface.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=authorization.interface.js.map

package/dist/modules/authorization/interfaces/authorization.interface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorization.interface.js","sourceRoot":"","sources":["../../../../src/modules/authorization/interfaces/authorization.interface.ts"],"names":[],"mappings":""}

package/dist/modules/authorization/services/authorization.service.d.ts

@@ -0,0 +1,25 @@
+import { PermissionContextType, PermissionResult } from "../../../common/";
+import { IAuthorizationService } from "../interfaces/authorization.interface";
+import { PermissionEvaluatorService } from "./permission-evaluator.service";
+import { ResourceAccessFilterService } from "./resource-access-filter.service";
+import { PermissionCacheService } from "./permission-cache.service";
+export declare class AuthorizationService implements IAuthorizationService {
+    private readonly permissionEvaluator;
+    private readonly accessFilter;
+    private readonly permissionCache;
+    private readonly logger;
+    constructor(permissionEvaluator: PermissionEvaluatorService, accessFilter: ResourceAccessFilterService, permissionCache: PermissionCacheService);
+    canAccess(context: PermissionContextType): Promise<PermissionResult>;
+    filterQuery(queryBuilder: any, context: PermissionContextType): Promise<any>;
+    validateAccess(context: PermissionContextType): Promise<void>;
+    canCreate(user: any, resource: string, targetEntity?: any): Promise<PermissionResult>;
+    canRead(user: any, resource: string, targetEntity?: any): Promise<PermissionResult>;
+    canUpdate(user: any, resource: string, targetEntity: any): Promise<PermissionResult>;
+    canDelete(user: any, resource: string, targetEntity: any): Promise<PermissionResult>;
+    canManage(user: any, resource: string, targetEntity?: any): Promise<PermissionResult>;
+    canAccessMultiple(contexts: PermissionContextType[]): Promise<{
+        [key: string]: PermissionResult;
+    }>;
+    clearUserCache(userId: string): Promise<void>;
+    private buildCacheKey;
+}

package/dist/modules/authorization/services/authorization.service.js

@@ -0,0 +1,139 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var AuthorizationService_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthorizationService = void 0;
+const common_1 = require("@nestjs/common");
+const common_2 = require("../../../common/");
+const permission_evaluator_service_1 = require("./permission-evaluator.service");
+const resource_access_filter_service_1 = require("./resource-access-filter.service");
+const permission_cache_service_1 = require("./permission-cache.service");
+let AuthorizationService = AuthorizationService_1 = class AuthorizationService {
+    permissionEvaluator;
+    accessFilter;
+    permissionCache;
+    logger = new common_1.Logger(AuthorizationService_1.name);
+    constructor(permissionEvaluator, accessFilter, permissionCache) {
+        this.permissionEvaluator = permissionEvaluator;
+        this.accessFilter = accessFilter;
+        this.permissionCache = permissionCache;
+    }
+    async canAccess(context) {
+        const cacheKey = this.buildCacheKey(context);
+        try {
+            const cachedResult = await this.permissionCache.get(cacheKey);
+            if (cachedResult && cachedResult.timestamp) {
+                const now = Date.now();
+                const ttl = cachedResult.allowed ? 300000 : 60000;
+                if (now - cachedResult.timestamp < ttl) {
+                    return cachedResult;
+                }
+            }
+            const result = await this.permissionEvaluator.evaluate(context);
+            const resultWithTimestamp = {
+                ...result,
+                timestamp: Date.now(),
+            };
+            const ttl = result.allowed ? 300 : 60;
+            await this.permissionCache.set(cacheKey, resultWithTimestamp, ttl);
+            return result;
+        }
+        catch (error) {
+            this.logger.error(`Permission evaluation failed: ${error.message}`, error.stack);
+            throw new common_1.ForbiddenException("Permission evaluation failed");
+        }
+    }
+    async filterQuery(queryBuilder, context) {
+        const result = await this.canAccess(context);
+        if (!result.allowed) {
+            throw new common_1.ForbiddenException(`Access denied for ${context.action} on ${context.resource}`);
+        }
+        if (result.filters && Object.keys(result.filters).length > 0) {
+            return this.accessFilter.applyFilters(queryBuilder, {
+                ...context,
+                additionalContext: { permissionFilters: result.filters },
+            });
+        }
+        return queryBuilder;
+    }
+    async validateAccess(context) {
+        const result = await this.canAccess(context);
+        if (!result.allowed) {
+            throw new common_1.ForbiddenException(result.reason ||
+                `Access denied for ${context.action} on ${context.resource}`);
+        }
+    }
+    async canCreate(user, resource, targetEntity) {
+        return this.canAccess({
+            user,
+            resource,
+            action: common_2.PermissionAction.CREATE,
+            targetEntity,
+        });
+    }
+    async canRead(user, resource, targetEntity) {
+        return this.canAccess({
+            user,
+            resource,
+            action: common_2.PermissionAction.READ,
+            targetEntity,
+        });
+    }
+    async canUpdate(user, resource, targetEntity) {
+        return this.canAccess({
+            user,
+            resource,
+            action: common_2.PermissionAction.UPDATE,
+            targetEntity,
+        });
+    }
+    async canDelete(user, resource, targetEntity) {
+        return this.canAccess({
+            user,
+            resource,
+            action: common_2.PermissionAction.DELETE,
+            targetEntity,
+        });
+    }
+    async canManage(user, resource, targetEntity) {
+        return this.canAccess({
+            user,
+            resource,
+            action: common_2.PermissionAction.MANAGE,
+            targetEntity,
+        });
+    }
+    async canAccessMultiple(contexts) {
+        const results = {};
+        const promises = contexts.map(async (context) => {
+            const result = await this.canAccess(context);
+            const key = `${context.resource}.${context.action}`;
+            results[key] = result;
+        });
+        await Promise.all(promises);
+        return results;
+    }
+    async clearUserCache(userId) {
+        return this.permissionCache.clear(`user:${userId}:*`);
+    }
+    buildCacheKey(context) {
+        const entityId = context.targetEntity?.id || "null";
+        return `user:${context.user.id}:${context.resource}:${context.action}:${entityId}`;
+    }
+};
+exports.AuthorizationService = AuthorizationService;
+exports.AuthorizationService = AuthorizationService = AuthorizationService_1 = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [permission_evaluator_service_1.PermissionEvaluatorService,
+        resource_access_filter_service_1.ResourceAccessFilterService,
+        permission_cache_service_1.PermissionCacheService])
+], AuthorizationService);
+//# sourceMappingURL=authorization.service.js.map

package/dist/modules/authorization/services/authorization.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorization.service.js","sourceRoot":"","sources":["../../../../src/modules/authorization/services/authorization.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAAA,2CAAwE;AACxE,6CAI0B;AAE1B,iFAA4E;AAC5E,qFAA+E;AAC/E,yEAAoE;AAG7D,IAAM,oBAAoB,4BAA1B,MAAM,oBAAoB;IAIZ;IACA;IACA;IALF,MAAM,GAAG,IAAI,eAAM,CAAC,sBAAoB,CAAC,IAAI,CAAC,CAAC;IAEhE,YACmB,mBAA+C,EAC/C,YAAyC,EACzC,eAAuC;QAFvC,wBAAmB,GAAnB,mBAAmB,CAA4B;QAC/C,iBAAY,GAAZ,YAAY,CAA6B;QACzC,oBAAe,GAAf,eAAe,CAAwB;IACvD,CAAC;IAEJ,KAAK,CAAC,SAAS,CAAC,OAA8B;QAC5C,MAAM,QAAQ,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QAE7C,IAAI,CAAC;YACH,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAE9D,IAAI,YAAY,IAAI,YAAY,CAAC,SAAS,EAAE,CAAC;gBAC3C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;gBACvB,MAAM,GAAG,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;gBAClD,IAAI,GAAG,GAAG,YAAY,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC;oBACvC,OAAO,YAAY,CAAC;gBACtB,CAAC;YACH,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAGhE,MAAM,mBAAmB,GAAG;gBAC1B,GAAG,MAAM;gBACT,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC;YAGF,MAAM,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YACtC,MAAM,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,QAAQ,EAAE,mBAAmB,EAAE,GAAG,CAAC,CAAC;YAEnE,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,iCAAiC,KAAK,CAAC,OAAO,EAAE,EAChD,KAAK,CAAC,KAAK,CACZ,CAAC;YACF,MAAM,IAAI,2BAAkB,CAAC,8BAA8B,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC;IAED,KAAK,CAAC,WAAW,CACf,YAAiB,EACjB,OAA8B;QAE9B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QAE7C,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,2BAAkB,CAC1B,qBAAqB,OAAO,CAAC,MAAM,OAAO,OAAO,CAAC,QAAQ,EAAE,CAC7D,CAAC;QACJ,CAAC;QAED,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7D,OAAO,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC,YAAY,EAAE;gBAClD,GAAG,OAAO;gBACV,iBAAiB,EAAE,EAAE,iBAAiB,EAAE,MAAM,CAAC,OAAO,EAAE;aACzD,CAAC,CAAC;QACL,CAAC;QAED,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,OAA8B;QACjD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QAE7C,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,2BAAkB,CAC1B,MAAM,CAAC,MAAM;gBACX,qBAAqB,OAAO,CAAC,MAAM,OAAO,OAAO,CAAC,QAAQ,EAAE,CAC/D,CAAC;QACJ,CAAC;IACH,CAAC;IAGD,KAAK,CAAC,SAAS,CACb,IAAS,EACT,QAAgB,EAChB,YAAkB;QAElB,OAAO,IAAI,CAAC,SAAS,CAAC;YACpB,IAAI;YACJ,QAAQ;YACR,MAAM,EAAE,yBAAgB,CAAC,MAAM;YAC/B,YAAY;SACb,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,OAAO,CACX,IAAS,EACT,QAAgB,EAChB,YAAkB;QAElB,OAAO,IAAI,CAAC,SAAS,CAAC;YACpB,IAAI;YACJ,QAAQ;YACR,MAAM,EAAE,yBAAgB,CAAC,IAAI;YAC7B,YAAY;SACb,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,SAAS,CACb,IAAS,EACT,QAAgB,EAChB,YAAiB;QAEjB,OAAO,IAAI,CAAC,SAAS,CAAC;YACpB,IAAI;YACJ,QAAQ;YACR,MAAM,EAAE,yBAAgB,CAAC,MAAM;YAC/B,YAAY;SACb,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,SAAS,CACb,IAAS,EACT,QAAgB,EAChB,YAAiB;QAEjB,OAAO,IAAI,CAAC,SAAS,CAAC;YACpB,IAAI;YACJ,QAAQ;YACR,MAAM,EAAE,yBAAgB,CAAC,MAAM;YAC/B,YAAY;SACb,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,SAAS,CACb,IAAS,EACT,QAAgB,EAChB,YAAkB;QAElB,OAAO,IAAI,CAAC,SAAS,CAAC;YACpB,IAAI;YACJ,QAAQ;YACR,MAAM,EAAE,yBAAgB,CAAC,MAAM;YAC/B,YAAY;SACb,CAAC,CAAC;IACL,CAAC;IAGD,KAAK,CAAC,iBAAiB,CACrB,QAAiC;QAEjC,MAAM,OAAO,GAAwC,EAAE,CAAC;QAExD,MAAM,QAAQ,GAAG,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;YAC9C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;YAC7C,MAAM,GAAG,GAAG,GAAG,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACpD,OAAO,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC;QACxB,CAAC,CAAC,CAAC;QAEH,MAAM,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC5B,OAAO,OAAO,CAAC;IACjB,CAAC;IAGD,KAAK,CAAC,cAAc,CAAC,MAAc;QACjC,OAAO,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,QAAQ,MAAM,IAAI,CAAC,CAAC;IACxD,CAAC;IAEO,aAAa,CAAC,OAA8B;QAClD,MAAM,QAAQ,GAAG,OAAO,CAAC,YAAY,EAAE,EAAE,IAAI,MAAM,CAAC;QACpD,OAAO,QAAQ,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,MAAM,IAAI,QAAQ,EAAE,CAAC;IACrF,CAAC;CACF,CAAA;AAzKY,oDAAoB;+BAApB,oBAAoB;IADhC,IAAA,mBAAU,GAAE;qCAK6B,yDAA0B;QACjC,4DAA2B;QACxB,iDAAsB;GAN/C,oBAAoB,CAyKhC"}

package/dist/modules/authorization/services/dynamic-filter.service.d.ts

@@ -0,0 +1,9 @@
+import { FilterCriteria, PermissionContextType } from "../../../common/";
+export declare class DynamicFilterService {
+    private readonly logger;
+    buildFiltersFromCriteria(criteria: FilterCriteria, context: PermissionContextType, assistantIds?: string[]): Promise<Record<string, any>>;
+    private applyFieldCondition;
+    mergeFilters(...filterObjects: Record<string, any>[]): Record<string, any>;
+    private getColumnMapping;
+    private mapFieldName;
+}

package/dist/modules/authorization/services/dynamic-filter.service.js

@@ -0,0 +1,238 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var DynamicFilterService_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DynamicFilterService = void 0;
+const common_1 = require("@nestjs/common");
+const resource_configurations_1 = require("../config/resource-configurations");
+let DynamicFilterService = DynamicFilterService_1 = class DynamicFilterService {
+    logger = new common_1.Logger(DynamicFilterService_1.name);
+    async buildFiltersFromCriteria(criteria, context, assistantIds = []) {
+        const filters = {};
+        const { user } = context;
+        if (criteria.fields && criteria.fields.length > 0) {
+            for (const fieldCondition of criteria.fields) {
+                this.applyFieldCondition(filters, fieldCondition);
+            }
+        }
+        const userBasedConditions = [];
+        const ruleConditions = context.additionalContext?.ruleConditions || [];
+        const hasParticipantCondition = ruleConditions.includes("participant");
+        const includeParticipants = hasParticipantCondition || criteria.includeParticipants;
+        if (criteria.includeOwn) {
+            const createdByField = this.mapFieldName(context.resource, "createdBy");
+            userBasedConditions.push({ [createdByField]: user.id });
+        }
+        if (criteria.includeAssigned) {
+            const assignedToField = this.mapFieldName(context.resource, "assignedTo");
+            userBasedConditions.push({ [assignedToField]: user.id });
+        }
+        if (criteria.includeObserved) {
+            const observersField = this.mapFieldName(context.resource, "observers");
+            const mapping = this.getColumnMapping(context.resource);
+            if (mapping.observers === "observer" ||
+                mapping.observers === "observerId") {
+                userBasedConditions.push({ [observersField]: user.id });
+            }
+            else {
+                userBasedConditions.push({ [observersField]: { contains: [user.id] } });
+            }
+        }
+        if (includeParticipants) {
+            const participantsField = this.mapFieldName(context.resource, "participants");
+            const mapping = this.getColumnMapping(context.resource);
+            if (mapping.participants) {
+                userBasedConditions.push({
+                    [participantsField]: { contains: [user.id] },
+                });
+            }
+        }
+        if (criteria.includeTeam) {
+            const teamMemberIds = assistantIds && assistantIds.length > 0 ? assistantIds : [];
+            if (teamMemberIds.length > 0) {
+                const createdByField = this.mapFieldName(context.resource, "createdBy");
+                const assignedToField = this.mapFieldName(context.resource, "assignedTo");
+                const observersField = this.mapFieldName(context.resource, "observers");
+                const mapping = this.getColumnMapping(context.resource);
+                userBasedConditions.push({ [createdByField]: { in: teamMemberIds } });
+                userBasedConditions.push({ [assignedToField]: { in: teamMemberIds } });
+                if (mapping.observers === "observer" ||
+                    mapping.observers === "observerId") {
+                    userBasedConditions.push({ [observersField]: { in: teamMemberIds } });
+                }
+                else {
+                    userBasedConditions.push({
+                        [observersField]: { contains: teamMemberIds },
+                    });
+                }
+                if (mapping.participants &&
+                    (criteria.includeTeam ||
+                        hasParticipantCondition ||
+                        criteria.includeParticipants)) {
+                    const participantsField = this.mapFieldName(context.resource, "participants");
+                    userBasedConditions.push({
+                        [participantsField]: { contains: teamMemberIds },
+                    });
+                }
+            }
+        }
+        if (criteria.includeGroup) {
+            const groupIds = (user.groups || []).map((g) => g.id);
+            if (groupIds.length > 0) {
+                userBasedConditions.push({ groupId: { in: groupIds } });
+            }
+        }
+        if (criteria.includeSupervised && assistantIds.length > 0) {
+            const createdByField = this.mapFieldName(context.resource, "createdBy");
+            const assignedToField = this.mapFieldName(context.resource, "assignedTo");
+            const observersField = this.mapFieldName(context.resource, "observers");
+            const mapping = this.getColumnMapping(context.resource);
+            userBasedConditions.push({ [createdByField]: { in: assistantIds } }, { [assignedToField]: { in: assistantIds } });
+            if (mapping.observers === "observer" ||
+                mapping.observers === "observerId") {
+                userBasedConditions.push({ [observersField]: { in: assistantIds } });
+            }
+            else {
+                userBasedConditions.push({
+                    [observersField]: { contains: assistantIds },
+                });
+            }
+        }
+        if (userBasedConditions.length > 0) {
+            if (filters.or) {
+                filters.or.push(...userBasedConditions);
+            }
+            else {
+                filters.or = userBasedConditions;
+            }
+        }
+        if (criteria.orConditions && criteria.orConditions.length > 0) {
+            const orFilters = await Promise.all(criteria.orConditions.map(async (orCriteria) => this.buildFiltersFromCriteria(orCriteria, context, assistantIds)));
+            const flattenedOrFilters = orFilters
+                .flatMap((filter) => (filter.or ? filter.or : [filter]))
+                .filter((f) => Object.keys(f).length > 0);
+            if (flattenedOrFilters.length > 0) {
+                if (filters.or) {
+                    filters.or.push(...flattenedOrFilters);
+                }
+                else {
+                    filters.or = flattenedOrFilters;
+                }
+            }
+        }
+        if (criteria.andConditions && criteria.andConditions.length > 0) {
+            for (const andCriteria of criteria.andConditions) {
+                const andFilter = await this.buildFiltersFromCriteria(andCriteria, context, assistantIds);
+                if (Object.keys(andFilter).length > 0) {
+                    Object.assign(filters, andFilter);
+                }
+            }
+        }
+        return filters;
+    }
+    applyFieldCondition(filters, condition) {
+        const { field, operator, value, values } = condition;
+        switch (operator) {
+            case "equals":
+                filters[field] = value;
+                break;
+            case "in":
+                if (values && values.length > 0) {
+                    filters[field] = { in: values };
+                }
+                break;
+            case "contains":
+                if (values && values.length > 0) {
+                    filters[field] = { contains: values };
+                }
+                else if (value !== undefined) {
+                    filters[field] = { contains: [value] };
+                }
+                break;
+            case "not_in":
+                if (values && values.length > 0) {
+                    filters[field] = { notIn: values };
+                }
+                break;
+            case "is_null":
+                filters[field] = { isNull: true };
+                break;
+            case "is_not_null":
+                filters[field] = { isNull: false };
+                break;
+            case "like":
+                filters[field] = { like: value };
+                break;
+            case "gt":
+                filters[field] = { gt: value };
+                break;
+            case "gte":
+                filters[field] = { gte: value };
+                break;
+            case "lt":
+                filters[field] = { lt: value };
+                break;
+            case "lte":
+                filters[field] = { lte: value };
+                break;
+            default:
+                this.logger.warn(`Unknown filter operator: ${operator}`);
+        }
+    }
+    mergeFilters(...filterObjects) {
+        const merged = {};
+        for (const filters of filterObjects) {
+            for (const [key, value] of Object.entries(filters)) {
+                if (key === "or") {
+                    if (merged.or) {
+                        merged.or.push(...(Array.isArray(value) ? value : [value]));
+                    }
+                    else {
+                        merged.or = Array.isArray(value) ? [...value] : [value];
+                    }
+                }
+                else if (key === "and") {
+                    if (merged.and) {
+                        merged.and.push(...(Array.isArray(value) ? value : [value]));
+                    }
+                    else {
+                        merged.and = Array.isArray(value) ? [...value] : [value];
+                    }
+                }
+                else {
+                    merged[key] = value;
+                }
+            }
+        }
+        return merged;
+    }
+    getColumnMapping(resource) {
+        try {
+            const config = (0, resource_configurations_1.getResourceConfig)(resource);
+            return config.columnMappings;
+        }
+        catch (error) {
+            this.logger.warn(`Resource configuration not found for: ${resource}, using default mapping`);
+            return {
+                assignedTo: "assignedById",
+                observers: "observers",
+                createdBy: "createdBy",
+                groupId: "groupId",
+            };
+        }
+    }
+    mapFieldName(resource, logicalField) {
+        const mapping = this.getColumnMapping(resource);
+        return mapping[logicalField] || logicalField;
+    }
+};
+exports.DynamicFilterService = DynamicFilterService;
+exports.DynamicFilterService = DynamicFilterService = DynamicFilterService_1 = __decorate([
+    (0, common_1.Injectable)()
+], DynamicFilterService);
+//# sourceMappingURL=dynamic-filter.service.js.map

package/dist/modules/authorization/services/dynamic-filter.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dynamic-filter.service.js","sourceRoot":"","sources":["../../../../src/modules/authorization/services/dynamic-filter.service.ts"],"names":[],"mappings":";;;;;;;;;;AAAA,2CAAoD;AAMpD,+EAAsE;AAI/D,IAAM,oBAAoB,4BAA1B,MAAM,oBAAoB;IACd,MAAM,GAAG,IAAI,eAAM,CAAC,sBAAoB,CAAC,IAAI,CAAC,CAAC;IAKhE,KAAK,CAAC,wBAAwB,CAC5B,QAAwB,EACxB,OAA8B,EAC9B,eAAyB,EAAE;QAE3B,MAAM,OAAO,GAAwB,EAAE,CAAC;QACxC,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC;QAGzB,IAAI,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClD,KAAK,MAAM,cAAc,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBAC7C,IAAI,CAAC,mBAAmB,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;YACpD,CAAC;QACH,CAAC;QAGD,MAAM,mBAAmB,GAA0B,EAAE,CAAC;QAGtD,MAAM,cAAc,GAAG,OAAO,CAAC,iBAAiB,EAAE,cAAc,IAAI,EAAE,CAAC;QACvE,MAAM,uBAAuB,GAAG,cAAc,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QACvE,MAAM,mBAAmB,GACvB,uBAAuB,IAAK,QAAgB,CAAC,mBAAmB,CAAC;QAEnE,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;YACxB,MAAM,cAAc,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;YACxE,mBAAmB,CAAC,IAAI,CAAC,EAAE,CAAC,cAAc,CAAC,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;QAC1D,CAAC;QAED,IAAI,QAAQ,CAAC,eAAe,EAAE,CAAC;YAC7B,MAAM,eAAe,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;YAC1E,mBAAmB,CAAC,IAAI,CAAC,EAAE,CAAC,eAAe,CAAC,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;QAC3D,CAAC;QAED,IAAI,QAAQ,CAAC,eAAe,EAAE,CAAC;YAC7B,MAAM,cAAc,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;YACxE,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAGxD,IACE,OAAO,CAAC,SAAS,KAAK,UAAU;gBAChC,OAAO,CAAC,SAAS,KAAK,YAAY,EAClC,CAAC;gBAED,mBAAmB,CAAC,IAAI,CAAC,EAAE,CAAC,cAAc,CAAC,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;YAC1D,CAAC;iBAAM,CAAC;gBAEN,mBAAmB,CAAC,IAAI,CAAC,EAAE,CAAC,cAAc,CAAC,EAAE,EAAE,QAAQ,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;YAC1E,CAAC;QACH,CAAC;QAED,IAAI,mBAAmB,EAAE,CAAC;YAExB,MAAM,iBAAiB,GAAG,IAAI,CAAC,YAAY,CACzC,OAAO,CAAC,QAAQ,EAChB,cAAc,CACf,CAAC;YACF,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAExD,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;gBAEzB,mBAAmB,CAAC,IAAI,CAAC;oBACvB,CAAC,iBAAiB,CAAC,EAAE,EAAE,QAAQ,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE;iBAC7C,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,IAAI,QAAQ,CAAC,WAAW,EAAE,CAAC;YAEzB,MAAM,aAAa,GACjB,YAAY,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC;YAE9D,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC7B,MAAM,cAAc,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;gBACxE,MAAM,eAAe,GAAG,IAAI,CAAC,YAAY,CACvC,OAAO,CAAC,QAAQ,EAChB,YAAY,CACb,CAAC;gBACF,MAAM,cAAc,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;gBACxE,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;gBAGxD,mBAAmB,CAAC,IAAI,CAAC,EAAE,CAAC,cAAc,CAAC,EAAE,EAAE,EAAE,EAAE,aAAa,EAAE,EAAE,CAAC,CAAC;gBACtE,mBAAmB,CAAC,IAAI,CAAC,EAAE,CAAC,eAAe,CAAC,EAAE,EAAE,EAAE,EAAE,aAAa,EAAE,EAAE,CAAC,CAAC;gBAGvE,IACE,OAAO,CAAC,SAAS,KAAK,UAAU;oBAChC,OAAO,CAAC,SAAS,KAAK,YAAY,EAClC,CAAC;oBACD,mBAAmB,CAAC,IAAI,CAAC,EAAE,CAAC,cAAc,CAAC,EAAE,EAAE,EAAE,EAAE,aAAa,EAAE,EAAE,CAAC,CAAC;gBACxE,CAAC;qBAAM,CAAC;oBACN,mBAAmB,CAAC,IAAI,CAAC;wBACvB,CAAC,cAAc,CAAC,EAAE,EAAE,QAAQ,EAAE,aAAa,EAAE;qBAC9C,CAAC,CAAC;gBACL,CAAC;gBAKD,IACE,OAAO,CAAC,YAAY;oBACpB,CAAC,QAAQ,CAAC,WAAW;wBACnB,uBAAuB;wBACtB,QAAgB,CAAC,mBAAmB,CAAC,EACxC,CAAC;oBACD,MAAM,iBAAiB,GAAG,IAAI,CAAC,YAAY,CACzC,OAAO,CAAC,QAAQ,EAChB,cAAc,CACf,CAAC;oBACF,mBAAmB,CAAC,IAAI,CAAC;wBACvB,CAAC,iBAAiB,CAAC,EAAE,EAAE,QAAQ,EAAE,aAAa,EAAE;qBACjD,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,QAAQ,CAAC,YAAY,EAAE,CAAC;YAC1B,MAAM,QAAQ,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YAC3D,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACxB,mBAAmB,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;YAC1D,CAAC;QACH,CAAC;QAED,IAAI,QAAQ,CAAC,iBAAiB,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1D,MAAM,cAAc,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;YACxE,MAAM,eAAe,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;YAC1E,MAAM,cAAc,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;YACxE,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAExD,mBAAmB,CAAC,IAAI,CACtB,EAAE,CAAC,cAAc,CAAC,EAAE,EAAE,EAAE,EAAE,YAAY,EAAE,EAAE,EAC1C,EAAE,CAAC,eAAe,CAAC,EAAE,EAAE,EAAE,EAAE,YAAY,EAAE,EAAE,CAC5C,CAAC;YAGF,IACE,OAAO,CAAC,SAAS,KAAK,UAAU;gBAChC,OAAO,CAAC,SAAS,KAAK,YAAY,EAClC,CAAC;gBAED,mBAAmB,CAAC,IAAI,CAAC,EAAE,CAAC,cAAc,CAAC,EAAE,EAAE,EAAE,EAAE,YAAY,EAAE,EAAE,CAAC,CAAC;YACvE,CAAC;iBAAM,CAAC;gBAEN,mBAAmB,CAAC,IAAI,CAAC;oBACvB,CAAC,cAAc,CAAC,EAAE,EAAE,QAAQ,EAAE,YAAY,EAAE;iBAC7C,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAGD,IAAI,mBAAmB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACnC,IAAI,OAAO,CAAC,EAAE,EAAE,CAAC;gBACf,OAAO,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,mBAAmB,CAAC,CAAC;YAC1C,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,EAAE,GAAG,mBAAmB,CAAC;YACnC,CAAC;QACH,CAAC;QAGD,IAAI,QAAQ,CAAC,YAAY,IAAI,QAAQ,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9D,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,GAAG,CACjC,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,EAAE,UAAU,EAAE,EAAE,CAC7C,IAAI,CAAC,wBAAwB,CAAC,UAAU,EAAE,OAAO,EAAE,YAAY,CAAC,CACjE,CACF,CAAC;YAEF,MAAM,kBAAkB,GAAG,SAAS;iBACjC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;iBACvD,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YAE5C,IAAI,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAClC,IAAI,OAAO,CAAC,EAAE,EAAE,CAAC;oBACf,OAAO,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,kBAAkB,CAAC,CAAC;gBACzC,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,EAAE,GAAG,kBAAkB,CAAC;gBAClC,CAAC;YACH,CAAC;QACH,CAAC;QAGD,IAAI,QAAQ,CAAC,aAAa,IAAI,QAAQ,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChE,KAAK,MAAM,WAAW,IAAI,QAAQ,CAAC,aAAa,EAAE,CAAC;gBACjD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,wBAAwB,CACnD,WAAW,EACX,OAAO,EACP,YAAY,CACb,CAAC;gBACF,IAAI,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACtC,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;gBACpC,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAKO,mBAAmB,CACzB,OAA4B,EAC5B,SAA0B;QAE1B,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,SAAS,CAAC;QAErD,QAAQ,QAAQ,EAAE,CAAC;YACjB,KAAK,QAAQ;gBACX,OAAO,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC;gBACvB,MAAM;YAER,KAAK,IAAI;gBACP,IAAI,MAAM,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAChC,OAAO,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC;gBAClC,CAAC;gBACD,MAAM;YAER,KAAK,UAAU;gBACb,IAAI,MAAM,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAChC,OAAO,CAAC,KAAK,CAAC,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;gBACxC,CAAC;qBAAM,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;oBAC/B,OAAO,CAAC,KAAK,CAAC,GAAG,EAAE,QAAQ,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC;gBACzC,CAAC;gBACD,MAAM;YAER,KAAK,QAAQ;gBACX,IAAI,MAAM,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAChC,OAAO,CAAC,KAAK,CAAC,GAAG,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;gBACrC,CAAC;gBACD,MAAM;YAER,KAAK,SAAS;gBACZ,OAAO,CAAC,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;gBAClC,MAAM;YAER,KAAK,aAAa;gBAChB,OAAO,CAAC,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;gBACnC,MAAM;YAER,KAAK,MAAM;gBACT,OAAO,CAAC,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;gBACjC,MAAM;YAER,KAAK,IAAI;gBACP,OAAO,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;gBAC/B,MAAM;YAER,KAAK,KAAK;gBACR,OAAO,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;gBAChC,MAAM;YAER,KAAK,IAAI;gBACP,OAAO,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;gBAC/B,MAAM;YAER,KAAK,KAAK;gBACR,OAAO,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;gBAChC,MAAM;YAER;gBACE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4BAA4B,QAAQ,EAAE,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IAKD,YAAY,CAAC,GAAG,aAAoC;QAClD,MAAM,MAAM,GAAwB,EAAE,CAAC;QAEvC,KAAK,MAAM,OAAO,IAAI,aAAa,EAAE,CAAC;YACpC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;gBACnD,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;oBACjB,IAAI,MAAM,CAAC,EAAE,EAAE,CAAC;wBACd,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBAC9D,CAAC;yBAAM,CAAC;wBACN,MAAM,CAAC,EAAE,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;oBAC1D,CAAC;gBACH,CAAC;qBAAM,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;oBACzB,IAAI,MAAM,CAAC,GAAG,EAAE,CAAC;wBACf,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBAC/D,CAAC;yBAAM,CAAC;wBACN,MAAM,CAAC,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;oBAC3D,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;gBACtB,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAKO,gBAAgB,CAAC,QAAgB;QACvC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAA,2CAAiB,EAAC,QAAQ,CAAC,CAAC;YAC3C,OAAO,MAAM,CAAC,cAAc,CAAC;QAC/B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAEf,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,yCAAyC,QAAQ,yBAAyB,CAC3E,CAAC;YACF,OAAO;gBACL,UAAU,EAAE,cAAc;gBAC1B,SAAS,EAAE,WAAW;gBACtB,SAAS,EAAE,WAAW;gBACtB,OAAO,EAAE,SAAS;aACnB,CAAC;QACJ,CAAC;IACH,CAAC;IAKO,YAAY,CAAC,QAAgB,EAAE,YAAoB;QACzD,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QAChD,OAAO,OAAO,CAAC,YAAoC,CAAC,IAAI,YAAY,CAAC;IACvE,CAAC;CACF,CAAA;AAvUY,oDAAoB;+BAApB,oBAAoB;IADhC,IAAA,mBAAU,GAAE;GACA,oBAAoB,CAuUhC"}

package/dist/modules/authorization/services/index.d.ts

@@ -0,0 +1,7 @@
+export * from "./authorization.service";
+export * from "./permission-evaluator.service";
+export * from "./resource-authorization.service";
+export * from "./permission-cache.service";
+export * from "./resource-access-filter.service";
+export * from "./dynamic-filter.service";
+export * from "./modules";

package/dist/modules/authorization/services/index.js

@@ -0,0 +1,24 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./authorization.service"), exports);
+__exportStar(require("./permission-evaluator.service"), exports);
+__exportStar(require("./resource-authorization.service"), exports);
+__exportStar(require("./permission-cache.service"), exports);
+__exportStar(require("./resource-access-filter.service"), exports);
+__exportStar(require("./dynamic-filter.service"), exports);
+__exportStar(require("./modules"), exports);
+//# sourceMappingURL=index.js.map

package/dist/modules/authorization/services/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/modules/authorization/services/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,0DAAuC;AACvC,iEAA8C;AAC9C,mEAAgD;AAChD,6DAA0C;AAC1C,mEAAgD;AAChD,2DAAwC;AACxC,4CAAyB"}

package/dist/modules/authorization/services/modules/contact-authorization.service.d.ts

@@ -0,0 +1,29 @@
+import { Repository, SelectQueryBuilder } from "typeorm";
+import { SubGroup, User } from "../../../../entities";
+import { PermissionAction, PermissionResult } from "../../../../common/";
+import { ResourceAuthorizationFactory } from "../../factories/resource-authorization.factory";
+export declare class ContactAuthorizationService {
+    private readonly authFactory;
+    private readonly logger;
+    private contactAuth?;
+    constructor(authFactory: ResourceAuthorizationFactory);
+    private getContactAuth;
+    applyContactPermissionFilters(queryBuilder: SelectQueryBuilder<any>, user: User, options?: {
+        getAll?: boolean;
+        action?: PermissionAction;
+        subGroupRepository?: Repository<SubGroup>;
+    }): Promise<SelectQueryBuilder<any>>;
+    canPerformContactAction(user: any, action: PermissionAction, targetContact?: any, subGroupRepository?: Repository<SubGroup>): Promise<PermissionResult>;
+    validateContactAccess(user: any, action: PermissionAction, targetContact: any, subGroupRepository?: Repository<SubGroup>): Promise<void>;
+    getAssistantIds(user: User, subGroupRepository: Repository<SubGroup>): Promise<string[]>;
+    getUserSubGroupMembers(user: User, subGroupRepository: Repository<SubGroup>): Promise<string[]>;
+    hasHighLevelPermissions(user: any): boolean;
+    private getUserMaxRoleLevel;
+    canCreateContact(user: any, subGroupRepository?: Repository<SubGroup>): Promise<boolean>;
+    canReadContact(user: any, contact?: any, subGroupRepository?: Repository<SubGroup>): Promise<boolean>;
+    canUpdateContact(user: any, contact: any, subGroupRepository?: Repository<SubGroup>): Promise<boolean>;
+    canDeleteContact(user: any, contact: any, subGroupRepository?: Repository<SubGroup>): Promise<boolean>;
+    canMergeContacts(user: any, subGroupRepository?: Repository<SubGroup>): Promise<boolean>;
+    canImportContacts(user: any, subGroupRepository?: Repository<SubGroup>): Promise<boolean>;
+    canExportContacts(user: any, subGroupRepository?: Repository<SubGroup>): Promise<boolean>;
+}

package/dist/modules/authorization/services/modules/contact-authorization.service.js

@@ -0,0 +1,105 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var ContactAuthorizationService_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ContactAuthorizationService = void 0;
+const common_1 = require("@nestjs/common");
+const resource_authorization_factory_1 = require("../../factories/resource-authorization.factory");
+let ContactAuthorizationService = ContactAuthorizationService_1 = class ContactAuthorizationService {
+    authFactory;
+    logger = new common_1.Logger(ContactAuthorizationService_1.name);
+    contactAuth;
+    constructor(authFactory) {
+        this.authFactory = authFactory;
+    }
+    getContactAuth(subGroupRepository) {
+        if (!this.contactAuth && subGroupRepository) {
+            this.contactAuth = this.authFactory.forContact(subGroupRepository);
+        }
+        return (this.contactAuth ||
+            this.authFactory.createBuilder().forResource("contact").build());
+    }
+    async applyContactPermissionFilters(queryBuilder, user, options = {}) {
+        const { subGroupRepository, ...restOptions } = options;
+        try {
+            const contactAuth = this.getContactAuth(subGroupRepository);
+            const assistantIds = await contactAuth.getSubGroupMembers(user);
+            return await contactAuth.applyPermissionFilters(queryBuilder, user, {
+                ...restOptions,
+                assistantIds,
+            });
+        }
+        catch (error) {
+            this.logger.error(`Error applying contact permission filters: ${error instanceof Error ? error.message : "Unknown error"}`);
+            queryBuilder.where("1 = 0");
+            return queryBuilder;
+        }
+    }
+    async canPerformContactAction(user, action, targetContact, subGroupRepository) {
+        const contactAuth = this.getContactAuth(subGroupRepository);
+        return contactAuth.canPerformAction(user, action, targetContact);
+    }
+    async validateContactAccess(user, action, targetContact, subGroupRepository) {
+        const contactAuth = this.getContactAuth(subGroupRepository);
+        return contactAuth.validateAccess(user, action, targetContact);
+    }
+    async getAssistantIds(user, subGroupRepository) {
+        const contactAuth = this.getContactAuth(subGroupRepository);
+        return contactAuth.getAssistantIds(user);
+    }
+    async getUserSubGroupMembers(user, subGroupRepository) {
+        const contactAuth = this.getContactAuth(subGroupRepository);
+        return contactAuth.getSubGroupMembers(user);
+    }
+    hasHighLevelPermissions(user) {
+        const userMaxRoleLevel = this.getUserMaxRoleLevel(user.roles || []);
+        return userMaxRoleLevel <= 2;
+    }
+    getUserMaxRoleLevel(roles) {
+        if (!roles || roles.length === 0)
+            return 999;
+        return Math.min(...roles.map((role) => role.level || 999));
+    }
+    async canCreateContact(user, subGroupRepository) {
+        const contactAuth = this.getContactAuth(subGroupRepository);
+        return contactAuth.canCreate(user);
+    }
+    async canReadContact(user, contact, subGroupRepository) {
+        const contactAuth = this.getContactAuth(subGroupRepository);
+        return contactAuth.canRead(user, contact);
+    }
+    async canUpdateContact(user, contact, subGroupRepository) {
+        const contactAuth = this.getContactAuth(subGroupRepository);
+        return contactAuth.canUpdate(user, contact);
+    }
+    async canDeleteContact(user, contact, subGroupRepository) {
+        const contactAuth = this.getContactAuth(subGroupRepository);
+        return contactAuth.canDelete(user, contact);
+    }
+    async canMergeContacts(user, subGroupRepository) {
+        const contactAuth = this.getContactAuth(subGroupRepository);
+        return contactAuth.canManage(user);
+    }
+    async canImportContacts(user, subGroupRepository) {
+        const contactAuth = this.getContactAuth(subGroupRepository);
+        return contactAuth.canImport(user);
+    }
+    async canExportContacts(user, subGroupRepository) {
+        const contactAuth = this.getContactAuth(subGroupRepository);
+        return contactAuth.canExport(user);
+    }
+};
+exports.ContactAuthorizationService = ContactAuthorizationService;
+exports.ContactAuthorizationService = ContactAuthorizationService = ContactAuthorizationService_1 = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [resource_authorization_factory_1.ResourceAuthorizationFactory])
+], ContactAuthorizationService);
+//# sourceMappingURL=contact-authorization.service.js.map