easywork-common-lib 1.0.1022 → 1.0.1024

package/dist/modules/authorization/services/modules/contact-authorization.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"contact-authorization.service.js","sourceRoot":"","sources":["../../../../../src/modules/authorization/services/modules/contact-authorization.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAAA,2CAAoD;AAIpD,mGAGwD;AAUjD,IAAM,2BAA2B,mCAAjC,MAAM,2BAA2B;IAIT;IAHZ,MAAM,GAAG,IAAI,eAAM,CAAC,6BAA2B,CAAC,IAAI,CAAC,CAAC;IAC/D,WAAW,CAAmC;IAEtD,YAA6B,WAAyC;QAAzC,gBAAW,GAAX,WAAW,CAA8B;IAAG,CAAC;IAKlE,cAAc,CACpB,kBAAyC;QAEzC,IAAI,CAAC,IAAI,CAAC,WAAW,IAAI,kBAAkB,EAAE,CAAC;YAC5C,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAC;QACrE,CAAC;QACD,OAAO,CACL,IAAI,CAAC,WAAW;YAChB,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,KAAK,EAAE,CAChE,CAAC;IACJ,CAAC;IAMD,KAAK,CAAC,6BAA6B,CACjC,YAAqC,EACrC,IAAU,EACV,UAII,EAAE;QAEN,MAAM,EAAE,kBAAkB,EAAE,GAAG,WAAW,EAAE,GAAG,OAAO,CAAC;QAEvD,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAAC,CAAC;YAC5D,MAAM,YAAY,GAAG,MAAM,WAAW,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;YAChE,OAAO,MAAM,WAAW,CAAC,sBAAsB,CAAC,YAAY,EAAE,IAAI,EAAE;gBAClE,GAAG,WAAW;gBACd,YAAY;aACb,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,8CACE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAC3C,EAAE,CACH,CAAC;YAEF,YAAY,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC5B,OAAO,YAAY,CAAC;QACtB,CAAC;IACH,CAAC;IAKD,KAAK,CAAC,uBAAuB,CAC3B,IAAS,EACT,MAAwB,EACxB,aAAmB,EACnB,kBAAyC;QAEzC,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAAC,CAAC;QAC5D,OAAO,WAAW,CAAC,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,aAAa,CAAC,CAAC;IACnE,CAAC;IAMD,KAAK,CAAC,qBAAqB,CACzB,IAAS,EACT,MAAwB,EACxB,aAAkB,EAClB,kBAAyC;QAEzC,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAAC,CAAC;QAC5D,OAAO,WAAW,CAAC,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,aAAa,CAAC,CAAC;IACjE,CAAC;IAMD,KAAK,CAAC,eAAe,CACnB,IAAU,EACV,kBAAwC;QAExC,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAAC,CAAC;QAC5D,OAAO,WAAW,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;IAC3C,CAAC;IAKD,KAAK,CAAC,sBAAsB,CAC1B,IAAU,EACV,kBAAwC;QAExC,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAAC,CAAC;QAC5D,OAAO,WAAW,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAC9C,CAAC;IAKD,uBAAuB,CAAC,IAAS;QAC/B,MAAM,gBAAgB,GAAG,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;QACpE,OAAO,gBAAgB,IAAI,CAAC,CAAC;IAC/B,CAAC;IAKO,mBAAmB,CAAC,KAAY;QACtC,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,GAAG,CAAC;QAC7C,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,IAAS,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,IAAI,GAAG,CAAC,CAAC,CAAC;IAClE,CAAC;IAMD,KAAK,CAAC,gBAAgB,CACpB,IAAS,EACT,kBAAyC;QAEzC,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAAC,CAAC;QAC5D,OAAO,WAAW,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACrC,CAAC;IAED,KAAK,CAAC,cAAc,CAClB,IAAS,EACT,OAAa,EACb,kBAAyC;QAEzC,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAAC,CAAC;QAC5D,OAAO,WAAW,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,gBAAgB,CACpB,IAAS,EACT,OAAY,EACZ,kBAAyC;QAEzC,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAAC,CAAC;QAC5D,OAAO,WAAW,CAAC,SAAS,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC9C,CAAC;IAED,KAAK,CAAC,gBAAgB,CACpB,IAAS,EACT,OAAY,EACZ,kBAAyC;QAEzC,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAAC,CAAC;QAC5D,OAAO,WAAW,CAAC,SAAS,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC9C,CAAC;IAED,KAAK,CAAC,gBAAgB,CACpB,IAAS,EACT,kBAAyC;QAEzC,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAAC,CAAC;QAC5D,OAAO,WAAW,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACrC,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,IAAS,EACT,kBAAyC;QAEzC,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAAC,CAAC;QAC5D,OAAO,WAAW,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACrC,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,IAAS,EACT,kBAAyC;QAEzC,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAAC,CAAC;QAC5D,OAAO,WAAW,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACrC,CAAC;CACF,CAAA;AAvLY,kEAA2B;sCAA3B,2BAA2B;IADvC,IAAA,mBAAU,GAAE;qCAK+B,6DAA4B;GAJ3D,2BAA2B,CAuLvC"}

package/dist/modules/authorization/services/modules/index.d.ts

@@ -0,0 +1,4 @@
+export * from "./contact-authorization.service";
+export * from "./lead-authorization.service";
+export * from "./policy-authorization.service";
+export * from "./task-authorization.service";

package/dist/modules/authorization/services/modules/index.js

@@ -0,0 +1,21 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./contact-authorization.service"), exports);
+__exportStar(require("./lead-authorization.service"), exports);
+__exportStar(require("./policy-authorization.service"), exports);
+__exportStar(require("./task-authorization.service"), exports);
+//# sourceMappingURL=index.js.map

package/dist/modules/authorization/services/modules/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/modules/authorization/services/modules/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,kEAA+C;AAC/C,+DAA4C;AAC5C,iEAA8C;AAC9C,+DAA4C"}

package/dist/modules/authorization/services/modules/lead-authorization.service.d.ts

@@ -0,0 +1,27 @@
+import { Repository, SelectQueryBuilder } from "typeorm";
+import { PermissionAction, PermissionResult } from "../../../../common/";
+import { SubGroup, User } from "../../../../entities";
+import { ResourceAuthorizationFactory } from "../../factories/resource-authorization.factory";
+export declare class LeadAuthorizationService {
+    private readonly authFactory;
+    private readonly logger;
+    private leadAuth?;
+    constructor(authFactory: ResourceAuthorizationFactory);
+    private getLeadAuth;
+    applyLeadPermissionFilters(queryBuilder: SelectQueryBuilder<any>, user: User, options?: {
+        getAll?: boolean;
+        action?: PermissionAction;
+        subGroupRepository?: Repository<SubGroup>;
+    }): Promise<SelectQueryBuilder<any>>;
+    canPerformLeadAction(user: any, action: PermissionAction, targetLead?: any, subGroupRepository?: Repository<SubGroup>): Promise<PermissionResult>;
+    validateLeadAccess(user: any, action: PermissionAction, targetLead: any, subGroupRepository?: Repository<SubGroup>): Promise<void>;
+    getAssistantIds(user: User, subGroupRepository: Repository<SubGroup>): Promise<string[]>;
+    getUserSubGroupMembers(user: User, subGroupRepository: Repository<SubGroup>): Promise<string[]>;
+    canCreateLead(user: any, subGroupRepository?: Repository<SubGroup>): Promise<boolean>;
+    canReadLead(user: any, lead?: any, subGroupRepository?: Repository<SubGroup>): Promise<boolean>;
+    canUpdateLead(user: any, lead: any, subGroupRepository?: Repository<SubGroup>): Promise<boolean>;
+    canDeleteLead(user: any, lead: any, subGroupRepository?: Repository<SubGroup>): Promise<boolean>;
+    canConvertLead(user: any, lead: any, subGroupRepository?: Repository<SubGroup>): Promise<boolean>;
+    canExportLeads(user: any, subGroupRepository?: Repository<SubGroup>): Promise<boolean>;
+    canImportLeads(user: any, subGroupRepository?: Repository<SubGroup>): Promise<boolean>;
+}

package/dist/modules/authorization/services/modules/lead-authorization.service.js

@@ -0,0 +1,96 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var LeadAuthorizationService_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LeadAuthorizationService = void 0;
+const common_1 = require("@nestjs/common");
+const resource_authorization_factory_1 = require("../../factories/resource-authorization.factory");
+let LeadAuthorizationService = LeadAuthorizationService_1 = class LeadAuthorizationService {
+    authFactory;
+    logger = new common_1.Logger(LeadAuthorizationService_1.name);
+    leadAuth;
+    constructor(authFactory) {
+        this.authFactory = authFactory;
+    }
+    getLeadAuth(subGroupRepository) {
+        if (!this.leadAuth && subGroupRepository) {
+            this.leadAuth = this.authFactory.forLead(subGroupRepository);
+        }
+        return (this.leadAuth ||
+            this.authFactory.createBuilder().forResource("lead").build());
+    }
+    async applyLeadPermissionFilters(queryBuilder, user, options = {}) {
+        const { subGroupRepository, ...restOptions } = options;
+        try {
+            const leadAuth = this.getLeadAuth(subGroupRepository);
+            const assistantIds = await leadAuth.getSubGroupMembers(user);
+            return await leadAuth.applyPermissionFilters(queryBuilder, user, {
+                ...restOptions,
+                assistantIds,
+            });
+        }
+        catch (error) {
+            this.logger.error(`Error applying lead permission filters: ${error instanceof Error ? error.message : "Unknown error"}`);
+            queryBuilder.where("1 = 0");
+            return queryBuilder;
+        }
+    }
+    async canPerformLeadAction(user, action, targetLead, subGroupRepository) {
+        const leadAuth = this.getLeadAuth(subGroupRepository);
+        return leadAuth.canPerformAction(user, action, targetLead);
+    }
+    async validateLeadAccess(user, action, targetLead, subGroupRepository) {
+        const leadAuth = this.getLeadAuth(subGroupRepository);
+        return leadAuth.validateAccess(user, action, targetLead);
+    }
+    async getAssistantIds(user, subGroupRepository) {
+        const leadAuth = this.getLeadAuth(subGroupRepository);
+        return leadAuth.getAssistantIds(user);
+    }
+    async getUserSubGroupMembers(user, subGroupRepository) {
+        const leadAuth = this.getLeadAuth(subGroupRepository);
+        return leadAuth.getSubGroupMembers(user);
+    }
+    async canCreateLead(user, subGroupRepository) {
+        const leadAuth = this.getLeadAuth(subGroupRepository);
+        return leadAuth.canCreate(user);
+    }
+    async canReadLead(user, lead, subGroupRepository) {
+        const leadAuth = this.getLeadAuth(subGroupRepository);
+        return leadAuth.canRead(user, lead);
+    }
+    async canUpdateLead(user, lead, subGroupRepository) {
+        const leadAuth = this.getLeadAuth(subGroupRepository);
+        return leadAuth.canUpdate(user, lead);
+    }
+    async canDeleteLead(user, lead, subGroupRepository) {
+        const leadAuth = this.getLeadAuth(subGroupRepository);
+        return leadAuth.canDelete(user, lead);
+    }
+    async canConvertLead(user, lead, subGroupRepository) {
+        const leadAuth = this.getLeadAuth(subGroupRepository);
+        return leadAuth.canUpdate(user, lead);
+    }
+    async canExportLeads(user, subGroupRepository) {
+        const leadAuth = this.getLeadAuth(subGroupRepository);
+        return leadAuth.canExport(user);
+    }
+    async canImportLeads(user, subGroupRepository) {
+        const leadAuth = this.getLeadAuth(subGroupRepository);
+        return leadAuth.canImport(user);
+    }
+};
+exports.LeadAuthorizationService = LeadAuthorizationService;
+exports.LeadAuthorizationService = LeadAuthorizationService = LeadAuthorizationService_1 = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [resource_authorization_factory_1.ResourceAuthorizationFactory])
+], LeadAuthorizationService);
+//# sourceMappingURL=lead-authorization.service.js.map

package/dist/modules/authorization/services/modules/lead-authorization.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"lead-authorization.service.js","sourceRoot":"","sources":["../../../../../src/modules/authorization/services/modules/lead-authorization.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAAA,2CAAoD;AAIpD,mGAGwD;AAOjD,IAAM,wBAAwB,gCAA9B,MAAM,wBAAwB;IAIN;IAHZ,MAAM,GAAG,IAAI,eAAM,CAAC,0BAAwB,CAAC,IAAI,CAAC,CAAC;IAC5D,QAAQ,CAAmC;IAEnD,YAA6B,WAAyC;QAAzC,gBAAW,GAAX,WAAW,CAA8B;IAAG,CAAC;IAKlE,WAAW,CACjB,kBAAyC;QAEzC,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,kBAAkB,EAAE,CAAC;YACzC,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAC/D,CAAC;QACD,OAAO,CACL,IAAI,CAAC,QAAQ;YACb,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,CAC7D,CAAC;IACJ,CAAC;IAKD,KAAK,CAAC,0BAA0B,CAC9B,YAAqC,EACrC,IAAU,EACV,UAII,EAAE;QAEN,MAAM,EAAE,kBAAkB,EAAE,GAAG,WAAW,EAAE,GAAG,OAAO,CAAC;QAEvD,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;YACtD,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;YAC7D,OAAO,MAAM,QAAQ,CAAC,sBAAsB,CAAC,YAAY,EAAE,IAAI,EAAE;gBAC/D,GAAG,WAAW;gBACd,YAAY;aACb,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,2CACE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAC3C,EAAE,CACH,CAAC;YACF,YAAY,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC5B,OAAO,YAAY,CAAC;QACtB,CAAC;IACH,CAAC;IAKD,KAAK,CAAC,oBAAoB,CACxB,IAAS,EACT,MAAwB,EACxB,UAAgB,EAChB,kBAAyC;QAEzC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;QACtD,OAAO,QAAQ,CAAC,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;IAC7D,CAAC;IAKD,KAAK,CAAC,kBAAkB,CACtB,IAAS,EACT,MAAwB,EACxB,UAAe,EACf,kBAAyC;QAEzC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;QACtD,OAAO,QAAQ,CAAC,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;IAC3D,CAAC;IAKD,KAAK,CAAC,eAAe,CACnB,IAAU,EACV,kBAAwC;QAExC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;QACtD,OAAO,QAAQ,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;IACxC,CAAC;IAKD,KAAK,CAAC,sBAAsB,CAC1B,IAAU,EACV,kBAAwC;QAExC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;QACtD,OAAO,QAAQ,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAC3C,CAAC;IAKD,KAAK,CAAC,aAAa,CACjB,IAAS,EACT,kBAAyC;QAEzC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;QACtD,OAAO,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IAED,KAAK,CAAC,WAAW,CACf,IAAS,EACT,IAAU,EACV,kBAAyC;QAEzC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;QACtD,OAAO,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACtC,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,IAAS,EACT,IAAS,EACT,kBAAyC;QAEzC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;QACtD,OAAO,QAAQ,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACxC,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,IAAS,EACT,IAAS,EACT,kBAAyC;QAEzC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;QACtD,OAAO,QAAQ,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACxC,CAAC;IAED,KAAK,CAAC,cAAc,CAClB,IAAS,EACT,IAAS,EACT,kBAAyC;QAGzC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;QACtD,OAAO,QAAQ,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACxC,CAAC;IAED,KAAK,CAAC,cAAc,CAClB,IAAS,EACT,kBAAyC;QAEzC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;QACtD,OAAO,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IAED,KAAK,CAAC,cAAc,CAClB,IAAS,EACT,kBAAyC;QAEzC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;QACtD,OAAO,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;CACF,CAAA;AApKY,4DAAwB;mCAAxB,wBAAwB;IADpC,IAAA,mBAAU,GAAE;qCAK+B,6DAA4B;GAJ3D,wBAAwB,CAoKpC"}

package/dist/modules/authorization/services/modules/policy-authorization.service.d.ts

@@ -0,0 +1,28 @@
+import { Repository, SelectQueryBuilder } from "typeorm";
+import { PermissionAction, PermissionResult } from "../../../../common/";
+import { Policy, SubGroup, User } from "../../../../entities";
+import { ResourceAuthorizationFactory } from "../../factories/resource-authorization.factory";
+export declare class PolicyAuthorizationService {
+    private readonly authFactory;
+    private readonly logger;
+    private policyAuth?;
+    constructor(authFactory: ResourceAuthorizationFactory);
+    private getPolicyAuth;
+    applyPolicyPermissionFilters(queryBuilder: SelectQueryBuilder<any>, user: User, options?: {
+        getAll?: boolean;
+        action?: PermissionAction;
+        subGroupRepository?: Repository<SubGroup>;
+    }): Promise<SelectQueryBuilder<any>>;
+    canPerformPolicyAction(user: any, action: PermissionAction, targetPolicy?: any, subGroupRepository?: Repository<SubGroup>): Promise<PermissionResult>;
+    validatePolicyAccess(user: any, action: PermissionAction, targetPolicy: any, subGroupRepository?: Repository<SubGroup>): Promise<void>;
+    getAssistantIds(user: User, subGroupRepository: Repository<SubGroup>): Promise<string[]>;
+    getUserSubGroupMembers(user: User, subGroupRepository: Repository<SubGroup>): Promise<string[]>;
+    canCreatePolicy(user: any, subGroupRepository?: Repository<SubGroup>): Promise<boolean>;
+    canReadPolicy(user: any, policy?: Policy, subGroupRepository?: Repository<SubGroup>): Promise<boolean>;
+    canUpdatePolicy(user: any, policy: Policy, subGroupRepository?: Repository<SubGroup>): Promise<boolean>;
+    canDeletePolicy(user: any, policy: Policy, subGroupRepository?: Repository<SubGroup>): Promise<boolean>;
+    canCancelPolicy(user: any, policy: Policy, subGroupRepository?: Repository<SubGroup>): Promise<boolean>;
+    canApprovePolicy(user: any, _policy: Policy, subGroupRepository?: Repository<SubGroup>): Promise<boolean>;
+    canExportPolicies(user: any, subGroupRepository?: Repository<SubGroup>): Promise<boolean>;
+    canImportPolicies(user: any, subGroupRepository?: Repository<SubGroup>): Promise<boolean>;
+}

package/dist/modules/authorization/services/modules/policy-authorization.service.js

@@ -0,0 +1,100 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var PolicyAuthorizationService_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PolicyAuthorizationService = void 0;
+const common_1 = require("@nestjs/common");
+const resource_authorization_factory_1 = require("../../factories/resource-authorization.factory");
+let PolicyAuthorizationService = PolicyAuthorizationService_1 = class PolicyAuthorizationService {
+    authFactory;
+    logger = new common_1.Logger(PolicyAuthorizationService_1.name);
+    policyAuth;
+    constructor(authFactory) {
+        this.authFactory = authFactory;
+    }
+    getPolicyAuth(subGroupRepository) {
+        if (!this.policyAuth && subGroupRepository) {
+            this.policyAuth = this.authFactory.forPolicy(subGroupRepository);
+        }
+        return (this.policyAuth ||
+            this.authFactory.createBuilder().forResource("policy").build());
+    }
+    async applyPolicyPermissionFilters(queryBuilder, user, options = {}) {
+        const { subGroupRepository, ...restOptions } = options;
+        try {
+            const policyAuth = this.getPolicyAuth(subGroupRepository);
+            const assistantIds = await policyAuth.getSubGroupMembers(user);
+            return await policyAuth.applyPermissionFilters(queryBuilder, user, {
+                ...restOptions,
+                assistantIds,
+            });
+        }
+        catch (error) {
+            this.logger.error(`Error applying policy permission filters: ${error instanceof Error ? error.message : "Unknown error"}`);
+            queryBuilder.where("1 = 0");
+            return queryBuilder;
+        }
+    }
+    async canPerformPolicyAction(user, action, targetPolicy, subGroupRepository) {
+        const policyAuth = this.getPolicyAuth(subGroupRepository);
+        return policyAuth.canPerformAction(user, action, targetPolicy);
+    }
+    async validatePolicyAccess(user, action, targetPolicy, subGroupRepository) {
+        const policyAuth = this.getPolicyAuth(subGroupRepository);
+        return policyAuth.validateAccess(user, action, targetPolicy);
+    }
+    async getAssistantIds(user, subGroupRepository) {
+        const policyAuth = this.getPolicyAuth(subGroupRepository);
+        return policyAuth.getAssistantIds(user);
+    }
+    async getUserSubGroupMembers(user, subGroupRepository) {
+        const policyAuth = this.getPolicyAuth(subGroupRepository);
+        return policyAuth.getSubGroupMembers(user);
+    }
+    async canCreatePolicy(user, subGroupRepository) {
+        const policyAuth = this.getPolicyAuth(subGroupRepository);
+        return policyAuth.canCreate(user);
+    }
+    async canReadPolicy(user, policy, subGroupRepository) {
+        const policyAuth = this.getPolicyAuth(subGroupRepository);
+        return policyAuth.canRead(user, policy);
+    }
+    async canUpdatePolicy(user, policy, subGroupRepository) {
+        const policyAuth = this.getPolicyAuth(subGroupRepository);
+        return policyAuth.canUpdate(user, policy);
+    }
+    async canDeletePolicy(user, policy, subGroupRepository) {
+        const policyAuth = this.getPolicyAuth(subGroupRepository);
+        return policyAuth.canDelete(user, policy);
+    }
+    async canCancelPolicy(user, policy, subGroupRepository) {
+        const policyAuth = this.getPolicyAuth(subGroupRepository);
+        return policyAuth.canUpdate(user, policy);
+    }
+    async canApprovePolicy(user, _policy, subGroupRepository) {
+        const policyAuth = this.getPolicyAuth(subGroupRepository);
+        return policyAuth.canManage(user);
+    }
+    async canExportPolicies(user, subGroupRepository) {
+        const policyAuth = this.getPolicyAuth(subGroupRepository);
+        return policyAuth.canExport(user);
+    }
+    async canImportPolicies(user, subGroupRepository) {
+        const policyAuth = this.getPolicyAuth(subGroupRepository);
+        return policyAuth.canImport(user);
+    }
+};
+exports.PolicyAuthorizationService = PolicyAuthorizationService;
+exports.PolicyAuthorizationService = PolicyAuthorizationService = PolicyAuthorizationService_1 = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [resource_authorization_factory_1.ResourceAuthorizationFactory])
+], PolicyAuthorizationService);
+//# sourceMappingURL=policy-authorization.service.js.map

package/dist/modules/authorization/services/modules/policy-authorization.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-authorization.service.js","sourceRoot":"","sources":["../../../../../src/modules/authorization/services/modules/policy-authorization.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAAA,2CAAoD;AAIpD,mGAGwD;AAOjD,IAAM,0BAA0B,kCAAhC,MAAM,0BAA0B;IAIR;IAHZ,MAAM,GAAG,IAAI,eAAM,CAAC,4BAA0B,CAAC,IAAI,CAAC,CAAC;IAC9D,UAAU,CAAmC;IAErD,YAA6B,WAAyC;QAAzC,gBAAW,GAAX,WAAW,CAA8B;IAAG,CAAC;IAKlE,aAAa,CACnB,kBAAyC;QAEzC,IAAI,CAAC,IAAI,CAAC,UAAU,IAAI,kBAAkB,EAAE,CAAC;YAC3C,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAC;QACnE,CAAC;QACD,OAAO,CACL,IAAI,CAAC,UAAU;YACf,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,KAAK,EAAE,CAC/D,CAAC;IACJ,CAAC;IAKD,KAAK,CAAC,4BAA4B,CAChC,YAAqC,EACrC,IAAU,EACV,UAII,EAAE;QAEN,MAAM,EAAE,kBAAkB,EAAE,GAAG,WAAW,EAAE,GAAG,OAAO,CAAC;QAEvD,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,kBAAkB,CAAC,CAAC;YAC1D,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;YAC/D,OAAO,MAAM,UAAU,CAAC,sBAAsB,CAAC,YAAY,EAAE,IAAI,EAAE;gBACjE,GAAG,WAAW;gBACd,YAAY;aACb,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,6CACE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAC3C,EAAE,CACH,CAAC;YACF,YAAY,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC5B,OAAO,YAAY,CAAC;QACtB,CAAC;IACH,CAAC;IAKD,KAAK,CAAC,sBAAsB,CAC1B,IAAS,EACT,MAAwB,EACxB,YAAkB,EAClB,kBAAyC;QAEzC,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,kBAAkB,CAAC,CAAC;QAC1D,OAAO,UAAU,CAAC,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC;IACjE,CAAC;IAKD,KAAK,CAAC,oBAAoB,CACxB,IAAS,EACT,MAAwB,EACxB,YAAiB,EACjB,kBAAyC;QAEzC,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,kBAAkB,CAAC,CAAC;QAC1D,OAAO,UAAU,CAAC,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC;IAC/D,CAAC;IAKD,KAAK,CAAC,eAAe,CACnB,IAAU,EACV,kBAAwC;QAExC,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,kBAAkB,CAAC,CAAC;QAC1D,OAAO,UAAU,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;IAC1C,CAAC;IAKD,KAAK,CAAC,sBAAsB,CAC1B,IAAU,EACV,kBAAwC;QAExC,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,kBAAkB,CAAC,CAAC;QAC1D,OAAO,UAAU,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAC7C,CAAC;IAKD,KAAK,CAAC,eAAe,CACnB,IAAS,EACT,kBAAyC;QAEzC,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,kBAAkB,CAAC,CAAC;QAC1D,OAAO,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACpC,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,IAAS,EACT,MAAe,EACf,kBAAyC;QAEzC,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,kBAAkB,CAAC,CAAC;QAC1D,OAAO,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAC1C,CAAC;IAED,KAAK,CAAC,eAAe,CACnB,IAAS,EACT,MAAc,EACd,kBAAyC;QAEzC,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,kBAAkB,CAAC,CAAC;QAC1D,OAAO,UAAU,CAAC,SAAS,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,eAAe,CACnB,IAAS,EACT,MAAc,EACd,kBAAyC;QAEzC,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,kBAAkB,CAAC,CAAC;QAC1D,OAAO,UAAU,CAAC,SAAS,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,eAAe,CACnB,IAAS,EACT,MAAc,EACd,kBAAyC;QAGzC,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,kBAAkB,CAAC,CAAC;QAC1D,OAAO,UAAU,CAAC,SAAS,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,gBAAgB,CACpB,IAAS,EACT,OAAe,EACf,kBAAyC;QAGzC,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,kBAAkB,CAAC,CAAC;QAC1D,OAAO,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACpC,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,IAAS,EACT,kBAAyC;QAEzC,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,kBAAkB,CAAC,CAAC;QAC1D,OAAO,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACpC,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,IAAS,EACT,kBAAyC;QAEzC,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,kBAAkB,CAAC,CAAC;QAC1D,OAAO,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACpC,CAAC;CACF,CAAA;AA9KY,gEAA0B;qCAA1B,0BAA0B;IADtC,IAAA,mBAAU,GAAE;qCAK+B,6DAA4B;GAJ3D,0BAA0B,CA8KtC"}

package/dist/modules/authorization/services/modules/task-authorization.service.d.ts

@@ -0,0 +1,28 @@
+import { Repository, SelectQueryBuilder } from "typeorm";
+import { PermissionAction, PermissionResult } from "../../../../common/";
+import { SubGroup, User } from "../../../../entities";
+import { ResourceAuthorizationFactory } from "../../factories/resource-authorization.factory";
+export declare class TaskAuthorizationService {
+    private readonly authFactory;
+    private readonly logger;
+    private taskAuth?;
+    constructor(authFactory: ResourceAuthorizationFactory);
+    private getTaskAuth;
+    applyTaskPermissionFilters(queryBuilder: SelectQueryBuilder<any>, user: User, options?: {
+        getAll?: boolean;
+        action?: PermissionAction;
+        subGroupRepository?: Repository<SubGroup>;
+    }): Promise<SelectQueryBuilder<any>>;
+    canPerformTaskAction(user: any, action: PermissionAction, targetTask?: any, subGroupRepository?: Repository<SubGroup>): Promise<PermissionResult>;
+    validateTaskAccess(user: any, action: PermissionAction, targetTask: any, subGroupRepository?: Repository<SubGroup>): Promise<void>;
+    getAssistantIds(user: User, subGroupRepository: Repository<SubGroup>): Promise<string[]>;
+    getUserSubGroupMembers(user: User, subGroupRepository: Repository<SubGroup>): Promise<string[]>;
+    canCreateTask(user: any, subGroupRepository?: Repository<SubGroup>): Promise<boolean>;
+    canReadTask(user: any, task?: any, subGroupRepository?: Repository<SubGroup>): Promise<boolean>;
+    canUpdateTask(user: any, task: any, subGroupRepository?: Repository<SubGroup>): Promise<boolean>;
+    canDeleteTask(user: any, task: any, subGroupRepository?: Repository<SubGroup>): Promise<boolean>;
+    canCompleteTask(user: any, task: any, subGroupRepository?: Repository<SubGroup>): Promise<boolean>;
+    canAssignTask(user: any, _task: any, subGroupRepository?: Repository<SubGroup>): Promise<boolean>;
+    canExportTasks(user: any, subGroupRepository?: Repository<SubGroup>): Promise<boolean>;
+    canImportTasks(user: any, subGroupRepository?: Repository<SubGroup>): Promise<boolean>;
+}

package/dist/modules/authorization/services/modules/task-authorization.service.js

@@ -0,0 +1,100 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var TaskAuthorizationService_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TaskAuthorizationService = void 0;
+const common_1 = require("@nestjs/common");
+const resource_authorization_factory_1 = require("../../factories/resource-authorization.factory");
+let TaskAuthorizationService = TaskAuthorizationService_1 = class TaskAuthorizationService {
+    authFactory;
+    logger = new common_1.Logger(TaskAuthorizationService_1.name);
+    taskAuth;
+    constructor(authFactory) {
+        this.authFactory = authFactory;
+    }
+    getTaskAuth(subGroupRepository) {
+        if (!this.taskAuth && subGroupRepository) {
+            this.taskAuth = this.authFactory.forTask(subGroupRepository);
+        }
+        return (this.taskAuth ||
+            this.authFactory.createBuilder().forResource("task").build());
+    }
+    async applyTaskPermissionFilters(queryBuilder, user, options = {}) {
+        const { subGroupRepository, ...restOptions } = options;
+        try {
+            const taskAuth = this.getTaskAuth(subGroupRepository);
+            const assistantIds = await taskAuth.getSubGroupMembers(user);
+            return await taskAuth.applyPermissionFilters(queryBuilder, user, {
+                ...restOptions,
+                assistantIds,
+            });
+        }
+        catch (error) {
+            this.logger.error(`Error applying task permission filters: ${error instanceof Error ? error.message : "Unknown error"}`);
+            queryBuilder.where("1 = 0");
+            return queryBuilder;
+        }
+    }
+    async canPerformTaskAction(user, action, targetTask, subGroupRepository) {
+        const taskAuth = this.getTaskAuth(subGroupRepository);
+        return taskAuth.canPerformAction(user, action, targetTask);
+    }
+    async validateTaskAccess(user, action, targetTask, subGroupRepository) {
+        const taskAuth = this.getTaskAuth(subGroupRepository);
+        return taskAuth.validateAccess(user, action, targetTask);
+    }
+    async getAssistantIds(user, subGroupRepository) {
+        const taskAuth = this.getTaskAuth(subGroupRepository);
+        return taskAuth.getAssistantIds(user);
+    }
+    async getUserSubGroupMembers(user, subGroupRepository) {
+        const taskAuth = this.getTaskAuth(subGroupRepository);
+        return taskAuth.getSubGroupMembers(user);
+    }
+    async canCreateTask(user, subGroupRepository) {
+        const taskAuth = this.getTaskAuth(subGroupRepository);
+        return taskAuth.canCreate(user);
+    }
+    async canReadTask(user, task, subGroupRepository) {
+        const taskAuth = this.getTaskAuth(subGroupRepository);
+        return taskAuth.canRead(user, task);
+    }
+    async canUpdateTask(user, task, subGroupRepository) {
+        const taskAuth = this.getTaskAuth(subGroupRepository);
+        return taskAuth.canUpdate(user, task);
+    }
+    async canDeleteTask(user, task, subGroupRepository) {
+        const taskAuth = this.getTaskAuth(subGroupRepository);
+        return taskAuth.canDelete(user, task);
+    }
+    async canCompleteTask(user, task, subGroupRepository) {
+        const taskAuth = this.getTaskAuth(subGroupRepository);
+        return taskAuth.canUpdate(user, task);
+    }
+    async canAssignTask(user, _task, subGroupRepository) {
+        const taskAuth = this.getTaskAuth(subGroupRepository);
+        return taskAuth.canManage(user);
+    }
+    async canExportTasks(user, subGroupRepository) {
+        const taskAuth = this.getTaskAuth(subGroupRepository);
+        return taskAuth.canExport(user);
+    }
+    async canImportTasks(user, subGroupRepository) {
+        const taskAuth = this.getTaskAuth(subGroupRepository);
+        return taskAuth.canImport(user);
+    }
+};
+exports.TaskAuthorizationService = TaskAuthorizationService;
+exports.TaskAuthorizationService = TaskAuthorizationService = TaskAuthorizationService_1 = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [resource_authorization_factory_1.ResourceAuthorizationFactory])
+], TaskAuthorizationService);
+//# sourceMappingURL=task-authorization.service.js.map

package/dist/modules/authorization/services/modules/task-authorization.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"task-authorization.service.js","sourceRoot":"","sources":["../../../../../src/modules/authorization/services/modules/task-authorization.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAAA,2CAAoD;AAIpD,mGAGwD;AAOjD,IAAM,wBAAwB,gCAA9B,MAAM,wBAAwB;IAIN;IAHZ,MAAM,GAAG,IAAI,eAAM,CAAC,0BAAwB,CAAC,IAAI,CAAC,CAAC;IAC5D,QAAQ,CAAmC;IAEnD,YAA6B,WAAyC;QAAzC,gBAAW,GAAX,WAAW,CAA8B;IAAG,CAAC;IAKlE,WAAW,CACjB,kBAAyC;QAEzC,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,kBAAkB,EAAE,CAAC;YACzC,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAC/D,CAAC;QACD,OAAO,CACL,IAAI,CAAC,QAAQ;YACb,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,CAC7D,CAAC;IACJ,CAAC;IAKD,KAAK,CAAC,0BAA0B,CAC9B,YAAqC,EACrC,IAAU,EACV,UAII,EAAE;QAEN,MAAM,EAAE,kBAAkB,EAAE,GAAG,WAAW,EAAE,GAAG,OAAO,CAAC;QAEvD,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;YACtD,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;YAC7D,OAAO,MAAM,QAAQ,CAAC,sBAAsB,CAAC,YAAY,EAAE,IAAI,EAAE;gBAC/D,GAAG,WAAW;gBACd,YAAY;aACb,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,2CACE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAC3C,EAAE,CACH,CAAC;YACF,YAAY,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC5B,OAAO,YAAY,CAAC;QACtB,CAAC;IACH,CAAC;IAKD,KAAK,CAAC,oBAAoB,CACxB,IAAS,EACT,MAAwB,EACxB,UAAgB,EAChB,kBAAyC;QAEzC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;QACtD,OAAO,QAAQ,CAAC,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;IAC7D,CAAC;IAKD,KAAK,CAAC,kBAAkB,CACtB,IAAS,EACT,MAAwB,EACxB,UAAe,EACf,kBAAyC;QAEzC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;QACtD,OAAO,QAAQ,CAAC,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;IAC3D,CAAC;IAKD,KAAK,CAAC,eAAe,CACnB,IAAU,EACV,kBAAwC;QAExC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;QACtD,OAAO,QAAQ,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;IACxC,CAAC;IAKD,KAAK,CAAC,sBAAsB,CAC1B,IAAU,EACV,kBAAwC;QAExC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;QACtD,OAAO,QAAQ,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAC3C,CAAC;IAKD,KAAK,CAAC,aAAa,CACjB,IAAS,EACT,kBAAyC;QAEzC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;QACtD,OAAO,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IAED,KAAK,CAAC,WAAW,CACf,IAAS,EACT,IAAU,EACV,kBAAyC;QAEzC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;QACtD,OAAO,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACtC,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,IAAS,EACT,IAAS,EACT,kBAAyC;QAEzC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;QACtD,OAAO,QAAQ,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACxC,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,IAAS,EACT,IAAS,EACT,kBAAyC;QAEzC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;QACtD,OAAO,QAAQ,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACxC,CAAC;IAED,KAAK,CAAC,eAAe,CACnB,IAAS,EACT,IAAS,EACT,kBAAyC;QAGzC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;QACtD,OAAO,QAAQ,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACxC,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,IAAS,EACT,KAAU,EACV,kBAAyC;QAGzC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;QACtD,OAAO,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IAED,KAAK,CAAC,cAAc,CAClB,IAAS,EACT,kBAAyC;QAEzC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;QACtD,OAAO,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IAED,KAAK,CAAC,cAAc,CAClB,IAAS,EACT,kBAAyC;QAEzC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;QACtD,OAAO,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;CACF,CAAA;AA9KY,4DAAwB;mCAAxB,wBAAwB;IADpC,IAAA,mBAAU,GAAE;qCAK+B,6DAA4B;GAJ3D,wBAAwB,CA8KpC"}

package/dist/modules/authorization/services/permission-cache.service.d.ts

@@ -0,0 +1,10 @@
+import { Cache } from "cache-manager";
+import { IPermissionCache } from "../interfaces/authorization.interface";
+export declare class PermissionCacheService implements IPermissionCache {
+    private cacheManager;
+    constructor(cacheManager: Cache);
+    get(key: string): Promise<any>;
+    set(key: string, value: any, ttl?: number): Promise<void>;
+    delete(key: string): Promise<void>;
+    clear(pattern: string): Promise<void>;
+}

package/dist/modules/authorization/services/permission-cache.service.js

@@ -0,0 +1,48 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PermissionCacheService = void 0;
+const common_1 = require("@nestjs/common");
+const cache_manager_1 = require("@nestjs/cache-manager");
+let PermissionCacheService = class PermissionCacheService {
+    cacheManager;
+    constructor(cacheManager) {
+        this.cacheManager = cacheManager;
+    }
+    async get(key) {
+        return await this.cacheManager.get(key);
+    }
+    async set(key, value, ttl) {
+        await this.cacheManager.set(key, value, ttl ? ttl * 1000 : undefined);
+    }
+    async delete(key) {
+        await this.cacheManager.del(key);
+    }
+    async clear(pattern) {
+        const store = this.cacheManager.stores[0];
+        if (store.keys) {
+            const keys = await store.keys(pattern);
+            if (keys && keys.length > 0) {
+                await Promise.all(keys.map((key) => this.cacheManager.del(key)));
+            }
+        }
+    }
+};
+exports.PermissionCacheService = PermissionCacheService;
+exports.PermissionCacheService = PermissionCacheService = __decorate([
+    (0, common_1.Injectable)(),
+    __param(0, (0, common_1.Inject)(cache_manager_1.CACHE_MANAGER)),
+    __metadata("design:paramtypes", [Object])
+], PermissionCacheService);
+//# sourceMappingURL=permission-cache.service.js.map

package/dist/modules/authorization/services/permission-cache.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"permission-cache.service.js","sourceRoot":"","sources":["../../../../src/modules/authorization/services/permission-cache.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAAoD;AACpD,yDAAsD;AAK/C,IAAM,sBAAsB,GAA5B,MAAM,sBAAsB;IACU;IAA3C,YAA2C,YAAmB;QAAnB,iBAAY,GAAZ,YAAY,CAAO;IAAG,CAAC;IAElE,KAAK,CAAC,GAAG,CAAC,GAAW;QACnB,OAAO,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC1C,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,GAAW,EAAE,KAAU,EAAE,GAAY;QAC7C,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IACxE,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAAW;QACtB,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACnC,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,OAAe;QAGzB,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAQ,CAAC;QACjD,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;YACf,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACvC,IAAI,IAAI,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC5B,MAAM,OAAO,CAAC,GAAG,CACf,IAAI,CAAC,GAAG,CAAC,CAAC,GAAW,EAAE,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CACtD,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;CACF,CAAA;AA5BY,wDAAsB;iCAAtB,sBAAsB;IADlC,IAAA,mBAAU,GAAE;IAEE,WAAA,IAAA,eAAM,EAAC,6BAAa,CAAC,CAAA;;GADvB,sBAAsB,CA4BlC"}

package/dist/modules/authorization/services/permission-evaluator.service.d.ts

@@ -0,0 +1,26 @@
+import { Repository } from "typeorm";
+import { Permission } from "../../../entities/";
+import { PermissionContextType, PermissionResult } from "../../../common/";
+import { IPermissionEvaluator } from "../interfaces/authorization.interface";
+import { DynamicFilterService } from "./dynamic-filter.service";
+export declare class PermissionEvaluatorService implements IPermissionEvaluator {
+    private readonly permissionRepository;
+    private readonly dynamicFilterService;
+    private readonly logger;
+    constructor(permissionRepository: Repository<Permission>, dynamicFilterService: DynamicFilterService);
+    evaluate(context: PermissionContextType): Promise<PermissionResult>;
+    private getUserPermissionRules;
+    private evaluateRules;
+    private evaluateRule;
+    private checkConditions;
+    private checkCondition;
+    private checkTimeRestrictions;
+    private checkStatusRestrictions;
+    private buildFiltersFromCriteria;
+    private buildLegacyFilters;
+    private getSupervisedUserIds;
+    private sortRulesByPermissiveness;
+    private combineResults;
+    private checkIsSubGroupSupervisor;
+    private checkIsSubGroupMember;
+}