grm-shared-library 1.1.39 → 1.1.40

package/dist/cjs/modules/common/index.js

@@ -20,5 +20,7 @@ __exportStar(require("./dtos/contact-person.dto"), exports);
 __exportStar(require("./interfaces/map-location"), exports);
 __exportStar(require("./interfaces/map-address"), exports);
 __exportStar(require("./interfaces/contact-person"), exports);
+__exportStar(require("./interfaces/access-validation.interface"), exports);
 __exportStar(require("./constants/service.const"), exports);
+__exportStar(require("./services"), exports);
 //# sourceMappingURL=index.js.map

package/dist/cjs/modules/common/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/modules/common/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,0DAAwC;AACxC,yDAAuC;AACvC,4DAA0C;AAC1C,4DAA0C;AAC1C,2DAAyC;AACzC,8DAA4C;AAC5C,4DAA0C"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/modules/common/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,0DAAwC;AACxC,yDAAuC;AACvC,4DAA0C;AAC1C,4DAA0C;AAC1C,2DAAyC;AACzC,8DAA4C;AAC5C,2EAAyD;AACzD,4DAA0C;AAC1C,6CAA2B"}

package/dist/cjs/modules/common/interfaces/access-validation.interface.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=access-validation.interface.js.map

package/dist/cjs/modules/common/interfaces/access-validation.interface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"access-validation.interface.js","sourceRoot":"","sources":["../../../../../src/modules/common/interfaces/access-validation.interface.ts"],"names":[],"mappings":""}

package/dist/cjs/modules/common/services/access-validation.service.js

@@ -0,0 +1,124 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AccessValidationService = void 0;
+const common_1 = require("@nestjs/common");
+/**
+ * Service for validating access control across microservices
+ * Provides centralized validation logic to ensure consistency
+ */
+class AccessValidationService {
+    /**
+     * Validates if a user has access to perform list operations
+     * @param accessScope - The access scope for the user
+     * @param pluralEntityName - The name of the entities being accessed (for error messages)
+     */
+    validateListAccess(accessScope, pluralEntityName = 'entities') {
+        if (accessScope.isSuperAdmin) {
+            return;
+        }
+        if (accessScope.organizationFilter || accessScope.controlCentreFilter) {
+            return;
+        }
+        throw new common_1.ForbiddenException(`Access denied: Insufficient permissions to access ${pluralEntityName}`);
+    }
+    /**
+     * Validates if a user has access to a specific entity
+     * @param accessScope - The access scope for the user
+     * @param entity - The entity to check access for
+     * @param entityName - The name of the entity (for error messages)
+     */
+    validateEntityAccess(accessScope, entity, entityName = 'Entity') {
+        if (accessScope.isSuperAdmin) {
+            return;
+        }
+        if (accessScope.organizationFilter && entity.organizationId === accessScope.organizationFilter) {
+            return;
+        }
+        if (accessScope.controlCentreFilter && entity.controlCentreId === accessScope.controlCentreFilter) {
+            return;
+        }
+        throw new common_1.ForbiddenException(`Access denied: Insufficient permissions to access this ${entityName.toLowerCase()}`);
+    }
+    /**
+     * Validates if a user can create an entity with the specified organization/control centre
+     * @param accessScope - The access scope for the user
+     * @param createDto - The DTO containing organizationId/controlCentreId
+     * @param entityName - The name of the entity (for error messages)
+     */
+    validateCreateAccess(accessScope, createDto, entityName = 'entity') {
+        if (accessScope.isSuperAdmin) {
+            return;
+        }
+        // Check organization level access
+        if (createDto.organizationId) {
+            if (accessScope.organizationFilter && createDto.organizationId !== accessScope.organizationFilter) {
+                throw new common_1.ForbiddenException(`Cannot create ${entityName} for this organization`);
+            }
+        }
+        // Check control centre level access
+        if (createDto.controlCentreId) {
+            if (accessScope.controlCentreFilter && createDto.controlCentreId !== accessScope.controlCentreFilter) {
+                throw new common_1.ForbiddenException(`Cannot create ${entityName} for this control centre`);
+            }
+        }
+        // Ensure user has at least organization or control centre level access
+        if (!accessScope.organizationFilter && !accessScope.controlCentreFilter) {
+            throw new common_1.ForbiddenException(`Insufficient permissions to create ${entityName}`);
+        }
+    }
+    /**
+     * Validates if a user has access to update entities
+     * @param accessScope - The access scope for the user
+     * @param entityName - The name of the entity (for error messages)
+     */
+    validateUpdateAccess(accessScope, entityName = 'entity') {
+        if (accessScope.isSuperAdmin) {
+            return;
+        }
+        // Ensure user has at least organization or control centre level access
+        if (!accessScope.organizationFilter && !accessScope.controlCentreFilter) {
+            throw new common_1.ForbiddenException(`Insufficient permissions to update ${entityName}`);
+        }
+    }
+    /**
+     * Validates if a user has access to delete entities
+     * @param accessScope - The access scope for the user
+     * @param entityName - The name of the entity (for error messages)
+     */
+    validateDeleteAccess(accessScope, entityName = 'entity') {
+        if (accessScope.isSuperAdmin) {
+            return;
+        }
+        // Ensure user has at least organization or control centre level access
+        if (!accessScope.organizationFilter && !accessScope.controlCentreFilter) {
+            throw new common_1.ForbiddenException(`Insufficient permissions to delete ${entityName}`);
+        }
+    }
+    /**
+     * Validates if a user can update an entity with the specified organization/control centre changes
+     * @param accessScope - The access scope for the user
+     * @param existingEntity - The existing entity
+     * @param updateDto - The DTO containing updated organizationId/controlCentreId
+     * @param entityName - The name of the entity (for error messages)
+     */
+    validateUpdateEntityAccess(accessScope, existingEntity, updateDto, entityName = 'entity') {
+        // First validate access to the existing entity
+        this.validateEntityAccess(accessScope, existingEntity, entityName);
+        // Then validate update permissions
+        this.validateUpdateAccess(accessScope, entityName);
+        // If organization is being changed, validate access to new organization
+        if (updateDto.organizationId && updateDto.organizationId !== existingEntity.organizationId) {
+            if (accessScope.organizationFilter && updateDto.organizationId !== accessScope.organizationFilter) {
+                throw new common_1.ForbiddenException(`Cannot move ${entityName} to this organization`);
+            }
+        }
+        // If control centre is being changed, validate access to new control centre
+        if (updateDto.controlCentreId && updateDto.controlCentreId !== existingEntity.controlCentreId) {
+            if (accessScope.controlCentreFilter && updateDto.controlCentreId !== accessScope.controlCentreFilter) {
+                throw new common_1.ForbiddenException(`Cannot move ${entityName} to this control centre`);
+            }
+        }
+    }
+}
+exports.AccessValidationService = AccessValidationService;
+//# sourceMappingURL=access-validation.service.js.map

package/dist/cjs/modules/common/services/access-validation.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"access-validation.service.js","sourceRoot":"","sources":["../../../../../src/modules/common/services/access-validation.service.ts"],"names":[],"mappings":";;;AAAA,2CAAoD;AAIpD;;;GAGG;AACH,MAAa,uBAAuB;IAEhC;;;;OAIG;IACH,kBAAkB,CAAC,WAAwB,EAAE,mBAA2B,UAAU;QAC9E,IAAI,WAAW,CAAC,YAAY,EAAE,CAAC;YAC3B,OAAO;QACX,CAAC;QAED,IAAI,WAAW,CAAC,kBAAkB,IAAI,WAAW,CAAC,mBAAmB,EAAE,CAAC;YACpE,OAAO;QACX,CAAC;QAED,MAAM,IAAI,2BAAkB,CAAC,qDAAqD,gBAAgB,EAAE,CAAC,CAAC;IAC1G,CAAC;IAED;;;;;OAKG;IACH,oBAAoB,CAChB,WAAwB,EACxB,MAAS,EACT,aAAqB,QAAQ;QAE7B,IAAI,WAAW,CAAC,YAAY,EAAE,CAAC;YAC3B,OAAO;QACX,CAAC;QAED,IAAI,WAAW,CAAC,kBAAkB,IAAI,MAAM,CAAC,cAAc,KAAK,WAAW,CAAC,kBAAkB,EAAE,CAAC;YAC7F,OAAO;QACX,CAAC;QAED,IAAI,WAAW,CAAC,mBAAmB,IAAI,MAAM,CAAC,eAAe,KAAK,WAAW,CAAC,mBAAmB,EAAE,CAAC;YAChG,OAAO;QACX,CAAC;QAED,MAAM,IAAI,2BAAkB,CAAC,0DAA0D,UAAU,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;IACvH,CAAC;IAED;;;;;OAKG;IACH,oBAAoB,CAChB,WAAwB,EACxB,SAAY,EACZ,aAAqB,QAAQ;QAE7B,IAAI,WAAW,CAAC,YAAY,EAAE,CAAC;YAC3B,OAAO;QACX,CAAC;QAED,kCAAkC;QAClC,IAAI,SAAS,CAAC,cAAc,EAAE,CAAC;YAC3B,IAAI,WAAW,CAAC,kBAAkB,IAAI,SAAS,CAAC,cAAc,KAAK,WAAW,CAAC,kBAAkB,EAAE,CAAC;gBAChG,MAAM,IAAI,2BAAkB,CAAC,iBAAiB,UAAU,wBAAwB,CAAC,CAAC;YACtF,CAAC;QACL,CAAC;QAED,oCAAoC;QACpC,IAAI,SAAS,CAAC,eAAe,EAAE,CAAC;YAC5B,IAAI,WAAW,CAAC,mBAAmB,IAAI,SAAS,CAAC,eAAe,KAAK,WAAW,CAAC,mBAAmB,EAAE,CAAC;gBACnG,MAAM,IAAI,2BAAkB,CAAC,iBAAiB,UAAU,0BAA0B,CAAC,CAAC;YACxF,CAAC;QACL,CAAC;QAED,uEAAuE;QACvE,IAAI,CAAC,WAAW,CAAC,kBAAkB,IAAI,CAAC,WAAW,CAAC,mBAAmB,EAAE,CAAC;YACtE,MAAM,IAAI,2BAAkB,CAAC,sCAAsC,UAAU,EAAE,CAAC,CAAC;QACrF,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,oBAAoB,CAAC,WAAwB,EAAE,aAAqB,QAAQ;QACxE,IAAI,WAAW,CAAC,YAAY,EAAE,CAAC;YAC3B,OAAO;QACX,CAAC;QAED,uEAAuE;QACvE,IAAI,CAAC,WAAW,CAAC,kBAAkB,IAAI,CAAC,WAAW,CAAC,mBAAmB,EAAE,CAAC;YACtE,MAAM,IAAI,2BAAkB,CAAC,sCAAsC,UAAU,EAAE,CAAC,CAAC;QACrF,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,oBAAoB,CAAC,WAAwB,EAAE,aAAqB,QAAQ;QACxE,IAAI,WAAW,CAAC,YAAY,EAAE,CAAC;YAC3B,OAAO;QACX,CAAC;QAED,uEAAuE;QACvE,IAAI,CAAC,WAAW,CAAC,kBAAkB,IAAI,CAAC,WAAW,CAAC,mBAAmB,EAAE,CAAC;YACtE,MAAM,IAAI,2BAAkB,CAAC,sCAAsC,UAAU,EAAE,CAAC,CAAC;QACrF,CAAC;IACL,CAAC;IAED;;;;;;OAMG;IACH,0BAA0B,CACtB,WAAwB,EACxB,cAAiB,EACjB,SAAY,EACZ,aAAqB,QAAQ;QAE7B,+CAA+C;QAC/C,IAAI,CAAC,oBAAoB,CAAC,WAAW,EAAE,cAAc,EAAE,UAAU,CAAC,CAAC;QAEnE,mCAAmC;QACnC,IAAI,CAAC,oBAAoB,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QAEnD,wEAAwE;QACxE,IAAI,SAAS,CAAC,cAAc,IAAI,SAAS,CAAC,cAAc,KAAK,cAAc,CAAC,cAAc,EAAE,CAAC;YACzF,IAAI,WAAW,CAAC,kBAAkB,IAAI,SAAS,CAAC,cAAc,KAAK,WAAW,CAAC,kBAAkB,EAAE,CAAC;gBAChG,MAAM,IAAI,2BAAkB,CAAC,eAAe,UAAU,uBAAuB,CAAC,CAAC;YACnF,CAAC;QACL,CAAC;QAED,4EAA4E;QAC5E,IAAI,SAAS,CAAC,eAAe,IAAI,SAAS,CAAC,eAAe,KAAK,cAAc,CAAC,eAAe,EAAE,CAAC;YAC5F,IAAI,WAAW,CAAC,mBAAmB,IAAI,SAAS,CAAC,eAAe,KAAK,WAAW,CAAC,mBAAmB,EAAE,CAAC;gBACnG,MAAM,IAAI,2BAAkB,CAAC,eAAe,UAAU,yBAAyB,CAAC,CAAC;YACrF,CAAC;QACL,CAAC;IACL,CAAC;CACJ;AAjJD,0DAiJC"}

package/dist/cjs/modules/common/services/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./access-validation.service"), exports);
+//# sourceMappingURL=index.js.map

package/dist/cjs/modules/common/services/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/modules/common/services/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,8DAA4C"}

package/dist/esm/modules/common/index.js

@@ -4,5 +4,7 @@ export * from './dtos/contact-person.dto';
 export * from './interfaces/map-location';
 export * from './interfaces/map-address';
 export * from './interfaces/contact-person';
+export * from './interfaces/access-validation.interface';
 export * from './constants/service.const';
+export * from './services';
 //# sourceMappingURL=index.js.map

package/dist/esm/modules/common/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/modules/common/index.ts"],"names":[],"mappings":"AAAA,cAAc,yBAAyB,CAAC;AACxC,cAAc,wBAAwB,CAAC;AACvC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,2BAA2B,CAAC;AAC1C,cAAc,0BAA0B,CAAC;AACzC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,2BAA2B,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/modules/common/index.ts"],"names":[],"mappings":"AAAA,cAAc,yBAAyB,CAAC;AACxC,cAAc,wBAAwB,CAAC;AACvC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,2BAA2B,CAAC;AAC1C,cAAc,0BAA0B,CAAC;AACzC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,0CAA0C,CAAC;AACzD,cAAc,2BAA2B,CAAC;AAC1C,cAAc,YAAY,CAAC"}

package/dist/esm/modules/common/interfaces/access-validation.interface.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=access-validation.interface.js.map

package/dist/esm/modules/common/interfaces/access-validation.interface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"access-validation.interface.js","sourceRoot":"","sources":["../../../../../src/modules/common/interfaces/access-validation.interface.ts"],"names":[],"mappings":""}

package/dist/esm/modules/common/services/access-validation.service.js

@@ -0,0 +1,120 @@
+import { ForbiddenException } from '@nestjs/common';
+/**
+ * Service for validating access control across microservices
+ * Provides centralized validation logic to ensure consistency
+ */
+export class AccessValidationService {
+    /**
+     * Validates if a user has access to perform list operations
+     * @param accessScope - The access scope for the user
+     * @param pluralEntityName - The name of the entities being accessed (for error messages)
+     */
+    validateListAccess(accessScope, pluralEntityName = 'entities') {
+        if (accessScope.isSuperAdmin) {
+            return;
+        }
+        if (accessScope.organizationFilter || accessScope.controlCentreFilter) {
+            return;
+        }
+        throw new ForbiddenException(`Access denied: Insufficient permissions to access ${pluralEntityName}`);
+    }
+    /**
+     * Validates if a user has access to a specific entity
+     * @param accessScope - The access scope for the user
+     * @param entity - The entity to check access for
+     * @param entityName - The name of the entity (for error messages)
+     */
+    validateEntityAccess(accessScope, entity, entityName = 'Entity') {
+        if (accessScope.isSuperAdmin) {
+            return;
+        }
+        if (accessScope.organizationFilter && entity.organizationId === accessScope.organizationFilter) {
+            return;
+        }
+        if (accessScope.controlCentreFilter && entity.controlCentreId === accessScope.controlCentreFilter) {
+            return;
+        }
+        throw new ForbiddenException(`Access denied: Insufficient permissions to access this ${entityName.toLowerCase()}`);
+    }
+    /**
+     * Validates if a user can create an entity with the specified organization/control centre
+     * @param accessScope - The access scope for the user
+     * @param createDto - The DTO containing organizationId/controlCentreId
+     * @param entityName - The name of the entity (for error messages)
+     */
+    validateCreateAccess(accessScope, createDto, entityName = 'entity') {
+        if (accessScope.isSuperAdmin) {
+            return;
+        }
+        // Check organization level access
+        if (createDto.organizationId) {
+            if (accessScope.organizationFilter && createDto.organizationId !== accessScope.organizationFilter) {
+                throw new ForbiddenException(`Cannot create ${entityName} for this organization`);
+            }
+        }
+        // Check control centre level access
+        if (createDto.controlCentreId) {
+            if (accessScope.controlCentreFilter && createDto.controlCentreId !== accessScope.controlCentreFilter) {
+                throw new ForbiddenException(`Cannot create ${entityName} for this control centre`);
+            }
+        }
+        // Ensure user has at least organization or control centre level access
+        if (!accessScope.organizationFilter && !accessScope.controlCentreFilter) {
+            throw new ForbiddenException(`Insufficient permissions to create ${entityName}`);
+        }
+    }
+    /**
+     * Validates if a user has access to update entities
+     * @param accessScope - The access scope for the user
+     * @param entityName - The name of the entity (for error messages)
+     */
+    validateUpdateAccess(accessScope, entityName = 'entity') {
+        if (accessScope.isSuperAdmin) {
+            return;
+        }
+        // Ensure user has at least organization or control centre level access
+        if (!accessScope.organizationFilter && !accessScope.controlCentreFilter) {
+            throw new ForbiddenException(`Insufficient permissions to update ${entityName}`);
+        }
+    }
+    /**
+     * Validates if a user has access to delete entities
+     * @param accessScope - The access scope for the user
+     * @param entityName - The name of the entity (for error messages)
+     */
+    validateDeleteAccess(accessScope, entityName = 'entity') {
+        if (accessScope.isSuperAdmin) {
+            return;
+        }
+        // Ensure user has at least organization or control centre level access
+        if (!accessScope.organizationFilter && !accessScope.controlCentreFilter) {
+            throw new ForbiddenException(`Insufficient permissions to delete ${entityName}`);
+        }
+    }
+    /**
+     * Validates if a user can update an entity with the specified organization/control centre changes
+     * @param accessScope - The access scope for the user
+     * @param existingEntity - The existing entity
+     * @param updateDto - The DTO containing updated organizationId/controlCentreId
+     * @param entityName - The name of the entity (for error messages)
+     */
+    validateUpdateEntityAccess(accessScope, existingEntity, updateDto, entityName = 'entity') {
+        // First validate access to the existing entity
+        this.validateEntityAccess(accessScope, existingEntity, entityName);
+        // Then validate update permissions
+        this.validateUpdateAccess(accessScope, entityName);
+        // If organization is being changed, validate access to new organization
+        if (updateDto.organizationId && updateDto.organizationId !== existingEntity.organizationId) {
+            if (accessScope.organizationFilter && updateDto.organizationId !== accessScope.organizationFilter) {
+                throw new ForbiddenException(`Cannot move ${entityName} to this organization`);
+            }
+        }
+        // If control centre is being changed, validate access to new control centre
+        if (updateDto.controlCentreId && updateDto.controlCentreId !== existingEntity.controlCentreId) {
+            if (accessScope.controlCentreFilter && updateDto.controlCentreId !== accessScope.controlCentreFilter) {
+                throw new ForbiddenException(`Cannot move ${entityName} to this control centre`);
+            }
+        }
+    }
+}
+//# sourceMappingURL=access-validation.service.js.map

package/dist/esm/modules/common/services/access-validation.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"access-validation.service.js","sourceRoot":"","sources":["../../../../../src/modules/common/services/access-validation.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAIpD;;;GAGG;AACH,MAAM,OAAO,uBAAuB;IAEhC;;;;OAIG;IACH,kBAAkB,CAAC,WAAwB,EAAE,mBAA2B,UAAU;QAC9E,IAAI,WAAW,CAAC,YAAY,EAAE,CAAC;YAC3B,OAAO;QACX,CAAC;QAED,IAAI,WAAW,CAAC,kBAAkB,IAAI,WAAW,CAAC,mBAAmB,EAAE,CAAC;YACpE,OAAO;QACX,CAAC;QAED,MAAM,IAAI,kBAAkB,CAAC,qDAAqD,gBAAgB,EAAE,CAAC,CAAC;IAC1G,CAAC;IAED;;;;;OAKG;IACH,oBAAoB,CAChB,WAAwB,EACxB,MAAS,EACT,aAAqB,QAAQ;QAE7B,IAAI,WAAW,CAAC,YAAY,EAAE,CAAC;YAC3B,OAAO;QACX,CAAC;QAED,IAAI,WAAW,CAAC,kBAAkB,IAAI,MAAM,CAAC,cAAc,KAAK,WAAW,CAAC,kBAAkB,EAAE,CAAC;YAC7F,OAAO;QACX,CAAC;QAED,IAAI,WAAW,CAAC,mBAAmB,IAAI,MAAM,CAAC,eAAe,KAAK,WAAW,CAAC,mBAAmB,EAAE,CAAC;YAChG,OAAO;QACX,CAAC;QAED,MAAM,IAAI,kBAAkB,CAAC,0DAA0D,UAAU,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;IACvH,CAAC;IAED;;;;;OAKG;IACH,oBAAoB,CAChB,WAAwB,EACxB,SAAY,EACZ,aAAqB,QAAQ;QAE7B,IAAI,WAAW,CAAC,YAAY,EAAE,CAAC;YAC3B,OAAO;QACX,CAAC;QAED,kCAAkC;QAClC,IAAI,SAAS,CAAC,cAAc,EAAE,CAAC;YAC3B,IAAI,WAAW,CAAC,kBAAkB,IAAI,SAAS,CAAC,cAAc,KAAK,WAAW,CAAC,kBAAkB,EAAE,CAAC;gBAChG,MAAM,IAAI,kBAAkB,CAAC,iBAAiB,UAAU,wBAAwB,CAAC,CAAC;YACtF,CAAC;QACL,CAAC;QAED,oCAAoC;QACpC,IAAI,SAAS,CAAC,eAAe,EAAE,CAAC;YAC5B,IAAI,WAAW,CAAC,mBAAmB,IAAI,SAAS,CAAC,eAAe,KAAK,WAAW,CAAC,mBAAmB,EAAE,CAAC;gBACnG,MAAM,IAAI,kBAAkB,CAAC,iBAAiB,UAAU,0BAA0B,CAAC,CAAC;YACxF,CAAC;QACL,CAAC;QAED,uEAAuE;QACvE,IAAI,CAAC,WAAW,CAAC,kBAAkB,IAAI,CAAC,WAAW,CAAC,mBAAmB,EAAE,CAAC;YACtE,MAAM,IAAI,kBAAkB,CAAC,sCAAsC,UAAU,EAAE,CAAC,CAAC;QACrF,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,oBAAoB,CAAC,WAAwB,EAAE,aAAqB,QAAQ;QACxE,IAAI,WAAW,CAAC,YAAY,EAAE,CAAC;YAC3B,OAAO;QACX,CAAC;QAED,uEAAuE;QACvE,IAAI,CAAC,WAAW,CAAC,kBAAkB,IAAI,CAAC,WAAW,CAAC,mBAAmB,EAAE,CAAC;YACtE,MAAM,IAAI,kBAAkB,CAAC,sCAAsC,UAAU,EAAE,CAAC,CAAC;QACrF,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,oBAAoB,CAAC,WAAwB,EAAE,aAAqB,QAAQ;QACxE,IAAI,WAAW,CAAC,YAAY,EAAE,CAAC;YAC3B,OAAO;QACX,CAAC;QAED,uEAAuE;QACvE,IAAI,CAAC,WAAW,CAAC,kBAAkB,IAAI,CAAC,WAAW,CAAC,mBAAmB,EAAE,CAAC;YACtE,MAAM,IAAI,kBAAkB,CAAC,sCAAsC,UAAU,EAAE,CAAC,CAAC;QACrF,CAAC;IACL,CAAC;IAED;;;;;;OAMG;IACH,0BAA0B,CACtB,WAAwB,EACxB,cAAiB,EACjB,SAAY,EACZ,aAAqB,QAAQ;QAE7B,+CAA+C;QAC/C,IAAI,CAAC,oBAAoB,CAAC,WAAW,EAAE,cAAc,EAAE,UAAU,CAAC,CAAC;QAEnE,mCAAmC;QACnC,IAAI,CAAC,oBAAoB,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QAEnD,wEAAwE;QACxE,IAAI,SAAS,CAAC,cAAc,IAAI,SAAS,CAAC,cAAc,KAAK,cAAc,CAAC,cAAc,EAAE,CAAC;YACzF,IAAI,WAAW,CAAC,kBAAkB,IAAI,SAAS,CAAC,cAAc,KAAK,WAAW,CAAC,kBAAkB,EAAE,CAAC;gBAChG,MAAM,IAAI,kBAAkB,CAAC,eAAe,UAAU,uBAAuB,CAAC,CAAC;YACnF,CAAC;QACL,CAAC;QAED,4EAA4E;QAC5E,IAAI,SAAS,CAAC,eAAe,IAAI,SAAS,CAAC,eAAe,KAAK,cAAc,CAAC,eAAe,EAAE,CAAC;YAC5F,IAAI,WAAW,CAAC,mBAAmB,IAAI,SAAS,CAAC,eAAe,KAAK,WAAW,CAAC,mBAAmB,EAAE,CAAC;gBACnG,MAAM,IAAI,kBAAkB,CAAC,eAAe,UAAU,yBAAyB,CAAC,CAAC;YACrF,CAAC;QACL,CAAC;IACL,CAAC;CACJ"}

package/dist/esm/modules/common/services/index.js

@@ -0,0 +1,2 @@
+export * from './access-validation.service';
+//# sourceMappingURL=index.js.map

package/dist/esm/modules/common/services/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/modules/common/services/index.ts"],"names":[],"mappings":"AAAA,cAAc,6BAA6B,CAAC"}

package/dist/types/modules/common/index.d.ts

@@ -4,4 +4,6 @@ export * from './dtos/contact-person.dto';
 export * from './interfaces/map-location';
 export * from './interfaces/map-address';
 export * from './interfaces/contact-person';
+export * from './interfaces/access-validation.interface';
 export * from './constants/service.const';
+export * from './services';

package/dist/types/modules/common/interfaces/access-validation.interface.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Interface for entities that can be checked for access control
+ */
+export interface EntityAccessCheck {
+    organizationId?: number;
+    controlCentreId?: number;
+}
+/**
+ * Interface for create DTOs that need access validation
+ */
+export interface CreateEntityAccessCheck {
+    organizationId?: number;
+    controlCentreId?: number;
+}
+/**
+ * Interface for update DTOs that need access validation
+ */
+export interface UpdateEntityAccessCheck {
+    organizationId?: number;
+    controlCentreId?: number;
+}

package/dist/types/modules/common/services/access-validation.service.d.ts

@@ -0,0 +1,48 @@
+import { AccessScope } from '../../user/interfaces/access-scope';
+import { EntityAccessCheck, CreateEntityAccessCheck, UpdateEntityAccessCheck } from '../interfaces/access-validation.interface';
+/**
+ * Service for validating access control across microservices
+ * Provides centralized validation logic to ensure consistency
+ */
+export declare class AccessValidationService {
+    /**
+     * Validates if a user has access to perform list operations
+     * @param accessScope - The access scope for the user
+     * @param pluralEntityName - The name of the entities being accessed (for error messages)
+     */
+    validateListAccess(accessScope: AccessScope, pluralEntityName?: string): void;
+    /**
+     * Validates if a user has access to a specific entity
+     * @param accessScope - The access scope for the user
+     * @param entity - The entity to check access for
+     * @param entityName - The name of the entity (for error messages)
+     */
+    validateEntityAccess<T extends EntityAccessCheck>(accessScope: AccessScope, entity: T, entityName?: string): void;
+    /**
+     * Validates if a user can create an entity with the specified organization/control centre
+     * @param accessScope - The access scope for the user
+     * @param createDto - The DTO containing organizationId/controlCentreId
+     * @param entityName - The name of the entity (for error messages)
+     */
+    validateCreateAccess<T extends CreateEntityAccessCheck>(accessScope: AccessScope, createDto: T, entityName?: string): void;
+    /**
+     * Validates if a user has access to update entities
+     * @param accessScope - The access scope for the user
+     * @param entityName - The name of the entity (for error messages)
+     */
+    validateUpdateAccess(accessScope: AccessScope, entityName?: string): void;
+    /**
+     * Validates if a user has access to delete entities
+     * @param accessScope - The access scope for the user
+     * @param entityName - The name of the entity (for error messages)
+     */
+    validateDeleteAccess(accessScope: AccessScope, entityName?: string): void;
+    /**
+     * Validates if a user can update an entity with the specified organization/control centre changes
+     * @param accessScope - The access scope for the user
+     * @param existingEntity - The existing entity
+     * @param updateDto - The DTO containing updated organizationId/controlCentreId
+     * @param entityName - The name of the entity (for error messages)
+     */
+    validateUpdateEntityAccess<T extends EntityAccessCheck, U extends UpdateEntityAccessCheck>(accessScope: AccessScope, existingEntity: T, updateDto: U, entityName?: string): void;
+}

package/dist/types/modules/common/services/index.d.ts

@@ -0,0 +1 @@
+export * from './access-validation.service';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "grm-shared-library",
-  "version": "1.1.39",
+  "version": "1.1.40",
   "main": "dist/cjs/index.js",
   "module": "dist/esm/index.js",
   "types": "dist/types/index.d.ts",