grm-shared-library 1.1.55 → 1.1.57
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/interfaces/report-list.js +2 -0
- package/dist/cjs/interfaces/report-list.js.map +1 -0
- package/dist/cjs/modules/common/services/access-validation.service.js +12 -59
- package/dist/cjs/modules/common/services/access-validation.service.js.map +1 -1
- package/dist/cjs/modules/common/services/user-context-header.service.js +0 -3
- package/dist/cjs/modules/common/services/user-context-header.service.js.map +1 -1
- package/dist/cjs/modules/role/constants/roles-by-scope.js +17 -0
- package/dist/cjs/modules/role/constants/roles-by-scope.js.map +1 -0
- package/dist/cjs/modules/role/enums/role.enum.js +3 -0
- package/dist/cjs/modules/role/enums/role.enum.js.map +1 -1
- package/dist/cjs/modules/role/index.js +1 -0
- package/dist/cjs/modules/role/index.js.map +1 -1
- package/dist/esm/interfaces/report-list.js +2 -0
- package/dist/esm/interfaces/report-list.js.map +1 -0
- package/dist/esm/modules/common/services/access-validation.service.js +12 -59
- package/dist/esm/modules/common/services/access-validation.service.js.map +1 -1
- package/dist/esm/modules/common/services/user-context-header.service.js +0 -3
- package/dist/esm/modules/common/services/user-context-header.service.js.map +1 -1
- package/dist/esm/modules/role/constants/roles-by-scope.js +14 -0
- package/dist/esm/modules/role/constants/roles-by-scope.js.map +1 -0
- package/dist/esm/modules/role/enums/role.enum.js +3 -0
- package/dist/esm/modules/role/enums/role.enum.js.map +1 -1
- package/dist/esm/modules/role/index.js +1 -0
- package/dist/esm/modules/role/index.js.map +1 -1
- package/dist/types/interfaces/report-list.d.ts +0 -0
- package/dist/types/modules/common/services/access-validation.service.d.ts +1 -21
- package/dist/types/modules/role/constants/roles-by-scope.d.ts +3 -0
- package/dist/types/modules/role/enums/role.enum.d.ts +3 -0
- package/dist/types/modules/role/index.d.ts +1 -0
- package/package.json +1 -1
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"report-list.js","sourceRoot":"","sources":["../../../src/interfaces/report-list.ts"],"names":[],"mappings":""}
|
|
@@ -31,13 +31,22 @@ class AccessValidationService {
|
|
|
31
31
|
if (accessScope.isSuperAdmin) {
|
|
32
32
|
return;
|
|
33
33
|
}
|
|
34
|
-
if (
|
|
34
|
+
if (!entity.organizationId && !entity.controlCentreId) {
|
|
35
|
+
throw new common_1.ForbiddenException(`Access denied: ${entityName} has no access control information`);
|
|
36
|
+
}
|
|
37
|
+
if (accessScope.organizationFilter) {
|
|
38
|
+
if (entity.organizationId !== accessScope.organizationFilter) {
|
|
39
|
+
throw new common_1.ForbiddenException(`Access denied: ${entityName} does not belong to your organization`);
|
|
40
|
+
}
|
|
35
41
|
return;
|
|
36
42
|
}
|
|
37
|
-
if (accessScope.controlCentreFilter
|
|
43
|
+
if (accessScope.controlCentreFilter) {
|
|
44
|
+
if (entity.controlCentreId !== accessScope.controlCentreFilter) {
|
|
45
|
+
throw new common_1.ForbiddenException(`Access denied: ${entityName} does not belong to your control centre`);
|
|
46
|
+
}
|
|
38
47
|
return;
|
|
39
48
|
}
|
|
40
|
-
throw new common_1.ForbiddenException(`Access denied: Insufficient permissions to access this ${entityName
|
|
49
|
+
throw new common_1.ForbiddenException(`Access denied: Insufficient permissions to access this ${entityName} entity`);
|
|
41
50
|
}
|
|
42
51
|
/**
|
|
43
52
|
* Validates if a user can create an entity with the specified organization/control centre
|
|
@@ -49,76 +58,20 @@ class AccessValidationService {
|
|
|
49
58
|
if (accessScope.isSuperAdmin) {
|
|
50
59
|
return;
|
|
51
60
|
}
|
|
52
|
-
// Check organization level access
|
|
53
61
|
if (createDto.organizationId) {
|
|
54
62
|
if (accessScope.organizationFilter && createDto.organizationId !== accessScope.organizationFilter) {
|
|
55
63
|
throw new common_1.ForbiddenException(`Cannot create ${entityName} for this organization`);
|
|
56
64
|
}
|
|
57
65
|
}
|
|
58
|
-
// Check control centre level access
|
|
59
66
|
if (createDto.controlCentreId) {
|
|
60
67
|
if (accessScope.controlCentreFilter && createDto.controlCentreId !== accessScope.controlCentreFilter) {
|
|
61
68
|
throw new common_1.ForbiddenException(`Cannot create ${entityName} for this control centre`);
|
|
62
69
|
}
|
|
63
70
|
}
|
|
64
|
-
// Ensure user has at least organization or control centre level access
|
|
65
71
|
if (!accessScope.organizationFilter && !accessScope.controlCentreFilter) {
|
|
66
72
|
throw new common_1.ForbiddenException(`Insufficient permissions to create ${entityName}`);
|
|
67
73
|
}
|
|
68
74
|
}
|
|
69
|
-
/**
|
|
70
|
-
* Validates if a user has access to update entities
|
|
71
|
-
* @param accessScope - The access scope for the user
|
|
72
|
-
* @param entityName - The name of the entity (for error messages)
|
|
73
|
-
*/
|
|
74
|
-
validateUpdateAccess(accessScope, entityName = 'entity') {
|
|
75
|
-
if (accessScope.isSuperAdmin) {
|
|
76
|
-
return;
|
|
77
|
-
}
|
|
78
|
-
// Ensure user has at least organization or control centre level access
|
|
79
|
-
if (!accessScope.organizationFilter && !accessScope.controlCentreFilter) {
|
|
80
|
-
throw new common_1.ForbiddenException(`Insufficient permissions to update ${entityName}`);
|
|
81
|
-
}
|
|
82
|
-
}
|
|
83
|
-
/**
|
|
84
|
-
* Validates if a user has access to delete entities
|
|
85
|
-
* @param accessScope - The access scope for the user
|
|
86
|
-
* @param entityName - The name of the entity (for error messages)
|
|
87
|
-
*/
|
|
88
|
-
validateDeleteAccess(accessScope, entityName = 'entity') {
|
|
89
|
-
if (accessScope.isSuperAdmin) {
|
|
90
|
-
return;
|
|
91
|
-
}
|
|
92
|
-
// Ensure user has at least organization or control centre level access
|
|
93
|
-
if (!accessScope.organizationFilter && !accessScope.controlCentreFilter) {
|
|
94
|
-
throw new common_1.ForbiddenException(`Insufficient permissions to delete ${entityName}`);
|
|
95
|
-
}
|
|
96
|
-
}
|
|
97
|
-
/**
|
|
98
|
-
* Validates if a user can update an entity with the specified organization/control centre changes
|
|
99
|
-
* @param accessScope - The access scope for the user
|
|
100
|
-
* @param existingEntity - The existing entity
|
|
101
|
-
* @param updateDto - The DTO containing updated organizationId/controlCentreId
|
|
102
|
-
* @param entityName - The name of the entity (for error messages)
|
|
103
|
-
*/
|
|
104
|
-
validateUpdateEntityAccess(accessScope, existingEntity, updateDto, entityName = 'entity') {
|
|
105
|
-
// First validate access to the existing entity
|
|
106
|
-
this.validateEntityAccess(accessScope, existingEntity, entityName);
|
|
107
|
-
// Then validate update permissions
|
|
108
|
-
this.validateUpdateAccess(accessScope, entityName);
|
|
109
|
-
// If organization is being changed, validate access to new organization
|
|
110
|
-
if (updateDto.organizationId && updateDto.organizationId !== existingEntity.organizationId) {
|
|
111
|
-
if (accessScope.organizationFilter && updateDto.organizationId !== accessScope.organizationFilter) {
|
|
112
|
-
throw new common_1.ForbiddenException(`Cannot move ${entityName} to this organization`);
|
|
113
|
-
}
|
|
114
|
-
}
|
|
115
|
-
// If control centre is being changed, validate access to new control centre
|
|
116
|
-
if (updateDto.controlCentreId && updateDto.controlCentreId !== existingEntity.controlCentreId) {
|
|
117
|
-
if (accessScope.controlCentreFilter && updateDto.controlCentreId !== accessScope.controlCentreFilter) {
|
|
118
|
-
throw new common_1.ForbiddenException(`Cannot move ${entityName} to this control centre`);
|
|
119
|
-
}
|
|
120
|
-
}
|
|
121
|
-
}
|
|
122
75
|
}
|
|
123
76
|
exports.AccessValidationService = AccessValidationService;
|
|
124
77
|
//# sourceMappingURL=access-validation.service.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"access-validation.service.js","sourceRoot":"","sources":["../../../../../src/modules/common/services/access-validation.service.ts"],"names":[],"mappings":";;;AAAA,2CAAoD;AAIpD;;;GAGG;AACH,MAAa,uBAAuB;IAEhC;;;;OAIG;IACH,kBAAkB,CAAC,WAAwB,EAAE,mBAA2B,UAAU;QAC9E,IAAI,WAAW,CAAC,YAAY,EAAE,CAAC;YAC3B,OAAO;QACX,CAAC;QAED,IAAI,WAAW,CAAC,kBAAkB,IAAI,WAAW,CAAC,mBAAmB,EAAE,CAAC;YACpE,OAAO;QACX,CAAC;QAED,MAAM,IAAI,2BAAkB,CAAC,qDAAqD,gBAAgB,EAAE,CAAC,CAAC;IAC1G,CAAC;IAED;;;;;OAKG;IACH,oBAAoB,CAChB,WAAwB,EACxB,MAAS,EACT,aAAqB,QAAQ;QAE7B,IAAI,WAAW,CAAC,YAAY,EAAE,CAAC;YAC3B,OAAO;QACX,CAAC;QAED,IAAI,
|
|
1
|
+
{"version":3,"file":"access-validation.service.js","sourceRoot":"","sources":["../../../../../src/modules/common/services/access-validation.service.ts"],"names":[],"mappings":";;;AAAA,2CAAoD;AAIpD;;;GAGG;AACH,MAAa,uBAAuB;IAEhC;;;;OAIG;IACH,kBAAkB,CAAC,WAAwB,EAAE,mBAA2B,UAAU;QAC9E,IAAI,WAAW,CAAC,YAAY,EAAE,CAAC;YAC3B,OAAO;QACX,CAAC;QAED,IAAI,WAAW,CAAC,kBAAkB,IAAI,WAAW,CAAC,mBAAmB,EAAE,CAAC;YACpE,OAAO;QACX,CAAC;QAED,MAAM,IAAI,2BAAkB,CAAC,qDAAqD,gBAAgB,EAAE,CAAC,CAAC;IAC1G,CAAC;IAED;;;;;OAKG;IACH,oBAAoB,CAChB,WAAwB,EACxB,MAAS,EACT,aAAqB,QAAQ;QAE7B,IAAI,WAAW,CAAC,YAAY,EAAE,CAAC;YAC3B,OAAO;QACX,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC;YACpD,MAAM,IAAI,2BAAkB,CAAC,kBAAkB,UAAU,oCAAoC,CAAC,CAAC;QACnG,CAAC;QAED,IAAI,WAAW,CAAC,kBAAkB,EAAE,CAAC;YACjC,IAAI,MAAM,CAAC,cAAc,KAAK,WAAW,CAAC,kBAAkB,EAAE,CAAC;gBAC3D,MAAM,IAAI,2BAAkB,CAAC,kBAAkB,UAAU,uCAAuC,CAAC,CAAC;YACtG,CAAC;YACD,OAAO;QACX,CAAC;QAED,IAAI,WAAW,CAAC,mBAAmB,EAAE,CAAC;YAClC,IAAI,MAAM,CAAC,eAAe,KAAK,WAAW,CAAC,mBAAmB,EAAE,CAAC;gBAC7D,MAAM,IAAI,2BAAkB,CAAC,kBAAkB,UAAU,yCAAyC,CAAC,CAAC;YACxG,CAAC;YACD,OAAO;QACX,CAAC;QAED,MAAM,IAAI,2BAAkB,CAAC,0DAA0D,UAAU,SAAS,CAAC,CAAC;IAChH,CAAC;IAED;;;;;OAKG;IACH,oBAAoB,CAChB,WAAwB,EACxB,SAAY,EACZ,aAAqB,QAAQ;QAE7B,IAAI,WAAW,CAAC,YAAY,EAAE,CAAC;YAC3B,OAAO;QACX,CAAC;QAED,IAAI,SAAS,CAAC,cAAc,EAAE,CAAC;YAC3B,IAAI,WAAW,CAAC,kBAAkB,IAAI,SAAS,CAAC,cAAc,KAAK,WAAW,CAAC,kBAAkB,EAAE,CAAC;gBAChG,MAAM,IAAI,2BAAkB,CAAC,iBAAiB,UAAU,wBAAwB,CAAC,CAAC;YACtF,CAAC;QACL,CAAC;QAED,IAAI,SAAS,CAAC,eAAe,EAAE,CAAC;YAC5B,IAAI,WAAW,CAAC,mBAAmB,IAAI,SAAS,CAAC,eAAe,KAAK,WAAW,CAAC,mBAAmB,EAAE,CAAC;gBACnG,MAAM,IAAI,2BAAkB,CAAC,iBAAiB,UAAU,0BAA0B,CAAC,CAAC;YACxF,CAAC;QACL,CAAC;QAED,IAAI,CAAC,WAAW,CAAC,kBAAkB,IAAI,CAAC,WAAW,CAAC,mBAAmB,EAAE,CAAC;YACtE,MAAM,IAAI,2BAAkB,CAAC,sCAAsC,UAAU,EAAE,CAAC,CAAC;QACrF,CAAC;IACL,CAAC;CAKJ;AA1FD,0DA0FC"}
|
|
@@ -21,7 +21,6 @@ class UserContextHeaderService {
|
|
|
21
21
|
if (userContext.controlCentreId) {
|
|
22
22
|
headers[http_headers_1.HTTP_HEADERS.CONTROL_CENTRE_ID] = userContext.controlCentreId.toString();
|
|
23
23
|
}
|
|
24
|
-
// Also provide full context as single header for convenience
|
|
25
24
|
headers[http_headers_1.HTTP_HEADERS.USER_CONTEXT] = JSON.stringify(userContext);
|
|
26
25
|
return headers;
|
|
27
26
|
}
|
|
@@ -30,12 +29,10 @@ class UserContextHeaderService {
|
|
|
30
29
|
*/
|
|
31
30
|
static extractFromHeaders(headers) {
|
|
32
31
|
try {
|
|
33
|
-
// First try to get full context from single header
|
|
34
32
|
const fullContextHeader = this.getHeaderValue(headers, http_headers_1.HTTP_HEADERS.USER_CONTEXT);
|
|
35
33
|
if (fullContextHeader) {
|
|
36
34
|
return JSON.parse(fullContextHeader);
|
|
37
35
|
}
|
|
38
|
-
// Fallback: reconstruct from individual headers
|
|
39
36
|
const userIdHeader = this.getHeaderValue(headers, http_headers_1.HTTP_HEADERS.USER_ID);
|
|
40
37
|
const rolesHeader = this.getHeaderValue(headers, http_headers_1.HTTP_HEADERS.USER_ROLES);
|
|
41
38
|
const accessScopeHeader = this.getHeaderValue(headers, http_headers_1.HTTP_HEADERS.ACCESS_SCOPE);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"user-context-header.service.js","sourceRoot":"","sources":["../../../../../src/modules/common/services/user-context-header.service.ts"],"names":[],"mappings":";;;AAEA,kEAA+D;AAE/D;;;GAGG;AACH,MAAa,wBAAwB;IAEjC;;OAEG;IACH,MAAM,CAAC,YAAY,CAAC,WAAwB;QACxC,MAAM,OAAO,GAA2B,EAAE,CAAC;QAE3C,OAAO,CAAC,2BAAY,CAAC,OAAO,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;QAC9D,OAAO,CAAC,2BAAY,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACrE,OAAO,CAAC,2BAAY,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;QAE7E,IAAI,WAAW,CAAC,cAAc,EAAE,CAAC;YAC7B,OAAO,CAAC,2BAAY,CAAC,eAAe,CAAC,GAAG,WAAW,CAAC,cAAc,CAAC,QAAQ,EAAE,CAAC;QAClF,CAAC;QAED,IAAI,WAAW,CAAC,eAAe,EAAE,CAAC;YAC9B,OAAO,CAAC,2BAAY,CAAC,iBAAiB,CAAC,GAAG,WAAW,CAAC,eAAe,CAAC,QAAQ,EAAE,CAAC;QACrF,CAAC;QAED,
|
|
1
|
+
{"version":3,"file":"user-context-header.service.js","sourceRoot":"","sources":["../../../../../src/modules/common/services/user-context-header.service.ts"],"names":[],"mappings":";;;AAEA,kEAA+D;AAE/D;;;GAGG;AACH,MAAa,wBAAwB;IAEjC;;OAEG;IACH,MAAM,CAAC,YAAY,CAAC,WAAwB;QACxC,MAAM,OAAO,GAA2B,EAAE,CAAC;QAE3C,OAAO,CAAC,2BAAY,CAAC,OAAO,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;QAC9D,OAAO,CAAC,2BAAY,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACrE,OAAO,CAAC,2BAAY,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;QAE7E,IAAI,WAAW,CAAC,cAAc,EAAE,CAAC;YAC7B,OAAO,CAAC,2BAAY,CAAC,eAAe,CAAC,GAAG,WAAW,CAAC,cAAc,CAAC,QAAQ,EAAE,CAAC;QAClF,CAAC;QAED,IAAI,WAAW,CAAC,eAAe,EAAE,CAAC;YAC9B,OAAO,CAAC,2BAAY,CAAC,iBAAiB,CAAC,GAAG,WAAW,CAAC,eAAe,CAAC,QAAQ,EAAE,CAAC;QACrF,CAAC;QAED,OAAO,CAAC,2BAAY,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QAEjE,OAAO,OAAO,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,kBAAkB,CAAC,OAA0C;QAChE,IAAI,CAAC;YACD,MAAM,iBAAiB,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,2BAAY,CAAC,YAAY,CAAC,CAAC;YAClF,IAAI,iBAAiB,EAAE,CAAC;gBACpB,OAAO,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAgB,CAAC;YACxD,CAAC;YAED,MAAM,YAAY,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,2BAAY,CAAC,OAAO,CAAC,CAAC;YACxE,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,2BAAY,CAAC,UAAU,CAAC,CAAC;YAC1E,MAAM,iBAAiB,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,2BAAY,CAAC,YAAY,CAAC,CAAC;YAElF,IAAI,CAAC,YAAY,IAAI,CAAC,WAAW,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBACtD,OAAO,IAAI,CAAC;YAChB,CAAC;YAED,MAAM,MAAM,GAAG,QAAQ,CAAC,YAAY,CAAC,CAAC;YACtC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAa,CAAC;YAClD,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAgB,CAAC;YAEjE,MAAM,oBAAoB,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,2BAAY,CAAC,eAAe,CAAC,CAAC;YACxF,MAAM,qBAAqB,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,2BAAY,CAAC,iBAAiB,CAAC,CAAC;YAE3F,OAAO;gBACH,MAAM;gBACN,KAAK;gBACL,WAAW;gBACX,cAAc,EAAE,oBAAoB,CAAC,CAAC,CAAC,QAAQ,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC,SAAS;gBACjF,eAAe,EAAE,qBAAqB,CAAC,CAAC,CAAC,QAAQ,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC,SAAS;aACvF,CAAC;QACN,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,6CAA6C,EAAE,KAAK,CAAC,CAAC;YACpE,OAAO,IAAI,CAAC;QAChB,CAAC;IACL,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,cAAc,CAAC,OAA0C,EAAE,GAAW;QACjF,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,CAAC;QACzD,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QACxB,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;IACnD,CAAC;CACJ;AAvED,4DAuEC"}
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.MOBILE_ROLES = exports.CONTROL_CENTRE_ROLES = exports.ORGANIZATION_ROLES = void 0;
|
|
4
|
+
const role_enum_1 = require("../enums/role.enum");
|
|
5
|
+
exports.ORGANIZATION_ROLES = [
|
|
6
|
+
role_enum_1.Roles.ORGANIZATION_OWNER,
|
|
7
|
+
role_enum_1.Roles.ORGANIZATION_ADMIN,
|
|
8
|
+
role_enum_1.Roles.ORGANIZATION_USER
|
|
9
|
+
];
|
|
10
|
+
exports.CONTROL_CENTRE_ROLES = [
|
|
11
|
+
role_enum_1.Roles.CONTROL_CENTRE_ADMIN,
|
|
12
|
+
role_enum_1.Roles.CONTROL_CENTRE_USER
|
|
13
|
+
];
|
|
14
|
+
exports.MOBILE_ROLES = [
|
|
15
|
+
role_enum_1.Roles.MOBILE_USER
|
|
16
|
+
];
|
|
17
|
+
//# sourceMappingURL=roles-by-scope.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"roles-by-scope.js","sourceRoot":"","sources":["../../../../../src/modules/role/constants/roles-by-scope.ts"],"names":[],"mappings":";;;AAAA,kDAA2C;AAE9B,QAAA,kBAAkB,GAAa;IACxC,iBAAK,CAAC,kBAAkB;IACxB,iBAAK,CAAC,kBAAkB;IACxB,iBAAK,CAAC,iBAAiB;CAC1B,CAAC;AAEW,QAAA,oBAAoB,GAAa;IAC1C,iBAAK,CAAC,oBAAoB;IAC1B,iBAAK,CAAC,mBAAmB;CAC5B,CAAC;AAEW,QAAA,YAAY,GAAa;IAClC,iBAAK,CAAC,WAAW;CACpB,CAAC"}
|
|
@@ -11,4 +11,7 @@ var Roles;
|
|
|
11
11
|
Roles["CONTROL_CENTRE_USER"] = "Control-Centre:User";
|
|
12
12
|
Roles["MOBILE_USER"] = "Mobile-User";
|
|
13
13
|
})(Roles || (exports.Roles = Roles = {}));
|
|
14
|
+
/**
|
|
15
|
+
* When defining new roles, also update the roles-by-scope.ts file and roles.data.ts file
|
|
16
|
+
*/
|
|
14
17
|
//# sourceMappingURL=role.enum.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"role.enum.js","sourceRoot":"","sources":["../../../../../src/modules/role/enums/role.enum.ts"],"names":[],"mappings":";;;AAAA,IAAY,KAQX;AARD,WAAY,KAAK;IACb,oCAA2B,CAAA;IAC3B,kDAAyC,CAAA;IACzC,kDAAyC,CAAA;IACzC,gDAAuC,CAAA;IACvC,sDAA6C,CAAA;IAC7C,oDAA2C,CAAA;IAC3C,oCAA2B,CAAA;AAC/B,CAAC,EARW,KAAK,qBAAL,KAAK,QAQhB"}
|
|
1
|
+
{"version":3,"file":"role.enum.js","sourceRoot":"","sources":["../../../../../src/modules/role/enums/role.enum.ts"],"names":[],"mappings":";;;AAAA,IAAY,KAQX;AARD,WAAY,KAAK;IACb,oCAA2B,CAAA;IAC3B,kDAAyC,CAAA;IACzC,kDAAyC,CAAA;IACzC,gDAAuC,CAAA;IACvC,sDAA6C,CAAA;IAC7C,oDAA2C,CAAA;IAC3C,oCAA2B,CAAA;AAC/B,CAAC,EARW,KAAK,qBAAL,KAAK,QAQhB;AAED;;GAEG"}
|
|
@@ -19,4 +19,5 @@ __exportStar(require("./dtos/create-role.dto"), exports);
|
|
|
19
19
|
__exportStar(require("./dtos/update-tole.dto"), exports);
|
|
20
20
|
__exportStar(require("./enums/role.enum"), exports);
|
|
21
21
|
__exportStar(require("./interfaces/role"), exports);
|
|
22
|
+
__exportStar(require("./constants/roles-by-scope"), exports);
|
|
22
23
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/modules/role/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,oDAAkC;AAClC,yDAAuC;AACvC,yDAAuC;AACvC,oDAAkC;AAClC,oDAAkC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/modules/role/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,oDAAkC;AAClC,yDAAuC;AACvC,yDAAuC;AACvC,oDAAkC;AAClC,oDAAkC;AAClC,6DAA2C"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"report-list.js","sourceRoot":"","sources":["../../../src/interfaces/report-list.ts"],"names":[],"mappings":""}
|
|
@@ -28,13 +28,22 @@ export class AccessValidationService {
|
|
|
28
28
|
if (accessScope.isSuperAdmin) {
|
|
29
29
|
return;
|
|
30
30
|
}
|
|
31
|
-
if (
|
|
31
|
+
if (!entity.organizationId && !entity.controlCentreId) {
|
|
32
|
+
throw new ForbiddenException(`Access denied: ${entityName} has no access control information`);
|
|
33
|
+
}
|
|
34
|
+
if (accessScope.organizationFilter) {
|
|
35
|
+
if (entity.organizationId !== accessScope.organizationFilter) {
|
|
36
|
+
throw new ForbiddenException(`Access denied: ${entityName} does not belong to your organization`);
|
|
37
|
+
}
|
|
32
38
|
return;
|
|
33
39
|
}
|
|
34
|
-
if (accessScope.controlCentreFilter
|
|
40
|
+
if (accessScope.controlCentreFilter) {
|
|
41
|
+
if (entity.controlCentreId !== accessScope.controlCentreFilter) {
|
|
42
|
+
throw new ForbiddenException(`Access denied: ${entityName} does not belong to your control centre`);
|
|
43
|
+
}
|
|
35
44
|
return;
|
|
36
45
|
}
|
|
37
|
-
throw new ForbiddenException(`Access denied: Insufficient permissions to access this ${entityName
|
|
46
|
+
throw new ForbiddenException(`Access denied: Insufficient permissions to access this ${entityName} entity`);
|
|
38
47
|
}
|
|
39
48
|
/**
|
|
40
49
|
* Validates if a user can create an entity with the specified organization/control centre
|
|
@@ -46,75 +55,19 @@ export class AccessValidationService {
|
|
|
46
55
|
if (accessScope.isSuperAdmin) {
|
|
47
56
|
return;
|
|
48
57
|
}
|
|
49
|
-
// Check organization level access
|
|
50
58
|
if (createDto.organizationId) {
|
|
51
59
|
if (accessScope.organizationFilter && createDto.organizationId !== accessScope.organizationFilter) {
|
|
52
60
|
throw new ForbiddenException(`Cannot create ${entityName} for this organization`);
|
|
53
61
|
}
|
|
54
62
|
}
|
|
55
|
-
// Check control centre level access
|
|
56
63
|
if (createDto.controlCentreId) {
|
|
57
64
|
if (accessScope.controlCentreFilter && createDto.controlCentreId !== accessScope.controlCentreFilter) {
|
|
58
65
|
throw new ForbiddenException(`Cannot create ${entityName} for this control centre`);
|
|
59
66
|
}
|
|
60
67
|
}
|
|
61
|
-
// Ensure user has at least organization or control centre level access
|
|
62
68
|
if (!accessScope.organizationFilter && !accessScope.controlCentreFilter) {
|
|
63
69
|
throw new ForbiddenException(`Insufficient permissions to create ${entityName}`);
|
|
64
70
|
}
|
|
65
71
|
}
|
|
66
|
-
/**
|
|
67
|
-
* Validates if a user has access to update entities
|
|
68
|
-
* @param accessScope - The access scope for the user
|
|
69
|
-
* @param entityName - The name of the entity (for error messages)
|
|
70
|
-
*/
|
|
71
|
-
validateUpdateAccess(accessScope, entityName = 'entity') {
|
|
72
|
-
if (accessScope.isSuperAdmin) {
|
|
73
|
-
return;
|
|
74
|
-
}
|
|
75
|
-
// Ensure user has at least organization or control centre level access
|
|
76
|
-
if (!accessScope.organizationFilter && !accessScope.controlCentreFilter) {
|
|
77
|
-
throw new ForbiddenException(`Insufficient permissions to update ${entityName}`);
|
|
78
|
-
}
|
|
79
|
-
}
|
|
80
|
-
/**
|
|
81
|
-
* Validates if a user has access to delete entities
|
|
82
|
-
* @param accessScope - The access scope for the user
|
|
83
|
-
* @param entityName - The name of the entity (for error messages)
|
|
84
|
-
*/
|
|
85
|
-
validateDeleteAccess(accessScope, entityName = 'entity') {
|
|
86
|
-
if (accessScope.isSuperAdmin) {
|
|
87
|
-
return;
|
|
88
|
-
}
|
|
89
|
-
// Ensure user has at least organization or control centre level access
|
|
90
|
-
if (!accessScope.organizationFilter && !accessScope.controlCentreFilter) {
|
|
91
|
-
throw new ForbiddenException(`Insufficient permissions to delete ${entityName}`);
|
|
92
|
-
}
|
|
93
|
-
}
|
|
94
|
-
/**
|
|
95
|
-
* Validates if a user can update an entity with the specified organization/control centre changes
|
|
96
|
-
* @param accessScope - The access scope for the user
|
|
97
|
-
* @param existingEntity - The existing entity
|
|
98
|
-
* @param updateDto - The DTO containing updated organizationId/controlCentreId
|
|
99
|
-
* @param entityName - The name of the entity (for error messages)
|
|
100
|
-
*/
|
|
101
|
-
validateUpdateEntityAccess(accessScope, existingEntity, updateDto, entityName = 'entity') {
|
|
102
|
-
// First validate access to the existing entity
|
|
103
|
-
this.validateEntityAccess(accessScope, existingEntity, entityName);
|
|
104
|
-
// Then validate update permissions
|
|
105
|
-
this.validateUpdateAccess(accessScope, entityName);
|
|
106
|
-
// If organization is being changed, validate access to new organization
|
|
107
|
-
if (updateDto.organizationId && updateDto.organizationId !== existingEntity.organizationId) {
|
|
108
|
-
if (accessScope.organizationFilter && updateDto.organizationId !== accessScope.organizationFilter) {
|
|
109
|
-
throw new ForbiddenException(`Cannot move ${entityName} to this organization`);
|
|
110
|
-
}
|
|
111
|
-
}
|
|
112
|
-
// If control centre is being changed, validate access to new control centre
|
|
113
|
-
if (updateDto.controlCentreId && updateDto.controlCentreId !== existingEntity.controlCentreId) {
|
|
114
|
-
if (accessScope.controlCentreFilter && updateDto.controlCentreId !== accessScope.controlCentreFilter) {
|
|
115
|
-
throw new ForbiddenException(`Cannot move ${entityName} to this control centre`);
|
|
116
|
-
}
|
|
117
|
-
}
|
|
118
|
-
}
|
|
119
72
|
}
|
|
120
73
|
//# sourceMappingURL=access-validation.service.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"access-validation.service.js","sourceRoot":"","sources":["../../../../../src/modules/common/services/access-validation.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAIpD;;;GAGG;AACH,MAAM,OAAO,uBAAuB;IAEhC;;;;OAIG;IACH,kBAAkB,CAAC,WAAwB,EAAE,mBAA2B,UAAU;QAC9E,IAAI,WAAW,CAAC,YAAY,EAAE,CAAC;YAC3B,OAAO;QACX,CAAC;QAED,IAAI,WAAW,CAAC,kBAAkB,IAAI,WAAW,CAAC,mBAAmB,EAAE,CAAC;YACpE,OAAO;QACX,CAAC;QAED,MAAM,IAAI,kBAAkB,CAAC,qDAAqD,gBAAgB,EAAE,CAAC,CAAC;IAC1G,CAAC;IAED;;;;;OAKG;IACH,oBAAoB,CAChB,WAAwB,EACxB,MAAS,EACT,aAAqB,QAAQ;QAE7B,IAAI,WAAW,CAAC,YAAY,EAAE,CAAC;YAC3B,OAAO;QACX,CAAC;QAED,IAAI,
|
|
1
|
+
{"version":3,"file":"access-validation.service.js","sourceRoot":"","sources":["../../../../../src/modules/common/services/access-validation.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAIpD;;;GAGG;AACH,MAAM,OAAO,uBAAuB;IAEhC;;;;OAIG;IACH,kBAAkB,CAAC,WAAwB,EAAE,mBAA2B,UAAU;QAC9E,IAAI,WAAW,CAAC,YAAY,EAAE,CAAC;YAC3B,OAAO;QACX,CAAC;QAED,IAAI,WAAW,CAAC,kBAAkB,IAAI,WAAW,CAAC,mBAAmB,EAAE,CAAC;YACpE,OAAO;QACX,CAAC;QAED,MAAM,IAAI,kBAAkB,CAAC,qDAAqD,gBAAgB,EAAE,CAAC,CAAC;IAC1G,CAAC;IAED;;;;;OAKG;IACH,oBAAoB,CAChB,WAAwB,EACxB,MAAS,EACT,aAAqB,QAAQ;QAE7B,IAAI,WAAW,CAAC,YAAY,EAAE,CAAC;YAC3B,OAAO;QACX,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC;YACpD,MAAM,IAAI,kBAAkB,CAAC,kBAAkB,UAAU,oCAAoC,CAAC,CAAC;QACnG,CAAC;QAED,IAAI,WAAW,CAAC,kBAAkB,EAAE,CAAC;YACjC,IAAI,MAAM,CAAC,cAAc,KAAK,WAAW,CAAC,kBAAkB,EAAE,CAAC;gBAC3D,MAAM,IAAI,kBAAkB,CAAC,kBAAkB,UAAU,uCAAuC,CAAC,CAAC;YACtG,CAAC;YACD,OAAO;QACX,CAAC;QAED,IAAI,WAAW,CAAC,mBAAmB,EAAE,CAAC;YAClC,IAAI,MAAM,CAAC,eAAe,KAAK,WAAW,CAAC,mBAAmB,EAAE,CAAC;gBAC7D,MAAM,IAAI,kBAAkB,CAAC,kBAAkB,UAAU,yCAAyC,CAAC,CAAC;YACxG,CAAC;YACD,OAAO;QACX,CAAC;QAED,MAAM,IAAI,kBAAkB,CAAC,0DAA0D,UAAU,SAAS,CAAC,CAAC;IAChH,CAAC;IAED;;;;;OAKG;IACH,oBAAoB,CAChB,WAAwB,EACxB,SAAY,EACZ,aAAqB,QAAQ;QAE7B,IAAI,WAAW,CAAC,YAAY,EAAE,CAAC;YAC3B,OAAO;QACX,CAAC;QAED,IAAI,SAAS,CAAC,cAAc,EAAE,CAAC;YAC3B,IAAI,WAAW,CAAC,kBAAkB,IAAI,SAAS,CAAC,cAAc,KAAK,WAAW,CAAC,kBAAkB,EAAE,CAAC;gBAChG,MAAM,IAAI,kBAAkB,CAAC,iBAAiB,UAAU,wBAAwB,CAAC,CAAC;YACtF,CAAC;QACL,CAAC;QAED,IAAI,SAAS,CAAC,eAAe,EAAE,CAAC;YAC5B,IAAI,WAAW,CAAC,mBAAmB,IAAI,SAAS,CAAC,eAAe,KAAK,WAAW,CAAC,mBAAmB,EAAE,CAAC;gBACnG,MAAM,IAAI,kBAAkB,CAAC,iBAAiB,UAAU,0BAA0B,CAAC,CAAC;YACxF,CAAC;QACL,CAAC;QAED,IAAI,CAAC,WAAW,CAAC,kBAAkB,IAAI,CAAC,WAAW,CAAC,mBAAmB,EAAE,CAAC;YACtE,MAAM,IAAI,kBAAkB,CAAC,sCAAsC,UAAU,EAAE,CAAC,CAAC;QACrF,CAAC;IACL,CAAC;CAKJ"}
|
|
@@ -18,7 +18,6 @@ export class UserContextHeaderService {
|
|
|
18
18
|
if (userContext.controlCentreId) {
|
|
19
19
|
headers[HTTP_HEADERS.CONTROL_CENTRE_ID] = userContext.controlCentreId.toString();
|
|
20
20
|
}
|
|
21
|
-
// Also provide full context as single header for convenience
|
|
22
21
|
headers[HTTP_HEADERS.USER_CONTEXT] = JSON.stringify(userContext);
|
|
23
22
|
return headers;
|
|
24
23
|
}
|
|
@@ -27,12 +26,10 @@ export class UserContextHeaderService {
|
|
|
27
26
|
*/
|
|
28
27
|
static extractFromHeaders(headers) {
|
|
29
28
|
try {
|
|
30
|
-
// First try to get full context from single header
|
|
31
29
|
const fullContextHeader = this.getHeaderValue(headers, HTTP_HEADERS.USER_CONTEXT);
|
|
32
30
|
if (fullContextHeader) {
|
|
33
31
|
return JSON.parse(fullContextHeader);
|
|
34
32
|
}
|
|
35
|
-
// Fallback: reconstruct from individual headers
|
|
36
33
|
const userIdHeader = this.getHeaderValue(headers, HTTP_HEADERS.USER_ID);
|
|
37
34
|
const rolesHeader = this.getHeaderValue(headers, HTTP_HEADERS.USER_ROLES);
|
|
38
35
|
const accessScopeHeader = this.getHeaderValue(headers, HTTP_HEADERS.ACCESS_SCOPE);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"user-context-header.service.js","sourceRoot":"","sources":["../../../../../src/modules/common/services/user-context-header.service.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAE/D;;;GAGG;AACH,MAAM,OAAO,wBAAwB;IAEjC;;OAEG;IACH,MAAM,CAAC,YAAY,CAAC,WAAwB;QACxC,MAAM,OAAO,GAA2B,EAAE,CAAC;QAE3C,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;QAC9D,OAAO,CAAC,YAAY,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACrE,OAAO,CAAC,YAAY,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;QAE7E,IAAI,WAAW,CAAC,cAAc,EAAE,CAAC;YAC7B,OAAO,CAAC,YAAY,CAAC,eAAe,CAAC,GAAG,WAAW,CAAC,cAAc,CAAC,QAAQ,EAAE,CAAC;QAClF,CAAC;QAED,IAAI,WAAW,CAAC,eAAe,EAAE,CAAC;YAC9B,OAAO,CAAC,YAAY,CAAC,iBAAiB,CAAC,GAAG,WAAW,CAAC,eAAe,CAAC,QAAQ,EAAE,CAAC;QACrF,CAAC;QAED,
|
|
1
|
+
{"version":3,"file":"user-context-header.service.js","sourceRoot":"","sources":["../../../../../src/modules/common/services/user-context-header.service.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAE/D;;;GAGG;AACH,MAAM,OAAO,wBAAwB;IAEjC;;OAEG;IACH,MAAM,CAAC,YAAY,CAAC,WAAwB;QACxC,MAAM,OAAO,GAA2B,EAAE,CAAC;QAE3C,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;QAC9D,OAAO,CAAC,YAAY,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACrE,OAAO,CAAC,YAAY,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;QAE7E,IAAI,WAAW,CAAC,cAAc,EAAE,CAAC;YAC7B,OAAO,CAAC,YAAY,CAAC,eAAe,CAAC,GAAG,WAAW,CAAC,cAAc,CAAC,QAAQ,EAAE,CAAC;QAClF,CAAC;QAED,IAAI,WAAW,CAAC,eAAe,EAAE,CAAC;YAC9B,OAAO,CAAC,YAAY,CAAC,iBAAiB,CAAC,GAAG,WAAW,CAAC,eAAe,CAAC,QAAQ,EAAE,CAAC;QACrF,CAAC;QAED,OAAO,CAAC,YAAY,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QAEjE,OAAO,OAAO,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,kBAAkB,CAAC,OAA0C;QAChE,IAAI,CAAC;YACD,MAAM,iBAAiB,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,YAAY,CAAC,YAAY,CAAC,CAAC;YAClF,IAAI,iBAAiB,EAAE,CAAC;gBACpB,OAAO,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAgB,CAAC;YACxD,CAAC;YAED,MAAM,YAAY,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;YACxE,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,YAAY,CAAC,UAAU,CAAC,CAAC;YAC1E,MAAM,iBAAiB,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,YAAY,CAAC,YAAY,CAAC,CAAC;YAElF,IAAI,CAAC,YAAY,IAAI,CAAC,WAAW,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBACtD,OAAO,IAAI,CAAC;YAChB,CAAC;YAED,MAAM,MAAM,GAAG,QAAQ,CAAC,YAAY,CAAC,CAAC;YACtC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAa,CAAC;YAClD,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAgB,CAAC;YAEjE,MAAM,oBAAoB,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,YAAY,CAAC,eAAe,CAAC,CAAC;YACxF,MAAM,qBAAqB,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,YAAY,CAAC,iBAAiB,CAAC,CAAC;YAE3F,OAAO;gBACH,MAAM;gBACN,KAAK;gBACL,WAAW;gBACX,cAAc,EAAE,oBAAoB,CAAC,CAAC,CAAC,QAAQ,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC,SAAS;gBACjF,eAAe,EAAE,qBAAqB,CAAC,CAAC,CAAC,QAAQ,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC,SAAS;aACvF,CAAC;QACN,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,6CAA6C,EAAE,KAAK,CAAC,CAAC;YACpE,OAAO,IAAI,CAAC;QAChB,CAAC;IACL,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,cAAc,CAAC,OAA0C,EAAE,GAAW;QACjF,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,CAAC;QACzD,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QACxB,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;IACnD,CAAC;CACJ"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
import { Roles } from "../enums/role.enum";
|
|
2
|
+
export const ORGANIZATION_ROLES = [
|
|
3
|
+
Roles.ORGANIZATION_OWNER,
|
|
4
|
+
Roles.ORGANIZATION_ADMIN,
|
|
5
|
+
Roles.ORGANIZATION_USER
|
|
6
|
+
];
|
|
7
|
+
export const CONTROL_CENTRE_ROLES = [
|
|
8
|
+
Roles.CONTROL_CENTRE_ADMIN,
|
|
9
|
+
Roles.CONTROL_CENTRE_USER
|
|
10
|
+
];
|
|
11
|
+
export const MOBILE_ROLES = [
|
|
12
|
+
Roles.MOBILE_USER
|
|
13
|
+
];
|
|
14
|
+
//# sourceMappingURL=roles-by-scope.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"roles-by-scope.js","sourceRoot":"","sources":["../../../../../src/modules/role/constants/roles-by-scope.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAE3C,MAAM,CAAC,MAAM,kBAAkB,GAAa;IACxC,KAAK,CAAC,kBAAkB;IACxB,KAAK,CAAC,kBAAkB;IACxB,KAAK,CAAC,iBAAiB;CAC1B,CAAC;AAEF,MAAM,CAAC,MAAM,oBAAoB,GAAa;IAC1C,KAAK,CAAC,oBAAoB;IAC1B,KAAK,CAAC,mBAAmB;CAC5B,CAAC;AAEF,MAAM,CAAC,MAAM,YAAY,GAAa;IAClC,KAAK,CAAC,WAAW;CACpB,CAAC"}
|
|
@@ -8,4 +8,7 @@ export var Roles;
|
|
|
8
8
|
Roles["CONTROL_CENTRE_USER"] = "Control-Centre:User";
|
|
9
9
|
Roles["MOBILE_USER"] = "Mobile-User";
|
|
10
10
|
})(Roles || (Roles = {}));
|
|
11
|
+
/**
|
|
12
|
+
* When defining new roles, also update the roles-by-scope.ts file and roles.data.ts file
|
|
13
|
+
*/
|
|
11
14
|
//# sourceMappingURL=role.enum.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"role.enum.js","sourceRoot":"","sources":["../../../../../src/modules/role/enums/role.enum.ts"],"names":[],"mappings":"AAAA,MAAM,CAAN,IAAY,KAQX;AARD,WAAY,KAAK;IACb,oCAA2B,CAAA;IAC3B,kDAAyC,CAAA;IACzC,kDAAyC,CAAA;IACzC,gDAAuC,CAAA;IACvC,sDAA6C,CAAA;IAC7C,oDAA2C,CAAA;IAC3C,oCAA2B,CAAA;AAC/B,CAAC,EARW,KAAK,KAAL,KAAK,QAQhB"}
|
|
1
|
+
{"version":3,"file":"role.enum.js","sourceRoot":"","sources":["../../../../../src/modules/role/enums/role.enum.ts"],"names":[],"mappings":"AAAA,MAAM,CAAN,IAAY,KAQX;AARD,WAAY,KAAK;IACb,oCAA2B,CAAA;IAC3B,kDAAyC,CAAA;IACzC,kDAAyC,CAAA;IACzC,gDAAuC,CAAA;IACvC,sDAA6C,CAAA;IAC7C,oDAA2C,CAAA;IAC3C,oCAA2B,CAAA;AAC/B,CAAC,EARW,KAAK,KAAL,KAAK,QAQhB;AAED;;GAEG"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/modules/role/index.ts"],"names":[],"mappings":"AAAA,cAAc,mBAAmB,CAAC;AAClC,cAAc,wBAAwB,CAAC;AACvC,cAAc,wBAAwB,CAAC;AACvC,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/modules/role/index.ts"],"names":[],"mappings":"AAAA,cAAc,mBAAmB,CAAC;AAClC,cAAc,wBAAwB,CAAC;AACvC,cAAc,wBAAwB,CAAC;AACvC,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,4BAA4B,CAAC"}
|
|
File without changes
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { AccessScope } from '../../user/interfaces/access-scope';
|
|
2
|
-
import { EntityAccessCheck, CreateEntityAccessCheck
|
|
2
|
+
import { EntityAccessCheck, CreateEntityAccessCheck } from '../interfaces/access-validation.interface';
|
|
3
3
|
/**
|
|
4
4
|
* Service for validating access control across microservices
|
|
5
5
|
* Provides centralized validation logic to ensure consistency
|
|
@@ -25,24 +25,4 @@ export declare class AccessValidationService {
|
|
|
25
25
|
* @param entityName - The name of the entity (for error messages)
|
|
26
26
|
*/
|
|
27
27
|
validateCreateAccess<T extends CreateEntityAccessCheck>(accessScope: AccessScope, createDto: T, entityName?: string): void;
|
|
28
|
-
/**
|
|
29
|
-
* Validates if a user has access to update entities
|
|
30
|
-
* @param accessScope - The access scope for the user
|
|
31
|
-
* @param entityName - The name of the entity (for error messages)
|
|
32
|
-
*/
|
|
33
|
-
validateUpdateAccess(accessScope: AccessScope, entityName?: string): void;
|
|
34
|
-
/**
|
|
35
|
-
* Validates if a user has access to delete entities
|
|
36
|
-
* @param accessScope - The access scope for the user
|
|
37
|
-
* @param entityName - The name of the entity (for error messages)
|
|
38
|
-
*/
|
|
39
|
-
validateDeleteAccess(accessScope: AccessScope, entityName?: string): void;
|
|
40
|
-
/**
|
|
41
|
-
* Validates if a user can update an entity with the specified organization/control centre changes
|
|
42
|
-
* @param accessScope - The access scope for the user
|
|
43
|
-
* @param existingEntity - The existing entity
|
|
44
|
-
* @param updateDto - The DTO containing updated organizationId/controlCentreId
|
|
45
|
-
* @param entityName - The name of the entity (for error messages)
|
|
46
|
-
*/
|
|
47
|
-
validateUpdateEntityAccess<T extends EntityAccessCheck, U extends UpdateEntityAccessCheck>(accessScope: AccessScope, existingEntity: T, updateDto: U, entityName?: string): void;
|
|
48
28
|
}
|