npm - hazo_auth - Versions diffs - 3.0.3 → 4.0.0 - Mend

hazo_auth 3.0.3 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (67) hide show

package/dist/lib/services/scope_service.js ADDED Viewed

@@ -0,0 +1,582 @@
+import { createCrudService } from "hazo_connect/server";
+import { create_app_logger } from "../app_logger";
+import { sanitize_error_for_user } from "../utils/error_sanitizer";
+// section: constants
+export const SCOPE_LEVELS = [
+    "hazo_scopes_l1",
+    "hazo_scopes_l2",
+    "hazo_scopes_l3",
+    "hazo_scopes_l4",
+    "hazo_scopes_l5",
+    "hazo_scopes_l6",
+    "hazo_scopes_l7",
+];
+export const SCOPE_LEVEL_NUMBERS = {
+    hazo_scopes_l1: 1,
+    hazo_scopes_l2: 2,
+    hazo_scopes_l3: 3,
+    hazo_scopes_l4: 4,
+    hazo_scopes_l5: 5,
+    hazo_scopes_l6: 6,
+    hazo_scopes_l7: 7,
+};
+// section: helpers
+/**
+ * Validates that the provided string is a valid scope level
+ */
+export function is_valid_scope_level(level) {
+    return SCOPE_LEVELS.includes(level);
+}
+/**
+ * Gets the parent level for a given scope level
+ * Returns undefined for L1 (root level)
+ */
+export function get_parent_level(level) {
+    const level_num = SCOPE_LEVEL_NUMBERS[level];
+    if (level_num === 1)
+        return undefined;
+    return `hazo_scopes_l${level_num - 1}`;
+}
+/**
+ * Gets the child level for a given scope level
+ * Returns undefined for L7 (leaf level)
+ */
+export function get_child_level(level) {
+    const level_num = SCOPE_LEVEL_NUMBERS[level];
+    if (level_num === 7)
+        return undefined;
+    return `hazo_scopes_l${level_num + 1}`;
+}
+/**
+ * Gets all scopes for a given level, optionally filtered by organization
+ */
+export async function get_scopes_by_level(adapter, level, org) {
+    try {
+        const scope_service = createCrudService(adapter, level);
+        let scopes;
+        if (org) {
+            scopes = await scope_service.findBy({ org });
+        }
+        else {
+            scopes = await scope_service.findBy({});
+        }
+        if (!Array.isArray(scopes)) {
+            return {
+                success: true,
+                scopes: [],
+            };
+        }
+        return {
+            success: true,
+            scopes: scopes,
+        };
+    }
+    catch (error) {
+        const logger = create_app_logger();
+        const error_message = sanitize_error_for_user(error, {
+            logToConsole: true,
+            logToLogger: true,
+            logger,
+            context: {
+                filename: "scope_service.ts",
+                line_number: 0,
+                operation: "get_scopes_by_level",
+                level,
+                org,
+            },
+        });
+        return {
+            success: false,
+            error: error_message,
+        };
+    }
+}
+/**
+ * Gets a single scope by ID
+ */
+export async function get_scope_by_id(adapter, level, scope_id) {
+    try {
+        const scope_service = createCrudService(adapter, level);
+        const scopes = await scope_service.findBy({ id: scope_id });
+        if (!Array.isArray(scopes) || scopes.length === 0) {
+            return {
+                success: false,
+                error: "Scope not found",
+            };
+        }
+        return {
+            success: true,
+            scope: scopes[0],
+        };
+    }
+    catch (error) {
+        const logger = create_app_logger();
+        const error_message = sanitize_error_for_user(error, {
+            logToConsole: true,
+            logToLogger: true,
+            logger,
+            context: {
+                filename: "scope_service.ts",
+                line_number: 0,
+                operation: "get_scope_by_id",
+                level,
+                scope_id,
+            },
+        });
+        return {
+            success: false,
+            error: error_message,
+        };
+    }
+}
+/**
+ * Gets a single scope by seq (friendly ID)
+ */
+export async function get_scope_by_seq(adapter, level, seq) {
+    try {
+        const scope_service = createCrudService(adapter, level);
+        const scopes = await scope_service.findBy({ seq });
+        if (!Array.isArray(scopes) || scopes.length === 0) {
+            return {
+                success: false,
+                error: "Scope not found",
+            };
+        }
+        return {
+            success: true,
+            scope: scopes[0],
+        };
+    }
+    catch (error) {
+        const logger = create_app_logger();
+        const error_message = sanitize_error_for_user(error, {
+            logToConsole: true,
+            logToLogger: true,
+            logger,
+            context: {
+                filename: "scope_service.ts",
+                line_number: 0,
+                operation: "get_scope_by_seq",
+                level,
+                seq,
+            },
+        });
+        return {
+            success: false,
+            error: error_message,
+        };
+    }
+}
+/**
+ * Creates a new scope
+ * Note: The seq field is auto-generated by the database via hazo_scope_id_generator function
+ */
+export async function create_scope(adapter, level, data) {
+    try {
+        const scope_service = createCrudService(adapter, level);
+        const now = new Date().toISOString();
+        // Validate parent_scope_id is required for L2-L7
+        const parent_level = get_parent_level(level);
+        if (parent_level && !data.parent_scope_id) {
+            return {
+                success: false,
+                error: `parent_scope_id is required for ${level}`,
+            };
+        }
+        // Validate parent exists if provided
+        if (data.parent_scope_id && parent_level) {
+            const parent_result = await get_scope_by_id(adapter, parent_level, data.parent_scope_id);
+            if (!parent_result.success) {
+                return {
+                    success: false,
+                    error: "Parent scope not found",
+                };
+            }
+        }
+        const insert_data = {
+            org: data.org,
+            name: data.name,
+            created_at: now,
+            changed_at: now,
+        };
+        if (data.parent_scope_id) {
+            insert_data.parent_scope_id = data.parent_scope_id;
+        }
+        const inserted = await scope_service.insert(insert_data);
+        if (!Array.isArray(inserted) || inserted.length === 0) {
+            return {
+                success: false,
+                error: "Failed to create scope",
+            };
+        }
+        return {
+            success: true,
+            scope: inserted[0],
+        };
+    }
+    catch (error) {
+        const logger = create_app_logger();
+        const error_message = sanitize_error_for_user(error, {
+            logToConsole: true,
+            logToLogger: true,
+            logger,
+            context: {
+                filename: "scope_service.ts",
+                line_number: 0,
+                operation: "create_scope",
+                level,
+                data,
+            },
+        });
+        return {
+            success: false,
+            error: error_message,
+        };
+    }
+}
+/**
+ * Updates an existing scope
+ */
+export async function update_scope(adapter, level, scope_id, data) {
+    try {
+        const scope_service = createCrudService(adapter, level);
+        const now = new Date().toISOString();
+        // Check scope exists
+        const existing = await get_scope_by_id(adapter, level, scope_id);
+        if (!existing.success) {
+            return existing;
+        }
+        // Validate parent if being changed
+        if (data.parent_scope_id !== undefined) {
+            const parent_level = get_parent_level(level);
+            if (parent_level && data.parent_scope_id) {
+                const parent_result = await get_scope_by_id(adapter, parent_level, data.parent_scope_id);
+                if (!parent_result.success) {
+                    return {
+                        success: false,
+                        error: "Parent scope not found",
+                    };
+                }
+            }
+        }
+        const update_data = {
+            changed_at: now,
+        };
+        if (data.name !== undefined) {
+            update_data.name = data.name;
+        }
+        if (data.parent_scope_id !== undefined) {
+            update_data.parent_scope_id = data.parent_scope_id;
+        }
+        const updated = await scope_service.updateById(scope_id, update_data);
+        if (!Array.isArray(updated) || updated.length === 0) {
+            return {
+                success: false,
+                error: "Failed to update scope",
+            };
+        }
+        return {
+            success: true,
+            scope: updated[0],
+        };
+    }
+    catch (error) {
+        const logger = create_app_logger();
+        const error_message = sanitize_error_for_user(error, {
+            logToConsole: true,
+            logToLogger: true,
+            logger,
+            context: {
+                filename: "scope_service.ts",
+                line_number: 0,
+                operation: "update_scope",
+                level,
+                scope_id,
+                data,
+            },
+        });
+        return {
+            success: false,
+            error: error_message,
+        };
+    }
+}
+/**
+ * Deletes a scope (cascades to children via database FK constraints)
+ */
+export async function delete_scope(adapter, level, scope_id) {
+    try {
+        const scope_service = createCrudService(adapter, level);
+        // Check scope exists
+        const existing = await get_scope_by_id(adapter, level, scope_id);
+        if (!existing.success) {
+            return existing;
+        }
+        await scope_service.deleteById(scope_id);
+        return {
+            success: true,
+            scope: existing.scope,
+        };
+    }
+    catch (error) {
+        const logger = create_app_logger();
+        const error_message = sanitize_error_for_user(error, {
+            logToConsole: true,
+            logToLogger: true,
+            logger,
+            context: {
+                filename: "scope_service.ts",
+                line_number: 0,
+                operation: "delete_scope",
+                level,
+                scope_id,
+            },
+        });
+        return {
+            success: false,
+            error: error_message,
+        };
+    }
+}
+/**
+ * Gets immediate children of a scope
+ */
+export async function get_scope_children(adapter, level, scope_id) {
+    try {
+        const child_level = get_child_level(level);
+        if (!child_level) {
+            return {
+                success: true,
+                scopes: [], // L7 has no children
+            };
+        }
+        const child_service = createCrudService(adapter, child_level);
+        const children = await child_service.findBy({ parent_scope_id: scope_id });
+        return {
+            success: true,
+            scopes: Array.isArray(children) ? children : [],
+        };
+    }
+    catch (error) {
+        const logger = create_app_logger();
+        const error_message = sanitize_error_for_user(error, {
+            logToConsole: true,
+            logToLogger: true,
+            logger,
+            context: {
+                filename: "scope_service.ts",
+                line_number: 0,
+                operation: "get_scope_children",
+                level,
+                scope_id,
+            },
+        });
+        return {
+            success: false,
+            error: error_message,
+        };
+    }
+}
+/**
+ * Gets all ancestors of a scope up to L1 (root)
+ * Returns array ordered from immediate parent to root (L1)
+ */
+export async function get_scope_ancestors(adapter, level, scope_id) {
+    try {
+        const ancestors = [];
+        // Get the scope first
+        const scope_result = await get_scope_by_id(adapter, level, scope_id);
+        if (!scope_result.success || !scope_result.scope) {
+            return scope_result;
+        }
+        let current_scope = scope_result.scope;
+        let current_level = level;
+        // Walk up the hierarchy
+        while (current_scope.parent_scope_id) {
+            const parent_level = get_parent_level(current_level);
+            if (!parent_level)
+                break;
+            const parent_result = await get_scope_by_id(adapter, parent_level, current_scope.parent_scope_id);
+            if (!parent_result.success || !parent_result.scope)
+                break;
+            ancestors.push(parent_result.scope);
+            current_scope = parent_result.scope;
+            current_level = parent_level;
+        }
+        return {
+            success: true,
+            scopes: ancestors,
+        };
+    }
+    catch (error) {
+        const logger = create_app_logger();
+        const error_message = sanitize_error_for_user(error, {
+            logToConsole: true,
+            logToLogger: true,
+            logger,
+            context: {
+                filename: "scope_service.ts",
+                line_number: 0,
+                operation: "get_scope_ancestors",
+                level,
+                scope_id,
+            },
+        });
+        return {
+            success: false,
+            error: error_message,
+        };
+    }
+}
+/**
+ * Gets all descendants of a scope down to L7 (leaves)
+ * Returns flat array of all descendant scopes
+ */
+export async function get_scope_descendants(adapter, level, scope_id) {
+    try {
+        const descendants = [];
+        // Recursive function to get all children
+        async function collect_descendants(current_level, current_id) {
+            const children_result = await get_scope_children(adapter, current_level, current_id);
+            if (children_result.success && children_result.scopes) {
+                for (const child of children_result.scopes) {
+                    descendants.push(child);
+                    const child_level = get_child_level(current_level);
+                    if (child_level) {
+                        await collect_descendants(child_level, child.id);
+                    }
+                }
+            }
+        }
+        await collect_descendants(level, scope_id);
+        return {
+            success: true,
+            scopes: descendants,
+        };
+    }
+    catch (error) {
+        const logger = create_app_logger();
+        const error_message = sanitize_error_for_user(error, {
+            logToConsole: true,
+            logToLogger: true,
+            logger,
+            context: {
+                filename: "scope_service.ts",
+                line_number: 0,
+                operation: "get_scope_descendants",
+                level,
+                scope_id,
+            },
+        });
+        return {
+            success: false,
+            error: error_message,
+        };
+    }
+}
+export async function get_scope_tree(adapter, org) {
+    try {
+        // Get all L1 scopes for this org
+        const l1_result = await get_scopes_by_level(adapter, "hazo_scopes_l1", org);
+        if (!l1_result.success || !l1_result.scopes) {
+            return l1_result;
+        }
+        // Build tree recursively
+        async function build_tree(scope, level) {
+            const node = Object.assign(Object.assign({}, scope), { level, children: [] });
+            const children_result = await get_scope_children(adapter, level, scope.id);
+            if (children_result.success && children_result.scopes) {
+                const child_level = get_child_level(level);
+                if (child_level) {
+                    for (const child of children_result.scopes) {
+                        const child_node = await build_tree(child, child_level);
+                        node.children.push(child_node);
+                    }
+                }
+            }
+            return node;
+        }
+        const tree = [];
+        for (const l1_scope of l1_result.scopes) {
+            const node = await build_tree(l1_scope, "hazo_scopes_l1");
+            tree.push(node);
+        }
+        return {
+            success: true,
+            tree,
+        };
+    }
+    catch (error) {
+        const logger = create_app_logger();
+        const error_message = sanitize_error_for_user(error, {
+            logToConsole: true,
+            logToLogger: true,
+            logger,
+            context: {
+                filename: "scope_service.ts",
+                line_number: 0,
+                operation: "get_scope_tree",
+                org,
+            },
+        });
+        return {
+            success: false,
+            error: error_message,
+        };
+    }
+}
+/**
+ * Gets all scope trees across all organizations
+ * Returns trees for all L1 scopes (top level)
+ */
+export async function get_all_scope_trees(adapter) {
+    try {
+        // Get all L1 scopes (no org filter)
+        const l1_result = await get_scopes_by_level(adapter, "hazo_scopes_l1");
+        if (!l1_result.success || !l1_result.scopes) {
+            return { success: true, trees: [] };
+        }
+        // Build tree recursively
+        async function build_tree(scope, level) {
+            const node = Object.assign(Object.assign({}, scope), { level, children: [] });
+            const children_result = await get_scope_children(adapter, level, scope.id);
+            if (children_result.success && children_result.scopes) {
+                const child_level = get_child_level(level);
+                if (child_level) {
+                    for (const child of children_result.scopes) {
+                        const child_node = await build_tree(child, child_level);
+                        node.children.push(child_node);
+                    }
+                }
+            }
+            return node;
+        }
+        // Build trees for all L1 scopes
+        const trees = [];
+        for (const scope of l1_result.scopes) {
+            const scopeTree = await build_tree(scope, "hazo_scopes_l1");
+            trees.push(scopeTree);
+        }
+        return {
+            success: true,
+            trees,
+        };
+    }
+    catch (error) {
+        const logger = create_app_logger();
+        const error_message = sanitize_error_for_user(error, {
+            logToConsole: true,
+            logToLogger: true,
+            logger,
+            context: {
+                filename: "scope_service.ts",
+                line_number: 0,
+                operation: "get_all_scope_trees",
+            },
+        });
+        return {
+            success: false,
+            error: error_message,
+        };
+    }
+}

package/dist/lib/services/user_scope_service.d.ts ADDED Viewed

@@ -0,0 +1,74 @@
+import type { HazoConnectAdapter } from "hazo_connect";
+import { type ScopeLevel } from "./scope_service";
+export type UserScope = {
+    user_id: string;
+    scope_id: string;
+    scope_seq: string;
+    scope_type: ScopeLevel;
+    created_at: string;
+    changed_at: string;
+};
+export type UserScopeResult = {
+    success: boolean;
+    scope?: UserScope;
+    scopes?: UserScope[];
+    error?: string;
+};
+export type ScopeAccessCheckResult = {
+    has_access: boolean;
+    access_via?: {
+        scope_type: ScopeLevel;
+        scope_id: string;
+        scope_seq: string;
+    };
+    user_scopes?: UserScope[];
+};
+/**
+ * Gets all scope assignments for a user
+ */
+export declare function get_user_scopes(adapter: HazoConnectAdapter, user_id: string): Promise<UserScopeResult>;
+/**
+ * Gets all users assigned to a specific scope
+ */
+export declare function get_users_by_scope(adapter: HazoConnectAdapter, scope_type: ScopeLevel, scope_id: string): Promise<UserScopeResult>;
+/**
+ * Assigns a scope to a user
+ */
+export declare function assign_user_scope(adapter: HazoConnectAdapter, user_id: string, scope_type: ScopeLevel, scope_id: string, scope_seq: string): Promise<UserScopeResult>;
+/**
+ * Removes a scope assignment from a user
+ */
+export declare function remove_user_scope(adapter: HazoConnectAdapter, user_id: string, scope_type: ScopeLevel, scope_id: string): Promise<UserScopeResult>;
+/**
+ * Bulk update user scope assignments
+ * Replaces all existing assignments with the new set
+ */
+export declare function update_user_scopes(adapter: HazoConnectAdapter, user_id: string, new_scopes: Array<{
+    scope_type: ScopeLevel;
+    scope_id: string;
+    scope_seq: string;
+}>): Promise<UserScopeResult>;
+/**
+ * Checks if a user has access to a specific scope
+ * Access is granted if:
+ * 1. User has the exact scope assigned, OR
+ * 2. User has access to an ancestor scope (L2 user can access L3, L4, etc.)
+ *
+ * @param adapter - HazoConnect adapter
+ * @param user_id - User ID to check
+ * @param target_scope_type - The scope level being accessed
+ * @param target_scope_id - The scope ID being accessed (optional if target_scope_seq provided)
+ * @param target_scope_seq - The scope seq being accessed (optional if target_scope_id provided)
+ */
+export declare function check_user_scope_access(adapter: HazoConnectAdapter, user_id: string, target_scope_type: ScopeLevel, target_scope_id?: string, target_scope_seq?: string): Promise<ScopeAccessCheckResult>;
+/**
+ * Gets the effective scopes a user has access to
+ * This includes directly assigned scopes and all their descendants
+ */
+export declare function get_user_effective_scopes(adapter: HazoConnectAdapter, user_id: string): Promise<{
+    success: boolean;
+    direct_scopes?: UserScope[];
+    inherited_scope_types?: ScopeLevel[];
+    error?: string;
+}>;
+//# sourceMappingURL=user_scope_service.d.ts.map

package/dist/lib/services/user_scope_service.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"user_scope_service.d.ts","sourceRoot":"","sources":["../../../src/lib/services/user_scope_service.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAIvD,OAAO,EACL,KAAK,UAAU,EAOhB,MAAM,iBAAiB,CAAC;AAGzB,MAAM,MAAM,SAAS,GAAG;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,UAAU,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,eAAe,GAAG;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,SAAS,CAAC;IAClB,MAAM,CAAC,EAAE,SAAS,EAAE,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,MAAM,MAAM,sBAAsB,GAAG;IACnC,UAAU,EAAE,OAAO,CAAC;IACpB,UAAU,CAAC,EAAE;QACX,UAAU,EAAE,UAAU,CAAC;QACvB,QAAQ,EAAE,MAAM,CAAC;QACjB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;IACF,WAAW,CAAC,EAAE,SAAS,EAAE,CAAC;CAC3B,CAAC;AAIF;;GAEG;AACH,wBAAsB,eAAe,CACnC,OAAO,EAAE,kBAAkB,EAC3B,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,eAAe,CAAC,CA4B1B;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CACtC,OAAO,EAAE,kBAAkB,EAC3B,UAAU,EAAE,UAAU,EACtB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,eAAe,CAAC,CA6B1B;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,kBAAkB,EAC3B,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,UAAU,EACtB,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,eAAe,CAAC,CAsE1B;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,kBAAkB,EAC3B,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,UAAU,EACtB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,eAAe,CAAC,CA0E1B;AAED;;;GAGG;AACH,wBAAsB,kBAAkB,CACtC,OAAO,EAAE,kBAAkB,EAC3B,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,KAAK,CAAC;IAAE,UAAU,EAAE,UAAU,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAAC,GACjF,OAAO,CAAC,eAAe,CAAC,CAgE1B;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,uBAAuB,CAC3C,OAAO,EAAE,kBAAkB,EAC3B,OAAO,EAAE,MAAM,EACf,iBAAiB,EAAE,UAAU,EAC7B,eAAe,CAAC,EAAE,MAAM,EACxB,gBAAgB,CAAC,EAAE,MAAM,GACxB,OAAO,CAAC,sBAAsB,CAAC,CAmHjC;AAED;;;GAGG;AACH,wBAAsB,yBAAyB,CAC7C,OAAO,EAAE,kBAAkB,EAC3B,OAAO,EAAE,MAAM,GACd,OAAO,CAAC;IACT,OAAO,EAAE,OAAO,CAAC;IACjB,aAAa,CAAC,EAAE,SAAS,EAAE,CAAC;IAC5B,qBAAqB,CAAC,EAAE,UAAU,EAAE,CAAC;IACrC,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC,CAgDD"}