npm - mftsccs-node - Versions diffs - 0.2.19 → 0.2.21 - Mend

mftsccs-node 0.2.19 → 0.2.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/types/DataStructures/AccessControl/AccessControlModels.d.ts CHANGED Viewed

@@ -46,10 +46,12 @@ export interface BulkAccessRequest {
 }
 /**
  * Request model for bulk check access operations
+ * Mirrors C# BulkCheckAccessRequest
  */
 export interface BulkCheckAccessRequest {
-    accessId: number;
-    targets: BulkAccessTarget[];
+    accessIds: number[];
+    permission: string;
+    entityId?: number | null;
 }
 /**
  * Request model for access inheritance operations
@@ -65,6 +67,36 @@ export interface AccessInheritanceRequest {
 export interface SuperAdminRequest {
     accessId?: number | null;
 }
+/**
+ * Request model for parent access inheritance operations
+ * Mirrors C# ParentAccessInheritanceRequest
+ */
+export interface ParentAccessInheritanceRequest {
+    parentAccessId: number;
+    childAccessId?: number | null;
+}
+export interface ParentAccessInheritanceWithConceptRequest {
+    parentConceptId: number;
+    childConceptId?: number | null;
+}
+export interface BulkParentAccessInheritanceWithConceptRequest {
+    parentConceptId: number;
+    childConceptIds: number[];
+}
+export interface BulkParentAccessInheritanceResult {
+    childConceptId: number;
+    accessId: number;
+    success: boolean;
+    message?: string;
+}
+export interface SuperAdminWithConceptRequest {
+    conceptId: number;
+}
+export interface AccessInheritanceWithConceptRequest {
+    conceptId: number;
+    connectionTypeId?: number;
+    enable?: boolean;
+}
 /**
  * Standard API response wrapper for access control endpoints
  */

package/dist/types/Services/AccessControl/APIClientService.d.ts CHANGED Viewed

@@ -6,7 +6,7 @@
  *
  * This is the TypeScript equivalent of the C# APIClientService class.
  */
-import { AccessRequest, AccessResult, AccessControlAPIResponse, BulkAccessRequest, BulkCheckAccessRequest, AccessInheritanceRequest, SuperAdminRequest } from '../../DataStructures/AccessControl/AccessControlModels';
+import { AccessRequest, AccessResult, AccessControlAPIResponse, BulkAccessRequest, BulkCheckAccessRequest, AccessInheritanceRequest, SuperAdminRequest, ParentAccessInheritanceRequest, ParentAccessInheritanceWithConceptRequest, BulkParentAccessInheritanceWithConceptRequest, BulkParentAccessInheritanceResult, SuperAdminWithConceptRequest, AccessInheritanceWithConceptRequest } from '../../DataStructures/AccessControl/AccessControlModels';
 export interface IAPIClientService {
     assignAccessAsync(request: AccessRequest): Promise<AccessControlAPIResponse<AccessResult>>;
     checkAccessAsync(request: AccessRequest): Promise<AccessControlAPIResponse<AccessResult>>;
@@ -20,6 +20,21 @@ export interface IAPIClientService {
     assignSuperAdminAccessAsync(request: SuperAdminRequest): Promise<AccessControlAPIResponse>;
     revokeSuperAdminAccessAsync(request: SuperAdminRequest): Promise<AccessControlAPIResponse>;
     checkSuperAdminStatusAsync(accessId: number): Promise<AccessControlAPIResponse>;
+    setParentAccessInheritanceAsync(request: ParentAccessInheritanceRequest): Promise<AccessControlAPIResponse>;
+    removeParentAccessInheritanceAsync(accessId: number, parentAccessId?: number): Promise<AccessControlAPIResponse>;
+    hasParentAccessInheritanceAsync(accessId: number, parentAccessId?: number): Promise<AccessControlAPIResponse>;
+    getParentAccessIdAsync(accessId: number): Promise<AccessControlAPIResponse>;
+    setParentAccessInheritanceByConceptAsync(request: ParentAccessInheritanceWithConceptRequest): Promise<AccessControlAPIResponse>;
+    setParentAccessInheritanceBulkByConceptAsync(request: BulkParentAccessInheritanceWithConceptRequest): Promise<AccessControlAPIResponse<BulkParentAccessInheritanceResult[]>>;
+    removeParentAccessInheritanceByConceptAsync(childConceptId: number, parentConceptId?: number): Promise<AccessControlAPIResponse>;
+    removeParentAccessInheritanceBulkByConceptAsync(request: BulkParentAccessInheritanceWithConceptRequest): Promise<AccessControlAPIResponse<BulkParentAccessInheritanceResult[]>>;
+    hasParentAccessInheritanceByConceptAsync(childConceptId: number, parentConceptId?: number): Promise<AccessControlAPIResponse>;
+    getParentAccessIdByConceptAsync(childConceptId: number): Promise<AccessControlAPIResponse>;
+    assignSuperAdminByConceptAsync(request: SuperAdminWithConceptRequest): Promise<AccessControlAPIResponse>;
+    revokeSuperAdminByConceptAsync(request: SuperAdminWithConceptRequest): Promise<AccessControlAPIResponse>;
+    checkSuperAdminByConceptAsync(conceptId: number): Promise<AccessControlAPIResponse>;
+    setAccessInheritanceByConceptAsync(request: AccessInheritanceWithConceptRequest): Promise<AccessControlAPIResponse>;
+    getAccessInheritanceStatusByConceptAsync(conceptId: number, connectionTypeId?: number): Promise<AccessControlAPIResponse>;
 }
 export declare class APIClientService implements IAPIClientService {
     private readonly baseUrl;
@@ -84,4 +99,64 @@ export declare class APIClientService implements IAPIClientService {
      * Check super admin status
      */
     checkSuperAdminStatusAsync(accessId: number): Promise<AccessControlAPIResponse>;
+    /**
+     * Set parent access inheritance link
+     */
+    setParentAccessInheritanceAsync(request: ParentAccessInheritanceRequest): Promise<AccessControlAPIResponse>;
+    /**
+     * Remove parent access inheritance link
+     */
+    removeParentAccessInheritanceAsync(accessId: number, parentAccessId?: number): Promise<AccessControlAPIResponse>;
+    /**
+     * Check if parent access inheritance link exists
+     */
+    hasParentAccessInheritanceAsync(accessId: number, parentAccessId?: number): Promise<AccessControlAPIResponse>;
+    /**
+     * Get the parent access ID for a given access ID
+     */
+    getParentAccessIdAsync(accessId: number): Promise<AccessControlAPIResponse>;
+    /**
+     * Set parent access inheritance by concept IDs (server resolves conceptId → accessId)
+     */
+    setParentAccessInheritanceByConceptAsync(request: ParentAccessInheritanceWithConceptRequest): Promise<AccessControlAPIResponse>;
+    /**
+     * Set parent access inheritance for multiple children with one parent (concept-based)
+     */
+    setParentAccessInheritanceBulkByConceptAsync(request: BulkParentAccessInheritanceWithConceptRequest): Promise<AccessControlAPIResponse<BulkParentAccessInheritanceResult[]>>;
+    /**
+     * Remove parent access inheritance by concept IDs
+     */
+    removeParentAccessInheritanceByConceptAsync(childConceptId: number, parentConceptId?: number): Promise<AccessControlAPIResponse>;
+    /**
+     * Remove parent access inheritance for multiple children (concept-based)
+     */
+    removeParentAccessInheritanceBulkByConceptAsync(request: BulkParentAccessInheritanceWithConceptRequest): Promise<AccessControlAPIResponse<BulkParentAccessInheritanceResult[]>>;
+    /**
+     * Check if parent access inheritance exists by concept IDs
+     */
+    hasParentAccessInheritanceByConceptAsync(childConceptId: number, parentConceptId?: number): Promise<AccessControlAPIResponse>;
+    /**
+     * Get the parent access ID by child concept ID
+     */
+    getParentAccessIdByConceptAsync(childConceptId: number): Promise<AccessControlAPIResponse>;
+    /**
+     * Assign super admin by concept ID
+     */
+    assignSuperAdminByConceptAsync(request: SuperAdminWithConceptRequest): Promise<AccessControlAPIResponse>;
+    /**
+     * Revoke super admin by concept ID
+     */
+    revokeSuperAdminByConceptAsync(request: SuperAdminWithConceptRequest): Promise<AccessControlAPIResponse>;
+    /**
+     * Check super admin status by concept ID
+     */
+    checkSuperAdminByConceptAsync(conceptId: number): Promise<AccessControlAPIResponse>;
+    /**
+     * Set access inheritance by concept ID
+     */
+    setAccessInheritanceByConceptAsync(request: AccessInheritanceWithConceptRequest): Promise<AccessControlAPIResponse>;
+    /**
+     * Get access inheritance status by concept ID
+     */
+    getAccessInheritanceStatusByConceptAsync(conceptId: number, connectionTypeId?: number): Promise<AccessControlAPIResponse>;
 }

package/dist/types/Services/AccessControl/AccessControlCacheService.d.ts CHANGED Viewed

@@ -1,10 +1,10 @@
 /**
  * CacheService
  *
- * Thread-safe in-memory cache for access checks.
+ * Thread-safe in-memory cache for access checks with TTL-based expiration.
  * Supports single and bulk queries with secondary indexes.
  * Key format: "{accessId}:{permission}:{entityId}"
- * Value: boolean (HasAccess)
+ * Value: CacheEntry { value: boolean, expiresAt: number }
  *
  * This is the TypeScript equivalent of the C# CacheService class.
  */
@@ -25,16 +25,17 @@ export declare class CacheService implements ICacheService {
     private readonly accessIndex;
     private readonly entityIndex;
     private static readonly superAdminCache;
+    private setCounter;
     /**
      * Generate a cache key from accessId, permission, and entityId
      */
     private generateKey;
     /**
-     * Get cached access. Returns true/false if present, null if not cached.
+     * Get cached access. Returns true/false if present and not expired, null if not cached or expired.
      */
     get(accessId: number, permission: string, entityId?: number | null): boolean | null;
     /**
-     * Set or update cached access
+     * Set or update cached access with TTL
      */
     set(accessId: number, permission: string, entityId: number | null | undefined, hasAccess: boolean): void;
     /**
@@ -46,25 +47,27 @@ export declare class CacheService implements ICacheService {
      */
     clear(): void;
     /**
-     * Get all permissions for a specific accessId + entityId
+     * Sweep all expired entries from access cache, indexes, and super admin cache
+     */
+    private sweepExpired;
+    /**
+     * Get all permissions for a specific accessId + entityId (excludes expired entries)
      */
     getPermissionsByAccessAndEntity(accessId: number, entityId?: number | null): Map<string, boolean>;
     /**
-     * Get all permissions for a specific accessId across all entities
-     * Returns a Map with key tuple (entityId, permission) and value hasAccess
+     * Get all permissions for a specific accessId across all entities (excludes expired entries)
      */
     getPermissionsByAccess(accessId: number): Map<string, boolean>;
     /**
-     * Get all permissions for a specific entity across all accessIds
-     * Returns a Map with key tuple (accessId, permission) and value hasAccess
+     * Get all permissions for a specific entity across all accessIds (excludes expired entries)
      */
     getPermissionsByEntity(entityId: number): Map<string, boolean>;
     /**
-     * Get cached super admin status for an entity
+     * Get cached super admin status for an entity (returns null if expired or not cached)
      */
     getSuperAdmin(entityId: number): boolean | null;
     /**
-     * Set super admin status for an entity
+     * Set super admin status for an entity with TTL
      */
     setSuperAdmin(entityId: number, isSuperAdmin: boolean): void;
     /**

package/dist/types/Services/AccessControl/AccessControlService.d.ts CHANGED Viewed

@@ -2,24 +2,24 @@
  * AccessControlService
  *
  * This service provides access control functionality including:
- * - Check access for concepts with complex permission logic
+ * - 5-phase bulk access check with BFS inheritance graph traversal
  * - Assign and revoke access permissions
  * - Bulk operations for access management
  * - Super admin checks with caching
- * - Access inheritance management
+ * - Access inheritance management (including parent access inheritance)
  *
- * This is the TypeScript equivalent of the C# AccessControlService class.
+ * This is the TypeScript equivalent of the C# AccessControlService class (v3.4.0).
  * All methods are static and can be called directly on the class.
  */
-import { AccessResult, BulkAccessRequest } from '../../DataStructures/AccessControl/AccessControlModels';
+import { AccessResult, BulkAccessRequest, BulkParentAccessInheritanceResult } from '../../DataStructures/AccessControl/AccessControlModels';
 import { PermissionSet } from './PermissionSet';
 export declare class AccessControlService {
     private static cacheService;
     private static apiClient;
     private static initialize;
     /**
-     * Check whether a user/entity has the specified permission.
-     * Returns true if allowed, false otherwise.
+     * Check whether a user/entity has the specified permission on a single concept.
+     * Delegates to checkAccessBulk for full inheritance + group resolution.
      *
      * @param conceptId - The ID of the concept to check access for
      * @param permission - The permission to check (PermissionSet flags)
@@ -27,9 +27,25 @@ export declare class AccessControlService {
      * @returns Promise<boolean> - True if access is granted, false otherwise
      */
     static checkAccess(conceptId: number, permission: PermissionSet, entityId?: number | null): Promise<boolean>;
+    /**
+     * 5-phase bulk access check algorithm.
+     * Matches the C# AccessControlService.CheckAccessBulk implementation.
+     *
+     * Phase 1: Super-admin short-circuit
+     * Phase 2: Fast-path classification (owner, public, type concepts)
+     * Phase 3: BFS inheritance graph resolution (3 sources)
+     * Phase 4: Bulk access decision resolution (cache + API)
+     * Phase 5: Grant-only merge per concept
+     *
+     * @param conceptIds - List of concept IDs to check
+     * @param permission - The permission to check (PermissionSet flags)
+     * @param entityId - Optional entity ID
+     * @returns Promise<Map<number, boolean>> - conceptId → hasAccess
+     */
+    static checkAccessBulk(conceptIds: number[], permission: PermissionSet, entityId?: number | null): Promise<Map<number, boolean>>;
     /**
      * Get all conceptIds which have a certain permission for an entity.
-     * Optional filter by a list of conceptIds.
+     * Delegates to checkAccessBulk for full inheritance support.
      *
      * @param permission - The permission to check (PermissionSet flags)
      * @param conceptIdsFilter - List of concept IDs to filter
@@ -37,6 +53,32 @@ export declare class AccessControlService {
      * @returns Promise<number[]> - Array of concept IDs that have the permission
      */
     static getConceptIdsWithPermission(permission: PermissionSet, conceptIdsFilter: number[], entityId?: number | null): Promise<number[]>;
+    /**
+     * Resolve inheritance graph via 3-source BFS, depth-limited to MAX_BFS_DEPTH.
+     *
+     * Source 1: FreeSchema internal connections ("the_parent_access_inheritance")
+     * Source 2: Explicit parent access links (via Access API)
+     * Source 3: Concept-connection access inheritance
+     *
+     * @returns Map<number, number[]> — accessId → [self, parent1, grandparent1, ...]
+     */
+    private static resolveBulkInheritanceGraph;
+    /**
+     * Resolve access decisions for all (accessId × subject) combinations.
+     * Probes cache first, then makes bulk API calls for misses.
+     *
+     * @returns Map with key "accessId:subjectId" → hasAccess
+     */
+    private static resolveBulkDecisions;
+    /**
+     * Resolve all subjects for an entity: [null, entityId, ...groupIds]
+     */
+    private static resolveSubjects;
+    /**
+     * Check if any grant exists across own chain + type chain for any subject.
+     * Grant-only model: any grant → ALLOW, no grants → DENY.
+     */
+    private static hasAnyGrant;
     /**
      * Assign access permission to an entity
      *
@@ -93,6 +135,53 @@ export declare class AccessControlService {
      * @returns Promise<boolean> - True if successful, false otherwise
      */
     static setAccessInheritanceStatus(conceptId: number, isEnabled: boolean, connectionTypeId?: number): Promise<boolean>;
+    /**
+     * Set parent access inheritance link for a concept
+     *
+     * @param conceptId - The child concept ID
+     * @param parentConceptId - The parent concept ID to inherit from
+     * @returns Promise<number> - The new access ID, or existing access ID
+     */
+    static setParentAccessInheritance(conceptId: number, parentConceptId: number): Promise<number>;
+    /**
+     * Remove parent access inheritance link
+     *
+     * @param conceptId - The child concept ID
+     * @param parentConceptId - Optional parent concept ID (removes specific link or all)
+     * @returns Promise<string> - Status message
+     */
+    static removeParentAccessInheritance(conceptId: number, parentConceptId?: number): Promise<string>;
+    /**
+     * Check if parent access inheritance link exists
+     *
+     * @param conceptId - The child concept ID
+     * @param parentConceptId - Optional parent concept ID to check specific link
+     * @returns Promise<boolean> - True if link exists
+     */
+    static hasParentAccessInheritance(conceptId: number, parentConceptId?: number): Promise<boolean>;
+    /**
+     * Get the parent access ID for a concept
+     *
+     * @param conceptId - The child concept ID
+     * @returns Promise<number | null> - Parent access ID or null
+     */
+    static getParentAccessId(conceptId: number): Promise<number | null>;
+    /**
+     * Set parent access inheritance for multiple children with one parent
+     *
+     * @param childConceptIds - List of child concept IDs
+     * @param parentConceptId - The parent concept ID to inherit from
+     * @returns Promise<BulkParentAccessInheritanceResult[]> - Results per child
+     */
+    static setParentAccessInheritanceBulk(childConceptIds: number[], parentConceptId: number): Promise<BulkParentAccessInheritanceResult[]>;
+    /**
+     * Remove parent access inheritance for multiple children
+     *
+     * @param childConceptIds - List of child concept IDs
+     * @param parentConceptId - Optional parent concept ID
+     * @returns Promise<BulkParentAccessInheritanceResult[]> - Results per child
+     */
+    static removeParentAccessInheritanceBulk(childConceptIds: number[], parentConceptId?: number): Promise<BulkParentAccessInheritanceResult[]>;
     /**
      * Check if an entity is a super admin
      * Uses caching for performance
@@ -116,19 +205,21 @@ export declare class AccessControlService {
      */
     static revokeSuperAdmin(entityId: number): Promise<string>;
     /**
-     * Convert PermissionSet to string for API calls
+     * Parse boolean from API response data.
+     * Handles: raw boolean, string, object with known property names.
+     * Matches C# ParseBoolData helper.
      */
-    private static permissionSetToString;
+    private static parseBoolData;
     /**
-     * Internal method to check access via cache or API
-     *
-     * @param accessId - The access ID to check
-     * @param permission - The permission to check (string)
-     * @param entityId - Optional entity ID
-     * @returns Promise<boolean> - True if access is granted, false otherwise
+     * Parse integer from API response data.
+     * Handles: raw number, string, object with known property names.
+     * Matches C# ParseIntData helper.
      */
-    private static checkAccessInternal;
-    private static checkGroupAccessInternal;
+    private static parseIntData;
+    /**
+     * Convert PermissionSet to string for API calls
+     */
+    private static permissionSetToString;
     /**
      * Clear all access cache entries
      */

package/dist/types/Services/AccessControl/index.d.ts CHANGED Viewed

@@ -12,4 +12,4 @@ export { AccessControlService } from './AccessControlService';
 export { CacheService, ICacheService } from './AccessControlCacheService';
 export { APIClientService, IAPIClientService } from './APIClientService';
 export { PermissionSet, getPermissionSetFromStrings, getStringsFromPermissionSet, isValidPermission } from './PermissionSet';
-export { PermissionSet as PermissionSetEnum, AccessRequest, AccessResult, BulkAccessRequest, BulkAccessTarget, BulkCheckAccessRequest, AccessInheritanceRequest, SuperAdminRequest, AccessControlAPIResponse, AccessControlApiResponse, AddAccessByEntityRequest, AddPublicAccessToConcept, AddAccessByEntityBulkRequest, AddAccessByUserRequest, CheckAccessBulk, VALID_PERMISSIONS, isValidPermission as isValidPermissionFromModels } from '../../DataStructures/AccessControl/AccessControlModels';
+export { PermissionSet as PermissionSetEnum, AccessRequest, AccessResult, BulkAccessRequest, BulkAccessTarget, BulkCheckAccessRequest, AccessInheritanceRequest, SuperAdminRequest, AccessControlAPIResponse, AccessControlApiResponse, AddAccessByEntityRequest, AddPublicAccessToConcept, AddAccessByEntityBulkRequest, AddAccessByUserRequest, CheckAccessBulk, ParentAccessInheritanceRequest, VALID_PERMISSIONS, isValidPermission as isValidPermissionFromModels } from '../../DataStructures/AccessControl/AccessControlModels';

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "mftsccs-node",
-  "version": "0.2.19",
+  "version": "0.2.21",
   "environment": "production",
   "description": "Full Pack of concept and connection system",
   "main": "dist/bundle.js",