permissions-contractx 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +1397 -0
- package/dist/constants/contractx-permissions.constants.d.ts +310 -0
- package/dist/constants/contractx-permissions.constants.d.ts.map +1 -0
- package/dist/constants/contractx-permissions.constants.js +1061 -0
- package/dist/constants/contractx-roles.constants.d.ts +295 -0
- package/dist/constants/contractx-roles.constants.d.ts.map +1 -0
- package/dist/constants/contractx-roles.constants.js +238 -0
- package/dist/constants/index.d.ts +3 -0
- package/dist/constants/index.d.ts.map +1 -0
- package/dist/constants/index.js +18 -0
- package/dist/constants/security.constants.d.ts +77 -0
- package/dist/constants/security.constants.d.ts.map +1 -0
- package/dist/constants/security.constants.js +139 -0
- package/dist/decorators/current-user.decorator.d.ts +73 -0
- package/dist/decorators/current-user.decorator.d.ts.map +1 -0
- package/dist/decorators/current-user.decorator.js +91 -0
- package/dist/decorators/index.d.ts +5 -0
- package/dist/decorators/index.d.ts.map +1 -0
- package/dist/decorators/index.js +20 -0
- package/dist/decorators/permissions.decorator.d.ts +97 -0
- package/dist/decorators/permissions.decorator.d.ts.map +1 -0
- package/dist/decorators/permissions.decorator.js +106 -0
- package/dist/decorators/public.decorator.d.ts +18 -0
- package/dist/decorators/public.decorator.d.ts.map +1 -0
- package/dist/decorators/public.decorator.js +22 -0
- package/dist/decorators/roles.decorator.d.ts +79 -0
- package/dist/decorators/roles.decorator.d.ts.map +1 -0
- package/dist/decorators/roles.decorator.js +87 -0
- package/dist/guards/index.d.ts +4 -0
- package/dist/guards/index.d.ts.map +1 -0
- package/dist/guards/index.js +19 -0
- package/dist/guards/jwt-auth.guard.d.ts +21 -0
- package/dist/guards/jwt-auth.guard.d.ts.map +1 -0
- package/dist/guards/jwt-auth.guard.js +115 -0
- package/dist/guards/permissions.guard.d.ts +14 -0
- package/dist/guards/permissions.guard.d.ts.map +1 -0
- package/dist/guards/permissions.guard.js +77 -0
- package/dist/guards/roles.guard.d.ts +13 -0
- package/dist/guards/roles.guard.d.ts.map +1 -0
- package/dist/guards/roles.guard.js +59 -0
- package/dist/index.d.ts +8 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +28 -0
- package/dist/interfaces/index.d.ts +2 -0
- package/dist/interfaces/index.d.ts.map +1 -0
- package/dist/interfaces/index.js +17 -0
- package/dist/interfaces/jwt-payload.interface.d.ts +93 -0
- package/dist/interfaces/jwt-payload.interface.d.ts.map +1 -0
- package/dist/interfaces/jwt-payload.interface.js +2 -0
- package/dist/modules/index.d.ts +2 -0
- package/dist/modules/index.d.ts.map +1 -0
- package/dist/modules/index.js +17 -0
- package/dist/modules/permissions-contractx.module.d.ts +41 -0
- package/dist/modules/permissions-contractx.module.d.ts.map +1 -0
- package/dist/modules/permissions-contractx.module.js +215 -0
- package/dist/services/contractx-authorization.service.d.ts +107 -0
- package/dist/services/contractx-authorization.service.d.ts.map +1 -0
- package/dist/services/contractx-authorization.service.js +362 -0
- package/dist/services/contractx-document-compliance.service.d.ts +85 -0
- package/dist/services/contractx-document-compliance.service.d.ts.map +1 -0
- package/dist/services/contractx-document-compliance.service.js +536 -0
- package/dist/services/contractx-validation.service.d.ts +76 -0
- package/dist/services/contractx-validation.service.d.ts.map +1 -0
- package/dist/services/contractx-validation.service.js +305 -0
- package/dist/services/index.d.ts +6 -0
- package/dist/services/index.d.ts.map +1 -0
- package/dist/services/index.js +20 -0
- package/dist/services/user-context.service.d.ts +114 -0
- package/dist/services/user-context.service.d.ts.map +1 -0
- package/dist/services/user-context.service.js +199 -0
- package/dist/test-document-compliance.d.ts +7 -0
- package/dist/test-document-compliance.d.ts.map +1 -0
- package/dist/test-document-compliance.js +118 -0
- package/package.json +405 -0
|
@@ -0,0 +1,536 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* ContractX Document Compliance Service
|
|
4
|
+
* Validates permissions-contractx package compliance with PermisosRoles.odt document requirements
|
|
5
|
+
*/
|
|
6
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
7
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
8
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
9
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
10
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
11
|
+
};
|
|
12
|
+
var ContractXDocumentComplianceService_1;
|
|
13
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
14
|
+
exports.ContractXDocumentComplianceService = void 0;
|
|
15
|
+
const common_1 = require("@nestjs/common");
|
|
16
|
+
const contractx_permissions_constants_1 = require("../constants/contractx-permissions.constants");
|
|
17
|
+
let ContractXDocumentComplianceService = ContractXDocumentComplianceService_1 = class ContractXDocumentComplianceService {
|
|
18
|
+
constructor() {
|
|
19
|
+
this.logger = new common_1.Logger(ContractXDocumentComplianceService_1.name);
|
|
20
|
+
/**
|
|
21
|
+
* Document-based role requirements extracted from PermisosRoles.odt
|
|
22
|
+
*/
|
|
23
|
+
this.DOCUMENT_REQUIREMENTS = {
|
|
24
|
+
// System Roles
|
|
25
|
+
'superadmin': {
|
|
26
|
+
role: 'superadmin',
|
|
27
|
+
category: 'system',
|
|
28
|
+
permissions: {
|
|
29
|
+
clients: ['c', 'r', 'u', 'd', 'f'],
|
|
30
|
+
contracts: ['c', 'r', 'u', 'd', 'f'],
|
|
31
|
+
users: ['c', 'r', 'u', 'd', 'f'],
|
|
32
|
+
providers: ['c', 'r', 'u', 'd', 'f'],
|
|
33
|
+
documents: ['c', 'r', 'u', 'd', 'f'],
|
|
34
|
+
clauses: ['c', 'r', 'u', 'd', 'f'],
|
|
35
|
+
deliverables: ['c', 'r', 'u', 'd', 'f'],
|
|
36
|
+
subdeliverables: ['c', 'r', 'u', 'd', 'f'],
|
|
37
|
+
deliverable_history: ['c', 'r', 'u', 'd', 'f'],
|
|
38
|
+
sla_services: ['c', 'r', 'u', 'd', 'f'],
|
|
39
|
+
measurement_windows: ['c', 'r', 'u', 'd', 'f'],
|
|
40
|
+
credit_service_levels: ['c', 'r', 'u', 'd', 'f'],
|
|
41
|
+
meetings: ['c', 'r', 'u', 'd', 'f'],
|
|
42
|
+
meeting_participants: ['c', 'r', 'u', 'd', 'f'],
|
|
43
|
+
action_items: ['c', 'r', 'u', 'd', 'f'],
|
|
44
|
+
notification_escalations: ['c', 'r', 'u', 'd', 'f'],
|
|
45
|
+
invoice_services: ['c', 'r', 'u', 'd', 'f'],
|
|
46
|
+
invoice_lines: ['c', 'r', 'u', 'd', 'f'],
|
|
47
|
+
security_control: ['c', 'r', 'u', 'd', 'f'],
|
|
48
|
+
configuration: ['c', 'r', 'u', 'd', 'f'],
|
|
49
|
+
workflows: ['c', 'r', 'u', 'd', 'f']
|
|
50
|
+
},
|
|
51
|
+
restrictions: []
|
|
52
|
+
},
|
|
53
|
+
'support': {
|
|
54
|
+
role: 'support',
|
|
55
|
+
category: 'system',
|
|
56
|
+
permissions: {
|
|
57
|
+
// All modules except clients (same as superadmin but no client access)
|
|
58
|
+
contracts: ['c', 'r', 'u', 'd', 'f'],
|
|
59
|
+
users: ['c', 'r', 'u', 'd', 'f'],
|
|
60
|
+
providers: ['c', 'r', 'u', 'd', 'f'],
|
|
61
|
+
documents: ['c', 'r', 'u', 'd', 'f'],
|
|
62
|
+
clauses: ['c', 'r', 'u', 'd', 'f'],
|
|
63
|
+
deliverables: ['c', 'r', 'u', 'd', 'f'],
|
|
64
|
+
subdeliverables: ['c', 'r', 'u', 'd', 'f'],
|
|
65
|
+
deliverable_history: ['c', 'r', 'u', 'd', 'f'],
|
|
66
|
+
sla_services: ['c', 'r', 'u', 'd', 'f'],
|
|
67
|
+
measurement_windows: ['c', 'r', 'u', 'd', 'f'],
|
|
68
|
+
credit_service_levels: ['c', 'r', 'u', 'd', 'f'],
|
|
69
|
+
meetings: ['c', 'r', 'u', 'd', 'f'],
|
|
70
|
+
meeting_participants: ['c', 'r', 'u', 'd', 'f'],
|
|
71
|
+
action_items: ['c', 'r', 'u', 'd', 'f'],
|
|
72
|
+
notification_escalations: ['c', 'r', 'u', 'd', 'f'],
|
|
73
|
+
invoice_services: ['c', 'r', 'u', 'd', 'f'],
|
|
74
|
+
invoice_lines: ['c', 'r', 'u', 'd', 'f'],
|
|
75
|
+
security_control: ['c', 'r', 'u', 'd', 'f'],
|
|
76
|
+
configuration: ['c', 'r', 'u', 'd', 'f'],
|
|
77
|
+
workflows: ['c', 'r', 'u', 'd', 'f']
|
|
78
|
+
},
|
|
79
|
+
restrictions: ['clients']
|
|
80
|
+
},
|
|
81
|
+
// Client Roles
|
|
82
|
+
'client_contract_admin': {
|
|
83
|
+
role: 'client_contract_admin',
|
|
84
|
+
category: 'client',
|
|
85
|
+
permissions: {
|
|
86
|
+
contracts: ['c', 's', 'u', 'd', 'f'],
|
|
87
|
+
users: ['c', 's', 'u', 'd', 'f'],
|
|
88
|
+
providers: ['c', 's', 'u', 'd', 'f'],
|
|
89
|
+
documents: ['c', 's', 'u', 'd', 'f'],
|
|
90
|
+
clauses: ['c', 's', 'u', 'd', 'f'],
|
|
91
|
+
deliverables: ['c', 's', 'u', 'd', 'f'],
|
|
92
|
+
subdeliverables: ['c', 's', 'u', 'd', 'f'],
|
|
93
|
+
deliverable_history: ['c', 's', 'u', 'd', 'f'],
|
|
94
|
+
sla_services: ['c', 's', 'u', 'd', 'f'],
|
|
95
|
+
measurement_windows: ['c', 's', 'u', 'd', 'f'],
|
|
96
|
+
credit_service_levels: ['c', 's', 'u', 'd', 'f'],
|
|
97
|
+
meetings: ['c', 's', 'u', 'd', 'f'],
|
|
98
|
+
meeting_participants: ['c', 's', 'u', 'd', 'f'],
|
|
99
|
+
action_items: ['c', 's', 'u', 'd', 'f'],
|
|
100
|
+
notification_escalations: ['c', 's', 'u', 'd', 'f'],
|
|
101
|
+
invoice_services: ['c', 's', 'u', 'd', 'f'],
|
|
102
|
+
invoice_lines: ['c', 's', 'u', 'd', 'f'],
|
|
103
|
+
security_control: ['c', 's', 'u', 'd', 'f'],
|
|
104
|
+
configuration: ['c', 's', 'u', 'd', 'f'],
|
|
105
|
+
workflows: ['c', 's', 'u', 'd', 'f']
|
|
106
|
+
},
|
|
107
|
+
restrictions: ['clients']
|
|
108
|
+
},
|
|
109
|
+
'client_performance_manager': {
|
|
110
|
+
role: 'client_performance_manager',
|
|
111
|
+
category: 'client',
|
|
112
|
+
permissions: {
|
|
113
|
+
contracts: ['s', 'f'],
|
|
114
|
+
users: ['s', 'f'],
|
|
115
|
+
providers: ['s', 'f'],
|
|
116
|
+
documents: ['s', 'f'],
|
|
117
|
+
clauses: ['s', 'f'],
|
|
118
|
+
deliverables: ['s', 'f'],
|
|
119
|
+
subdeliverables: ['s', 'f'],
|
|
120
|
+
deliverable_history: ['s', 'f'],
|
|
121
|
+
sla_services: ['c', 's', 'u', 'd', 'f'],
|
|
122
|
+
measurement_windows: ['c', 's', 'u', 'd', 'f'],
|
|
123
|
+
credit_service_levels: ['s', 'f'],
|
|
124
|
+
meetings: ['s', 'f'],
|
|
125
|
+
meeting_participants: ['s', 'f'],
|
|
126
|
+
action_items: ['s', 'f'],
|
|
127
|
+
notification_escalations: ['s', 'f'],
|
|
128
|
+
invoice_services: ['s', 'u', 'f'],
|
|
129
|
+
invoice_lines: ['s', 'u', 'f'],
|
|
130
|
+
configuration: ['r']
|
|
131
|
+
},
|
|
132
|
+
restrictions: ['clients', 'workflows']
|
|
133
|
+
},
|
|
134
|
+
'client_finance_manager': {
|
|
135
|
+
role: 'client_finance_manager',
|
|
136
|
+
category: 'client',
|
|
137
|
+
permissions: {
|
|
138
|
+
contracts: ['s', 'f'],
|
|
139
|
+
users: ['s', 'f'],
|
|
140
|
+
providers: ['s', 'f'],
|
|
141
|
+
clauses: ['s', 'f'],
|
|
142
|
+
deliverables: ['s', 'f'],
|
|
143
|
+
subdeliverables: ['s', 'f'],
|
|
144
|
+
deliverable_history: ['s', 'f'],
|
|
145
|
+
sla_services: ['s', 'f'],
|
|
146
|
+
credit_service_levels: ['s', 'f'],
|
|
147
|
+
notification_escalations: ['s', 'f'],
|
|
148
|
+
invoice_services: ['s', 'u', 'f'],
|
|
149
|
+
invoice_lines: ['s', 'u', 'f'],
|
|
150
|
+
configuration: ['r']
|
|
151
|
+
},
|
|
152
|
+
restrictions: ['clients', 'documents', 'measurement_windows', 'meetings', 'meeting_participants', 'action_items', 'security_control', 'workflows']
|
|
153
|
+
},
|
|
154
|
+
'client_reports_manager': {
|
|
155
|
+
role: 'client_reports_manager',
|
|
156
|
+
category: 'client',
|
|
157
|
+
permissions: {
|
|
158
|
+
documents: ['s'],
|
|
159
|
+
clauses: ['s', 'f'],
|
|
160
|
+
subdeliverables: ['s'],
|
|
161
|
+
deliverable_history: ['s'],
|
|
162
|
+
measurement_windows: ['r', 's', 'f'],
|
|
163
|
+
notification_escalations: ['s', 'f'],
|
|
164
|
+
meetings: ['s'],
|
|
165
|
+
configuration: ['s']
|
|
166
|
+
},
|
|
167
|
+
restrictions: ['clients', 'contracts', 'users', 'providers', 'deliverables', 'sla_services', 'credit_service_levels', 'meeting_participants', 'invoice_services', 'invoice_lines', 'security_control', 'workflows']
|
|
168
|
+
},
|
|
169
|
+
'client_relationship_manager': {
|
|
170
|
+
role: 'client_relationship_manager',
|
|
171
|
+
category: 'client',
|
|
172
|
+
permissions: {
|
|
173
|
+
users: ['s', 'f'],
|
|
174
|
+
clauses: ['s', 'f'],
|
|
175
|
+
meetings: ['s', 'u'],
|
|
176
|
+
meeting_participants: ['s', 'u'],
|
|
177
|
+
action_items: ['s', 'u']
|
|
178
|
+
},
|
|
179
|
+
restrictions: ['clients', 'contracts', 'providers', 'documents', 'deliverables', 'subdeliverables', 'deliverable_history', 'sla_services', 'measurement_windows', 'credit_service_levels', 'notification_escalations', 'invoice_services', 'invoice_lines', 'security_control', 'configuration', 'workflows']
|
|
180
|
+
},
|
|
181
|
+
'client_risk_manager': {
|
|
182
|
+
role: 'client_risk_manager',
|
|
183
|
+
category: 'client',
|
|
184
|
+
permissions: {
|
|
185
|
+
contracts: ['s'],
|
|
186
|
+
documents: ['s', 'u'],
|
|
187
|
+
meetings: ['s', 'u'],
|
|
188
|
+
notification_escalations: ['s', 'u'],
|
|
189
|
+
security_control: ['s', 'u']
|
|
190
|
+
},
|
|
191
|
+
restrictions: ['clients', 'providers', 'clauses', 'deliverables', 'subdeliverables', 'deliverable_history', 'sla_services', 'measurement_windows', 'credit_service_levels', 'meeting_participants', 'action_items', 'invoice_services', 'invoice_lines', 'configuration', 'workflows']
|
|
192
|
+
},
|
|
193
|
+
// Provider Roles
|
|
194
|
+
'provider_contract_admin': {
|
|
195
|
+
role: 'provider_contract_admin',
|
|
196
|
+
category: 'provider',
|
|
197
|
+
permissions: {
|
|
198
|
+
contracts: ['c', 'u', 's'],
|
|
199
|
+
users: ['c', 'u', 's', 'd'],
|
|
200
|
+
providers: ['c', 'u', 's'],
|
|
201
|
+
documents: ['c', 'u', 's', 'd'],
|
|
202
|
+
deliverables: ['c', 'u', 's', 'd'],
|
|
203
|
+
subdeliverables: ['c', 'u', 's', 'd'],
|
|
204
|
+
deliverable_history: ['c', 'u', 's', 'd'],
|
|
205
|
+
sla_services: ['c', 'u', 's', 'd'],
|
|
206
|
+
measurement_windows: ['c', 'r', 'u', 'd', 'f'],
|
|
207
|
+
credit_service_levels: ['c', 's', 'u', 'd', 'f'],
|
|
208
|
+
meetings: ['c', 'u', 's', 'd'],
|
|
209
|
+
meeting_participants: ['c', 'u', 's', 'd'],
|
|
210
|
+
action_items: ['c', 'u', 's', 'd'],
|
|
211
|
+
notification_escalations: ['c', 'u', 's', 'd'],
|
|
212
|
+
invoice_services: ['c', 'u', 's', 'd'],
|
|
213
|
+
invoice_lines: ['c', 'u', 's', 'd'],
|
|
214
|
+
configuration: ['c', 'r', 'u', 'd'],
|
|
215
|
+
workflows: ['c', 'r', 'u', 'd', 'f']
|
|
216
|
+
},
|
|
217
|
+
restrictions: ['clients']
|
|
218
|
+
},
|
|
219
|
+
'provider_performance_manager': {
|
|
220
|
+
role: 'provider_performance_manager',
|
|
221
|
+
category: 'provider',
|
|
222
|
+
permissions: {
|
|
223
|
+
contracts: ['s', 'f'],
|
|
224
|
+
users: ['s', 'f'],
|
|
225
|
+
providers: ['s', 'f'],
|
|
226
|
+
documents: ['s', 'f'],
|
|
227
|
+
deliverables: ['s', 'f'],
|
|
228
|
+
subdeliverables: ['s', 'f'],
|
|
229
|
+
deliverable_history: ['s', 'f'],
|
|
230
|
+
sla_services: ['c', 'u', 's', 'd', 'f'],
|
|
231
|
+
measurement_windows: ['c', 'u', 's', 'd', 'f'],
|
|
232
|
+
credit_service_levels: ['s', 'f'],
|
|
233
|
+
meetings: ['s', 'f'],
|
|
234
|
+
meeting_participants: ['s', 'f'],
|
|
235
|
+
action_items: ['s', 'f'],
|
|
236
|
+
notification_escalations: ['s', 'f'],
|
|
237
|
+
invoice_services: ['s', 'u', 'f'],
|
|
238
|
+
invoice_lines: ['s', 'u', 'f'],
|
|
239
|
+
configuration: ['r']
|
|
240
|
+
},
|
|
241
|
+
restrictions: ['clients', 'security_control', 'clauses', 'workflows']
|
|
242
|
+
},
|
|
243
|
+
'provider_finance_manager': {
|
|
244
|
+
role: 'provider_finance_manager',
|
|
245
|
+
category: 'provider',
|
|
246
|
+
permissions: {
|
|
247
|
+
contracts: ['s'],
|
|
248
|
+
invoice_services: ['s', 'u'],
|
|
249
|
+
invoice_lines: ['s', 'u'],
|
|
250
|
+
configuration: ['r']
|
|
251
|
+
},
|
|
252
|
+
restrictions: ['clients', 'users', 'providers', 'documents', 'clauses', 'deliverables', 'subdeliverables', 'deliverable_history', 'sla_services', 'measurement_windows', 'credit_service_levels', 'meetings', 'meeting_participants', 'action_items', 'notification_escalations', 'security_control', 'workflows']
|
|
253
|
+
},
|
|
254
|
+
'provider_reports_manager': {
|
|
255
|
+
role: 'provider_reports_manager',
|
|
256
|
+
category: 'provider',
|
|
257
|
+
permissions: {
|
|
258
|
+
documents: ['s'],
|
|
259
|
+
subdeliverables: ['s'],
|
|
260
|
+
deliverable_history: ['s'],
|
|
261
|
+
measurement_windows: ['r', 's', 'f'],
|
|
262
|
+
meetings: ['s'],
|
|
263
|
+
action_items: ['s']
|
|
264
|
+
},
|
|
265
|
+
restrictions: ['clients', 'contracts', 'users', 'providers', 'clauses', 'deliverables', 'sla_services', 'credit_service_levels', 'meeting_participants', 'notification_escalations', 'invoice_services', 'invoice_lines', 'security_control', 'configuration', 'workflows']
|
|
266
|
+
},
|
|
267
|
+
'provider_relationship_manager': {
|
|
268
|
+
role: 'provider_relationship_manager',
|
|
269
|
+
category: 'provider',
|
|
270
|
+
permissions: {
|
|
271
|
+
users: ['s'],
|
|
272
|
+
meetings: ['s', 'u'],
|
|
273
|
+
meeting_participants: ['s', 'u'],
|
|
274
|
+
action_items: ['s', 'u']
|
|
275
|
+
},
|
|
276
|
+
restrictions: ['clients', 'contracts', 'providers', 'documents', 'clauses', 'deliverables', 'subdeliverables', 'deliverable_history', 'sla_services', 'measurement_windows', 'credit_service_levels', 'notification_escalations', 'invoice_services', 'invoice_lines', 'configuration', 'workflows']
|
|
277
|
+
},
|
|
278
|
+
'provider_risk_manager': {
|
|
279
|
+
role: 'provider_risk_manager',
|
|
280
|
+
category: 'provider',
|
|
281
|
+
permissions: {
|
|
282
|
+
contracts: ['s'],
|
|
283
|
+
documents: ['s', 'u'],
|
|
284
|
+
notification_escalations: ['s', 'u'],
|
|
285
|
+
security_control: ['s', 'u'],
|
|
286
|
+
subdeliverables: ['c', 'r', 'u', 'd', 'f']
|
|
287
|
+
},
|
|
288
|
+
restrictions: ['clients', 'users', 'providers', 'clauses', 'deliverables', 'deliverable_history', 'sla_services', 'measurement_windows', 'credit_service_levels', 'meetings', 'meeting_participants', 'action_items', 'invoice_services', 'invoice_lines', 'configuration', 'workflows']
|
|
289
|
+
}
|
|
290
|
+
};
|
|
291
|
+
/**
|
|
292
|
+
* Permission action mappings from document notation to system notation
|
|
293
|
+
*/
|
|
294
|
+
this.ACTION_MAPPINGS = {
|
|
295
|
+
'c': 'create',
|
|
296
|
+
'r': 'read',
|
|
297
|
+
'u': 'update',
|
|
298
|
+
'd': 'delete',
|
|
299
|
+
's': 'show',
|
|
300
|
+
'f': 'filter'
|
|
301
|
+
};
|
|
302
|
+
}
|
|
303
|
+
/**
|
|
304
|
+
* Validates complete package compliance with PermisosRoles.odt document
|
|
305
|
+
*/
|
|
306
|
+
async validateDocumentCompliance() {
|
|
307
|
+
const result = {
|
|
308
|
+
isCompliant: true,
|
|
309
|
+
summary: {
|
|
310
|
+
totalRoles: 0,
|
|
311
|
+
validatedRoles: 0,
|
|
312
|
+
totalPermissions: contractx_permissions_constants_1.VALID_CONTRACTX_PERMISSIONS.length,
|
|
313
|
+
validatedPermissions: 0,
|
|
314
|
+
compliantRoles: [],
|
|
315
|
+
nonCompliantRoles: []
|
|
316
|
+
},
|
|
317
|
+
roleAnalysis: [],
|
|
318
|
+
modulesCoverage: [],
|
|
319
|
+
warnings: [],
|
|
320
|
+
errors: []
|
|
321
|
+
};
|
|
322
|
+
try {
|
|
323
|
+
// Analyze each documented role
|
|
324
|
+
for (const [roleName, requirements] of Object.entries(this.DOCUMENT_REQUIREMENTS)) {
|
|
325
|
+
result.summary.totalRoles++;
|
|
326
|
+
const roleAnalysis = await this.validateRoleCompliance(roleName, requirements);
|
|
327
|
+
result.roleAnalysis.push(roleAnalysis);
|
|
328
|
+
if (roleAnalysis.isCompliant) {
|
|
329
|
+
result.summary.compliantRoles.push(roleName);
|
|
330
|
+
}
|
|
331
|
+
else {
|
|
332
|
+
result.summary.nonCompliantRoles.push(roleName);
|
|
333
|
+
result.isCompliant = false;
|
|
334
|
+
}
|
|
335
|
+
}
|
|
336
|
+
// Validate modules coverage
|
|
337
|
+
result.modulesCoverage = this.validateModulesCoverage();
|
|
338
|
+
// Generate summary
|
|
339
|
+
result.summary.validatedRoles = result.summary.compliantRoles.length;
|
|
340
|
+
result.summary.validatedPermissions = this.countValidatedPermissions();
|
|
341
|
+
// Add warnings for missing roles from package
|
|
342
|
+
this.addMissingRoleWarnings(result);
|
|
343
|
+
this.logger.log(`Document compliance validation completed. Compliant: ${result.isCompliant}`);
|
|
344
|
+
return result;
|
|
345
|
+
}
|
|
346
|
+
catch (error) {
|
|
347
|
+
const errorMessage = error instanceof Error ? error.message : 'Unknown error';
|
|
348
|
+
this.logger.error('Error during document compliance validation', error instanceof Error ? error.stack : error);
|
|
349
|
+
result.errors.push(`Validation error: ${errorMessage}`);
|
|
350
|
+
result.isCompliant = false;
|
|
351
|
+
return result;
|
|
352
|
+
}
|
|
353
|
+
}
|
|
354
|
+
/**
|
|
355
|
+
* Validates a specific role against document requirements
|
|
356
|
+
*/
|
|
357
|
+
async validateRoleCompliance(roleName, requirements) {
|
|
358
|
+
// Convert document requirements to expected permissions
|
|
359
|
+
const expectedPermissions = this.convertRequirementsToPermissions(requirements);
|
|
360
|
+
// Get actual permissions from ODS_ROLE_PERMISSIONS
|
|
361
|
+
const actualPermissions = contractx_permissions_constants_1.ODS_ROLE_PERMISSIONS[roleName] || [];
|
|
362
|
+
// Calculate differences
|
|
363
|
+
const actualSet = new Set(actualPermissions);
|
|
364
|
+
const expectedSet = new Set(expectedPermissions);
|
|
365
|
+
const missingPermissions = expectedPermissions.filter(p => !actualSet.has(p));
|
|
366
|
+
const extraPermissions = actualPermissions.filter(p => !expectedSet.has(p));
|
|
367
|
+
const isCompliant = missingPermissions.length === 0 && extraPermissions.length === 0;
|
|
368
|
+
return {
|
|
369
|
+
role: roleName,
|
|
370
|
+
isCompliant,
|
|
371
|
+
expectedPermissions,
|
|
372
|
+
actualPermissions: [...actualPermissions],
|
|
373
|
+
missingPermissions,
|
|
374
|
+
extraPermissions,
|
|
375
|
+
documentReference: `PermisosRoles.odt - Section ${this.getRoleSection(roleName)}`
|
|
376
|
+
};
|
|
377
|
+
}
|
|
378
|
+
/**
|
|
379
|
+
* Converts document requirements to permission strings
|
|
380
|
+
*/
|
|
381
|
+
convertRequirementsToPermissions(requirements) {
|
|
382
|
+
const permissions = [];
|
|
383
|
+
for (const [module, actions] of Object.entries(requirements.permissions)) {
|
|
384
|
+
for (const action of actions) {
|
|
385
|
+
const systemAction = this.ACTION_MAPPINGS[action];
|
|
386
|
+
if (systemAction) {
|
|
387
|
+
permissions.push(`${module}:${systemAction}`);
|
|
388
|
+
}
|
|
389
|
+
}
|
|
390
|
+
}
|
|
391
|
+
return permissions;
|
|
392
|
+
}
|
|
393
|
+
/**
|
|
394
|
+
* Validates module coverage across all roles
|
|
395
|
+
*/
|
|
396
|
+
validateModulesCoverage() {
|
|
397
|
+
const coverage = [];
|
|
398
|
+
for (const [, moduleName] of Object.entries(contractx_permissions_constants_1.CONTRACTX_MODULES)) {
|
|
399
|
+
const usedByRoles = this.findRolesUsingModule(moduleName);
|
|
400
|
+
coverage.push({
|
|
401
|
+
module: moduleName,
|
|
402
|
+
covered: usedByRoles.length > 0,
|
|
403
|
+
usedByRoles
|
|
404
|
+
});
|
|
405
|
+
}
|
|
406
|
+
return coverage;
|
|
407
|
+
}
|
|
408
|
+
/**
|
|
409
|
+
* Finds roles that use a specific module
|
|
410
|
+
*/
|
|
411
|
+
findRolesUsingModule(moduleName) {
|
|
412
|
+
const rolesUsingModule = [];
|
|
413
|
+
for (const [roleName, requirements] of Object.entries(this.DOCUMENT_REQUIREMENTS)) {
|
|
414
|
+
if (requirements.permissions[moduleName]) {
|
|
415
|
+
rolesUsingModule.push(roleName);
|
|
416
|
+
}
|
|
417
|
+
}
|
|
418
|
+
return rolesUsingModule;
|
|
419
|
+
}
|
|
420
|
+
/**
|
|
421
|
+
* Counts total validated permissions across all roles
|
|
422
|
+
*/
|
|
423
|
+
countValidatedPermissions() {
|
|
424
|
+
const allValidatedPermissions = new Set();
|
|
425
|
+
for (const requirements of Object.values(this.DOCUMENT_REQUIREMENTS)) {
|
|
426
|
+
const permissions = this.convertRequirementsToPermissions(requirements);
|
|
427
|
+
permissions.forEach(p => allValidatedPermissions.add(p));
|
|
428
|
+
}
|
|
429
|
+
return allValidatedPermissions.size;
|
|
430
|
+
}
|
|
431
|
+
/**
|
|
432
|
+
* Adds warnings for roles present in package but not in document
|
|
433
|
+
*/
|
|
434
|
+
addMissingRoleWarnings(result) {
|
|
435
|
+
const packageRoles = Object.keys(contractx_permissions_constants_1.ODS_ROLE_PERMISSIONS);
|
|
436
|
+
const documentRoles = Object.keys(this.DOCUMENT_REQUIREMENTS);
|
|
437
|
+
const missingFromDocument = packageRoles.filter(role => !documentRoles.includes(role));
|
|
438
|
+
const missingFromPackage = documentRoles.filter(role => !packageRoles.includes(role));
|
|
439
|
+
if (missingFromDocument.length > 0) {
|
|
440
|
+
result.warnings.push(`Roles in package but not documented: ${missingFromDocument.join(', ')}`);
|
|
441
|
+
}
|
|
442
|
+
if (missingFromPackage.length > 0) {
|
|
443
|
+
result.warnings.push(`Roles documented but not in package: ${missingFromPackage.join(', ')}`);
|
|
444
|
+
}
|
|
445
|
+
}
|
|
446
|
+
/**
|
|
447
|
+
* Gets the document section for a role
|
|
448
|
+
*/
|
|
449
|
+
getRoleSection(roleName) {
|
|
450
|
+
if (roleName === 'superadmin')
|
|
451
|
+
return '2. SuperAdmin Role';
|
|
452
|
+
if (roleName === 'support')
|
|
453
|
+
return '4.7 Support Role';
|
|
454
|
+
if (roleName.startsWith('client_')) {
|
|
455
|
+
const roleMap = {
|
|
456
|
+
'client_contract_admin': '3.1 Contract Administrator (Client)',
|
|
457
|
+
'client_performance_manager': '3.2 Performance Manager (Client)',
|
|
458
|
+
'client_finance_manager': '3.3 Finance Manager (Client)',
|
|
459
|
+
'client_reports_manager': '3.4 Reporting Manager (Client)',
|
|
460
|
+
'client_relationship_manager': '3.5 Relationship Manager (Client)',
|
|
461
|
+
'client_risk_manager': '3.6 Risk Manager (Client)'
|
|
462
|
+
};
|
|
463
|
+
return roleMap[roleName] || '3. Client User Roles';
|
|
464
|
+
}
|
|
465
|
+
if (roleName.startsWith('provider_')) {
|
|
466
|
+
const roleMap = {
|
|
467
|
+
'provider_contract_admin': '4.1 Contract Administrator (Provider)',
|
|
468
|
+
'provider_performance_manager': '4.2 Performance Manager (Provider)',
|
|
469
|
+
'provider_finance_manager': '4.3 Finance Manager (Provider)',
|
|
470
|
+
'provider_reports_manager': '4.4 Reporting Manager (Provider)',
|
|
471
|
+
'provider_relationship_manager': '4.5 Relationship Manager (Provider)',
|
|
472
|
+
'provider_risk_manager': '4.6 Risk Manager (Provider)'
|
|
473
|
+
};
|
|
474
|
+
return roleMap[roleName] || '4. Provider User Roles';
|
|
475
|
+
}
|
|
476
|
+
return 'Unknown Section';
|
|
477
|
+
}
|
|
478
|
+
/**
|
|
479
|
+
* Generates a compliance report summary
|
|
480
|
+
*/
|
|
481
|
+
generateComplianceReport(validation) {
|
|
482
|
+
let report = '# ContractX Package Document Compliance Report\n\n';
|
|
483
|
+
report += `## Overall Status: ${validation.isCompliant ? '✅ COMPLIANT' : '❌ NON-COMPLIANT'}\n\n`;
|
|
484
|
+
report += '## Summary\n';
|
|
485
|
+
report += `- **Total Roles**: ${validation.summary.totalRoles}\n`;
|
|
486
|
+
report += `- **Compliant Roles**: ${validation.summary.compliantRoles.length}\n`;
|
|
487
|
+
report += `- **Non-Compliant Roles**: ${validation.summary.nonCompliantRoles.length}\n`;
|
|
488
|
+
report += `- **Total Permissions Validated**: ${validation.summary.validatedPermissions}\n\n`;
|
|
489
|
+
if (validation.summary.compliantRoles.length > 0) {
|
|
490
|
+
report += '## ✅ Compliant Roles\n';
|
|
491
|
+
validation.summary.compliantRoles.forEach(role => {
|
|
492
|
+
report += `- ${role}\n`;
|
|
493
|
+
});
|
|
494
|
+
report += '\n';
|
|
495
|
+
}
|
|
496
|
+
if (validation.summary.nonCompliantRoles.length > 0) {
|
|
497
|
+
report += '## ❌ Non-Compliant Roles\n';
|
|
498
|
+
validation.roleAnalysis
|
|
499
|
+
.filter(analysis => !analysis.isCompliant)
|
|
500
|
+
.forEach(analysis => {
|
|
501
|
+
report += `### ${analysis.role}\n`;
|
|
502
|
+
if (analysis.missingPermissions.length > 0) {
|
|
503
|
+
report += `**Missing Permissions**: ${analysis.missingPermissions.join(', ')}\n`;
|
|
504
|
+
}
|
|
505
|
+
if (analysis.extraPermissions.length > 0) {
|
|
506
|
+
report += `**Extra Permissions**: ${analysis.extraPermissions.join(', ')}\n`;
|
|
507
|
+
}
|
|
508
|
+
report += `**Document Reference**: ${analysis.documentReference}\n\n`;
|
|
509
|
+
});
|
|
510
|
+
}
|
|
511
|
+
if (validation.warnings.length > 0) {
|
|
512
|
+
report += '## ⚠️ Warnings\n';
|
|
513
|
+
validation.warnings.forEach(warning => {
|
|
514
|
+
report += `- ${warning}\n`;
|
|
515
|
+
});
|
|
516
|
+
report += '\n';
|
|
517
|
+
}
|
|
518
|
+
if (validation.errors.length > 0) {
|
|
519
|
+
report += '## 🚨 Errors\n';
|
|
520
|
+
validation.errors.forEach(error => {
|
|
521
|
+
report += `- ${error}\n`;
|
|
522
|
+
});
|
|
523
|
+
report += '\n';
|
|
524
|
+
}
|
|
525
|
+
report += '## Module Coverage\n';
|
|
526
|
+
validation.modulesCoverage.forEach(coverage => {
|
|
527
|
+
const status = coverage.covered ? '✅' : '❌';
|
|
528
|
+
report += `- ${status} **${coverage.module}**: ${coverage.usedByRoles.length} roles\n`;
|
|
529
|
+
});
|
|
530
|
+
return report;
|
|
531
|
+
}
|
|
532
|
+
};
|
|
533
|
+
exports.ContractXDocumentComplianceService = ContractXDocumentComplianceService;
|
|
534
|
+
exports.ContractXDocumentComplianceService = ContractXDocumentComplianceService = ContractXDocumentComplianceService_1 = __decorate([
|
|
535
|
+
(0, common_1.Injectable)()
|
|
536
|
+
], ContractXDocumentComplianceService);
|
|
@@ -0,0 +1,76 @@
|
|
|
1
|
+
export interface ValidationResult {
|
|
2
|
+
isValid: boolean;
|
|
3
|
+
errors: string[];
|
|
4
|
+
warnings: string[];
|
|
5
|
+
metadata?: Record<string, any>;
|
|
6
|
+
}
|
|
7
|
+
export interface RoleValidationResult extends ValidationResult {
|
|
8
|
+
roleInfo?: {
|
|
9
|
+
name: string;
|
|
10
|
+
description: string;
|
|
11
|
+
type: string;
|
|
12
|
+
scope: string;
|
|
13
|
+
level: number;
|
|
14
|
+
tenant: string;
|
|
15
|
+
isSystem: boolean;
|
|
16
|
+
};
|
|
17
|
+
}
|
|
18
|
+
export interface PermissionValidationResult extends ValidationResult {
|
|
19
|
+
permissionInfo?: {
|
|
20
|
+
module: string;
|
|
21
|
+
action: string;
|
|
22
|
+
isValid: boolean;
|
|
23
|
+
}[];
|
|
24
|
+
}
|
|
25
|
+
export interface UserValidationResult extends ValidationResult {
|
|
26
|
+
userInfo?: {
|
|
27
|
+
hasValidRoles: boolean;
|
|
28
|
+
hasValidPermissions: boolean;
|
|
29
|
+
roleCount: number;
|
|
30
|
+
permissionCount: number;
|
|
31
|
+
tenant: 'system' | 'client' | 'provider' | 'mixed';
|
|
32
|
+
accessLevel: number;
|
|
33
|
+
};
|
|
34
|
+
}
|
|
35
|
+
export declare class ContractXValidationService {
|
|
36
|
+
/**
|
|
37
|
+
* Validate a single role
|
|
38
|
+
*/
|
|
39
|
+
validateSingleRole(role: string): RoleValidationResult;
|
|
40
|
+
validateRoles(roles: string[]): RoleValidationResult;
|
|
41
|
+
validateSinglePermission(permission: string): PermissionValidationResult;
|
|
42
|
+
validatePermissions(permissions: string[]): PermissionValidationResult;
|
|
43
|
+
/**
|
|
44
|
+
* Validate a complete user (roles + permissions)
|
|
45
|
+
*/
|
|
46
|
+
validateUser(roles: string[], permissions: string[]): UserValidationResult;
|
|
47
|
+
/**
|
|
48
|
+
* Get expected permissions for a set of roles (based on ODS matrix)
|
|
49
|
+
*/
|
|
50
|
+
private getExpectedPermissionsForRoles;
|
|
51
|
+
/**
|
|
52
|
+
* Check if user has specific module access
|
|
53
|
+
*/
|
|
54
|
+
checkModuleAccess(permissions: string[], module: string, action: string): boolean;
|
|
55
|
+
/**
|
|
56
|
+
* Check if user has any access to a module
|
|
57
|
+
*/
|
|
58
|
+
checkAnyModuleAccess(permissions: string[], module: string): boolean;
|
|
59
|
+
/**
|
|
60
|
+
* Get all modules the user has access to
|
|
61
|
+
*/
|
|
62
|
+
getUserModules(permissions: string[]): string[];
|
|
63
|
+
/**
|
|
64
|
+
* Get user's effective permissions (roles + explicit permissions)
|
|
65
|
+
*/
|
|
66
|
+
getEffectivePermissions(roles: string[], permissions: string[]): string[];
|
|
67
|
+
/**
|
|
68
|
+
* Parse ODS permission string (e.g., "c,r,u,d,s,f") into permission array
|
|
69
|
+
*/
|
|
70
|
+
parseOdsString(odsString: string, module: string): string[];
|
|
71
|
+
/**
|
|
72
|
+
* Validate JWT payload structure
|
|
73
|
+
*/
|
|
74
|
+
validateJwtPayload(payload: any): ValidationResult;
|
|
75
|
+
}
|
|
76
|
+
//# sourceMappingURL=contractx-validation.service.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"contractx-validation.service.d.ts","sourceRoot":"","sources":["../../src/services/contractx-validation.service.ts"],"names":[],"mappings":"AAkBA,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CAChC;AAED,MAAM,WAAW,oBAAqB,SAAQ,gBAAgB;IAC5D,QAAQ,CAAC,EAAE;QACT,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,EAAE,MAAM,CAAC;QACpB,IAAI,EAAE,MAAM,CAAC;QACb,KAAK,EAAE,MAAM,CAAC;QACd,KAAK,EAAE,MAAM,CAAC;QACd,MAAM,EAAE,MAAM,CAAC;QACf,QAAQ,EAAE,OAAO,CAAC;KACnB,CAAC;CACH;AAED,MAAM,WAAW,0BAA2B,SAAQ,gBAAgB;IAClE,cAAc,CAAC,EAAE;QACf,MAAM,EAAE,MAAM,CAAC;QACf,MAAM,EAAE,MAAM,CAAC;QACf,OAAO,EAAE,OAAO,CAAC;KAClB,EAAE,CAAC;CACL;AAED,MAAM,WAAW,oBAAqB,SAAQ,gBAAgB;IAC5D,QAAQ,CAAC,EAAE;QACT,aAAa,EAAE,OAAO,CAAC;QACvB,mBAAmB,EAAE,OAAO,CAAC;QAC7B,SAAS,EAAE,MAAM,CAAC;QAClB,eAAe,EAAE,MAAM,CAAC;QACxB,MAAM,EAAE,QAAQ,GAAG,QAAQ,GAAG,UAAU,GAAG,OAAO,CAAC;QACnD,WAAW,EAAE,MAAM,CAAC;KACrB,CAAC;CACH;AAED,qBACa,0BAA0B;IAErC;;OAEG;IACH,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,oBAAoB;IAuCtD,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,oBAAoB;IA4CpD,wBAAwB,CAAC,UAAU,EAAE,MAAM,GAAG,0BAA0B;IA8CxE,mBAAmB,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,0BAA0B;IA2CtE;;OAEG;IACH,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,WAAW,EAAE,MAAM,EAAE,GAAG,oBAAoB;IA4D1E;;OAEG;IACH,OAAO,CAAC,8BAA8B;IAatC;;OAEG;IACH,iBAAiB,CAAC,WAAW,EAAE,MAAM,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO;IAIjF;;OAEG;IACH,oBAAoB,CAAC,WAAW,EAAE,MAAM,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO;IAIpE;;OAEG;IACH,cAAc,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE;IAa/C;;OAEG;IACH,uBAAuB,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,WAAW,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE;IAMzE;;OAEG;IACH,cAAc,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE;IAK3D;;OAEG;IACH,kBAAkB,CAAC,OAAO,EAAE,GAAG,GAAG,gBAAgB;CAmCnD"}
|