permissions-contractx 1.0.0

package/dist/services/contractx-validation.service.js

@@ -0,0 +1,305 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ContractXValidationService = void 0;
+const common_1 = require("@nestjs/common");
+const contractx_roles_constants_1 = require("../constants/contractx-roles.constants");
+const contractx_permissions_constants_1 = require("../constants/contractx-permissions.constants");
+let ContractXValidationService = class ContractXValidationService {
+    /**
+     * Validate a single role
+     */
+    validateSingleRole(role) {
+        const errors = [];
+        const warnings = [];
+        if (!(0, contractx_roles_constants_1.validateRole)(role)) {
+            errors.push(`Invalid role: ${role}. Must be one of: ${contractx_roles_constants_1.VALID_CONTRACTX_ROLES.join(', ')}`);
+            return { isValid: false, errors, warnings };
+        }
+        const metadata = (0, contractx_roles_constants_1.getRoleMetadata)(role);
+        if (!metadata) {
+            errors.push(`Role metadata not found for: ${role}`);
+            return { isValid: false, errors, warnings };
+        }
+        if ((0, contractx_roles_constants_1.isSystemRole)(role)) {
+            warnings.push(`System role detected: ${role}. Ensure proper authorization for system-level access.`);
+        }
+        if ((0, contractx_roles_constants_1.isAdminRole)(role)) {
+            warnings.push(`Admin role detected: ${role}. This role has elevated privileges.`);
+        }
+        return {
+            isValid: true,
+            errors,
+            warnings,
+            roleInfo: {
+                name: metadata.name,
+                description: metadata.description,
+                type: metadata.type,
+                scope: metadata.scope,
+                level: metadata.level,
+                tenant: metadata.tenant,
+                isSystem: metadata.isSystem,
+            },
+        };
+    }
+    validateRoles(roles) {
+        const errors = [];
+        const warnings = [];
+        if (!Array.isArray(roles)) {
+            errors.push('Roles must be an array');
+            return { isValid: false, errors, warnings };
+        }
+        if (roles.length === 0) {
+            warnings.push('No roles provided. User will have no role-based access.');
+        }
+        const roleInfos = [];
+        for (const role of roles) {
+            const validation = this.validateSingleRole(role);
+            errors.push(...validation.errors);
+            warnings.push(...validation.warnings);
+            if (validation.roleInfo) {
+                roleInfos.push(validation.roleInfo);
+            }
+        }
+        // Check for role conflicts
+        const tenants = new Set(roleInfos.map(r => r.tenant));
+        if (tenants.size > 1 && !tenants.has('system')) {
+            warnings.push('Mixed tenant roles detected. Ensure this is intentional.');
+        }
+        // Check for duplicate roles
+        const uniqueRoles = new Set(roles);
+        if (uniqueRoles.size !== roles.length) {
+            warnings.push('Duplicate roles detected in the array.');
+        }
+        return {
+            isValid: errors.length === 0,
+            errors,
+            warnings,
+            metadata: { roleInfos, tenantCount: tenants.size },
+        };
+    }
+    validateSinglePermission(permission) {
+        const errors = [];
+        const warnings = [];
+        const permissionInfo = [];
+        if (!(0, contractx_permissions_constants_1.validatePermission)(permission)) {
+            errors.push(`Invalid permission: ${permission}. Must follow format 'module:action'`);
+            return { isValid: false, errors, warnings, permissionInfo };
+        }
+        const module = (0, contractx_permissions_constants_1.getModuleFromPermission)(permission);
+        const action = (0, contractx_permissions_constants_1.getActionFromPermission)(permission);
+        if (!module) {
+            errors.push(`Invalid module in permission: ${permission}`);
+            return { isValid: false, errors, warnings, permissionInfo };
+        }
+        if (!action) {
+            errors.push(`Invalid action in permission: ${permission}`);
+            return { isValid: false, errors, warnings, permissionInfo };
+        }
+        permissionInfo.push({
+            module,
+            action,
+            isValid: true,
+        });
+        // Add warnings for sensitive permissions
+        if (permission.includes('delete') || permission.includes('admin')) {
+            warnings.push(`Sensitive permission detected: ${permission}. Ensure proper authorization.`);
+        }
+        if (module === 'security_control' || module === 'configuration') {
+            warnings.push(`System-level permission detected: ${permission}. High privilege access.`);
+        }
+        return {
+            isValid: true,
+            errors,
+            warnings,
+            permissionInfo,
+        };
+    }
+    validatePermissions(permissions) {
+        const errors = [];
+        const warnings = [];
+        const permissionInfo = [];
+        if (!Array.isArray(permissions)) {
+            errors.push('Permissions must be an array');
+            return { isValid: false, errors, warnings, permissionInfo };
+        }
+        if (permissions.length === 0) {
+            warnings.push('No permissions provided. User will have no permission-based access.');
+        }
+        for (const permission of permissions) {
+            const validation = this.validateSinglePermission(permission);
+            errors.push(...validation.errors);
+            warnings.push(...validation.warnings);
+            permissionInfo.push(...validation.permissionInfo || []);
+        }
+        const uniquePermissions = new Set(permissions);
+        if (uniquePermissions.size !== permissions.length) {
+            warnings.push('Duplicate permissions detected in the array.');
+        }
+        const modules = new Set(permissionInfo.map(p => p.module));
+        const actions = new Set(permissionInfo.map(p => p.action));
+        return {
+            isValid: errors.length === 0,
+            errors,
+            warnings,
+            permissionInfo,
+            metadata: {
+                moduleCount: modules.size,
+                actionCount: actions.size,
+                modules: Array.from(modules),
+                actions: Array.from(actions),
+            },
+        };
+    }
+    /**
+     * Validate a complete user (roles + permissions)
+     */
+    validateUser(roles, permissions) {
+        const errors = [];
+        const warnings = [];
+        // Validate roles
+        const roleValidation = this.validateRoles(roles);
+        errors.push(...roleValidation.errors);
+        warnings.push(...roleValidation.warnings);
+        // Validate permissions
+        const permissionValidation = this.validatePermissions(permissions);
+        errors.push(...permissionValidation.errors);
+        warnings.push(...permissionValidation.warnings);
+        // Determine tenant type
+        const roleInfos = roleValidation.metadata?.roleInfos || [];
+        const tenants = new Set(roleInfos.map((r) => r.tenant));
+        let tenant = 'mixed';
+        if (tenants.size === 1) {
+            tenant = Array.from(tenants)[0];
+        }
+        else if (tenants.has('system')) {
+            tenant = 'system';
+        }
+        // Calculate access level (highest role level)
+        const accessLevel = Math.max(...roleInfos.map((r) => r.level), 0);
+        // Cross-validation: check if permissions align with roles
+        const expectedPermissions = this.getExpectedPermissionsForRoles(roles);
+        const missingPermissions = expectedPermissions.filter(p => !permissions.includes(p));
+        const extraPermissions = permissions.filter(p => !expectedPermissions.includes(p));
+        if (missingPermissions.length > 0) {
+            warnings.push(`Missing expected permissions for roles: ${missingPermissions.slice(0, 5).join(', ')}${missingPermissions.length > 5 ? '...' : ''}`);
+        }
+        if (extraPermissions.length > 0) {
+            warnings.push(`Extra permissions not typically associated with roles: ${extraPermissions.slice(0, 5).join(', ')}${extraPermissions.length > 5 ? '...' : ''}`);
+        }
+        return {
+            isValid: errors.length === 0,
+            errors,
+            warnings,
+            userInfo: {
+                hasValidRoles: roleValidation.isValid,
+                hasValidPermissions: permissionValidation.isValid,
+                roleCount: roles.length,
+                permissionCount: permissions.length,
+                tenant,
+                accessLevel,
+            },
+            metadata: {
+                roleValidation: roleValidation.metadata,
+                permissionValidation: permissionValidation.metadata,
+            },
+        };
+    }
+    /**
+     * Get expected permissions for a set of roles (based on ODS matrix)
+     */
+    getExpectedPermissionsForRoles(roles) {
+        const allPermissions = new Set();
+        for (const role of roles) {
+            const rolePermissions = contractx_permissions_constants_1.ODS_ROLE_PERMISSIONS[role];
+            if (rolePermissions) {
+                rolePermissions.forEach(permission => allPermissions.add(permission));
+            }
+        }
+        return Array.from(allPermissions);
+    }
+    /**
+     * Check if user has specific module access
+     */
+    checkModuleAccess(permissions, module, action) {
+        return (0, contractx_permissions_constants_1.hasModuleAccess)(permissions, module, action);
+    }
+    /**
+     * Check if user has any access to a module
+     */
+    checkAnyModuleAccess(permissions, module) {
+        return (0, contractx_permissions_constants_1.hasAnyModuleAccess)(permissions, module);
+    }
+    /**
+     * Get all modules the user has access to
+     */
+    getUserModules(permissions) {
+        const modules = new Set();
+        for (const permission of permissions) {
+            const module = (0, contractx_permissions_constants_1.getModuleFromPermission)(permission);
+            if (module) {
+                modules.add(module);
+            }
+        }
+        return Array.from(modules);
+    }
+    /**
+     * Get user's effective permissions (roles + explicit permissions)
+     */
+    getEffectivePermissions(roles, permissions) {
+        const rolePermissions = this.getExpectedPermissionsForRoles(roles);
+        const allPermissions = new Set([...rolePermissions, ...permissions]);
+        return Array.from(allPermissions);
+    }
+    /**
+     * Parse ODS permission string (e.g., "c,r,u,d,s,f") into permission array
+     */
+    parseOdsString(odsString, module) {
+        const actions = (0, contractx_permissions_constants_1.parseOdsPermissions)(odsString);
+        return actions.map(action => `${module}:${action}`);
+    }
+    /**
+     * Validate JWT payload structure
+     */
+    validateJwtPayload(payload) {
+        const errors = [];
+        const warnings = [];
+        // Required fields
+        if (!payload.sub) {
+            errors.push('Missing required field: sub (user ID)');
+        }
+        if (!payload.fullName) {
+            errors.push('Missing required field: fullName');
+        }
+        if (!Array.isArray(payload.role)) {
+            errors.push('Missing or invalid field: role (must be array)');
+        }
+        else {
+            const roleValidation = this.validateRoles(payload.role);
+            errors.push(...roleValidation.errors);
+            warnings.push(...roleValidation.warnings);
+        }
+        if (!Array.isArray(payload.permissions)) {
+            errors.push('Missing or invalid field: permissions (must be array)');
+        }
+        else {
+            const permissionValidation = this.validatePermissions(payload.permissions);
+            errors.push(...permissionValidation.errors);
+            warnings.push(...permissionValidation.warnings);
+        }
+        return {
+            isValid: errors.length === 0,
+            errors,
+            warnings,
+        };
+    }
+};
+exports.ContractXValidationService = ContractXValidationService;
+exports.ContractXValidationService = ContractXValidationService = __decorate([
+    (0, common_1.Injectable)()
+], ContractXValidationService);

package/dist/services/index.d.ts

@@ -0,0 +1,6 @@
+export * from './user-context.service';
+export * from './contractx-validation.service';
+export * from './contractx-authorization.service';
+export { ValidationResult, RoleValidationResult, PermissionValidationResult, UserValidationResult, } from './contractx-validation.service';
+export { AuthorizationContext, AuthorizationResult, AccessMatrix, } from './contractx-authorization.service';
+//# sourceMappingURL=index.d.ts.map

package/dist/services/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/services/index.ts"],"names":[],"mappings":"AACA,cAAc,wBAAwB,CAAC;AACvC,cAAc,gCAAgC,CAAC;AAC/C,cAAc,mCAAmC,CAAC;AAGlD,OAAO,EACL,gBAAgB,EAChB,oBAAoB,EACpB,0BAA0B,EAC1B,oBAAoB,GACrB,MAAM,gCAAgC,CAAC;AAExC,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACnB,YAAY,GACb,MAAM,mCAAmC,CAAC"}

package/dist/services/index.js

@@ -0,0 +1,20 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+// Service exports
+__exportStar(require("./user-context.service"), exports);
+__exportStar(require("./contractx-validation.service"), exports);
+__exportStar(require("./contractx-authorization.service"), exports);

package/dist/services/user-context.service.d.ts

@@ -0,0 +1,114 @@
+import { JwtPayload } from '../interfaces';
+/**
+ * Request-scoped service to manage current user context
+ * Provides convenient methods to access user information and check permissions
+ */
+export declare class UserContextService {
+    private user;
+    /**
+     * Set the current user context
+     * This is typically called by the authentication guard
+     */
+    setUser(user: JwtPayload): void;
+    /**
+     * Get the current authenticated user
+     */
+    getUser(): JwtPayload | null;
+    /**
+     * Get the current user's ID
+     */
+    getUserId(): string | null;
+    /**
+     * Get the current user's full name
+     */
+    getUserFullName(): string | null;
+    /**
+     * Get the current user's email
+     */
+    getUserEmail(): string | null;
+    /**
+     * Get the current user's client ID
+     */
+    getClientId(): string | null;
+    /**
+     * Get the current user's session ID
+     */
+    getSessionId(): string | null;
+    /**
+     * Get all user roles
+     */
+    getUserRoles(): string[];
+    /**
+     * Get all user permissions
+     */
+    getUserPermissions(): string[];
+    /**
+     * Check if user has a specific role
+     */
+    hasRole(role: string): boolean;
+    /**
+     * Check if user has any of the specified roles
+     */
+    hasAnyRole(roles: string[]): boolean;
+    /**
+     * Check if user has all of the specified roles
+     */
+    hasAllRoles(roles: string[]): boolean;
+    /**
+     * Check if user has a specific permission
+     */
+    hasPermission(permission: string): boolean;
+    /**
+     * Check if user has any of the specified permissions
+     */
+    hasAnyPermission(permissions: string[]): boolean;
+    /**
+     * Check if user has all of the specified permissions
+     */
+    hasAllPermissions(permissions: string[]): boolean;
+    /**
+     * Check if user is authenticated
+     */
+    isAuthenticated(): boolean;
+    /**
+     * Check if user is a superadmin
+     */
+    isSuperAdmin(): boolean;
+    /**
+     * Check if user has admin privileges (superadmin or contract admin)
+     */
+    isAdmin(): boolean;
+    /**
+     * Check if user has client-side role
+     */
+    isClientUser(): boolean;
+    /**
+     * Check if user has provider-side role
+     */
+    isProviderUser(): boolean;
+    /**
+     * Check if user can access a specific module based on permissions
+     */
+    canAccessModule(module: string): boolean;
+    /**
+     * Get user's permissions for a specific module
+     */
+    getModulePermissions(module: string): string[];
+    /**
+     * Check if user can perform a specific action on a module
+     */
+    canPerformAction(module: string, action: string): boolean;
+    /**
+     * Get user summary for logging/debugging
+     */
+    getUserSummary(): {
+        id: string | null;
+        name: string | null;
+        email: string | null;
+        roles: string[];
+        permissionCount: number;
+        isAdmin: boolean;
+        clientId: string | null;
+    };
+}
+//# sourceMappingURL=user-context.service.d.ts.map

package/dist/services/user-context.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"user-context.service.d.ts","sourceRoot":"","sources":["../../src/services/user-context.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAE3C;;;GAGG;AACH,qBACa,kBAAkB;IAC7B,OAAO,CAAC,IAAI,CAA2B;IAEvC;;;OAGG;IACH,OAAO,CAAC,IAAI,EAAE,UAAU,GAAG,IAAI;IAI/B;;OAEG;IACH,OAAO,IAAI,UAAU,GAAG,IAAI;IAI5B;;OAEG;IACH,SAAS,IAAI,MAAM,GAAG,IAAI;IAI1B;;OAEG;IACH,eAAe,IAAI,MAAM,GAAG,IAAI;IAIhC;;OAEG;IACH,YAAY,IAAI,MAAM,GAAG,IAAI;IAI7B;;OAEG;IACH,WAAW,IAAI,MAAM,GAAG,IAAI;IAI5B;;OAEG;IACH,YAAY,IAAI,MAAM,GAAG,IAAI;IAI7B;;OAEG;IACH,YAAY,IAAI,MAAM,EAAE;IAIxB;;OAEG;IACH,kBAAkB,IAAI,MAAM,EAAE;IAI9B;;OAEG;IACH,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAI9B;;OAEG;IACH,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO;IAKpC;;OAEG;IACH,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO;IAKrC;;OAEG;IACH,aAAa,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO;IAI1C;;OAEG;IACH,gBAAgB,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,OAAO;IAKhD;;OAEG;IACH,iBAAiB,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,OAAO;IAKjD;;OAEG;IACH,eAAe,IAAI,OAAO;IAI1B;;OAEG;IACH,YAAY,IAAI,OAAO;IAIvB;;OAEG;IACH,OAAO,IAAI,OAAO;IAQlB;;OAEG;IACH,YAAY,IAAI,OAAO;IAWvB;;OAEG;IACH,cAAc,IAAI,OAAO;IAWzB;;OAEG;IACH,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IAOxC;;OAEG;IACH,oBAAoB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE;IAM9C;;OAEG;IACH,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO;IAIzD;;OAEG;IACH,cAAc,IAAI;QAChB,EAAE,EAAE,MAAM,GAAG,IAAI,CAAC;QAClB,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;QACpB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;QACrB,KAAK,EAAE,MAAM,EAAE,CAAC;QAChB,eAAe,EAAE,MAAM,CAAC;QACxB,OAAO,EAAE,OAAO,CAAC;QACjB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;KACzB;CAWF"}

package/dist/services/user-context.service.js

@@ -0,0 +1,199 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UserContextService = void 0;
+const common_1 = require("@nestjs/common");
+/**
+ * Request-scoped service to manage current user context
+ * Provides convenient methods to access user information and check permissions
+ */
+let UserContextService = class UserContextService {
+    constructor() {
+        this.user = null;
+    }
+    /**
+     * Set the current user context
+     * This is typically called by the authentication guard
+     */
+    setUser(user) {
+        this.user = user;
+    }
+    /**
+     * Get the current authenticated user
+     */
+    getUser() {
+        return this.user;
+    }
+    /**
+     * Get the current user's ID
+     */
+    getUserId() {
+        return this.user?.sub || null;
+    }
+    /**
+     * Get the current user's full name
+     */
+    getUserFullName() {
+        return this.user?.fullName || null;
+    }
+    /**
+     * Get the current user's email
+     */
+    getUserEmail() {
+        return this.user?.email || null;
+    }
+    /**
+     * Get the current user's client ID
+     */
+    getClientId() {
+        return this.user?.clientId || null;
+    }
+    /**
+     * Get the current user's session ID
+     */
+    getSessionId() {
+        return this.user?.sessionId || null;
+    }
+    /**
+     * Get all user roles
+     */
+    getUserRoles() {
+        return this.user?.role || [];
+    }
+    /**
+     * Get all user permissions
+     */
+    getUserPermissions() {
+        return this.user?.permissions || [];
+    }
+    /**
+     * Check if user has a specific role
+     */
+    hasRole(role) {
+        return this.getUserRoles().includes(role);
+    }
+    /**
+     * Check if user has any of the specified roles
+     */
+    hasAnyRole(roles) {
+        const userRoles = this.getUserRoles();
+        return roles.some(role => userRoles.includes(role));
+    }
+    /**
+     * Check if user has all of the specified roles
+     */
+    hasAllRoles(roles) {
+        const userRoles = this.getUserRoles();
+        return roles.every(role => userRoles.includes(role));
+    }
+    /**
+     * Check if user has a specific permission
+     */
+    hasPermission(permission) {
+        return this.getUserPermissions().includes(permission);
+    }
+    /**
+     * Check if user has any of the specified permissions
+     */
+    hasAnyPermission(permissions) {
+        const userPermissions = this.getUserPermissions();
+        return permissions.some(permission => userPermissions.includes(permission));
+    }
+    /**
+     * Check if user has all of the specified permissions
+     */
+    hasAllPermissions(permissions) {
+        const userPermissions = this.getUserPermissions();
+        return permissions.every(permission => userPermissions.includes(permission));
+    }
+    /**
+     * Check if user is authenticated
+     */
+    isAuthenticated() {
+        return this.user !== null;
+    }
+    /**
+     * Check if user is a superadmin
+     */
+    isSuperAdmin() {
+        return this.hasRole('superadmin');
+    }
+    /**
+     * Check if user has admin privileges (superadmin or contract admin)
+     */
+    isAdmin() {
+        return this.hasAnyRole([
+            'superadmin',
+            'client_contract_admin',
+            'provider_contract_admin',
+        ]);
+    }
+    /**
+     * Check if user has client-side role
+     */
+    isClientUser() {
+        return this.hasAnyRole([
+            'client_contract_admin',
+            'client_performance_manager',
+            'client_finance_manager',
+            'client_reports_manager',
+            'client_relationship_manager',
+            'client_risk_manager',
+        ]);
+    }
+    /**
+     * Check if user has provider-side role
+     */
+    isProviderUser() {
+        return this.hasAnyRole([
+            'provider_contract_admin',
+            'provider_performance_manager',
+            'provider_finance_manager',
+            'provider_reports_manager',
+            'provider_relationship_manager',
+            'provider_risk_manager',
+        ]);
+    }
+    /**
+     * Check if user can access a specific module based on permissions
+     */
+    canAccessModule(module) {
+        const modulePermissions = this.getUserPermissions().filter(permission => permission.startsWith(`${module}.`));
+        return modulePermissions.length > 0;
+    }
+    /**
+     * Get user's permissions for a specific module
+     */
+    getModulePermissions(module) {
+        return this.getUserPermissions().filter(permission => permission.startsWith(`${module}.`));
+    }
+    /**
+     * Check if user can perform a specific action on a module
+     */
+    canPerformAction(module, action) {
+        return this.hasPermission(`${module}.${action}`);
+    }
+    /**
+     * Get user summary for logging/debugging
+     */
+    getUserSummary() {
+        return {
+            id: this.getUserId(),
+            name: this.getUserFullName(),
+            email: this.getUserEmail(),
+            roles: this.getUserRoles(),
+            permissionCount: this.getUserPermissions().length,
+            isAdmin: this.isAdmin(),
+            clientId: this.getClientId(),
+        };
+    }
+};
+exports.UserContextService = UserContextService;
+exports.UserContextService = UserContextService = __decorate([
+    (0, common_1.Injectable)({ scope: common_1.Scope.REQUEST })
+], UserContextService);

package/dist/test-document-compliance.d.ts

@@ -0,0 +1,7 @@
+#!/usr/bin/env node
+/**
+ * Test script to validate permissions-contractx package compliance with PermisosRoles.odt document
+ */
+declare function main(): Promise<void>;
+export { main as testDocumentCompliance };
+//# sourceMappingURL=test-document-compliance.d.ts.map

package/dist/test-document-compliance.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"test-document-compliance.d.ts","sourceRoot":"","sources":["../src/test-document-compliance.ts"],"names":[],"mappings":";AACA;;GAEG;AAiBH,iBAAe,IAAI,kBA2GlB;AAOD,OAAO,EAAE,IAAI,IAAI,sBAAsB,EAAE,CAAC"}