npm - permissions-contractx - Versions diffs - 1.0.0 - Mend

permissions-contractx 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (75) hide show

package/LICENSE +21 -0
package/README.md +1397 -0
package/dist/constants/contractx-permissions.constants.d.ts +310 -0
package/dist/constants/contractx-permissions.constants.d.ts.map +1 -0
package/dist/constants/contractx-permissions.constants.js +1061 -0
package/dist/constants/contractx-roles.constants.d.ts +295 -0
package/dist/constants/contractx-roles.constants.d.ts.map +1 -0
package/dist/constants/contractx-roles.constants.js +238 -0
package/dist/constants/index.d.ts +3 -0
package/dist/constants/index.d.ts.map +1 -0
package/dist/constants/index.js +18 -0
package/dist/constants/security.constants.d.ts +77 -0
package/dist/constants/security.constants.d.ts.map +1 -0
package/dist/constants/security.constants.js +139 -0
package/dist/decorators/current-user.decorator.d.ts +73 -0
package/dist/decorators/current-user.decorator.d.ts.map +1 -0
package/dist/decorators/current-user.decorator.js +91 -0
package/dist/decorators/index.d.ts +5 -0
package/dist/decorators/index.d.ts.map +1 -0
package/dist/decorators/index.js +20 -0
package/dist/decorators/permissions.decorator.d.ts +97 -0
package/dist/decorators/permissions.decorator.d.ts.map +1 -0
package/dist/decorators/permissions.decorator.js +106 -0
package/dist/decorators/public.decorator.d.ts +18 -0
package/dist/decorators/public.decorator.d.ts.map +1 -0
package/dist/decorators/public.decorator.js +22 -0
package/dist/decorators/roles.decorator.d.ts +79 -0
package/dist/decorators/roles.decorator.d.ts.map +1 -0
package/dist/decorators/roles.decorator.js +87 -0
package/dist/guards/index.d.ts +4 -0
package/dist/guards/index.d.ts.map +1 -0
package/dist/guards/index.js +19 -0
package/dist/guards/jwt-auth.guard.d.ts +21 -0
package/dist/guards/jwt-auth.guard.d.ts.map +1 -0
package/dist/guards/jwt-auth.guard.js +115 -0
package/dist/guards/permissions.guard.d.ts +14 -0
package/dist/guards/permissions.guard.d.ts.map +1 -0
package/dist/guards/permissions.guard.js +77 -0
package/dist/guards/roles.guard.d.ts +13 -0
package/dist/guards/roles.guard.d.ts.map +1 -0
package/dist/guards/roles.guard.js +59 -0
package/dist/index.d.ts +8 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +28 -0
package/dist/interfaces/index.d.ts +2 -0
package/dist/interfaces/index.d.ts.map +1 -0
package/dist/interfaces/index.js +17 -0
package/dist/interfaces/jwt-payload.interface.d.ts +93 -0
package/dist/interfaces/jwt-payload.interface.d.ts.map +1 -0
package/dist/interfaces/jwt-payload.interface.js +2 -0
package/dist/modules/index.d.ts +2 -0
package/dist/modules/index.d.ts.map +1 -0
package/dist/modules/index.js +17 -0
package/dist/modules/permissions-contractx.module.d.ts +41 -0
package/dist/modules/permissions-contractx.module.d.ts.map +1 -0
package/dist/modules/permissions-contractx.module.js +215 -0
package/dist/services/contractx-authorization.service.d.ts +107 -0
package/dist/services/contractx-authorization.service.d.ts.map +1 -0
package/dist/services/contractx-authorization.service.js +362 -0
package/dist/services/contractx-document-compliance.service.d.ts +85 -0
package/dist/services/contractx-document-compliance.service.d.ts.map +1 -0
package/dist/services/contractx-document-compliance.service.js +536 -0
package/dist/services/contractx-validation.service.d.ts +76 -0
package/dist/services/contractx-validation.service.d.ts.map +1 -0
package/dist/services/contractx-validation.service.js +305 -0
package/dist/services/index.d.ts +6 -0
package/dist/services/index.d.ts.map +1 -0
package/dist/services/index.js +20 -0
package/dist/services/user-context.service.d.ts +114 -0
package/dist/services/user-context.service.d.ts.map +1 -0
package/dist/services/user-context.service.js +199 -0
package/dist/test-document-compliance.d.ts +7 -0
package/dist/test-document-compliance.d.ts.map +1 -0
package/dist/test-document-compliance.js +118 -0
package/package.json +405 -0

package/dist/constants/security.constants.js ADDED Viewed

@@ -0,0 +1,139 @@
+"use strict";
+// ===================================================================
+// ContractX ODS (Operational Data Store) Security Constants
+// ===================================================================
+//
+// Complete ODS implementation with:
+// - 16 specialized roles from Excel specification
+// - 23 system modules with full CRUD+Show+Filter permissions
+// - Complete tenant isolation support
+// - Exact permission matrix implementation
+//
+// Version: 2.0.0 - ODS Complete Implementation
+// ===================================================================
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MODULE_CONSTANTS = exports.ROLE_GROUPS = exports.PERMISSION_CATEGORIES = exports.ROLE_HIERARCHY = exports.CONTRACTX_ROLES = void 0;
+/**
+ * ODS Roles - Exact 16 roles from Excel specification
+ * Implements complete role hierarchy for client/provider contract management
+ */
+exports.CONTRACTX_ROLES = {
+    // === SYSTEM ROLE ===
+    SUPERADMIN: 'superadmin', // ID: 1 - Full access to all modules
+    // === CLIENT-SIDE ROLES ===
+    CLIENT_CONTRACT_ADMIN: 'client_contract_admin', // ID: 2 - Full contract management for assigned client
+    CLIENT_PERFORMANCE_RESP: 'client_performance_resp', // ID: 3 - Performance responsibility role
+    CLIENT_FINANCE_RESP: 'client_finance_resp', // ID: 4 - Financial responsibility role
+    CLIENT_REPORTS_RESP: 'client_reports_resp', // ID: 5 - Reporting responsibility role
+    CLIENT_RELATIONSHIP_RESP: 'client_relationship_resp', // ID: 6 - Relationship management role
+    CLIENT_RISK_RESP: 'client_risk_resp', // ID: 7 - Risk management role
+    // === PROVIDER-SIDE ROLES ===
+    PROVIDER_CONTRACT_ADMIN: 'provider_contract_admin', // ID: 8 - Provider contract administrator
+    PROVIDER_PERFORMANCE_RESP: 'provider_performance_resp', // ID: 9 - Provider performance responsibility
+    PROVIDER_FINANCE_RESP: 'provider_finance_resp', // ID: 10 - Provider financial responsibility
+    PROVIDER_REPORTS_RESP: 'provider_reports_resp', // ID: 11 - Provider reporting responsibility
+    PROVIDER_RELATIONSHIP_RESP: 'provider_relationship_resp', // ID: 12 - Provider relationship management
+    PROVIDER_RISK_RESP: 'provider_risk_resp', // ID: 13 - Provider risk management
+    // === SYSTEM SUPPORT ROLE ===
+    SUPPORT: 'support', // ID: 17 - Support role with broad access (moved from 14 to 17)
+};
+/**
+ * ODS Role Hierarchy Levels - Exact hierarchy from Excel specification
+ * Higher numbers indicate higher privileges
+ */
+exports.ROLE_HIERARCHY = {
+    [exports.CONTRACTX_ROLES.SUPERADMIN]: 100, // System-wide super admin
+    [exports.CONTRACTX_ROLES.SUPPORT]: 85, // Support role with broad access
+    // Client-side roles
+    [exports.CONTRACTX_ROLES.CLIENT_CONTRACT_ADMIN]: 80, // Full contract management for client
+    [exports.CONTRACTX_ROLES.CLIENT_PERFORMANCE_RESP]: 70, // Client performance responsibility
+    [exports.CONTRACTX_ROLES.CLIENT_FINANCE_RESP]: 70, // Client financial responsibility
+    [exports.CONTRACTX_ROLES.CLIENT_REPORTS_RESP]: 65, // Client reporting responsibility
+    [exports.CONTRACTX_ROLES.CLIENT_RELATIONSHIP_RESP]: 65, // Client relationship management
+    [exports.CONTRACTX_ROLES.CLIENT_RISK_RESP]: 65, // Client risk management
+    // Provider-side roles
+    [exports.CONTRACTX_ROLES.PROVIDER_CONTRACT_ADMIN]: 80, // Provider contract administrator
+    [exports.CONTRACTX_ROLES.PROVIDER_PERFORMANCE_RESP]: 70, // Provider performance responsibility
+    [exports.CONTRACTX_ROLES.PROVIDER_FINANCE_RESP]: 70, // Provider financial responsibility
+    [exports.CONTRACTX_ROLES.PROVIDER_REPORTS_RESP]: 65, // Provider reporting responsibility
+    [exports.CONTRACTX_ROLES.PROVIDER_RELATIONSHIP_RESP]: 65, // Provider relationship management
+    [exports.CONTRACTX_ROLES.PROVIDER_RISK_RESP]: 65, // Provider risk management
+};
+/**
+ * Permission Categories for organization
+ */
+exports.PERMISSION_CATEGORIES = {
+    USER_MANAGEMENT: 'User Management',
+    ROLE_MANAGEMENT: 'Role Management',
+    PERMISSION_MANAGEMENT: 'Permission Management',
+    CLIENT_MANAGEMENT: 'Client Management',
+    PROVIDER_MANAGEMENT: 'Provider Management',
+    CONTRACT_MANAGEMENT: 'Contract Management',
+    DOCUMENT_MANAGEMENT: 'Document Management',
+    DELIVERABLE_MANAGEMENT: 'Deliverable Management',
+    PERFORMANCE_MANAGEMENT: 'Performance Management',
+    FINANCIAL_MANAGEMENT: 'Financial Management',
+    COMMUNICATION_MANAGEMENT: 'Communication Management',
+    SYSTEM_ADMINISTRATION: 'System Administration',
+};
+/**
+ * ODS Role Groups for easy assignment and management
+ */
+exports.ROLE_GROUPS = {
+    ADMIN_ROLES: [
+        exports.CONTRACTX_ROLES.SUPERADMIN,
+        exports.CONTRACTX_ROLES.CLIENT_CONTRACT_ADMIN,
+        exports.CONTRACTX_ROLES.PROVIDER_CONTRACT_ADMIN,
+    ],
+    CLIENT_ROLES: [
+        exports.CONTRACTX_ROLES.CLIENT_CONTRACT_ADMIN,
+        exports.CONTRACTX_ROLES.CLIENT_PERFORMANCE_RESP,
+        exports.CONTRACTX_ROLES.CLIENT_FINANCE_RESP,
+        exports.CONTRACTX_ROLES.CLIENT_REPORTS_RESP,
+        exports.CONTRACTX_ROLES.CLIENT_RELATIONSHIP_RESP,
+        exports.CONTRACTX_ROLES.CLIENT_RISK_RESP,
+    ],
+    PROVIDER_ROLES: [
+        exports.CONTRACTX_ROLES.PROVIDER_CONTRACT_ADMIN,
+        exports.CONTRACTX_ROLES.PROVIDER_PERFORMANCE_RESP,
+        exports.CONTRACTX_ROLES.PROVIDER_FINANCE_RESP,
+        exports.CONTRACTX_ROLES.PROVIDER_REPORTS_RESP,
+        exports.CONTRACTX_ROLES.PROVIDER_RELATIONSHIP_RESP,
+        exports.CONTRACTX_ROLES.PROVIDER_RISK_RESP,
+    ],
+    MANAGER_ROLES: [
+        exports.CONTRACTX_ROLES.CLIENT_CONTRACT_ADMIN,
+        exports.CONTRACTX_ROLES.PROVIDER_CONTRACT_ADMIN,
+        exports.CONTRACTX_ROLES.CLIENT_PERFORMANCE_RESP,
+        exports.CONTRACTX_ROLES.PROVIDER_PERFORMANCE_RESP,
+        exports.CONTRACTX_ROLES.CLIENT_FINANCE_RESP,
+        exports.CONTRACTX_ROLES.PROVIDER_FINANCE_RESP,
+    ],
+    VIEWER_ROLES: [
+        exports.CONTRACTX_ROLES.CLIENT_REPORTS_RESP,
+        exports.CONTRACTX_ROLES.PROVIDER_REPORTS_RESP,
+    ],
+    RESPONSIBILITY_ROLES: [
+        exports.CONTRACTX_ROLES.CLIENT_PERFORMANCE_RESP,
+        exports.CONTRACTX_ROLES.CLIENT_FINANCE_RESP,
+        exports.CONTRACTX_ROLES.CLIENT_REPORTS_RESP,
+        exports.CONTRACTX_ROLES.CLIENT_RELATIONSHIP_RESP,
+        exports.CONTRACTX_ROLES.CLIENT_RISK_RESP,
+        exports.CONTRACTX_ROLES.PROVIDER_PERFORMANCE_RESP,
+        exports.CONTRACTX_ROLES.PROVIDER_FINANCE_RESP,
+        exports.CONTRACTX_ROLES.PROVIDER_REPORTS_RESP,
+        exports.CONTRACTX_ROLES.PROVIDER_RELATIONSHIP_RESP,
+        exports.CONTRACTX_ROLES.PROVIDER_RISK_RESP,
+    ],
+    SYSTEM_ROLES: [
+        exports.CONTRACTX_ROLES.SUPERADMIN,
+        exports.CONTRACTX_ROLES.SUPPORT,
+    ],
+};
+/**
+ * Module constants for metadata
+ */
+exports.MODULE_CONSTANTS = {
+    MODULE_OPTIONS_TOKEN: 'PERMISSIONS_CONTRACTX_MODULE_OPTIONS',
+    JWT_CONFIG_TOKEN: 'PERMISSIONS_CONTRACTX_JWT_CONFIG',
+};

package/dist/decorators/current-user.decorator.d.ts ADDED Viewed

@@ -0,0 +1,73 @@
+import { JwtPayload } from '../interfaces';
+/**
+ * Parameter decorator to inject the current authenticated user into a route handler
+ *
+ * @param data - Optional property name to extract from user object
+ * @param ctx - Execution context
+ * @returns The user object or specific property
+ *
+ * @example
+ * ```typescript
+ * // Get full user object
+ * @Get('profile')
+ * getProfile(@CurrentUser() user: JwtPayload) {
+ *   return user;
+ * }
+ *
+ * // Get specific user property
+ * @Post('action')
+ * performAction(@CurrentUser('sub') userId: string) {
+ *   // Only gets the user ID
+ * }
+ * ```
+ */
+export declare const CurrentUser: (...dataOrPipes: (keyof JwtPayload | import("@nestjs/common").PipeTransform<any, any> | import("@nestjs/common").Type<import("@nestjs/common").PipeTransform<any, any>> | undefined)[]) => ParameterDecorator;
+/**
+ * Decorator to get current user's ID
+ *
+ * @example
+ * ```typescript
+ * @Post('create')
+ * createResource(@UserId() userId: string) {
+ *   // Gets user.sub as userId
+ * }
+ * ```
+ */
+export declare const UserId: (...dataOrPipes: unknown[]) => ParameterDecorator;
+/**
+ * Decorator to get current user's roles
+ *
+ * @example
+ * ```typescript
+ * @Get('roles')
+ * getUserRoles(@UserRoles() roles: string[]) {
+ *   return { roles };
+ * }
+ * ```
+ */
+export declare const UserRoles: (...dataOrPipes: unknown[]) => ParameterDecorator;
+/**
+ * Decorator to get current user's permissions
+ *
+ * @example
+ * ```typescript
+ * @Get('permissions')
+ * getUserPermissions(@UserPermissions() permissions: string[]) {
+ *   return { permissions };
+ * }
+ * ```
+ */
+export declare const UserPermissions: (...dataOrPipes: unknown[]) => ParameterDecorator;
+/**
+ * Decorator to get current user's client ID
+ *
+ * @example
+ * ```typescript
+ * @Get('client-data')
+ * getClientData(@UserClientId() clientId: string) {
+ *   // Gets user.clientId
+ * }
+ * ```
+ */
+export declare const UserClientId: (...dataOrPipes: unknown[]) => ParameterDecorator;
+//# sourceMappingURL=current-user.decorator.d.ts.map

package/dist/decorators/current-user.decorator.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"current-user.decorator.d.ts","sourceRoot":"","sources":["../../src/decorators/current-user.decorator.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAE3C;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,eAAO,MAAM,WAAW,+MAOvB,CAAC;AAEF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,MAAM,mDAKlB,CAAC;AAEF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,SAAS,mDAKrB,CAAC;AAEF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,eAAe,mDAK3B,CAAC;AAEF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,YAAY,mDAKxB,CAAC"}

package/dist/decorators/current-user.decorator.js ADDED Viewed

@@ -0,0 +1,91 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UserClientId = exports.UserPermissions = exports.UserRoles = exports.UserId = exports.CurrentUser = void 0;
+const common_1 = require("@nestjs/common");
+/**
+ * Parameter decorator to inject the current authenticated user into a route handler
+ *
+ * @param data - Optional property name to extract from user object
+ * @param ctx - Execution context
+ * @returns The user object or specific property
+ *
+ * @example
+ * ```typescript
+ * // Get full user object
+ * @Get('profile')
+ * getProfile(@CurrentUser() user: JwtPayload) {
+ *   return user;
+ * }
+ *
+ * // Get specific user property
+ * @Post('action')
+ * performAction(@CurrentUser('sub') userId: string) {
+ *   // Only gets the user ID
+ * }
+ * ```
+ */
+exports.CurrentUser = (0, common_1.createParamDecorator)((data, ctx) => {
+    const request = ctx.switchToHttp().getRequest();
+    const user = request.user;
+    return data ? user?.[data] : user;
+});
+/**
+ * Decorator to get current user's ID
+ *
+ * @example
+ * ```typescript
+ * @Post('create')
+ * createResource(@UserId() userId: string) {
+ *   // Gets user.sub as userId
+ * }
+ * ```
+ */
+exports.UserId = (0, common_1.createParamDecorator)((_data, ctx) => {
+    const request = ctx.switchToHttp().getRequest();
+    return request.user?.sub;
+});
+/**
+ * Decorator to get current user's roles
+ *
+ * @example
+ * ```typescript
+ * @Get('roles')
+ * getUserRoles(@UserRoles() roles: string[]) {
+ *   return { roles };
+ * }
+ * ```
+ */
+exports.UserRoles = (0, common_1.createParamDecorator)((_data, ctx) => {
+    const request = ctx.switchToHttp().getRequest();
+    return request.user?.role || [];
+});
+/**
+ * Decorator to get current user's permissions
+ *
+ * @example
+ * ```typescript
+ * @Get('permissions')
+ * getUserPermissions(@UserPermissions() permissions: string[]) {
+ *   return { permissions };
+ * }
+ * ```
+ */
+exports.UserPermissions = (0, common_1.createParamDecorator)((_data, ctx) => {
+    const request = ctx.switchToHttp().getRequest();
+    return request.user?.permissions || [];
+});
+/**
+ * Decorator to get current user's client ID
+ *
+ * @example
+ * ```typescript
+ * @Get('client-data')
+ * getClientData(@UserClientId() clientId: string) {
+ *   // Gets user.clientId
+ * }
+ * ```
+ */
+exports.UserClientId = (0, common_1.createParamDecorator)((_data, ctx) => {
+    const request = ctx.switchToHttp().getRequest();
+    return request.user?.clientId;
+});

package/dist/decorators/index.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+export * from './public.decorator';
+export * from './roles.decorator';
+export * from './permissions.decorator';
+export * from './current-user.decorator';
+//# sourceMappingURL=index.d.ts.map

package/dist/decorators/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/decorators/index.ts"],"names":[],"mappings":"AAAA,cAAc,oBAAoB,CAAC;AACnC,cAAc,mBAAmB,CAAC;AAClC,cAAc,yBAAyB,CAAC;AACxC,cAAc,0BAA0B,CAAC"}

package/dist/decorators/index.js ADDED Viewed

@@ -0,0 +1,20 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./public.decorator"), exports);
+__exportStar(require("./roles.decorator"), exports);
+__exportStar(require("./permissions.decorator"), exports);
+__exportStar(require("./current-user.decorator"), exports);

package/dist/decorators/permissions.decorator.d.ts ADDED Viewed

@@ -0,0 +1,97 @@
+/**
+ * Metadata key for required permissions
+ */
+export declare const PERMISSIONS_KEY = "permissions";
+/**
+ * Decorator to specify required permissions for accessing a route.
+ * Can be applied at controller or method level.
+ * User must have all specified permissions (AND logic).
+ *
+ * @param permissions - Array of permission codes required to access the route
+ *
+ * @example
+ * ```typescript
+ * @RequirePermissions('users.create', 'users.update')
+ * @Post('users')
+ * createUser() {
+ *   // User must have both users.create AND users.update permissions
+ * }
+ * ```
+ */
+export declare const RequirePermissions: (...permissions: string[]) => import("@nestjs/common").CustomDecorator<string>;
+/**
+ * Decorator requiring any of the specified permissions (OR logic)
+ *
+ * @param permissions - Array of permission codes, user needs at least one
+ *
+ * @example
+ * ```typescript
+ * @RequireAnyPermission('users.read', 'users.show')
+ * @Get('users/:id')
+ * getUser() {
+ *   // User needs either users.read OR users.show permission
+ * }
+ * ```
+ */
+export declare const RequireAnyPermission: (...permissions: string[]) => import("@nestjs/common").CustomDecorator<string>;
+/**
+ * Decorator for read access (show, read, filter)
+ *
+ * @param module - Module name (e.g., 'users', 'contracts')
+ *
+ * @example
+ * ```typescript
+ * @ReadAccess('users')
+ * @Get('users')
+ * getUsers() {
+ *   // User needs users.read, users.show, or users.filter permission
+ * }
+ * ```
+ */
+export declare const ReadAccess: (module: string) => import("@nestjs/common").CustomDecorator<string>;
+/**
+ * Decorator for write access (create, update)
+ *
+ * @param module - Module name (e.g., 'users', 'contracts')
+ *
+ * @example
+ * ```typescript
+ * @WriteAccess('users')
+ * @Put('users/:id')
+ * updateUser() {
+ *   // User needs users.create or users.update permission
+ * }
+ * ```
+ */
+export declare const WriteAccess: (module: string) => import("@nestjs/common").CustomDecorator<string>;
+/**
+ * Decorator for delete access
+ *
+ * @param module - Module name (e.g., 'users', 'contracts')
+ *
+ * @example
+ * ```typescript
+ * @DeleteAccess('users')
+ * @Delete('users/:id')
+ * deleteUser() {
+ *   // User needs users.delete permission
+ * }
+ * ```
+ */
+export declare const DeleteAccess: (module: string) => import("@nestjs/common").CustomDecorator<string>;
+/**
+ * Decorator for full CRUD access to a module
+ *
+ * @param module - Module name (e.g., 'users', 'contracts')
+ *
+ * @example
+ * ```typescript
+ * @FullAccess('users')
+ * @Controller('users')
+ * export class UsersController {
+ *   // All methods require full user module access
+ * }
+ * ```
+ */
+export declare const FullAccess: (module: string) => import("@nestjs/common").CustomDecorator<string>;
+//# sourceMappingURL=permissions.decorator.d.ts.map

package/dist/decorators/permissions.decorator.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"permissions.decorator.d.ts","sourceRoot":"","sources":["../../src/decorators/permissions.decorator.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,eAAO,MAAM,eAAe,gBAAgB,CAAC;AAE7C;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,kBAAkB,GAAI,GAAG,aAAa,MAAM,EAAE,qDAChB,CAAC;AAE5C;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,oBAAoB,GAAI,GAAG,aAAa,MAAM,EAAE,qDACjB,CAAC;AAE7C;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,UAAU,GAAI,QAAQ,MAAM,qDAKtC,CAAC;AAEJ;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,WAAW,GAAI,QAAQ,MAAM,qDAIvC,CAAC;AAEJ;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,YAAY,GAAI,QAAQ,MAAM,qDACH,CAAC;AAEzC;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,UAAU,GAAI,QAAQ,MAAM,qDAQtC,CAAC"}

package/dist/decorators/permissions.decorator.js ADDED Viewed

@@ -0,0 +1,106 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FullAccess = exports.DeleteAccess = exports.WriteAccess = exports.ReadAccess = exports.RequireAnyPermission = exports.RequirePermissions = exports.PERMISSIONS_KEY = void 0;
+const common_1 = require("@nestjs/common");
+/**
+ * Metadata key for required permissions
+ */
+exports.PERMISSIONS_KEY = 'permissions';
+/**
+ * Decorator to specify required permissions for accessing a route.
+ * Can be applied at controller or method level.
+ * User must have all specified permissions (AND logic).
+ *
+ * @param permissions - Array of permission codes required to access the route
+ *
+ * @example
+ * ```typescript
+ * @RequirePermissions('users.create', 'users.update')
+ * @Post('users')
+ * createUser() {
+ *   // User must have both users.create AND users.update permissions
+ * }
+ * ```
+ */
+const RequirePermissions = (...permissions) => (0, common_1.SetMetadata)(exports.PERMISSIONS_KEY, permissions);
+exports.RequirePermissions = RequirePermissions;
+/**
+ * Decorator requiring any of the specified permissions (OR logic)
+ *
+ * @param permissions - Array of permission codes, user needs at least one
+ *
+ * @example
+ * ```typescript
+ * @RequireAnyPermission('users.read', 'users.show')
+ * @Get('users/:id')
+ * getUser() {
+ *   // User needs either users.read OR users.show permission
+ * }
+ * ```
+ */
+const RequireAnyPermission = (...permissions) => (0, common_1.SetMetadata)('anyPermissions', permissions);
+exports.RequireAnyPermission = RequireAnyPermission;
+/**
+ * Decorator for read access (show, read, filter)
+ *
+ * @param module - Module name (e.g., 'users', 'contracts')
+ *
+ * @example
+ * ```typescript
+ * @ReadAccess('users')
+ * @Get('users')
+ * getUsers() {
+ *   // User needs users.read, users.show, or users.filter permission
+ * }
+ * ```
+ */
+const ReadAccess = (module) => (0, exports.RequireAnyPermission)(`${module}.read`, `${module}.show`, `${module}.filter`);
+exports.ReadAccess = ReadAccess;
+/**
+ * Decorator for write access (create, update)
+ *
+ * @param module - Module name (e.g., 'users', 'contracts')
+ *
+ * @example
+ * ```typescript
+ * @WriteAccess('users')
+ * @Put('users/:id')
+ * updateUser() {
+ *   // User needs users.create or users.update permission
+ * }
+ * ```
+ */
+const WriteAccess = (module) => (0, exports.RequireAnyPermission)(`${module}.create`, `${module}.update`);
+exports.WriteAccess = WriteAccess;
+/**
+ * Decorator for delete access
+ *
+ * @param module - Module name (e.g., 'users', 'contracts')
+ *
+ * @example
+ * ```typescript
+ * @DeleteAccess('users')
+ * @Delete('users/:id')
+ * deleteUser() {
+ *   // User needs users.delete permission
+ * }
+ * ```
+ */
+const DeleteAccess = (module) => (0, exports.RequirePermissions)(`${module}.delete`);
+exports.DeleteAccess = DeleteAccess;
+/**
+ * Decorator for full CRUD access to a module
+ *
+ * @param module - Module name (e.g., 'users', 'contracts')
+ *
+ * @example
+ * ```typescript
+ * @FullAccess('users')
+ * @Controller('users')
+ * export class UsersController {
+ *   // All methods require full user module access
+ * }
+ * ```
+ */
+const FullAccess = (module) => (0, exports.RequireAnyPermission)(`${module}.create`, `${module}.read`, `${module}.update`, `${module}.delete`, `${module}.show`, `${module}.filter`);
+exports.FullAccess = FullAccess;

package/dist/decorators/public.decorator.d.ts ADDED Viewed

@@ -0,0 +1,18 @@
+/**
+ * Metadata key for public routes
+ */
+export declare const IS_PUBLIC_KEY = "isPublic";
+/**
+ * Decorator to mark routes as public (no authentication required)
+ *
+ * @example
+ * ```typescript
+ * @Public()
+ * @Get('health')
+ * getHealth() {
+ *   return { status: 'OK' };
+ * }
+ * ```
+ */
+export declare const Public: () => import("@nestjs/common").CustomDecorator<string>;
+//# sourceMappingURL=public.decorator.d.ts.map

package/dist/decorators/public.decorator.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"public.decorator.d.ts","sourceRoot":"","sources":["../../src/decorators/public.decorator.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,eAAO,MAAM,aAAa,aAAa,CAAC;AAExC;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,MAAM,wDAAyC,CAAC"}

package/dist/decorators/public.decorator.js ADDED Viewed

@@ -0,0 +1,22 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Public = exports.IS_PUBLIC_KEY = void 0;
+const common_1 = require("@nestjs/common");
+/**
+ * Metadata key for public routes
+ */
+exports.IS_PUBLIC_KEY = 'isPublic';
+/**
+ * Decorator to mark routes as public (no authentication required)
+ *
+ * @example
+ * ```typescript
+ * @Public()
+ * @Get('health')
+ * getHealth() {
+ *   return { status: 'OK' };
+ * }
+ * ```
+ */
+const Public = () => (0, common_1.SetMetadata)(exports.IS_PUBLIC_KEY, true);
+exports.Public = Public;

package/dist/decorators/roles.decorator.d.ts ADDED Viewed

@@ -0,0 +1,79 @@
+/**
+ * Metadata key for required roles
+ */
+export declare const ROLES_KEY = "roles";
+/**
+ * Decorator to specify required roles for accessing a route.
+ * Can be applied at controller or method level.
+ * User must have at least one of the specified roles (OR logic).
+ *
+ * @param roles - Array of role names required to access the route
+ *
+ * @example
+ * ```typescript
+ * @Roles('superadmin', 'client_contract_admin')
+ * @Get('admin-data')
+ * getAdminData() {
+ *   // Only users with superadmin OR client_contract_admin role
+ * }
+ * ```
+ */
+export declare const Roles: (...roles: string[]) => import("@nestjs/common").CustomDecorator<string>;
+/**
+ * Decorator for ContractX specific admin roles
+ *
+ * @example
+ * ```typescript
+ * @AdminOnly()
+ * @Delete(':id')
+ * deleteResource() {
+ *   // Only admin roles can access
+ * }
+ * ```
+ */
+export declare const AdminOnly: () => import("@nestjs/common").CustomDecorator<string>;
+/**
+ * Decorator for client-side roles only
+ *
+ * @example
+ * ```typescript
+ * @ClientOnly()
+ * @Get('client-data')
+ * getClientData() {
+ *   // Only client-side roles can access
+ * }
+ * ```
+ */
+export declare const ClientOnly: () => import("@nestjs/common").CustomDecorator<string>;
+/**
+ * Decorator for provider-side roles only
+ *
+ * @example
+ * ```typescript
+ * @ProviderOnly()
+ * @Get('provider-data')
+ * getProviderData() {
+ *   // Only provider-side roles can access
+ * }
+ * ```
+ */
+export declare const ProviderOnly: () => import("@nestjs/common").CustomDecorator<string>;
+/**
+ * Decorator for superadmin access only
+ *
+ * @example
+ * ```typescript
+ * @SuperAdminOnly()
+ * @Post('system/configure')
+ * configureSystem() {
+ *   // Only superadmin can access
+ * }
+ * ```
+ */
+export declare const SuperAdminOnly: () => import("@nestjs/common").CustomDecorator<string>;
+/**
+ * Alias for Roles decorator for backward compatibility
+ * @deprecated Use Roles instead
+ */
+export declare const RequireRoles: (...roles: string[]) => import("@nestjs/common").CustomDecorator<string>;
+//# sourceMappingURL=roles.decorator.d.ts.map

package/dist/decorators/roles.decorator.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"roles.decorator.d.ts","sourceRoot":"","sources":["../../src/decorators/roles.decorator.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,eAAO,MAAM,SAAS,UAAU,CAAC;AAEjC;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,KAAK,GAAI,GAAG,OAAO,MAAM,EAAE,qDAAkC,CAAC;AAE3E;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,SAAS,wDAIrB,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,UAAU,wDAOtB,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,YAAY,wDAOxB,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,cAAc,wDAA4B,CAAC;AAExD;;;GAGG;AACH,eAAO,MAAM,YAAY,aAhFO,MAAM,EAAE,qDAgFP,CAAC"}