permissions-contractx 1.0.2 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +1 -1
- package/README.md +53 -1346
- package/dist/constants/contractx-permissions.constants.d.ts +84 -92
- package/dist/constants/contractx-permissions.constants.d.ts.map +1 -1
- package/dist/constants/contractx-permissions.constants.js +2 -2
- package/dist/constants/contractx-roles.constants.d.ts +150 -254
- package/dist/constants/contractx-roles.constants.d.ts.map +1 -1
- package/dist/constants/contractx-roles.constants.js +2 -2
- package/dist/constants/index.d.ts +1 -0
- package/dist/constants/index.d.ts.map +1 -1
- package/dist/constants/index.js +1 -0
- package/dist/constants/permission-names.constants.d.ts +310 -0
- package/dist/constants/permission-names.constants.d.ts.map +1 -0
- package/dist/constants/permission-names.constants.js +209 -0
- package/dist/constants/security.constants.d.ts +49 -49
- package/dist/constants/security.constants.d.ts.map +1 -1
- package/dist/constants/security.constants.js +2 -2
- package/dist/decorators/current-user.decorator.d.ts +5 -53
- package/dist/decorators/current-user.decorator.d.ts.map +1 -1
- package/dist/decorators/current-user.decorator.js +4 -51
- package/dist/decorators/index.d.ts +1 -0
- package/dist/decorators/index.d.ts.map +1 -1
- package/dist/decorators/index.js +1 -0
- package/dist/decorators/permission-writes.decorator.d.ts +14 -0
- package/dist/decorators/permission-writes.decorator.d.ts.map +1 -0
- package/dist/decorators/permission-writes.decorator.js +18 -0
- package/dist/decorators/permissions.decorator.d.ts +0 -58
- package/dist/decorators/permissions.decorator.d.ts.map +1 -1
- package/dist/decorators/permissions.decorator.js +0 -58
- package/dist/decorators/public.decorator.d.ts +0 -0
- package/dist/decorators/public.decorator.d.ts.map +0 -0
- package/dist/decorators/public.decorator.js +0 -0
- package/dist/decorators/roles.decorator.d.ts +4 -57
- package/dist/decorators/roles.decorator.d.ts.map +1 -1
- package/dist/decorators/roles.decorator.js +6 -57
- package/dist/guards/authorization.guard.d.ts +37 -0
- package/dist/guards/authorization.guard.d.ts.map +1 -0
- package/dist/guards/authorization.guard.js +150 -0
- package/dist/guards/index.d.ts +1 -0
- package/dist/guards/index.d.ts.map +1 -1
- package/dist/guards/index.js +1 -0
- package/dist/guards/jwt-auth.guard.d.ts +0 -0
- package/dist/guards/jwt-auth.guard.d.ts.map +1 -1
- package/dist/guards/jwt-auth.guard.js +0 -0
- package/dist/guards/permissions.guard.d.ts +0 -0
- package/dist/guards/permissions.guard.d.ts.map +1 -1
- package/dist/guards/permissions.guard.js +8 -2
- package/dist/guards/roles.guard.d.ts +0 -0
- package/dist/guards/roles.guard.d.ts.map +1 -1
- package/dist/guards/roles.guard.js +1 -1
- package/dist/index.d.ts +0 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +0 -6
- package/dist/interfaces/index.d.ts +1 -0
- package/dist/interfaces/index.d.ts.map +1 -1
- package/dist/interfaces/index.js +1 -0
- package/dist/interfaces/jwt-payload.interface.d.ts +46 -9
- package/dist/interfaces/jwt-payload.interface.d.ts.map +1 -1
- package/dist/interfaces/jwt-payload.interface.js +19 -0
- package/dist/interfaces/permission-mode.enum.d.ts +22 -0
- package/dist/interfaces/permission-mode.enum.d.ts.map +1 -0
- package/dist/interfaces/permission-mode.enum.js +25 -0
- package/dist/modules/index.d.ts +0 -0
- package/dist/modules/index.d.ts.map +0 -0
- package/dist/modules/index.js +0 -0
- package/dist/modules/permissions-contractx.module.d.ts +0 -0
- package/dist/modules/permissions-contractx.module.d.ts.map +1 -1
- package/dist/modules/permissions-contractx.module.js +4 -2
- package/dist/services/contractx-authorization.service.d.ts +198 -27
- package/dist/services/contractx-authorization.service.d.ts.map +1 -1
- package/dist/services/contractx-authorization.service.js +2 -0
- package/dist/services/contractx-validation.service.d.ts +93 -12
- package/dist/services/contractx-validation.service.d.ts.map +1 -1
- package/dist/services/contractx-validation.service.js +1 -0
- package/dist/services/index.d.ts +0 -2
- package/dist/services/index.d.ts.map +1 -1
- package/dist/services/index.js +2 -0
- package/dist/services/user-context.service.d.ts +29 -34
- package/dist/services/user-context.service.d.ts.map +1 -1
- package/dist/services/user-context.service.js +65 -44
- package/package.json +5 -24
- package/dist/services/contractx-document-compliance.service.d.ts +0 -85
- package/dist/services/contractx-document-compliance.service.d.ts.map +0 -1
- package/dist/services/contractx-document-compliance.service.js +0 -536
- package/dist/test-document-compliance.d.ts +0 -7
- package/dist/test-document-compliance.d.ts.map +0 -1
- package/dist/test-document-compliance.js +0 -118
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { ContractXValidationService
|
|
1
|
+
import { ContractXValidationService } from './contractx-validation.service';
|
|
2
2
|
export interface AuthorizationContext {
|
|
3
3
|
userRoles: string[];
|
|
4
4
|
userPermissions: string[];
|
|
@@ -29,79 +29,250 @@ export declare class ContractXAuthorizationService {
|
|
|
29
29
|
/**
|
|
30
30
|
* Authorize a user for a specific action on a resource
|
|
31
31
|
*/
|
|
32
|
-
authorize(context:
|
|
32
|
+
authorize(context: any): {
|
|
33
|
+
granted: boolean;
|
|
34
|
+
reason: string;
|
|
35
|
+
level: string;
|
|
36
|
+
metadata: {
|
|
37
|
+
requiredPermission: string;
|
|
38
|
+
wildcardPermission?: undefined;
|
|
39
|
+
};
|
|
40
|
+
} | {
|
|
41
|
+
granted: boolean;
|
|
42
|
+
reason: string;
|
|
43
|
+
level: string;
|
|
44
|
+
metadata: {
|
|
45
|
+
wildcardPermission: string;
|
|
46
|
+
requiredPermission?: undefined;
|
|
47
|
+
};
|
|
48
|
+
} | {
|
|
49
|
+
granted: boolean;
|
|
50
|
+
reason: string;
|
|
51
|
+
level: string;
|
|
52
|
+
metadata?: undefined;
|
|
53
|
+
} | {
|
|
54
|
+
granted: boolean;
|
|
55
|
+
reason: string;
|
|
56
|
+
level: string;
|
|
57
|
+
metadata: {
|
|
58
|
+
roleValidation: {
|
|
59
|
+
roleInfos: any[];
|
|
60
|
+
tenantCount: number;
|
|
61
|
+
};
|
|
62
|
+
permissionValidation: {
|
|
63
|
+
moduleCount: number;
|
|
64
|
+
actionCount: number;
|
|
65
|
+
modules: any[];
|
|
66
|
+
actions: any[];
|
|
67
|
+
};
|
|
68
|
+
};
|
|
69
|
+
} | {
|
|
70
|
+
granted: boolean;
|
|
71
|
+
reason: string;
|
|
72
|
+
level: string;
|
|
73
|
+
metadata: {
|
|
74
|
+
systemRole: boolean;
|
|
75
|
+
hasModuleAccess?: undefined;
|
|
76
|
+
};
|
|
77
|
+
} | {
|
|
78
|
+
granted: boolean;
|
|
79
|
+
reason: string;
|
|
80
|
+
level: string;
|
|
81
|
+
metadata: {
|
|
82
|
+
hasModuleAccess: boolean;
|
|
83
|
+
systemRole?: undefined;
|
|
84
|
+
};
|
|
85
|
+
};
|
|
33
86
|
/**
|
|
34
87
|
* Check if user has system-level access
|
|
35
88
|
*/
|
|
36
|
-
|
|
89
|
+
hasSystemLevelAccess(userRoles: any): any;
|
|
37
90
|
/**
|
|
38
91
|
* Check role-based access for a resource and action
|
|
39
92
|
*/
|
|
40
|
-
|
|
93
|
+
checkRoleBasedAccess(userRoles: any, resource: any, action: any): {
|
|
94
|
+
granted: boolean;
|
|
95
|
+
reason: string;
|
|
96
|
+
level: string;
|
|
97
|
+
metadata: {
|
|
98
|
+
requiredPermission: string;
|
|
99
|
+
effectivePermissions: number;
|
|
100
|
+
wildcardPermission?: undefined;
|
|
101
|
+
};
|
|
102
|
+
} | {
|
|
103
|
+
granted: boolean;
|
|
104
|
+
reason: string;
|
|
105
|
+
level: string;
|
|
106
|
+
metadata: {
|
|
107
|
+
wildcardPermission: string;
|
|
108
|
+
requiredPermission?: undefined;
|
|
109
|
+
effectivePermissions?: undefined;
|
|
110
|
+
};
|
|
111
|
+
} | {
|
|
112
|
+
granted: boolean;
|
|
113
|
+
reason: string;
|
|
114
|
+
level: string;
|
|
115
|
+
metadata?: undefined;
|
|
116
|
+
};
|
|
41
117
|
/**
|
|
42
118
|
* Check permission-based access for a resource and action
|
|
43
119
|
*/
|
|
44
|
-
|
|
120
|
+
checkPermissionBasedAccess(userPermissions: any, resource: any, action: any): {
|
|
121
|
+
granted: boolean;
|
|
122
|
+
reason: string;
|
|
123
|
+
level: string;
|
|
124
|
+
metadata: {
|
|
125
|
+
requiredPermission: string;
|
|
126
|
+
wildcardPermission?: undefined;
|
|
127
|
+
};
|
|
128
|
+
} | {
|
|
129
|
+
granted: boolean;
|
|
130
|
+
reason: string;
|
|
131
|
+
level: string;
|
|
132
|
+
metadata: {
|
|
133
|
+
wildcardPermission: string;
|
|
134
|
+
requiredPermission?: undefined;
|
|
135
|
+
};
|
|
136
|
+
} | {
|
|
137
|
+
granted: boolean;
|
|
138
|
+
reason: string;
|
|
139
|
+
level: string;
|
|
140
|
+
metadata?: undefined;
|
|
141
|
+
};
|
|
45
142
|
/**
|
|
46
143
|
* Check if user has any access to a module
|
|
47
144
|
*/
|
|
48
|
-
|
|
145
|
+
checkModuleAccess(userPermissions: any, module: any): any;
|
|
49
146
|
/**
|
|
50
147
|
* Generate an access matrix for the user
|
|
51
148
|
*/
|
|
52
|
-
generateAccessMatrix(context:
|
|
149
|
+
generateAccessMatrix(context: any): {
|
|
150
|
+
hasSystemAccess: any;
|
|
151
|
+
hasClientAccess: any;
|
|
152
|
+
hasProviderAccess: any;
|
|
153
|
+
hasAdminAccess: any;
|
|
154
|
+
accessibleModules: unknown[];
|
|
155
|
+
highestRoleLevel: number;
|
|
156
|
+
effectivePermissions: any[];
|
|
157
|
+
};
|
|
53
158
|
/**
|
|
54
159
|
* Check if user can access a specific tenant
|
|
55
160
|
*/
|
|
56
|
-
canAccessTenant(userRoles:
|
|
161
|
+
canAccessTenant(userRoles: any, tenantType: any): any;
|
|
57
162
|
/**
|
|
58
163
|
* Get user's accessible tenant types
|
|
59
164
|
*/
|
|
60
|
-
getAccessibleTenants(userRoles:
|
|
165
|
+
getAccessibleTenants(userRoles: any): unknown[];
|
|
61
166
|
/**
|
|
62
167
|
* Filter resources based on user permissions
|
|
63
168
|
*/
|
|
64
|
-
filterAccessibleResources(userPermissions:
|
|
169
|
+
filterAccessibleResources(userPermissions: any, resources: any, requiredAction?: string): any;
|
|
65
170
|
/**
|
|
66
171
|
* Get user's permissions for a specific module
|
|
67
172
|
*/
|
|
68
|
-
getModulePermissions(userPermissions:
|
|
173
|
+
getModulePermissions(userPermissions: any, module: any): any;
|
|
69
174
|
/**
|
|
70
175
|
* Check if user has administrative access to a resource
|
|
71
176
|
*/
|
|
72
|
-
hasAdministrativeAccess(userRoles:
|
|
177
|
+
hasAdministrativeAccess(userRoles: any, _resource: any): any;
|
|
73
178
|
/**
|
|
74
179
|
* Validate user context for multi-tenant environment
|
|
75
180
|
*/
|
|
76
|
-
validateMultiTenantAccess(context:
|
|
181
|
+
validateMultiTenantAccess(context: any): {
|
|
182
|
+
isValid: boolean;
|
|
183
|
+
errors: any[];
|
|
184
|
+
warnings: any[];
|
|
185
|
+
};
|
|
77
186
|
/**
|
|
78
187
|
* Get permission summary for logging/audit purposes
|
|
79
188
|
*/
|
|
80
|
-
getPermissionSummary(context:
|
|
189
|
+
getPermissionSummary(context: any): {
|
|
190
|
+
userId: any;
|
|
191
|
+
roles: any;
|
|
192
|
+
permissionCount: any;
|
|
193
|
+
effectivePermissionCount: number;
|
|
194
|
+
accessLevel: number;
|
|
195
|
+
tenants: unknown[];
|
|
196
|
+
modules: unknown[];
|
|
197
|
+
hasSystemAccess: any;
|
|
198
|
+
hasAdminAccess: any;
|
|
199
|
+
};
|
|
81
200
|
/**
|
|
82
201
|
* Check if authorization is required for a resource
|
|
83
202
|
*/
|
|
84
|
-
isAuthorizationRequired(resource:
|
|
203
|
+
isAuthorizationRequired(resource: any, action: any): boolean;
|
|
85
204
|
/**
|
|
86
205
|
* Get minimum required role for a resource/action combination
|
|
87
206
|
*/
|
|
88
|
-
getMinimumRequiredRole(resource:
|
|
207
|
+
getMinimumRequiredRole(resource: any, action: any): any;
|
|
89
208
|
/**
|
|
90
209
|
* Check permission for a user (simpler interface for admin service)
|
|
91
210
|
*/
|
|
92
|
-
checkPermission(user: {
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
211
|
+
checkPermission(user: any, permission: any, context: any): {
|
|
212
|
+
granted: boolean;
|
|
213
|
+
reason: string;
|
|
214
|
+
level: string;
|
|
215
|
+
metadata: {
|
|
216
|
+
requiredPermission: string;
|
|
217
|
+
wildcardPermission?: undefined;
|
|
218
|
+
};
|
|
219
|
+
} | {
|
|
220
|
+
granted: boolean;
|
|
221
|
+
reason: string;
|
|
222
|
+
level: string;
|
|
223
|
+
metadata: {
|
|
224
|
+
wildcardPermission: string;
|
|
225
|
+
requiredPermission?: undefined;
|
|
226
|
+
};
|
|
227
|
+
} | {
|
|
228
|
+
granted: boolean;
|
|
229
|
+
reason: string;
|
|
230
|
+
level: string;
|
|
231
|
+
metadata?: undefined;
|
|
232
|
+
} | {
|
|
233
|
+
granted: boolean;
|
|
234
|
+
reason: string;
|
|
235
|
+
level: string;
|
|
236
|
+
metadata: {
|
|
237
|
+
roleValidation: {
|
|
238
|
+
roleInfos: any[];
|
|
239
|
+
tenantCount: number;
|
|
240
|
+
};
|
|
241
|
+
permissionValidation: {
|
|
242
|
+
moduleCount: number;
|
|
243
|
+
actionCount: number;
|
|
244
|
+
modules: any[];
|
|
245
|
+
actions: any[];
|
|
246
|
+
};
|
|
247
|
+
};
|
|
248
|
+
} | {
|
|
249
|
+
granted: boolean;
|
|
250
|
+
reason: string;
|
|
251
|
+
level: string;
|
|
252
|
+
metadata: {
|
|
253
|
+
systemRole: boolean;
|
|
254
|
+
hasModuleAccess?: undefined;
|
|
255
|
+
};
|
|
256
|
+
} | {
|
|
257
|
+
granted: boolean;
|
|
258
|
+
reason: string;
|
|
259
|
+
level: string;
|
|
260
|
+
metadata: {
|
|
261
|
+
hasModuleAccess: boolean;
|
|
262
|
+
systemRole?: undefined;
|
|
263
|
+
};
|
|
264
|
+
};
|
|
99
265
|
/**
|
|
100
266
|
* Generate access matrix for a user object (simpler interface)
|
|
101
267
|
*/
|
|
102
|
-
generateAccessMatrixForUser(user: {
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
268
|
+
generateAccessMatrixForUser(user: any): {
|
|
269
|
+
hasSystemAccess: any;
|
|
270
|
+
hasClientAccess: any;
|
|
271
|
+
hasProviderAccess: any;
|
|
272
|
+
hasAdminAccess: any;
|
|
273
|
+
accessibleModules: unknown[];
|
|
274
|
+
highestRoleLevel: number;
|
|
275
|
+
effectivePermissions: any[];
|
|
276
|
+
};
|
|
106
277
|
}
|
|
107
278
|
//# sourceMappingURL=contractx-authorization.service.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"contractx-authorization.service.d.ts","sourceRoot":"","sources":["../../src/services/contractx-authorization.service.ts"],"names":[],"mappings":"AACA,OAAO,
|
|
1
|
+
{"version":3,"file":"contractx-authorization.service.d.ts","sourceRoot":"","sources":["../../src/services/contractx-authorization.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,0BAA0B,EAAE,MAAM,gCAAgC,CAAC;AAM5E,MAAM,WAAW,oBAAoB;IACnC,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,QAAQ,GAAG,UAAU,CAAC;IACnC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AACD,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,GAAG,YAAY,GAAG,QAAQ,GAAG,QAAQ,CAAC;IACnD,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CAChC;AACD,MAAM,WAAW,YAAY;IAC3B,eAAe,EAAE,OAAO,CAAC;IACzB,eAAe,EAAE,OAAO,CAAC;IACzB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,cAAc,EAAE,OAAO,CAAC;IACxB,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,gBAAgB,EAAE,MAAM,CAAC;IACzB,oBAAoB,EAAE,MAAM,EAAE,CAAC;CAChC;AAED,qBACa,6BAA6B;IAC1B,OAAO,CAAC,QAAQ,CAAC,iBAAiB;gBAAjB,iBAAiB,EAAE,0BAA0B;IAG1E;;OAEG;IACH,SAAS,CAAC,OAAO,KAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IA+DjB;;OAEG;IACH,oBAAoB,CAAC,SAAS,KAAA;IAK9B;;OAEG;IACH,oBAAoB,CAAC,SAAS,KAAA,EAAE,QAAQ,KAAA,EAAE,MAAM,KAAA;;;;;;;;;;;;;;;;;;;;;;;;IA6BhD;;OAEG;IACH,0BAA0B,CAAC,eAAe,KAAA,EAAE,QAAQ,KAAA,EAAE,MAAM,KAAA;;;;;;;;;;;;;;;;;;;;;;IA0B5D;;OAEG;IACH,iBAAiB,CAAC,eAAe,KAAA,EAAE,MAAM,KAAA;IAGzC;;OAEG;IACH,oBAAoB,CAAC,OAAO,KAAA;;;;;;;;;IA0B5B;;OAEG;IACH,eAAe,CAAC,SAAS,KAAA,EAAE,UAAU,KAAA;IAarC;;OAEG;IACH,oBAAoB,CAAC,SAAS,KAAA;IAiB9B;;OAEG;IACH,yBAAyB,CAAC,eAAe,KAAA,EAAE,SAAS,KAAA,EAAE,cAAc,SAAS;IAI7E;;OAEG;IACH,oBAAoB,CAAC,eAAe,KAAA,EAAE,MAAM,KAAA;IAS5C;;OAEG;IACH,uBAAuB,CAAC,SAAS,KAAA,EAAE,SAAS,KAAA;IAY5C;;OAEG;IACH,yBAAyB,CAAC,OAAO,KAAA;;;;;IAwBjC;;OAEG;IACH,oBAAoB,CAAC,OAAO,KAAA;;;;;;;;;;;IAe5B;;OAEG;IACH,uBAAuB,CAAC,QAAQ,KAAA,EAAE,MAAM,KAAA;IASxC;;OAEG;IACH,sBAAsB,CAAC,QAAQ,KAAA,EAAE,MAAM,KAAA;IAkBvC;;OAEG;IACH,eAAe,CAAC,IAAI,KAAA,EAAE,UAAU,KAAA,EAAE,OAAO,KAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAYzC;;OAEG;IACH,2BAA2B,CAAC,IAAI,KAAA;;;;;;;;;CAOnC"}
|
|
@@ -17,6 +17,7 @@ const contractx_permissions_constants_1 = require("../constants/contractx-permis
|
|
|
17
17
|
let ContractXAuthorizationService = class ContractXAuthorizationService {
|
|
18
18
|
constructor(validationService) {
|
|
19
19
|
this.validationService = validationService;
|
|
20
|
+
this.validationService = validationService;
|
|
20
21
|
}
|
|
21
22
|
/**
|
|
22
23
|
* Authorize a user for a specific action on a resource
|
|
@@ -367,3 +368,4 @@ exports.ContractXAuthorizationService = ContractXAuthorizationService = __decora
|
|
|
367
368
|
(0, common_1.Injectable)(),
|
|
368
369
|
__metadata("design:paramtypes", [contractx_validation_service_1.ContractXValidationService])
|
|
369
370
|
], ContractXAuthorizationService);
|
|
371
|
+
;
|
|
@@ -36,41 +36,122 @@ export declare class ContractXValidationService {
|
|
|
36
36
|
/**
|
|
37
37
|
* Validate a single role
|
|
38
38
|
*/
|
|
39
|
-
validateSingleRole(role:
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
39
|
+
validateSingleRole(role: any): {
|
|
40
|
+
isValid: boolean;
|
|
41
|
+
errors: any[];
|
|
42
|
+
warnings: any[];
|
|
43
|
+
roleInfo?: undefined;
|
|
44
|
+
} | {
|
|
45
|
+
isValid: boolean;
|
|
46
|
+
errors: any[];
|
|
47
|
+
warnings: any[];
|
|
48
|
+
roleInfo: {
|
|
49
|
+
name: string;
|
|
50
|
+
description: string;
|
|
51
|
+
type: import("../constants/contractx-roles.constants").ContractXRoleType;
|
|
52
|
+
scope: import("../constants/contractx-roles.constants").ContractXRoleScope;
|
|
53
|
+
level: number;
|
|
54
|
+
tenant: string;
|
|
55
|
+
isSystem: boolean;
|
|
56
|
+
};
|
|
57
|
+
};
|
|
58
|
+
validateRoles(roles: any): {
|
|
59
|
+
isValid: boolean;
|
|
60
|
+
errors: any[];
|
|
61
|
+
warnings: any[];
|
|
62
|
+
metadata?: undefined;
|
|
63
|
+
} | {
|
|
64
|
+
isValid: boolean;
|
|
65
|
+
errors: any[];
|
|
66
|
+
warnings: any[];
|
|
67
|
+
metadata: {
|
|
68
|
+
roleInfos: any[];
|
|
69
|
+
tenantCount: number;
|
|
70
|
+
};
|
|
71
|
+
};
|
|
72
|
+
validateSinglePermission(permission: any): {
|
|
73
|
+
isValid: boolean;
|
|
74
|
+
errors: any[];
|
|
75
|
+
warnings: any[];
|
|
76
|
+
permissionInfo: any[];
|
|
77
|
+
};
|
|
78
|
+
validatePermissions(permissions: any): {
|
|
79
|
+
isValid: boolean;
|
|
80
|
+
errors: any[];
|
|
81
|
+
warnings: any[];
|
|
82
|
+
permissionInfo: any[];
|
|
83
|
+
metadata?: undefined;
|
|
84
|
+
} | {
|
|
85
|
+
isValid: boolean;
|
|
86
|
+
errors: any[];
|
|
87
|
+
warnings: any[];
|
|
88
|
+
permissionInfo: any[];
|
|
89
|
+
metadata: {
|
|
90
|
+
moduleCount: number;
|
|
91
|
+
actionCount: number;
|
|
92
|
+
modules: any[];
|
|
93
|
+
actions: any[];
|
|
94
|
+
};
|
|
95
|
+
};
|
|
43
96
|
/**
|
|
44
97
|
* Validate a complete user (roles + permissions)
|
|
45
98
|
*/
|
|
46
|
-
validateUser(roles:
|
|
99
|
+
validateUser(roles: any, permissions: any): {
|
|
100
|
+
isValid: boolean;
|
|
101
|
+
errors: any[];
|
|
102
|
+
warnings: any[];
|
|
103
|
+
userInfo: {
|
|
104
|
+
hasValidRoles: boolean;
|
|
105
|
+
hasValidPermissions: boolean;
|
|
106
|
+
roleCount: number;
|
|
107
|
+
permissionCount: number;
|
|
108
|
+
tenant: string;
|
|
109
|
+
accessLevel: number;
|
|
110
|
+
};
|
|
111
|
+
metadata: {
|
|
112
|
+
roleValidation: {
|
|
113
|
+
roleInfos: any[];
|
|
114
|
+
tenantCount: number;
|
|
115
|
+
};
|
|
116
|
+
permissionValidation: {
|
|
117
|
+
moduleCount: number;
|
|
118
|
+
actionCount: number;
|
|
119
|
+
modules: any[];
|
|
120
|
+
actions: any[];
|
|
121
|
+
};
|
|
122
|
+
};
|
|
123
|
+
};
|
|
47
124
|
/**
|
|
48
125
|
* Get expected permissions for a set of roles (based on ODS matrix)
|
|
49
126
|
*/
|
|
50
|
-
|
|
127
|
+
getExpectedPermissionsForRoles(roles: any): unknown[];
|
|
51
128
|
/**
|
|
52
129
|
* Check if user has specific module access
|
|
53
130
|
*/
|
|
54
|
-
checkModuleAccess(permissions:
|
|
131
|
+
checkModuleAccess(permissions: any, module: any, action: any): any;
|
|
55
132
|
/**
|
|
56
133
|
* Check if user has any access to a module
|
|
57
134
|
*/
|
|
58
|
-
checkAnyModuleAccess(permissions:
|
|
135
|
+
checkAnyModuleAccess(permissions: any, module: any): any;
|
|
59
136
|
/**
|
|
60
137
|
* Get all modules the user has access to
|
|
61
138
|
*/
|
|
62
|
-
getUserModules(permissions:
|
|
139
|
+
getUserModules(permissions: any): unknown[];
|
|
63
140
|
/**
|
|
64
141
|
* Get user's effective permissions (roles + explicit permissions)
|
|
65
142
|
*/
|
|
66
|
-
getEffectivePermissions(roles:
|
|
143
|
+
getEffectivePermissions(roles: any, permissions: any): any[];
|
|
67
144
|
/**
|
|
68
145
|
* Parse ODS permission string (e.g., "c,r,u,d,s,f") into permission array
|
|
69
146
|
*/
|
|
70
|
-
parseOdsString(odsString:
|
|
147
|
+
parseOdsString(odsString: any, module: any): any;
|
|
71
148
|
/**
|
|
72
149
|
* Validate JWT payload structure
|
|
73
150
|
*/
|
|
74
|
-
validateJwtPayload(payload: any):
|
|
151
|
+
validateJwtPayload(payload: any): {
|
|
152
|
+
isValid: boolean;
|
|
153
|
+
errors: any[];
|
|
154
|
+
warnings: any[];
|
|
155
|
+
};
|
|
75
156
|
}
|
|
76
157
|
//# sourceMappingURL=contractx-validation.service.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"contractx-validation.service.d.ts","sourceRoot":"","sources":["../../src/services/contractx-validation.service.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"contractx-validation.service.d.ts","sourceRoot":"","sources":["../../src/services/contractx-validation.service.ts"],"names":[],"mappings":"AAKA,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CAChC;AACD,MAAM,WAAW,oBAAqB,SAAQ,gBAAgB;IAC5D,QAAQ,CAAC,EAAE;QACT,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,EAAE,MAAM,CAAC;QACpB,IAAI,EAAE,MAAM,CAAC;QACb,KAAK,EAAE,MAAM,CAAC;QACd,KAAK,EAAE,MAAM,CAAC;QACd,MAAM,EAAE,MAAM,CAAC;QACf,QAAQ,EAAE,OAAO,CAAC;KACnB,CAAC;CACH;AACD,MAAM,WAAW,0BAA2B,SAAQ,gBAAgB;IAClE,cAAc,CAAC,EAAE;QACf,MAAM,EAAE,MAAM,CAAC;QACf,MAAM,EAAE,MAAM,CAAC;QACf,OAAO,EAAE,OAAO,CAAC;KAClB,EAAE,CAAC;CACL;AACD,MAAM,WAAW,oBAAqB,SAAQ,gBAAgB;IAC5D,QAAQ,CAAC,EAAE;QACT,aAAa,EAAE,OAAO,CAAC;QACvB,mBAAmB,EAAE,OAAO,CAAC;QAC7B,SAAS,EAAE,MAAM,CAAC;QAClB,eAAe,EAAE,MAAM,CAAC;QACxB,MAAM,EAAE,QAAQ,GAAG,QAAQ,GAAG,UAAU,GAAG,OAAO,CAAC;QACnD,WAAW,EAAE,MAAM,CAAC;KACrB,CAAC;CACH;AAED,qBACa,0BAA0B;IACnC;;OAEG;IACH,kBAAkB,CAAC,IAAI,KAAA;;;;;;;;;;;;;;;;;;;IAiCvB,aAAa,CAAC,KAAK,KAAA;;;;;;;;;;;;;;IAoCnB,wBAAwB,CAAC,UAAU,KAAA;;;;;;IAqCnC,mBAAmB,CAAC,WAAW,KAAA;;;;;;;;;;;;;;;;;;IAoC/B;;OAEG;IACH,YAAY,CAAC,KAAK,KAAA,EAAE,WAAW,KAAA;;;;;;;;;;;;;;;;;;;;;;;;;IA4D/B;;OAEG;IACH,8BAA8B,CAAC,KAAK,KAAA;IAcpC;;OAEG;IACH,iBAAiB,CAAC,WAAW,KAAA,EAAE,MAAM,KAAA,EAAE,MAAM,KAAA;IAG7C;;OAEG;IACH,oBAAoB,CAAC,WAAW,KAAA,EAAE,MAAM,KAAA;IAGxC;;OAEG;IACH,cAAc,CAAC,WAAW,KAAA;IAU1B;;OAEG;IACH,uBAAuB,CAAC,KAAK,KAAA,EAAE,WAAW,KAAA;IAK1C;;OAEG;IACH,cAAc,CAAC,SAAS,KAAA,EAAE,MAAM,KAAA;IAIhC;;OAEG;IACH,kBAAkB,CAAC,OAAO,KAAA;;;;;CAoC7B"}
|
package/dist/services/index.d.ts
CHANGED
|
@@ -1,6 +1,4 @@
|
|
|
1
1
|
export * from './user-context.service';
|
|
2
2
|
export * from './contractx-validation.service';
|
|
3
3
|
export * from './contractx-authorization.service';
|
|
4
|
-
export { ValidationResult, RoleValidationResult, PermissionValidationResult, UserValidationResult, } from './contractx-validation.service';
|
|
5
|
-
export { AuthorizationContext, AuthorizationResult, AccessMatrix, } from './contractx-authorization.service';
|
|
6
4
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/services/index.ts"],"names":[],"mappings":"AACA,cAAc,wBAAwB,CAAC;AACvC,cAAc,gCAAgC,CAAC;AAC/C,cAAc,mCAAmC,CAAC
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/services/index.ts"],"names":[],"mappings":"AACA,cAAc,wBAAwB,CAAC;AACvC,cAAc,gCAAgC,CAAC;AAC/C,cAAc,mCAAmC,CAAC"}
|
package/dist/services/index.js
CHANGED
|
@@ -18,3 +18,5 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
18
18
|
__exportStar(require("./user-context.service"), exports);
|
|
19
19
|
__exportStar(require("./contractx-validation.service"), exports);
|
|
20
20
|
__exportStar(require("./contractx-authorization.service"), exports);
|
|
21
|
+
// NOTA[reconstrucción]: contractx-document-compliance.service NO se exporta (huérfano en el
|
|
22
|
+
// tarball original — compilado pero ausente de services/index y del index raíz). Ver clasificación "ajeno".
|
|
@@ -1,12 +1,7 @@
|
|
|
1
|
-
import { JwtPayload } from '../interfaces';
|
|
2
|
-
|
|
3
|
-
* Request-scoped service to manage current user context
|
|
4
|
-
* Provides convenient methods to access user information and check permissions
|
|
5
|
-
*/
|
|
6
|
-
interface RequestWithUser {
|
|
7
|
-
user?: any;
|
|
1
|
+
import { AuthenticatedRequest, JwtPayload } from '../interfaces';
|
|
2
|
+
type RequestWithUser = AuthenticatedRequest & {
|
|
8
3
|
tenant?: any;
|
|
9
|
-
}
|
|
4
|
+
};
|
|
10
5
|
export declare class UserContextService {
|
|
11
6
|
private readonly request;
|
|
12
7
|
private user;
|
|
@@ -16,40 +11,40 @@ export declare class UserContextService {
|
|
|
16
11
|
* Set the current user context
|
|
17
12
|
* This is typically called by the authentication guard
|
|
18
13
|
*/
|
|
19
|
-
setUser(user:
|
|
14
|
+
setUser(user: any): void;
|
|
20
15
|
/**
|
|
21
16
|
* Auto-initialize user from request if not manually set
|
|
22
17
|
*/
|
|
23
|
-
|
|
18
|
+
tryAutoInitialize(): void;
|
|
24
19
|
/**
|
|
25
20
|
* Get the current authenticated user
|
|
26
21
|
*/
|
|
27
|
-
getUser(): JwtPayload
|
|
22
|
+
getUser(): JwtPayload;
|
|
28
23
|
/**
|
|
29
24
|
* Get the current user's ID
|
|
30
25
|
*/
|
|
31
|
-
getUserId(): string
|
|
26
|
+
getUserId(): string;
|
|
32
27
|
/**
|
|
33
28
|
* Get the current user's full name
|
|
34
29
|
*/
|
|
35
|
-
getUserFullName(): string
|
|
30
|
+
getUserFullName(): string;
|
|
36
31
|
/**
|
|
37
32
|
* Get the current user's email
|
|
38
33
|
*/
|
|
39
|
-
getUserEmail(): string
|
|
34
|
+
getUserEmail(): string;
|
|
40
35
|
/**
|
|
41
36
|
* Get the current user's client ID
|
|
42
37
|
*/
|
|
43
|
-
getClientId(): string
|
|
38
|
+
getClientId(): string;
|
|
44
39
|
/**
|
|
45
40
|
* Get the tenant key (key_client) for multi-tenant operations
|
|
46
41
|
* Tries multiple sources: user.key_client, user.clientId, tenant.key_client
|
|
47
42
|
*/
|
|
48
|
-
getTenantKey():
|
|
43
|
+
getTenantKey(): any;
|
|
49
44
|
/**
|
|
50
45
|
* Get the current user's session ID
|
|
51
46
|
*/
|
|
52
|
-
getSessionId(): string
|
|
47
|
+
getSessionId(): string;
|
|
53
48
|
/**
|
|
54
49
|
* Get all user roles
|
|
55
50
|
*/
|
|
@@ -61,27 +56,27 @@ export declare class UserContextService {
|
|
|
61
56
|
/**
|
|
62
57
|
* Check if user has a specific role
|
|
63
58
|
*/
|
|
64
|
-
hasRole(role:
|
|
59
|
+
hasRole(role: any): boolean;
|
|
65
60
|
/**
|
|
66
61
|
* Check if user has any of the specified roles
|
|
67
62
|
*/
|
|
68
|
-
hasAnyRole(roles:
|
|
63
|
+
hasAnyRole(roles: any): any;
|
|
69
64
|
/**
|
|
70
65
|
* Check if user has all of the specified roles
|
|
71
66
|
*/
|
|
72
|
-
hasAllRoles(roles:
|
|
67
|
+
hasAllRoles(roles: any): any;
|
|
73
68
|
/**
|
|
74
69
|
* Check if user has a specific permission
|
|
75
70
|
*/
|
|
76
|
-
hasPermission(permission:
|
|
71
|
+
hasPermission(permission: any): boolean;
|
|
77
72
|
/**
|
|
78
73
|
* Check if user has any of the specified permissions
|
|
79
74
|
*/
|
|
80
|
-
hasAnyPermission(permissions:
|
|
75
|
+
hasAnyPermission(permissions: any): any;
|
|
81
76
|
/**
|
|
82
77
|
* Check if user has all of the specified permissions
|
|
83
78
|
*/
|
|
84
|
-
hasAllPermissions(permissions:
|
|
79
|
+
hasAllPermissions(permissions: any): any;
|
|
85
80
|
/**
|
|
86
81
|
* Check if user is authenticated
|
|
87
82
|
*/
|
|
@@ -93,38 +88,38 @@ export declare class UserContextService {
|
|
|
93
88
|
/**
|
|
94
89
|
* Check if user has admin privileges (superadmin or contract admin)
|
|
95
90
|
*/
|
|
96
|
-
isAdmin():
|
|
91
|
+
isAdmin(): any;
|
|
97
92
|
/**
|
|
98
93
|
* Check if user has client-side role
|
|
99
94
|
*/
|
|
100
|
-
isClientUser():
|
|
95
|
+
isClientUser(): any;
|
|
101
96
|
/**
|
|
102
97
|
* Check if user has provider-side role
|
|
103
98
|
*/
|
|
104
|
-
isProviderUser():
|
|
99
|
+
isProviderUser(): any;
|
|
105
100
|
/**
|
|
106
101
|
* Check if user can access a specific module based on permissions
|
|
107
102
|
*/
|
|
108
|
-
canAccessModule(module:
|
|
103
|
+
canAccessModule(module: any): boolean;
|
|
109
104
|
/**
|
|
110
105
|
* Get user's permissions for a specific module
|
|
111
106
|
*/
|
|
112
|
-
getModulePermissions(module:
|
|
107
|
+
getModulePermissions(module: any): string[];
|
|
113
108
|
/**
|
|
114
109
|
* Check if user can perform a specific action on a module
|
|
115
110
|
*/
|
|
116
|
-
canPerformAction(module:
|
|
111
|
+
canPerformAction(module: any, action: any): boolean;
|
|
117
112
|
/**
|
|
118
113
|
* Get user summary for logging/debugging
|
|
119
114
|
*/
|
|
120
115
|
getUserSummary(): {
|
|
121
|
-
id: string
|
|
122
|
-
name: string
|
|
123
|
-
email: string
|
|
116
|
+
id: string;
|
|
117
|
+
name: string;
|
|
118
|
+
email: string;
|
|
124
119
|
roles: string[];
|
|
125
120
|
permissionCount: number;
|
|
126
|
-
isAdmin:
|
|
127
|
-
clientId: string
|
|
121
|
+
isAdmin: any;
|
|
122
|
+
clientId: string;
|
|
128
123
|
};
|
|
129
124
|
}
|
|
130
125
|
export {};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"user-context.service.d.ts","sourceRoot":"","sources":["../../src/services/user-context.service.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"user-context.service.d.ts","sourceRoot":"","sources":["../../src/services/user-context.service.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,oBAAoB,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAKjE,KAAK,eAAe,GAAG,oBAAoB,GAAG;IAAE,MAAM,CAAC,EAAE,GAAG,CAAA;CAAE,CAAC;AA4D/D,qBACa,kBAAkB;IAE3B,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAkB;IAC1C,OAAO,CAAC,IAAI,CAA2B;IACvC,OAAO,CAAC,eAAe,CAAS;gBAEH,OAAO,EAAE,eAAe;IAKrD;;;OAGG;IACH,OAAO,CAAC,IAAI,KAAA;IAGZ;;OAEG;IACH,iBAAiB;IA0BjB;;OAEG;IACH,OAAO;IAIP;;OAEG;IACH,SAAS;IAMT;;OAEG;IACH,eAAe;IAMf;;OAEG;IACH,YAAY;IAMZ;;OAEG;IACH,WAAW;IAMX;;;OAGG;IACH,YAAY;IA+BZ;;OAEG;IACH,YAAY;IAMZ;;OAEG;IACH,YAAY;IAIZ;;OAEG;IACH,kBAAkB;IAIlB;;OAEG;IACH,OAAO,CAAC,IAAI,KAAA;IAGZ;;OAEG;IACH,UAAU,CAAC,KAAK,KAAA;IAIhB;;OAEG;IACH,WAAW,CAAC,KAAK,KAAA;IAIjB;;OAEG;IACH,aAAa,CAAC,UAAU,KAAA;IAGxB;;OAEG;IACH,gBAAgB,CAAC,WAAW,KAAA;IAI5B;;OAEG;IACH,iBAAiB,CAAC,WAAW,KAAA;IAI7B;;OAEG;IACH,eAAe;IAIf;;OAEG;IACH,YAAY;IAGZ;;OAEG;IACH,OAAO;IAGP;;OAEG;IACH,YAAY;IAGZ;;OAEG;IACH,cAAc;IAGd;;OAEG;IACH,eAAe,CAAC,MAAM,KAAA;IAItB;;OAEG;IACH,oBAAoB,CAAC,MAAM,KAAA;IAG3B;;OAEG;IACH,gBAAgB,CAAC,MAAM,KAAA,EAAE,MAAM,KAAA;IAG/B;;OAEG;IACH,cAAc;;;;;;;;;CAWjB"}
|