permissions-contractx 1.0.2 → 1.2.0

package/dist/constants/permission-names.constants.js

@@ -0,0 +1,304 @@
+"use strict";
+/**
+ * permission-names.constants.ts
+ * ------------------------------------------------------------------------
+ * Constantes de NOMBRES (codes) de los 169 permisos de dominio de ContractX.
+ * Derivadas del catálogo de Auth (domain-permissions.catalog.ts, ADR-004 Fase 1/2),
+ * tomando SOLO el campo `code` — SIN la metadata de seeding (rolesGranted,
+ * rolesReadOnly, approvalCategory, side, requiresHuman), que vive solo en Auth.
+ *
+ * Fuente única de NOMBRES: este archivo (en el paquete permissions-contractx).
+ * La metadata se cuelga encima, en Auth. Un test en Auth valida que todo `code`
+ * del catálogo existe como constante aquí (sincronización — Fase 6/8 del porte).
+ *
+ * Agrupación por microservicio: Auth(12) Contratos(28) Entregables(27)
+ * Facturación(27) SLAs(36) Proveedores(39) = 169.
+ *
+ * Convención de claves: reflejan el recurso completo del code, en
+ * SCREAMING_SNAKE_CASE (recurso + acción). Esto evita colisiones entre dominios
+ * (p.ej. los reports de Entregables / Facturación / SLAs quedan distinguibles).
+ *
+ * NO editar a mano para "arreglar" un nombre: si cambia el catálogo, regenerar.
+ * ------------------------------------------------------------------------
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ALL_PERMISSION_CODES = exports.PERMISSIONS_BY_DOMAIN = exports.PROVEEDORES_PERMISSIONS = exports.PROVIDERS_REPORTS_VIEW = exports.PROVIDERS_REPORTS_INCIDENTS = exports.PROVIDERS_REPORTS_SURVEYS = exports.PROVIDERS_REPORTS_RISKS = exports.PROVIDERS_REPORTS_EVALUATIONS = exports.PROVIDERS_REPORTS_GENERATE = exports.PROVIDERS_INCIDENTS_VIEW = exports.PROVIDERS_INCIDENTS_REOPEN = exports.PROVIDERS_INCIDENTS_CLOSE = exports.PROVIDERS_INCIDENTS_MANAGE = exports.PROVIDERS_INCIDENTS_ASSIGN = exports.PROVIDERS_INCIDENTS_REGISTER = exports.PROVIDERS_SURVEYS_VIEW = exports.PROVIDERS_SURVEYS_RESPOND = exports.PROVIDERS_SURVEYS_MANAGE_LIFECYCLE = exports.PROVIDERS_SURVEYS_EDIT_QUESTIONS = exports.PROVIDERS_SURVEYS_CREATE = exports.PROVIDERS_RISKS_VIEW_PLANS = exports.PROVIDERS_RISKS_EXECUTE_ACTION = exports.PROVIDERS_RISKS_CREATE_PLAN = exports.PROVIDERS_RISKS_VIEW_MATRIX = exports.PROVIDERS_RISKS_EDIT = exports.PROVIDERS_RISKS_REGISTER = exports.PROVIDERS_EVALS_VIEW = exports.PROVIDERS_EVALS_CANCEL = exports.PROVIDERS_EVALS_EXECUTE = exports.PROVIDERS_EVALS_SCHEDULE = exports.PROVIDERS_DEPS_VIEW = exports.PROVIDERS_DEPS_MANAGE = exports.PROVIDERS_CONTACTS_SET_PRIMARY = exports.PROVIDERS_CONTACTS_VIEW = exports.PROVIDERS_CONTACTS_MANAGE = exports.PROVIDERS_PROFILE_CHANGE_RISK = exports.PROVIDERS_PROFILE_VIEW_BANK_INFO = exports.PROVIDERS_PROFILE_VIEW = exports.PROVIDERS_PROFILE_BLACKLIST = exports.PROVIDERS_PROFILE_CHANGE_STATUS = exports.PROVIDERS_PROFILE_EDIT = exports.PROVIDERS_PROFILE_CREATE = exports.SLAS_PERMISSIONS = exports.FACTURACION_PERMISSIONS = exports.ENTREGABLES_PERMISSIONS = exports.CONTRATOS_PERMISSIONS = exports.AUTH_PERMISSIONS = void 0;
+// ======================= AUTH (12) =======================
+exports.AUTH_PERMISSIONS = {
+    ADMIN_USERS_CREATE_ANY_TENANT: 'admin.users.create_any_tenant',
+    ADMIN_USERS_CREATE_OWN_TENANT: 'admin.users.create_own_tenant',
+    ADMIN_USERS_TOGGLE_USERS: 'admin.users.toggle_users',
+    ADMIN_USERS_ASSIGN_ROLES: 'admin.users.assign_roles',
+    ADMIN_RBAC_CREATE_ROLES: 'admin.rbac.create_roles',
+    ADMIN_RBAC_CREATE_PERMISSIONS: 'admin.rbac.create_permissions',
+    ADMIN_CLIENTS_MANAGE_ORGS: 'admin.clients.manage_orgs',
+    ADMIN_CLIENTS_MANAGE_USER_CLIENT: 'admin.clients.manage_user_client',
+    ADMIN_SESSIONS_VIEW_ALL: 'admin.sessions.view_all',
+    ADMIN_SESSIONS_VIEW_REVOKE_OWN: 'admin.sessions.view_revoke_own',
+    ADMIN_SESSIONS_VIEW_ME: 'admin.sessions.view_me',
+    ADMIN_DELEGATION_MANAGE_DELEGATE: 'admin.delegation.manage_delegate',
+};
+// ======================= CONTRATOS (28) =======================
+exports.CONTRATOS_PERMISSIONS = {
+    // contracts.*
+    CONTRACTS_CREATE: 'contracts.create',
+    CONTRACTS_UPDATE: 'contracts.update',
+    CONTRACTS_SUBMIT_REVIEW: 'contracts.submit_review',
+    CONTRACTS_APPROVE: 'contracts.approve',
+    CONTRACTS_SIGN: 'contracts.sign',
+    CONTRACTS_UPLOAD_LEGACY: 'contracts.upload_legacy',
+    CONTRACTS_CLOSE: 'contracts.close',
+    CONTRACTS_VIEW_DETAIL: 'contracts.view_detail',
+    CONTRACTS_VIEW_LIST: 'contracts.view_list',
+    // contract_clauses.*
+    CONTRACT_CLAUSES_CREATE_SECTIONS: 'contract_clauses.create_sections',
+    CONTRACT_CLAUSES_CREATE_CLAUSES: 'contract_clauses.create_clauses',
+    CONTRACT_CLAUSES_MANAGE: 'contract_clauses.manage',
+    CONTRACT_CLAUSES_VIEW: 'contract_clauses.view',
+    // contract_services.*
+    CONTRACT_SERVICES_DEFINE_SERVICES: 'contract_services.define_services',
+    CONTRACT_SERVICES_VIEW_TRIPLE_MATCH: 'contract_services.view_triple_match',
+    CONTRACT_SERVICES_VIEW: 'contract_services.view',
+    // change_requests.*
+    CHANGE_REQUESTS_CREATE_OPERATIONAL: 'change_requests.create_operational',
+    CHANGE_REQUESTS_CREATE_ECONOMIC: 'change_requests.create_economic',
+    CHANGE_REQUESTS_APPROVE: 'change_requests.approve',
+    CHANGE_REQUESTS_CREATE_AMENDMENT: 'change_requests.create_amendment',
+    CHANGE_REQUESTS_VIEW: 'change_requests.view',
+    // contract_documents.*
+    CONTRACT_DOCUMENTS_UPLOAD: 'contract_documents.upload',
+    CONTRACT_DOCUMENTS_APPROVE: 'contract_documents.approve',
+    CONTRACT_DOCUMENTS_REJECT: 'contract_documents.reject',
+    CONTRACT_DOCUMENTS_UPLOAD_VERSION: 'contract_documents.upload_version',
+    CONTRACT_DOCUMENTS_VIEW_VERSIONS: 'contract_documents.view_versions',
+    CONTRACT_DOCUMENTS_CONFIGURE_PERIODIC_REVIEW: 'contract_documents.configure_periodic_review',
+    CONTRACT_DOCUMENTS_DOWNLOAD: 'contract_documents.download',
+};
+// ======================= ENTREGABLES (27) =======================
+exports.ENTREGABLES_PERMISSIONS = {
+    // deliverables.*
+    DELIVERABLES_CREATE: 'deliverables.create',
+    DELIVERABLES_UPDATE: 'deliverables.update',
+    DELIVERABLES_DESACTIVAR_ENTREGABLES: 'deliverables.desactivar_entregables',
+    DELIVERABLES_CONFIGURE_PENALTY: 'deliverables.configure_penalty',
+    DELIVERABLES_ASSIGN_RESPONSIBLES: 'deliverables.assign_responsibles',
+    DELIVERABLES_MANAGE_TEMPLATES: 'deliverables.manage_templates',
+    DELIVERABLES_DEFINE_SCHEDULE: 'deliverables.define_schedule',
+    DELIVERABLES_RESCHEDULE: 'deliverables.reschedule',
+    DELIVERABLES_MARK_UNCONTROLLED: 'deliverables.mark_uncontrolled',
+    DELIVERABLES_CREATE_SUB: 'deliverables.create_sub',
+    // deliverable_evidence.*
+    DELIVERABLE_EVIDENCE_UPLOAD: 'deliverable_evidence.upload',
+    DELIVERABLE_EVIDENCE_REUPLOAD: 'deliverable_evidence.reupload',
+    DELIVERABLE_EVIDENCE_VIEW: 'deliverable_evidence.view',
+    DELIVERABLE_EVIDENCE_DOWNLOAD: 'deliverable_evidence.download',
+    DELIVERABLE_EVIDENCE_VIEW_REJECTION_REASON: 'deliverable_evidence.view_rejection_reason',
+    // deliverable_review.*
+    DELIVERABLE_REVIEW_VIEW_QUEUE: 'deliverable_review.view_queue',
+    DELIVERABLE_REVIEW_APPROVE: 'deliverable_review.approve',
+    DELIVERABLE_REVIEW_REJECT: 'deliverable_review.reject',
+    DELIVERABLE_REVIEW_WRITE_REJECTION_REASON: 'deliverable_review.write_rejection_reason',
+    // deliverable_penalties.*
+    DELIVERABLE_PENALTIES_VIEW_SUMMARY: 'deliverable_penalties.view_summary',
+    DELIVERABLE_PENALTIES_VIEW_DETAIL: 'deliverable_penalties.view_detail',
+    DELIVERABLE_PENALTIES_EXPORT: 'deliverable_penalties.export',
+    // deliverable_reports.*
+    DELIVERABLE_REPORTS_REPORT_COMPLIANCE: 'deliverable_reports.report_compliance',
+    DELIVERABLE_REPORTS_REPORT_PUNCTUALITY: 'deliverable_reports.report_punctuality',
+    DELIVERABLE_REPORTS_REPORT_HISTORY: 'deliverable_reports.report_history',
+    DELIVERABLE_REPORTS_EXPORT: 'deliverable_reports.export',
+    DELIVERABLE_REPORTS_ALERTS: 'deliverable_reports.alerts',
+};
+// ======================= FACTURACIÓN (27) =======================
+exports.FACTURACION_PERMISSIONS = {
+    // invoices.*
+    INVOICES_REGISTER: 'invoices.register',
+    INVOICES_UPLOAD_SUPPORT: 'invoices.upload_support',
+    INVOICES_UPLOAD_BACKUP: 'invoices.upload_backup',
+    INVOICES_UPDATE: 'invoices.update',
+    INVOICES_RESUBMIT: 'invoices.resubmit',
+    INVOICES_VIEW_QUEUE: 'invoices.view_queue',
+    INVOICES_START_REVIEW: 'invoices.start_review',
+    INVOICES_VALIDATE: 'invoices.validate',
+    INVOICES_RETURN: 'invoices.return',
+    INVOICES_APPROVE: 'invoices.approve',
+    INVOICES_REJECT: 'invoices.reject',
+    INVOICES_CANCEL: 'invoices.cancel',
+    INVOICES_VIEW_DETAIL: 'invoices.view_detail',
+    INVOICES_VIEW_OWN: 'invoices.view_own',
+    INVOICES_VIEW_APPROVED: 'invoices.view_approved',
+    INVOICES_DOWNLOAD: 'invoices.download',
+    // invoice_adjustments.*
+    INVOICE_ADJUSTMENTS_VIEW_ADJUSTMENTS: 'invoice_adjustments.view_adjustments',
+    INVOICE_ADJUSTMENTS_APPLY_SLA: 'invoice_adjustments.apply_sla',
+    // invoice_payments.*
+    INVOICE_PAYMENTS_REGISTER: 'invoice_payments.register',
+    INVOICE_PAYMENTS_REGISTER_PARTIAL: 'invoice_payments.register_partial',
+    INVOICE_PAYMENTS_SET_EXCHANGE_RATE: 'invoice_payments.set_exchange_rate',
+    INVOICE_PAYMENTS_GENERATE_ERP_TOKEN: 'invoice_payments.generate_erp_token',
+    // invoice_reports.*
+    INVOICE_REPORTS_REPORT_FINANCIAL: 'invoice_reports.report_financial',
+    INVOICE_REPORTS_REPORT_HISTORY: 'invoice_reports.report_history',
+    INVOICE_REPORTS_EXPORT: 'invoice_reports.export',
+    // invoice_config.* / invoice_audit.*
+    INVOICE_CONFIG_CONFIGURE_PARAMS: 'invoice_config.configure_params',
+    INVOICE_AUDIT_VIEW_AUDIT: 'invoice_audit.view_audit',
+};
+// ======================= SLAs (36) =======================
+exports.SLAS_PERMISSIONS = {
+    // slas.*
+    SLAS_CREATE: 'slas.create',
+    SLAS_UPDATE: 'slas.update',
+    SLAS_ASSOCIATE_AMOUNT: 'slas.associate_amount',
+    SLAS_TOGGLE_ACTIVE: 'slas.toggle_active',
+    SLAS_VIEW_DETAIL: 'slas.view_detail',
+    SLAS_DEFINE_ANNUAL_TARGETS: 'slas.define_annual_targets',
+    SLAS_ADJUST_TARGETS: 'slas.adjust_targets',
+    SLAS_CONFIGURE_WINDOW: 'slas.configure_window',
+    SLAS_CONFIGURE_PARAMS: 'slas.configure_params',
+    // sla_measurements.*
+    SLA_MEASUREMENTS_UPLOAD: 'sla_measurements.upload',
+    SLA_MEASUREMENTS_VIEW_COMPLIANCE: 'sla_measurements.view_compliance',
+    SLA_MEASUREMENTS_SUBMIT: 'sla_measurements.submit',
+    SLA_MEASUREMENTS_APPROVE: 'sla_measurements.approve',
+    SLA_MEASUREMENTS_REJECT: 'sla_measurements.reject',
+    SLA_MEASUREMENTS_RESUBMIT: 'sla_measurements.resubmit',
+    SLA_MEASUREMENTS_VIEW_HISTORY: 'sla_measurements.view_history',
+    SLA_MEASUREMENTS_UPLOAD_ACTION_PLAN: 'sla_measurements.upload_action_plan',
+    // sla_credits.*
+    SLA_CREDITS_VIEW_PENDING: 'sla_credits.view_pending',
+    SLA_CREDITS_APPLY: 'sla_credits.apply',
+    SLA_CREDITS_APPLY_PARTIAL: 'sla_credits.apply_partial',
+    SLA_CREDITS_APPROVE_EXPIRATION: 'sla_credits.approve_expiration',
+    SLA_CREDITS_VIEW_HISTORY: 'sla_credits.view_history',
+    // sla_exceptions.*
+    SLA_EXCEPTIONS_REQUEST: 'sla_exceptions.request',
+    SLA_EXCEPTIONS_APPROVE_TOTAL: 'sla_exceptions.approve_total',
+    SLA_EXCEPTIONS_APPROVE_PARTIAL: 'sla_exceptions.approve_partial',
+    SLA_EXCEPTIONS_REJECT: 'sla_exceptions.reject',
+    SLA_EXCEPTIONS_ESCALATE_GOVERNANCE: 'sla_exceptions.escalate_governance',
+    SLA_EXCEPTIONS_VIEW_PENDING: 'sla_exceptions.view_pending',
+    // sla_disputes.*
+    SLA_DISPUTES_CREATE: 'sla_disputes.create',
+    SLA_DISPUTES_LINK_GOVERNANCE: 'sla_disputes.link_governance',
+    SLA_DISPUTES_CLOSE: 'sla_disputes.close',
+    SLA_DISPUTES_VIEW_ACTIVE: 'sla_disputes.view_active',
+    // sla_recovery.*
+    SLA_RECOVERY_VIEW_RECOVERY_INPROGRESS: 'sla_recovery.view_recovery_inprogress',
+    SLA_RECOVERY_VIEW_RECOVERY_FAILED: 'sla_recovery.view_recovery_failed',
+    // sla_reports.*
+    SLA_REPORTS_VIEW_DASHBOARD: 'sla_reports.view_dashboard',
+    SLA_REPORTS_EXPORT_MONTHLY: 'sla_reports.export_monthly',
+};
+// ======================= PROVEEDORES (39) =======================
+// [ADR-004 Fase 2 / RA-02] Exportadas también como constantes individuales
+// (además del objeto de dominio) para consumo directo desde guards/decoradores.
+// ── Proveedores ──
+exports.PROVIDERS_PROFILE_CREATE = 'providers.profile.create';
+exports.PROVIDERS_PROFILE_EDIT = 'providers.profile.edit';
+exports.PROVIDERS_PROFILE_CHANGE_STATUS = 'providers.profile.change_status';
+exports.PROVIDERS_PROFILE_BLACKLIST = 'providers.profile.blacklist';
+exports.PROVIDERS_PROFILE_VIEW = 'providers.profile.view';
+exports.PROVIDERS_PROFILE_VIEW_BANK_INFO = 'providers.profile.view_bank_info';
+exports.PROVIDERS_PROFILE_CHANGE_RISK = 'providers.profile.change_risk';
+exports.PROVIDERS_CONTACTS_MANAGE = 'providers.contacts.manage';
+exports.PROVIDERS_CONTACTS_VIEW = 'providers.contacts.view';
+exports.PROVIDERS_CONTACTS_SET_PRIMARY = 'providers.contacts.set_primary';
+exports.PROVIDERS_DEPS_MANAGE = 'providers.deps.manage';
+exports.PROVIDERS_DEPS_VIEW = 'providers.deps.view';
+exports.PROVIDERS_EVALS_SCHEDULE = 'providers.evals.schedule';
+exports.PROVIDERS_EVALS_EXECUTE = 'providers.evals.execute';
+exports.PROVIDERS_EVALS_CANCEL = 'providers.evals.cancel';
+exports.PROVIDERS_EVALS_VIEW = 'providers.evals.view';
+exports.PROVIDERS_RISKS_REGISTER = 'providers.risks.register';
+exports.PROVIDERS_RISKS_EDIT = 'providers.risks.edit';
+exports.PROVIDERS_RISKS_VIEW_MATRIX = 'providers.risks.view_matrix';
+exports.PROVIDERS_RISKS_CREATE_PLAN = 'providers.risks.create_plan';
+exports.PROVIDERS_RISKS_EXECUTE_ACTION = 'providers.risks.execute_action';
+exports.PROVIDERS_RISKS_VIEW_PLANS = 'providers.risks.view_plans';
+exports.PROVIDERS_SURVEYS_CREATE = 'providers.surveys.create';
+exports.PROVIDERS_SURVEYS_EDIT_QUESTIONS = 'providers.surveys.edit_questions';
+exports.PROVIDERS_SURVEYS_MANAGE_LIFECYCLE = 'providers.surveys.manage_lifecycle';
+exports.PROVIDERS_SURVEYS_RESPOND = 'providers.surveys.respond';
+exports.PROVIDERS_SURVEYS_VIEW = 'providers.surveys.view';
+exports.PROVIDERS_INCIDENTS_REGISTER = 'providers.incidents.register';
+exports.PROVIDERS_INCIDENTS_ASSIGN = 'providers.incidents.assign';
+exports.PROVIDERS_INCIDENTS_MANAGE = 'providers.incidents.manage';
+exports.PROVIDERS_INCIDENTS_CLOSE = 'providers.incidents.close';
+exports.PROVIDERS_INCIDENTS_REOPEN = 'providers.incidents.reopen';
+exports.PROVIDERS_INCIDENTS_VIEW = 'providers.incidents.view';
+exports.PROVIDERS_REPORTS_GENERATE = 'providers.reports.generate';
+exports.PROVIDERS_REPORTS_EVALUATIONS = 'providers.reports.evaluations';
+exports.PROVIDERS_REPORTS_RISKS = 'providers.reports.risks';
+exports.PROVIDERS_REPORTS_SURVEYS = 'providers.reports.surveys';
+exports.PROVIDERS_REPORTS_INCIDENTS = 'providers.reports.incidents';
+exports.PROVIDERS_REPORTS_VIEW = 'providers.reports.view';
+/** Objeto de dominio Proveedores (agrupación, igual que los demás microservicios). */
+exports.PROVEEDORES_PERMISSIONS = {
+    // providers.profile.*
+    PROVIDERS_PROFILE_CREATE: exports.PROVIDERS_PROFILE_CREATE,
+    PROVIDERS_PROFILE_EDIT: exports.PROVIDERS_PROFILE_EDIT,
+    PROVIDERS_PROFILE_CHANGE_STATUS: exports.PROVIDERS_PROFILE_CHANGE_STATUS,
+    PROVIDERS_PROFILE_BLACKLIST: exports.PROVIDERS_PROFILE_BLACKLIST,
+    PROVIDERS_PROFILE_VIEW: exports.PROVIDERS_PROFILE_VIEW,
+    PROVIDERS_PROFILE_VIEW_BANK_INFO: exports.PROVIDERS_PROFILE_VIEW_BANK_INFO,
+    PROVIDERS_PROFILE_CHANGE_RISK: exports.PROVIDERS_PROFILE_CHANGE_RISK,
+    // providers.contacts.*
+    PROVIDERS_CONTACTS_MANAGE: exports.PROVIDERS_CONTACTS_MANAGE,
+    PROVIDERS_CONTACTS_VIEW: exports.PROVIDERS_CONTACTS_VIEW,
+    PROVIDERS_CONTACTS_SET_PRIMARY: exports.PROVIDERS_CONTACTS_SET_PRIMARY,
+    // providers.deps.*
+    PROVIDERS_DEPS_MANAGE: exports.PROVIDERS_DEPS_MANAGE,
+    PROVIDERS_DEPS_VIEW: exports.PROVIDERS_DEPS_VIEW,
+    // providers.evals.*
+    PROVIDERS_EVALS_SCHEDULE: exports.PROVIDERS_EVALS_SCHEDULE,
+    PROVIDERS_EVALS_EXECUTE: exports.PROVIDERS_EVALS_EXECUTE,
+    PROVIDERS_EVALS_CANCEL: exports.PROVIDERS_EVALS_CANCEL,
+    PROVIDERS_EVALS_VIEW: exports.PROVIDERS_EVALS_VIEW,
+    // providers.risks.*
+    PROVIDERS_RISKS_REGISTER: exports.PROVIDERS_RISKS_REGISTER,
+    PROVIDERS_RISKS_EDIT: exports.PROVIDERS_RISKS_EDIT,
+    PROVIDERS_RISKS_VIEW_MATRIX: exports.PROVIDERS_RISKS_VIEW_MATRIX,
+    PROVIDERS_RISKS_CREATE_PLAN: exports.PROVIDERS_RISKS_CREATE_PLAN,
+    PROVIDERS_RISKS_EXECUTE_ACTION: exports.PROVIDERS_RISKS_EXECUTE_ACTION,
+    PROVIDERS_RISKS_VIEW_PLANS: exports.PROVIDERS_RISKS_VIEW_PLANS,
+    // providers.surveys.*
+    PROVIDERS_SURVEYS_CREATE: exports.PROVIDERS_SURVEYS_CREATE,
+    PROVIDERS_SURVEYS_EDIT_QUESTIONS: exports.PROVIDERS_SURVEYS_EDIT_QUESTIONS,
+    PROVIDERS_SURVEYS_MANAGE_LIFECYCLE: exports.PROVIDERS_SURVEYS_MANAGE_LIFECYCLE,
+    PROVIDERS_SURVEYS_RESPOND: exports.PROVIDERS_SURVEYS_RESPOND,
+    PROVIDERS_SURVEYS_VIEW: exports.PROVIDERS_SURVEYS_VIEW,
+    // providers.incidents.*
+    PROVIDERS_INCIDENTS_REGISTER: exports.PROVIDERS_INCIDENTS_REGISTER,
+    PROVIDERS_INCIDENTS_ASSIGN: exports.PROVIDERS_INCIDENTS_ASSIGN,
+    PROVIDERS_INCIDENTS_MANAGE: exports.PROVIDERS_INCIDENTS_MANAGE,
+    PROVIDERS_INCIDENTS_CLOSE: exports.PROVIDERS_INCIDENTS_CLOSE,
+    PROVIDERS_INCIDENTS_REOPEN: exports.PROVIDERS_INCIDENTS_REOPEN,
+    PROVIDERS_INCIDENTS_VIEW: exports.PROVIDERS_INCIDENTS_VIEW,
+    // providers.reports.*
+    PROVIDERS_REPORTS_GENERATE: exports.PROVIDERS_REPORTS_GENERATE,
+    PROVIDERS_REPORTS_EVALUATIONS: exports.PROVIDERS_REPORTS_EVALUATIONS,
+    PROVIDERS_REPORTS_RISKS: exports.PROVIDERS_REPORTS_RISKS,
+    PROVIDERS_REPORTS_SURVEYS: exports.PROVIDERS_REPORTS_SURVEYS,
+    PROVIDERS_REPORTS_INCIDENTS: exports.PROVIDERS_REPORTS_INCIDENTS,
+    PROVIDERS_REPORTS_VIEW: exports.PROVIDERS_REPORTS_VIEW,
+};
+// ======================= AGREGADOS Y TIPOS =======================
+/** Todas las constantes agrupadas por dominio. */
+exports.PERMISSIONS_BY_DOMAIN = {
+    Auth: exports.AUTH_PERMISSIONS,
+    Contratos: exports.CONTRATOS_PERMISSIONS,
+    Entregables: exports.ENTREGABLES_PERMISSIONS,
+    Facturacion: exports.FACTURACION_PERMISSIONS,
+    SLAs: exports.SLAS_PERMISSIONS,
+    Proveedores: exports.PROVEEDORES_PERMISSIONS,
+};
+/** Lista plana de los 169 codes (para validación de sincronización con Auth). */
+exports.ALL_PERMISSION_CODES = [
+    ...Object.values(exports.AUTH_PERMISSIONS),
+    ...Object.values(exports.CONTRATOS_PERMISSIONS),
+    ...Object.values(exports.ENTREGABLES_PERMISSIONS),
+    ...Object.values(exports.FACTURACION_PERMISSIONS),
+    ...Object.values(exports.SLAS_PERMISSIONS),
+    ...Object.values(exports.PROVEEDORES_PERMISSIONS),
+];

package/dist/constants/security.constants.d.ts

@@ -3,75 +3,75 @@
  * Implements complete role hierarchy for client/provider contract management
  */
 export declare const CONTRACTX_ROLES: {
-    readonly SUPERADMIN: "superadmin";
-    readonly CLIENT_CONTRACT_ADMIN: "client_contract_admin";
-    readonly CLIENT_PERFORMANCE_RESP: "client_performance_resp";
-    readonly CLIENT_FINANCE_RESP: "client_finance_resp";
-    readonly CLIENT_REPORTS_RESP: "client_reports_resp";
-    readonly CLIENT_RELATIONSHIP_RESP: "client_relationship_resp";
-    readonly CLIENT_RISK_RESP: "client_risk_resp";
-    readonly PROVIDER_CONTRACT_ADMIN: "provider_contract_admin";
-    readonly PROVIDER_PERFORMANCE_RESP: "provider_performance_resp";
-    readonly PROVIDER_FINANCE_RESP: "provider_finance_resp";
-    readonly PROVIDER_REPORTS_RESP: "provider_reports_resp";
-    readonly PROVIDER_RELATIONSHIP_RESP: "provider_relationship_resp";
-    readonly PROVIDER_RISK_RESP: "provider_risk_resp";
-    readonly SUPPORT: "support";
+    SUPERADMIN: string;
+    CLIENT_CONTRACT_ADMIN: string;
+    CLIENT_PERFORMANCE_RESP: string;
+    CLIENT_FINANCE_RESP: string;
+    CLIENT_REPORTS_RESP: string;
+    CLIENT_RELATIONSHIP_RESP: string;
+    CLIENT_RISK_RESP: string;
+    PROVIDER_CONTRACT_ADMIN: string;
+    PROVIDER_PERFORMANCE_RESP: string;
+    PROVIDER_FINANCE_RESP: string;
+    PROVIDER_REPORTS_RESP: string;
+    PROVIDER_RELATIONSHIP_RESP: string;
+    PROVIDER_RISK_RESP: string;
+    SUPPORT: string;
 };
 /**
  * ODS Role Hierarchy Levels - Exact hierarchy from Excel specification
  * Higher numbers indicate higher privileges
  */
 export declare const ROLE_HIERARCHY: {
-    readonly superadmin: 100;
-    readonly support: 85;
-    readonly client_contract_admin: 80;
-    readonly client_performance_resp: 70;
-    readonly client_finance_resp: 70;
-    readonly client_reports_resp: 65;
-    readonly client_relationship_resp: 65;
-    readonly client_risk_resp: 65;
-    readonly provider_contract_admin: 80;
-    readonly provider_performance_resp: 70;
-    readonly provider_finance_resp: 70;
-    readonly provider_reports_resp: 65;
-    readonly provider_relationship_resp: 65;
-    readonly provider_risk_resp: 65;
+    [CONTRACTX_ROLES.SUPERADMIN]: number;
+    [CONTRACTX_ROLES.SUPPORT]: number;
+    [CONTRACTX_ROLES.CLIENT_CONTRACT_ADMIN]: number;
+    [CONTRACTX_ROLES.CLIENT_PERFORMANCE_RESP]: number;
+    [CONTRACTX_ROLES.CLIENT_FINANCE_RESP]: number;
+    [CONTRACTX_ROLES.CLIENT_REPORTS_RESP]: number;
+    [CONTRACTX_ROLES.CLIENT_RELATIONSHIP_RESP]: number;
+    [CONTRACTX_ROLES.CLIENT_RISK_RESP]: number;
+    [CONTRACTX_ROLES.PROVIDER_CONTRACT_ADMIN]: number;
+    [CONTRACTX_ROLES.PROVIDER_PERFORMANCE_RESP]: number;
+    [CONTRACTX_ROLES.PROVIDER_FINANCE_RESP]: number;
+    [CONTRACTX_ROLES.PROVIDER_REPORTS_RESP]: number;
+    [CONTRACTX_ROLES.PROVIDER_RELATIONSHIP_RESP]: number;
+    [CONTRACTX_ROLES.PROVIDER_RISK_RESP]: number;
 };
 /**
  * Permission Categories for organization
  */
 export declare const PERMISSION_CATEGORIES: {
-    readonly USER_MANAGEMENT: "User Management";
-    readonly ROLE_MANAGEMENT: "Role Management";
-    readonly PERMISSION_MANAGEMENT: "Permission Management";
-    readonly CLIENT_MANAGEMENT: "Client Management";
-    readonly PROVIDER_MANAGEMENT: "Provider Management";
-    readonly CONTRACT_MANAGEMENT: "Contract Management";
-    readonly DOCUMENT_MANAGEMENT: "Document Management";
-    readonly DELIVERABLE_MANAGEMENT: "Deliverable Management";
-    readonly PERFORMANCE_MANAGEMENT: "Performance Management";
-    readonly FINANCIAL_MANAGEMENT: "Financial Management";
-    readonly COMMUNICATION_MANAGEMENT: "Communication Management";
-    readonly SYSTEM_ADMINISTRATION: "System Administration";
+    USER_MANAGEMENT: string;
+    ROLE_MANAGEMENT: string;
+    PERMISSION_MANAGEMENT: string;
+    CLIENT_MANAGEMENT: string;
+    PROVIDER_MANAGEMENT: string;
+    CONTRACT_MANAGEMENT: string;
+    DOCUMENT_MANAGEMENT: string;
+    DELIVERABLE_MANAGEMENT: string;
+    PERFORMANCE_MANAGEMENT: string;
+    FINANCIAL_MANAGEMENT: string;
+    COMMUNICATION_MANAGEMENT: string;
+    SYSTEM_ADMINISTRATION: string;
 };
 /**
  * ODS Role Groups for easy assignment and management
  */
 export declare const ROLE_GROUPS: {
-    readonly ADMIN_ROLES: readonly ["superadmin", "client_contract_admin", "provider_contract_admin"];
-    readonly CLIENT_ROLES: readonly ["client_contract_admin", "client_performance_resp", "client_finance_resp", "client_reports_resp", "client_relationship_resp", "client_risk_resp"];
-    readonly PROVIDER_ROLES: readonly ["provider_contract_admin", "provider_performance_resp", "provider_finance_resp", "provider_reports_resp", "provider_relationship_resp", "provider_risk_resp"];
-    readonly MANAGER_ROLES: readonly ["client_contract_admin", "provider_contract_admin", "client_performance_resp", "provider_performance_resp", "client_finance_resp", "provider_finance_resp"];
-    readonly VIEWER_ROLES: readonly ["client_reports_resp", "provider_reports_resp"];
-    readonly RESPONSIBILITY_ROLES: readonly ["client_performance_resp", "client_finance_resp", "client_reports_resp", "client_relationship_resp", "client_risk_resp", "provider_performance_resp", "provider_finance_resp", "provider_reports_resp", "provider_relationship_resp", "provider_risk_resp"];
-    readonly SYSTEM_ROLES: readonly ["superadmin", "support"];
+    ADMIN_ROLES: string[];
+    CLIENT_ROLES: string[];
+    PROVIDER_ROLES: string[];
+    MANAGER_ROLES: string[];
+    VIEWER_ROLES: string[];
+    RESPONSIBILITY_ROLES: string[];
+    SYSTEM_ROLES: string[];
 };
 /**
  * Module constants for metadata
  */
 export declare const MODULE_CONSTANTS: {
-    readonly MODULE_OPTIONS_TOKEN: "PERMISSIONS_CONTRACTX_MODULE_OPTIONS";
-    readonly JWT_CONFIG_TOKEN: "PERMISSIONS_CONTRACTX_JWT_CONFIG";
+    MODULE_OPTIONS_TOKEN: string;
+    JWT_CONFIG_TOKEN: string;
 };
 //# sourceMappingURL=security.constants.d.ts.map

package/dist/constants/security.constants.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"security.constants.d.ts","sourceRoot":"","sources":["../../src/constants/security.constants.ts"],"names":[],"mappings":"AAaA;;;GAGG;AACH,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;CAsBlB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;CAmBjB,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;CAaxB,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,WAAW;;;;;;;;CAwDd,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,gBAAgB;;;CAGnB,CAAC"}
+{"version":3,"file":"security.constants.d.ts","sourceRoot":"","sources":["../../src/constants/security.constants.ts"],"names":[],"mappings":"AAYA;;;GAGG;AACH,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;CAmB3B,CAAC;AACF;;;GAGG;AACH,eAAO,MAAM,cAAc;IACvB,CAAC,eAAe,CAAC,UAAU,CAAC,SAAK;IACjC,CAAC,eAAe,CAAC,OAAO,CAAC,SAAI;IAE7B,CAAC,eAAe,CAAC,qBAAqB,CAAC,SAAI;IAC3C,CAAC,eAAe,CAAC,uBAAuB,CAAC,SAAI;IAC7C,CAAC,eAAe,CAAC,mBAAmB,CAAC,SAAI;IACzC,CAAC,eAAe,CAAC,mBAAmB,CAAC,SAAI;IACzC,CAAC,eAAe,CAAC,wBAAwB,CAAC,SAAI;IAC9C,CAAC,eAAe,CAAC,gBAAgB,CAAC,SAAI;IAEtC,CAAC,eAAe,CAAC,uBAAuB,CAAC,SAAI;IAC7C,CAAC,eAAe,CAAC,yBAAyB,CAAC,SAAI;IAC/C,CAAC,eAAe,CAAC,qBAAqB,CAAC,SAAI;IAC3C,CAAC,eAAe,CAAC,qBAAqB,CAAC,SAAI;IAC3C,CAAC,eAAe,CAAC,0BAA0B,CAAC,SAAI;IAChD,CAAC,eAAe,CAAC,kBAAkB,CAAC,SAAI;CAC3C,CAAC;AACF;;GAEG;AACH,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;CAajC,CAAC;AACF;;GAEG;AACH,eAAO,MAAM,WAAW;;;;;;;;CAkDvB,CAAC;AACF;;GAEG;AACH,eAAO,MAAM,gBAAgB;;;CAG5B,CAAC"}

package/dist/constants/security.constants.js

@@ -1,4 +1,6 @@
 "use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MODULE_CONSTANTS = exports.ROLE_GROUPS = exports.PERMISSION_CATEGORIES = exports.ROLE_HIERARCHY = exports.CONTRACTX_ROLES = void 0;
 // ===================================================================
 // ContractX ODS (Operational Data Store) Security Constants
 // ===================================================================
@@ -11,8 +13,6 @@
 //
 // Version: 2.0.0 - ODS Complete Implementation
 // ===================================================================
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.MODULE_CONSTANTS = exports.ROLE_GROUPS = exports.PERMISSION_CATEGORIES = exports.ROLE_HIERARCHY = exports.CONTRACTX_ROLES = void 0;
 /**
  * ODS Roles - Exact 16 roles from Excel specification
  * Implements complete role hierarchy for client/provider contract management

package/dist/decorators/current-user.decorator.d.ts

@@ -1,4 +1,3 @@
-import { JwtPayload } from '../interfaces';
 /**
  * Parameter decorator to inject the current authenticated user into a route handler
  *
@@ -8,66 +7,19 @@ import { JwtPayload } from '../interfaces';
  *
  * @example
  * ```typescript
- * // Get full user object
  * @Get('profile')
  * getProfile(@CurrentUser() user: JwtPayload) {
  *   return user;
  * }
- *
- * // Get specific user property
- * @Post('action')
- * performAction(@CurrentUser('sub') userId: string) {
- *   // Only gets the user ID
- * }
- * ```
- */
-export declare const CurrentUser: (...dataOrPipes: (keyof JwtPayload | import("@nestjs/common").PipeTransform<any, any> | import("@nestjs/common").Type<import("@nestjs/common").PipeTransform<any, any>> | undefined)[]) => ParameterDecorator;
-/**
- * Decorator to get current user's ID
- *
- * @example
- * ```typescript
- * @Post('create')
- * createResource(@UserId() userId: string) {
- *   // Gets user.sub as userId
- * }
  * ```
  */
+export declare const CurrentUser: (...dataOrPipes: (string | import("@nestjs/common").PipeTransform<any, any> | import("@nestjs/common").Type<import("@nestjs/common").PipeTransform<any, any>>)[]) => ParameterDecorator;
+/** Decorator to get current user's ID */
 export declare const UserId: (...dataOrPipes: unknown[]) => ParameterDecorator;
-/**
- * Decorator to get current user's roles
- *
- * @example
- * ```typescript
- * @Get('roles')
- * getUserRoles(@UserRoles() roles: string[]) {
- *   return { roles };
- * }
- * ```
- */
+/** Decorator to get current user's roles */
 export declare const UserRoles: (...dataOrPipes: unknown[]) => ParameterDecorator;
-/**
- * Decorator to get current user's permissions
- *
- * @example
- * ```typescript
- * @Get('permissions')
- * getUserPermissions(@UserPermissions() permissions: string[]) {
- *   return { permissions };
- * }
- * ```
- */
+/** Decorator to get current user's permissions */
 export declare const UserPermissions: (...dataOrPipes: unknown[]) => ParameterDecorator;
-/**
- * Decorator to get current user's client ID
- *
- * @example
- * ```typescript
- * @Get('client-data')
- * getClientData(@UserClientId() clientId: string) {
- *   // Gets user.clientId
- * }
- * ```
- */
+/** Decorator to get current user's client ID */
 export declare const UserClientId: (...dataOrPipes: unknown[]) => ParameterDecorator;
 //# sourceMappingURL=current-user.decorator.d.ts.map

package/dist/decorators/current-user.decorator.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"current-user.decorator.d.ts","sourceRoot":"","sources":["../../src/decorators/current-user.decorator.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAE3C;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,eAAO,MAAM,WAAW,+MAOvB,CAAC;AAEF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,MAAM,mDAKlB,CAAC;AAEF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,SAAS,mDAKrB,CAAC;AAEF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,eAAe,mDAK3B,CAAC;AAEF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,YAAY,mDAKxB,CAAC"}
+{"version":3,"file":"current-user.decorator.d.ts","sourceRoot":"","sources":["../../src/decorators/current-user.decorator.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,WAAW,yLAItB,CAAC;AAEH,yCAAyC;AACzC,eAAO,MAAM,MAAM,mDAGjB,CAAC;AAEH,4CAA4C;AAC5C,eAAO,MAAM,SAAS,mDAGpB,CAAC;AAEH,kDAAkD;AAClD,eAAO,MAAM,eAAe,mDAG1B,CAAC;AAEH,gDAAgD;AAChD,eAAO,MAAM,YAAY,mDAGvB,CAAC"}

package/dist/decorators/current-user.decorator.js

@@ -11,17 +11,10 @@ const common_1 = require("@nestjs/common");
  *
  * @example
  * ```typescript
- * // Get full user object
  * @Get('profile')
  * getProfile(@CurrentUser() user: JwtPayload) {
  *   return user;
  * }
- *
- * // Get specific user property
- * @Post('action')
- * performAction(@CurrentUser('sub') userId: string) {
- *   // Only gets the user ID
- * }
  * ```
  */
 exports.CurrentUser = (0, common_1.createParamDecorator)((data, ctx) => {
@@ -29,62 +22,22 @@ exports.CurrentUser = (0, common_1.createParamDecorator)((data, ctx) => {
     const user = request.user;
     return data ? user?.[data] : user;
 });
-/**
- * Decorator to get current user's ID
- *
- * @example
- * ```typescript
- * @Post('create')
- * createResource(@UserId() userId: string) {
- *   // Gets user.sub as userId
- * }
- * ```
- */
+/** Decorator to get current user's ID */
 exports.UserId = (0, common_1.createParamDecorator)((_data, ctx) => {
     const request = ctx.switchToHttp().getRequest();
     return request.user?.sub;
 });
-/**
- * Decorator to get current user's roles
- *
- * @example
- * ```typescript
- * @Get('roles')
- * getUserRoles(@UserRoles() roles: string[]) {
- *   return { roles };
- * }
- * ```
- */
+/** Decorator to get current user's roles */
 exports.UserRoles = (0, common_1.createParamDecorator)((_data, ctx) => {
     const request = ctx.switchToHttp().getRequest();
     return request.user?.role || [];
 });
-/**
- * Decorator to get current user's permissions
- *
- * @example
- * ```typescript
- * @Get('permissions')
- * getUserPermissions(@UserPermissions() permissions: string[]) {
- *   return { permissions };
- * }
- * ```
- */
+/** Decorator to get current user's permissions */
 exports.UserPermissions = (0, common_1.createParamDecorator)((_data, ctx) => {
     const request = ctx.switchToHttp().getRequest();
     return request.user?.permissions || [];
 });
-/**
- * Decorator to get current user's client ID
- *
- * @example
- * ```typescript
- * @Get('client-data')
- * getClientData(@UserClientId() clientId: string) {
- *   // Gets user.clientId
- * }
- * ```
- */
+/** Decorator to get current user's client ID */
 exports.UserClientId = (0, common_1.createParamDecorator)((_data, ctx) => {
     const request = ctx.switchToHttp().getRequest();
     return request.user?.clientId;

package/dist/decorators/index.d.ts

@@ -2,4 +2,5 @@ export * from './public.decorator';
 export * from './roles.decorator';
 export * from './permissions.decorator';
 export * from './current-user.decorator';
+export * from './permission-writes.decorator';
 //# sourceMappingURL=index.d.ts.map

package/dist/decorators/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/decorators/index.ts"],"names":[],"mappings":"AAAA,cAAc,oBAAoB,CAAC;AACnC,cAAc,mBAAmB,CAAC;AAClC,cAAc,yBAAyB,CAAC;AACxC,cAAc,0BAA0B,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/decorators/index.ts"],"names":[],"mappings":"AAAA,cAAc,oBAAoB,CAAC;AACnC,cAAc,mBAAmB,CAAC;AAClC,cAAc,yBAAyB,CAAC;AACxC,cAAc,0BAA0B,CAAC;AACzC,cAAc,+BAA+B,CAAC"}

package/dist/decorators/index.js

@@ -18,3 +18,4 @@ __exportStar(require("./public.decorator"), exports);
 __exportStar(require("./roles.decorator"), exports);
 __exportStar(require("./permissions.decorator"), exports);
 __exportStar(require("./current-user.decorator"), exports);
+__exportStar(require("./permission-writes.decorator"), exports);