npm - tale-js-sdk - Versions diffs - 0.1.4 → 1.1.0 - Mend

tale-js-sdk 0.1.4 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/dist/acl/index.d.ts +232 -102
package/dist/acl/index.js +446 -510
package/dist/acl/types.d.ts +96 -161
package/dist/common/types.d.ts +5 -2
package/dist/index.d.ts +3 -0
package/dist/index.js +3 -0
package/dist/rbac/index.d.ts +464 -2
package/dist/rbac/index.js +1123 -2
package/dist/rbac/types.d.ts +73 -304
package/dist/user/index.d.ts +2 -2
package/dist/user/types.d.ts +3 -7
package/dist/user-attribute/index.d.ts +194 -0
package/dist/user-attribute/index.js +628 -0
package/dist/user-attribute/types.d.ts +108 -0
package/dist/user-attribute/types.js +1 -0
package/package.json +1 -1

package/dist/rbac/index.js CHANGED Viewed

@@ -1,2 +1,1123 @@
-// 导出 RBAC 功能函数，使用命名空间避免与现有模块冲突
-export * as rbac from './rbac.js';
+import { getAppToken } from "../token.js";
+import { ApiError, ConfigurationError, NetworkError } from "../errors.js";
+// ==================== Role Management ====================
+/**
+ * Gets a role by ID.
+ *
+ * @param roleId - Role ID
+ * @param options - Optional configuration
+ * @returns Promise resolving to role information
+ * @throws {ConfigurationError} When required environment variables are missing
+ * @throws {ApiError} When API request fails
+ * @throws {NetworkError} When network request fails
+ *
+ * @example
+ * ```typescript
+ * import { getRole } from '@tale/client';
+ *
+ * try {
+ *   const role = await getRole('role_id_here');
+ *   console.log('Role name:', role.role_name);
+ * } catch (error) {
+ *   console.error('Failed to get role:', error.message);
+ * }
+ * ```
+ */
+export async function getRole(roleId, options) {
+    if (!roleId || roleId.trim() === "") {
+        throw new ApiError("role_id is required", 400, "9400");
+    }
+    const token = options?.appToken ?? (await getAppToken(options));
+    const env = globalThis?.process?.env ?? import.meta?.env ?? undefined;
+    const base = options?.baseUrl ?? env?.TALE_BASE_URL ?? undefined;
+    if (!base) {
+        throw new ConfigurationError("Missing required environment variable: TALE_BASE_URL");
+    }
+    const url = String(base).replace(/\/+$/, "") +
+        `/rbac/v1/roles/${encodeURIComponent(roleId)}`;
+    let response;
+    try {
+        response = await globalThis.fetch(url, {
+            method: "GET",
+            headers: {
+                "Content-Type": "application/json",
+                "x-t-token": token,
+            },
+        });
+    }
+    catch (error) {
+        throw new NetworkError(`Failed to get role: ${error instanceof Error ? error.message : "Unknown error"}`);
+    }
+    const json = (await response.json());
+    if (json.code !== 200) {
+        const errorMsg = typeof json.msg === "string" ? json.msg : "Failed to get role";
+        throw new ApiError(errorMsg, response.status, json.code);
+    }
+    if (!json.data) {
+        throw new ApiError("Invalid role response: missing data", response.status);
+    }
+    return json.data;
+}
+/**
+ * Lists roles with pagination and optional filtering.
+ *
+ * @param options - Optional parameters for pagination and filtering
+ * @returns Promise resolving to paginated role list
+ * @throws {ConfigurationError} When required environment variables are missing
+ * @throws {ApiError} When API request fails
+ * @throws {NetworkError} When network request fails
+ *
+ * @example
+ * ```typescript
+ * import { listRoles } from '@tale/client';
+ *
+ * try {
+ *   const result = await listRoles({
+ *     page: 0,
+ *     size: 20,
+ *     role_type: 'admin'
+ *   });
+ *   console.log(`Found ${result.totalElements} roles`);
+ * } catch (error) {
+ *   console.error('Failed to list roles:', error.message);
+ * }
+ * ```
+ */
+export async function listRoles(options) {
+    const token = options?.appToken ?? (await getAppToken(options));
+    const env = globalThis?.process?.env ?? import.meta?.env ?? undefined;
+    const base = options?.baseUrl ?? env?.TALE_BASE_URL ?? undefined;
+    if (!base) {
+        throw new ConfigurationError("Missing required environment variable: TALE_BASE_URL");
+    }
+    const url = new URL(String(base).replace(/\/+$/, "") + "/rbac/v1/roles");
+    const queryParams = {
+        page: 0,
+        size: 20,
+        sort_by: "createdAt",
+        sort_direction: "desc",
+        ...options,
+    };
+    Object.entries(queryParams).forEach(([key, value]) => {
+        if (value !== undefined) {
+            url.searchParams.append(key, String(value));
+        }
+    });
+    let response;
+    try {
+        response = await globalThis.fetch(url.toString(), {
+            method: "GET",
+            headers: {
+                "Content-Type": "application/json",
+                "x-t-token": token,
+            },
+        });
+    }
+    catch (error) {
+        throw new NetworkError(`Failed to list roles: ${error instanceof Error ? error.message : "Unknown error"}`);
+    }
+    const json = (await response.json());
+    if (json.code !== 200) {
+        const errorMsg = typeof json.msg === "string" ? json.msg : "Failed to list roles";
+        throw new ApiError(errorMsg, response.status, json.code);
+    }
+    if (!json.data || !Array.isArray(json.data.content)) {
+        throw new ApiError("Invalid roles response: missing data", response.status);
+    }
+    return json.data;
+}
+/**
+ * Creates a new role.
+ *
+ * @param request - Role creation request
+ * @param options - Optional configuration
+ * @returns Promise resolving to created role
+ * @throws {ConfigurationError} When required environment variables are missing
+ * @throws {ApiError} When API request fails
+ * @throws {NetworkError} When network request fails
+ *
+ * @example
+ * ```typescript
+ * import { createRole } from '@tale/client';
+ *
+ * try {
+ *   const role = await createRole({
+ *     roleName: 'Administrator',
+ *     role_type: 'admin',
+ *     privilege_ids: ['priv1', 'priv2']
+ *   });
+ *   console.log('Role created:', role.role_id);
+ * } catch (error) {
+ *   console.error('Failed to create role:', error.message);
+ * }
+ * ```
+ */
+export async function createRole(request, options) {
+    if (!request.role_name || request.role_name.trim() === "") {
+        throw new ApiError("role_name is required", 400, "9400");
+    }
+    const token = options?.appToken ?? (await getAppToken(options));
+    const env = globalThis?.process?.env ?? import.meta?.env ?? undefined;
+    const base = options?.baseUrl ?? env?.TALE_BASE_URL ?? undefined;
+    if (!base) {
+        throw new ConfigurationError("Missing required environment variable: TALE_BASE_URL");
+    }
+    const url = String(base).replace(/\/+$/, "") + "/rbac/v1/roles";
+    let response;
+    try {
+        response = await globalThis.fetch(url, {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json",
+                "x-t-token": token,
+            },
+            body: JSON.stringify(request),
+        });
+    }
+    catch (error) {
+        throw new NetworkError(`Failed to create role: ${error instanceof Error ? error.message : "Unknown error"}`);
+    }
+    const json = (await response.json());
+    if (json.code !== 200) {
+        const errorMsg = typeof json.msg === "string" ? json.msg : "Failed to create role";
+        throw new ApiError(errorMsg, response.status, json.code);
+    }
+    if (!json.data) {
+        throw new ApiError("Invalid role creation response: missing data", response.status);
+    }
+    return json.data;
+}
+/**
+ * Updates an existing role.
+ *
+ * @param roleId - Role ID to update
+ * @param request - Update request with fields to modify
+ * @param options - Optional configuration
+ * @returns Promise resolving to updated role
+ * @throws {ConfigurationError} When required environment variables are missing
+ * @throws {ApiError} When API request fails
+ * @throws {NetworkError} When network request fails
+ *
+ * @example
+ * ```typescript
+ * import { updateRole } from '@tale/client';
+ *
+ * try {
+ *   const role = await updateRole('role_id_here', {
+ *     roleName: 'Updated Role Name',
+ *     remark: 'Updated description'
+ *   });
+ *   console.log('Role updated:', role.role_name);
+ * } catch (error) {
+ *   console.error('Failed to update role:', error.message);
+ * }
+ * ```
+ */
+export async function updateRole(roleId, request, options) {
+    if (!roleId || roleId.trim() === "") {
+        throw new ApiError("role_id is required", 400, "9400");
+    }
+    const token = options?.appToken ?? (await getAppToken(options));
+    const env = globalThis?.process?.env ?? import.meta?.env ?? undefined;
+    const base = options?.baseUrl ?? env?.TALE_BASE_URL ?? undefined;
+    if (!base) {
+        throw new ConfigurationError("Missing required environment variable: TALE_BASE_URL");
+    }
+    const url = String(base).replace(/\/+$/, "") +
+        `/rbac/v1/roles/${encodeURIComponent(roleId)}`;
+    let response;
+    try {
+        response = await globalThis.fetch(url, {
+            method: "PUT",
+            headers: {
+                "Content-Type": "application/json",
+                "x-t-token": token,
+            },
+            body: JSON.stringify(request),
+        });
+    }
+    catch (error) {
+        throw new NetworkError(`Failed to update role: ${error instanceof Error ? error.message : "Unknown error"}`);
+    }
+    const json = (await response.json());
+    if (json.code !== 200) {
+        const errorMsg = typeof json.msg === "string" ? json.msg : "Failed to update role";
+        throw new ApiError(errorMsg, response.status, json.code);
+    }
+    if (!json.data) {
+        throw new ApiError("Invalid role update response: missing data", response.status);
+    }
+    return json.data;
+}
+/**
+ * Deletes a role.
+ *
+ * @param roleId - Role ID to delete
+ * @param options - Optional configuration
+ * @returns Promise that resolves when deletion is successful
+ * @throws {ConfigurationError} When required environment variables are missing
+ * @throws {ApiError} When API request fails
+ * @throws {NetworkError} When network request fails
+ *
+ * @example
+ * ```typescript
+ * import { deleteRole } from '@tale/client';
+ *
+ * try {
+ *   await deleteRole('role_id_here');
+ *   console.log('Role deleted successfully');
+ * } catch (error) {
+ *   console.error('Failed to delete role:', error.message);
+ * }
+ * ```
+ */
+export async function deleteRole(roleId, options) {
+    if (!roleId || roleId.trim() === "") {
+        throw new ApiError("role_id is required", 400, "9400");
+    }
+    const token = options?.appToken ?? (await getAppToken(options));
+    const env = globalThis?.process?.env ?? import.meta?.env ?? undefined;
+    const base = options?.baseUrl ?? env?.TALE_BASE_URL ?? undefined;
+    if (!base) {
+        throw new ConfigurationError("Missing required environment variable: TALE_BASE_URL");
+    }
+    const url = String(base).replace(/\/+$/, "") +
+        `/rbac/v1/roles/${encodeURIComponent(roleId)}`;
+    let response;
+    try {
+        response = await globalThis.fetch(url, {
+            method: "DELETE",
+            headers: {
+                "Content-Type": "application/json",
+                "x-t-token": token,
+            },
+        });
+    }
+    catch (error) {
+        throw new NetworkError(`Failed to delete role: ${error instanceof Error ? error.message : "Unknown error"}`);
+    }
+    const json = (await response.json());
+    if (json.code !== 200) {
+        const errorMsg = typeof json.msg === "string" ? json.msg : "Failed to delete role";
+        throw new ApiError(errorMsg, response.status, json.code);
+    }
+}
+// ==================== Privilege Management ====================
+/**
+ * Gets a privilege by ID.
+ *
+ * @param privilegeId - Privilege ID
+ * @param options - Optional configuration
+ * @returns Promise resolving to privilege information
+ * @throws {ConfigurationError} When required environment variables are missing
+ * @throws {ApiError} When API request fails
+ * @throws {NetworkError} When network request fails
+ *
+ * @example
+ * ```typescript
+ * import { getPrivilege } from '@tale/client';
+ *
+ * try {
+ *   const privilege = await getPrivilege('privilege_id_here');
+ *   console.log('Privilege name:', privilege.privilege_name);
+ * } catch (error) {
+ *   console.error('Failed to get privilege:', error.message);
+ * }
+ * ```
+ */
+export async function getPrivilege(privilegeId, options) {
+    if (!privilegeId || privilegeId.trim() === "") {
+        throw new ApiError("privilege_id is required", 400, "9400");
+    }
+    const token = options?.appToken ?? (await getAppToken(options));
+    const env = globalThis?.process?.env ?? import.meta?.env ?? undefined;
+    const base = options?.baseUrl ?? env?.TALE_BASE_URL ?? undefined;
+    if (!base) {
+        throw new ConfigurationError("Missing required environment variable: TALE_BASE_URL");
+    }
+    const url = String(base).replace(/\/+$/, "") +
+        `/rbac/v1/privileges/${encodeURIComponent(privilegeId)}`;
+    let response;
+    try {
+        response = await globalThis.fetch(url, {
+            method: "GET",
+            headers: {
+                "Content-Type": "application/json",
+                "x-t-token": token,
+            },
+        });
+    }
+    catch (error) {
+        throw new NetworkError(`Failed to get privilege: ${error instanceof Error ? error.message : "Unknown error"}`);
+    }
+    const json = (await response.json());
+    if (json.code !== 200) {
+        const errorMsg = typeof json.msg === "string" ? json.msg : "Failed to get privilege";
+        throw new ApiError(errorMsg, response.status, json.code);
+    }
+    if (!json.data) {
+        throw new ApiError("Invalid privilege response: missing data", response.status);
+    }
+    return json.data;
+}
+/**
+ * Lists privileges with pagination and optional filtering.
+ *
+ * @param options - Optional parameters for pagination and filtering
+ * @returns Promise resolving to paginated privilege list
+ * @throws {ConfigurationError} When required environment variables are missing
+ * @throws {ApiError} When API request fails
+ * @throws {NetworkError} When network request fails
+ *
+ * @example
+ * ```typescript
+ * import { listPrivileges } from '@tale/client';
+ *
+ * try {
+ *   const result = await listPrivileges({
+ *     page: 0,
+ *     size: 20,
+ *     privilege_type: 'read'
+ *   });
+ *   console.log(`Found ${result.totalElements} privileges`);
+ * } catch (error) {
+ *   console.error('Failed to list privileges:', error.message);
+ * }
+ * ```
+ */
+export async function listPrivileges(options) {
+    const token = options?.appToken ?? (await getAppToken(options));
+    const env = globalThis?.process?.env ?? import.meta?.env ?? undefined;
+    const base = options?.baseUrl ?? env?.TALE_BASE_URL ?? undefined;
+    if (!base) {
+        throw new ConfigurationError("Missing required environment variable: TALE_BASE_URL");
+    }
+    const url = new URL(String(base).replace(/\/+$/, "") + "/rbac/v1/privileges");
+    const queryParams = {
+        page: 0,
+        size: 20,
+        sort_by: "createdAt",
+        sort_direction: "desc",
+        ...options,
+    };
+    Object.entries(queryParams).forEach(([key, value]) => {
+        if (value !== undefined) {
+            url.searchParams.append(key, String(value));
+        }
+    });
+    let response;
+    try {
+        response = await globalThis.fetch(url.toString(), {
+            method: "GET",
+            headers: {
+                "Content-Type": "application/json",
+                "x-t-token": token,
+            },
+        });
+    }
+    catch (error) {
+        throw new NetworkError(`Failed to list privileges: ${error instanceof Error ? error.message : "Unknown error"}`);
+    }
+    const json = (await response.json());
+    if (json.code !== 200) {
+        const errorMsg = typeof json.msg === "string" ? json.msg : "Failed to list privileges";
+        throw new ApiError(errorMsg, response.status, json.code);
+    }
+    if (!json.data || !Array.isArray(json.data.content)) {
+        throw new ApiError("Invalid privileges response: missing data", response.status);
+    }
+    return json.data;
+}
+/**
+ * Creates a new privilege.
+ *
+ * @param request - Privilege creation request
+ * @param options - Optional configuration
+ * @returns Promise resolving to created privilege
+ * @throws {ConfigurationError} When required environment variables are missing
+ * @throws {ApiError} When API request fails
+ * @throws {NetworkError} When network request fails
+ *
+ * @example
+ * ```typescript
+ * import { createPrivilege } from '@tale/client';
+ *
+ * try {
+ *   const privilege = await createPrivilege({
+ *     privilegeName: 'read_posts',
+ *     privilege_type: 'read',
+ *     resourceIds: ['posts']
+ *   });
+ *   console.log('Privilege created:', privilege.privilege_id);
+ * } catch (error) {
+ *   console.error('Failed to create privilege:', error.message);
+ * }
+ * ```
+ */
+export async function createPrivilege(request, options) {
+    if (!request.privilege_name || request.privilege_name.trim() === "") {
+        throw new ApiError("privilege_name is required", 400, "9400");
+    }
+    const token = options?.appToken ?? (await getAppToken(options));
+    const env = globalThis?.process?.env ?? import.meta?.env ?? undefined;
+    const base = options?.baseUrl ?? env?.TALE_BASE_URL ?? undefined;
+    if (!base) {
+        throw new ConfigurationError("Missing required environment variable: TALE_BASE_URL");
+    }
+    const url = String(base).replace(/\/+$/, "") + "/rbac/v1/privileges";
+    let response;
+    try {
+        response = await globalThis.fetch(url, {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json",
+                "x-t-token": token,
+            },
+            body: JSON.stringify(request),
+        });
+    }
+    catch (error) {
+        throw new NetworkError(`Failed to create privilege: ${error instanceof Error ? error.message : "Unknown error"}`);
+    }
+    const json = (await response.json());
+    if (json.code !== 200) {
+        const errorMsg = typeof json.msg === "string" ? json.msg : "Failed to create privilege";
+        throw new ApiError(errorMsg, response.status, json.code);
+    }
+    if (!json.data) {
+        throw new ApiError("Invalid privilege creation response: missing data", response.status);
+    }
+    return json.data;
+}
+/**
+ * Updates an existing privilege.
+ *
+ * @param privilegeId - Privilege ID to update
+ * @param request - Update request with fields to modify
+ * @param options - Optional configuration
+ * @returns Promise resolving to updated privilege
+ * @throws {ConfigurationError} When required environment variables are missing
+ * @throws {ApiError} When API request fails
+ * @throws {NetworkError} When network request fails
+ *
+ * @example
+ * ```typescript
+ * import { updatePrivilege } from '@tale/client';
+ *
+ * try {
+ *   const privilege = await updatePrivilege('privilege_id_here', {
+ *     privilegeName: 'updated_name',
+ *     remark: 'Updated description'
+ *   });
+ *   console.log('Privilege updated:', privilege.privilege_name);
+ * } catch (error) {
+ *   console.error('Failed to update privilege:', error.message);
+ * }
+ * ```
+ */
+export async function updatePrivilege(privilegeId, request, options) {
+    if (!privilegeId || privilegeId.trim() === "") {
+        throw new ApiError("privilege_id is required", 400, "9400");
+    }
+    const token = options?.appToken ?? (await getAppToken(options));
+    const env = globalThis?.process?.env ?? import.meta?.env ?? undefined;
+    const base = options?.baseUrl ?? env?.TALE_BASE_URL ?? undefined;
+    if (!base) {
+        throw new ConfigurationError("Missing required environment variable: TALE_BASE_URL");
+    }
+    const url = String(base).replace(/\/+$/, "") +
+        `/rbac/v1/privileges/${encodeURIComponent(privilegeId)}`;
+    let response;
+    try {
+        response = await globalThis.fetch(url, {
+            method: "PUT",
+            headers: {
+                "Content-Type": "application/json",
+                "x-t-token": token,
+            },
+            body: JSON.stringify(request),
+        });
+    }
+    catch (error) {
+        throw new NetworkError(`Failed to update privilege: ${error instanceof Error ? error.message : "Unknown error"}`);
+    }
+    const json = (await response.json());
+    if (json.code !== 200) {
+        const errorMsg = typeof json.msg === "string" ? json.msg : "Failed to update privilege";
+        throw new ApiError(errorMsg, response.status, json.code);
+    }
+    if (!json.data) {
+        throw new ApiError("Invalid privilege update response: missing data", response.status);
+    }
+    return json.data;
+}
+/**
+ * Deletes a privilege.
+ *
+ * @param privilegeId - Privilege ID to delete
+ * @param options - Optional configuration
+ * @returns Promise that resolves when deletion is successful
+ * @throws {ConfigurationError} When required environment variables are missing
+ * @throws {ApiError} When API request fails
+ * @throws {NetworkError} When network request fails
+ *
+ * @example
+ * ```typescript
+ * import { deletePrivilege } from '@tale/client';
+ *
+ * try {
+ *   await deletePrivilege('privilege_id_here');
+ *   console.log('Privilege deleted successfully');
+ * } catch (error) {
+ *   console.error('Failed to delete privilege:', error.message);
+ * }
+ * ```
+ */
+export async function deletePrivilege(privilegeId, options) {
+    if (!privilegeId || privilegeId.trim() === "") {
+        throw new ApiError("privilege_id is required", 400, "9400");
+    }
+    const token = options?.appToken ?? (await getAppToken(options));
+    const env = globalThis?.process?.env ?? import.meta?.env ?? undefined;
+    const base = options?.baseUrl ?? env?.TALE_BASE_URL ?? undefined;
+    if (!base) {
+        throw new ConfigurationError("Missing required environment variable: TALE_BASE_URL");
+    }
+    const url = String(base).replace(/\/+$/, "") +
+        `/rbac/v1/privileges/${encodeURIComponent(privilegeId)}`;
+    let response;
+    try {
+        response = await globalThis.fetch(url, {
+            method: "DELETE",
+            headers: {
+                "Content-Type": "application/json",
+                "x-t-token": token,
+            },
+        });
+    }
+    catch (error) {
+        throw new NetworkError(`Failed to delete privilege: ${error instanceof Error ? error.message : "Unknown error"}`);
+    }
+    const json = (await response.json());
+    if (json.code !== 200) {
+        const errorMsg = typeof json.msg === "string" ? json.msg : "Failed to delete privilege";
+        throw new ApiError(errorMsg, response.status, json.code);
+    }
+}
+// ==================== User Role Management ====================
+/**
+ * Gets roles assigned to a user.
+ *
+ * @param userId - User ID
+ * @param options - Optional configuration
+ * @returns Promise resolving to list of user roles
+ * @throws {ConfigurationError} When required environment variables are missing
+ * @throws {ApiError} When API request fails
+ * @throws {NetworkError} When network request fails
+ *
+ * @example
+ * ```typescript
+ * import { getUserRoles } from '@tale/client';
+ *
+ * try {
+ *   const roles = await getUserRoles('user_id_here');
+ *   console.log(`User has ${roles.length} roles`);
+ *   roles.forEach(role => console.log('-', role.role_name));
+ * } catch (error) {
+ *   console.error('Failed to get user roles:', error.message);
+ * }
+ * ```
+ */
+export async function getUserRoles(userId, options) {
+    if (!userId || userId.trim() === "") {
+        throw new ApiError("user_id is required", 400, "9400");
+    }
+    const token = options?.appToken ?? (await getAppToken(options));
+    const env = globalThis?.process?.env ?? import.meta?.env ?? undefined;
+    const base = options?.baseUrl ?? env?.TALE_BASE_URL ?? undefined;
+    if (!base) {
+        throw new ConfigurationError("Missing required environment variable: TALE_BASE_URL");
+    }
+    const url = String(base).replace(/\/+$/, "") +
+        `/rbac/v1/user/${encodeURIComponent(userId)}/roles`;
+    let response;
+    try {
+        response = await globalThis.fetch(url, {
+            method: "GET",
+            headers: {
+                "Content-Type": "application/json",
+                "x-t-token": token,
+            },
+        });
+    }
+    catch (error) {
+        throw new NetworkError(`Failed to get user roles: ${error instanceof Error ? error.message : "Unknown error"}`);
+    }
+    const json = (await response.json());
+    if (json.code !== 200) {
+        const errorMsg = typeof json.msg === "string" ? json.msg : "Failed to get user roles";
+        throw new ApiError(errorMsg, response.status, json.code);
+    }
+    if (!json.data || !Array.isArray(json.data)) {
+        throw new ApiError("Invalid user roles response: missing data", response.status);
+    }
+    return json.data;
+}
+/**
+ * Assigns roles to a user.
+ *
+ * @param userId - User ID
+ * @param request - Request containing role IDs to assign
+ * @param options - Optional configuration
+ * @returns Promise resolving to list of assigned roles
+ * @throws {ConfigurationError} When required environment variables are missing
+ * @throws {ApiError} When API request fails
+ * @throws {NetworkError} When network request fails
+ *
+ * @example
+ * ```typescript
+ * import { assignRolesToUser } from '@tale/client';
+ *
+ * try {
+ *   const roles = await assignRolesToUser('user_id_here', {
+ *     role_ids: ['role1', 'role2']
+ *   });
+ *   console.log('Roles assigned successfully');
+ * } catch (error) {
+ *   console.error('Failed to assign roles:', error.message);
+ * }
+ * ```
+ */
+export async function assignRolesToUser(userId, request, options) {
+    if (!userId || userId.trim() === "") {
+        throw new ApiError("user_id is required", 400, "9400");
+    }
+    if (!request.role_ids ||
+        !Array.isArray(request.role_ids) ||
+        request.role_ids.length === 0) {
+        throw new ApiError("role_ids is required and must be a non-empty array", 400, "9400");
+    }
+    const token = options?.appToken ?? (await getAppToken(options));
+    const env = globalThis?.process?.env ?? import.meta?.env ?? undefined;
+    const base = options?.baseUrl ?? env?.TALE_BASE_URL ?? undefined;
+    if (!base) {
+        throw new ConfigurationError("Missing required environment variable: TALE_BASE_URL");
+    }
+    const url = String(base).replace(/\/+$/, "") +
+        `/rbac/v1/user/${encodeURIComponent(userId)}/roles`;
+    let response;
+    try {
+        response = await globalThis.fetch(url, {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json",
+                "x-t-token": token,
+            },
+            body: JSON.stringify(request),
+        });
+    }
+    catch (error) {
+        throw new NetworkError(`Failed to assign roles to user: ${error instanceof Error ? error.message : "Unknown error"}`);
+    }
+    const json = (await response.json());
+    if (json.code !== 200) {
+        const errorMsg = typeof json.msg === "string"
+            ? json.msg
+            : "Failed to assign roles to user";
+        throw new ApiError(errorMsg, response.status, json.code);
+    }
+    if (!json.data || !Array.isArray(json.data)) {
+        throw new ApiError("Invalid role assignment response: missing data", response.status);
+    }
+    return json.data;
+}
+/**
+ * Unassigns roles from a user.
+ *
+ * @param userId - User ID
+ * @param request - Request containing role IDs to unassign
+ * @param options - Optional configuration
+ * @returns Promise that resolves when unassignment is successful
+ * @throws {ConfigurationError} When required environment variables are missing
+ * @throws {ApiError} When API request fails
+ * @throws {NetworkError} When network request fails
+ *
+ * @example
+ * ```typescript
+ * import { unassignRolesFromUser } from '@tale/client';
+ *
+ * try {
+ *   await unassignRolesFromUser('user_id_here', {
+ *     role_ids: ['role1', 'role2']
+ *   });
+ *   console.log('Roles unassigned successfully');
+ * } catch (error) {
+ *   console.error('Failed to unassign roles:', error.message);
+ * }
+ * ```
+ */
+export async function unassignRolesFromUser(userId, request, options) {
+    if (!userId || userId.trim() === "") {
+        throw new ApiError("user_id is required", 400, "9400");
+    }
+    if (!request.role_ids ||
+        !Array.isArray(request.role_ids) ||
+        request.role_ids.length === 0) {
+        throw new ApiError("role_ids is required and must be a non-empty array", 400, "9400");
+    }
+    const token = options?.appToken ?? (await getAppToken(options));
+    const env = globalThis?.process?.env ?? import.meta?.env ?? undefined;
+    const base = options?.baseUrl ?? env?.TALE_BASE_URL ?? undefined;
+    if (!base) {
+        throw new ConfigurationError("Missing required environment variable: TALE_BASE_URL");
+    }
+    const url = String(base).replace(/\/+$/, "") +
+        `/rbac/v1/user/${encodeURIComponent(userId)}/roles`;
+    let response;
+    try {
+        response = await globalThis.fetch(url, {
+            method: "DELETE",
+            headers: {
+                "Content-Type": "application/json",
+                "x-t-token": token,
+            },
+            body: JSON.stringify(request),
+        });
+    }
+    catch (error) {
+        throw new NetworkError(`Failed to unassign roles from user: ${error instanceof Error ? error.message : "Unknown error"}`);
+    }
+    const json = (await response.json());
+    if (json.code !== 200) {
+        const errorMsg = typeof json.msg === "string"
+            ? json.msg
+            : "Failed to unassign roles from user";
+        throw new ApiError(errorMsg, response.status, json.code);
+    }
+}
+// ==================== User Privilege Management ====================
+/**
+ * Gets privileges assigned to a user.
+ *
+ * @param userId - User ID
+ * @param options - Optional configuration
+ * @returns Promise resolving to list of user privileges
+ * @throws {ConfigurationError} When required environment variables are missing
+ * @throws {ApiError} When API request fails
+ * @throws {NetworkError} When network request fails
+ *
+ * @example
+ * ```typescript
+ * import { getUserPrivileges } from '@tale/client';
+ *
+ * try {
+ *   const privileges = await getUserPrivileges('user_id_here');
+ *   console.log(`User has ${privileges.length} privileges`);
+ *   privileges.forEach(priv => console.log('-', priv.privilegeName));
+ * } catch (error) {
+ *   console.error('Failed to get user privileges:', error.message);
+ * }
+ * ```
+ */
+export async function getUserPrivileges(userId, options) {
+    if (!userId || userId.trim() === "") {
+        throw new ApiError("user_id is required", 400, "9400");
+    }
+    const token = options?.appToken ?? (await getAppToken(options));
+    const env = globalThis?.process?.env ?? import.meta?.env ?? undefined;
+    const base = options?.baseUrl ?? env?.TALE_BASE_URL ?? undefined;
+    if (!base) {
+        throw new ConfigurationError("Missing required environment variable: TALE_BASE_URL");
+    }
+    const url = String(base).replace(/\/+$/, "") +
+        `/rbac/v1/user/${encodeURIComponent(userId)}/privileges`;
+    let response;
+    try {
+        response = await globalThis.fetch(url, {
+            method: "GET",
+            headers: {
+                "Content-Type": "application/json",
+                "x-t-token": token,
+            },
+        });
+    }
+    catch (error) {
+        throw new NetworkError(`Failed to get user privileges: ${error instanceof Error ? error.message : "Unknown error"}`);
+    }
+    const json = (await response.json());
+    if (json.code !== 200) {
+        const errorMsg = typeof json.msg === "string"
+            ? json.msg
+            : "Failed to get user privileges";
+        throw new ApiError(errorMsg, response.status, json.code);
+    }
+    if (!json.data || !Array.isArray(json.data)) {
+        throw new ApiError("Invalid user privileges response: missing data", response.status);
+    }
+    return json.data;
+}
+/**
+ * Assigns privileges to a user.
+ *
+ * @param userId - User ID
+ * @param request - Request containing privilege IDs to assign
+ * @param options - Optional configuration
+ * @returns Promise resolving to list of assigned privileges
+ * @throws {ConfigurationError} When required environment variables are missing
+ * @throws {ApiError} When API request fails
+ * @throws {NetworkError} When network request fails
+ *
+ * @example
+ * ```typescript
+ * import { assignPrivilegesToUser } from '@tale/client';
+ *
+ * try {
+ *   const privileges = await assignPrivilegesToUser('user_id_here', {
+ *     privilege_ids: ['priv1', 'priv2']
+ *   });
+ *   console.log('Privileges assigned successfully');
+ * } catch (error) {
+ *   console.error('Failed to assign privileges:', error.message);
+ * }
+ * ```
+ */
+export async function assignPrivilegesToUser(userId, request, options) {
+    if (!userId || userId.trim() === "") {
+        throw new ApiError("user_id is required", 400, "9400");
+    }
+    if (!request.privilege_ids ||
+        !Array.isArray(request.privilege_ids) ||
+        request.privilege_ids.length === 0) {
+        throw new ApiError("privilege_ids is required and must be a non-empty array", 400, "9400");
+    }
+    const token = options?.appToken ?? (await getAppToken(options));
+    const env = globalThis?.process?.env ?? import.meta?.env ?? undefined;
+    const base = options?.baseUrl ?? env?.TALE_BASE_URL ?? undefined;
+    if (!base) {
+        throw new ConfigurationError("Missing required environment variable: TALE_BASE_URL");
+    }
+    const url = String(base).replace(/\/+$/, "") +
+        `/rbac/v1/user/${encodeURIComponent(userId)}/privileges`;
+    let response;
+    try {
+        response = await globalThis.fetch(url, {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json",
+                "x-t-token": token,
+            },
+            body: JSON.stringify(request),
+        });
+    }
+    catch (error) {
+        throw new NetworkError(`Failed to assign privileges to user: ${error instanceof Error ? error.message : "Unknown error"}`);
+    }
+    const json = (await response.json());
+    if (json.code !== 200) {
+        const errorMsg = typeof json.msg === "string"
+            ? json.msg
+            : "Failed to assign privileges to user";
+        throw new ApiError(errorMsg, response.status, json.code);
+    }
+    if (!json.data || !Array.isArray(json.data)) {
+        throw new ApiError("Invalid privilege assignment response: missing data", response.status);
+    }
+    return json.data;
+}
+/**
+ * Unassigns privileges from a user.
+ *
+ * @param userId - User ID
+ * @param request - Request containing privilege IDs to unassign
+ * @param options - Optional configuration
+ * @returns Promise that resolves when unassignment is successful
+ * @throws {ConfigurationError} When required environment variables are missing
+ * @throws {ApiError} When API request fails
+ * @throws {NetworkError} When network request fails
+ *
+ * @example
+ * ```typescript
+ * import { unassignPrivilegesFromUser } from '@tale/client';
+ *
+ * try {
+ *   await unassignPrivilegesFromUser('user_id_here', {
+ *     privilege_ids: ['priv1', 'priv2']
+ *   });
+ *   console.log('Privileges unassigned successfully');
+ * } catch (error) {
+ *   console.error('Failed to unassign privileges:', error.message);
+ * }
+ * ```
+ */
+export async function unassignPrivilegesFromUser(userId, request, options) {
+    if (!userId || userId.trim() === "") {
+        throw new ApiError("user_id is required", 400, "9400");
+    }
+    if (!request.privilege_ids ||
+        !Array.isArray(request.privilege_ids) ||
+        request.privilege_ids.length === 0) {
+        throw new ApiError("privilege_ids is required and must be a non-empty array", 400, "9400");
+    }
+    const token = options?.appToken ?? (await getAppToken(options));
+    const env = globalThis?.process?.env ?? import.meta?.env ?? undefined;
+    const base = options?.baseUrl ?? env?.TALE_BASE_URL ?? undefined;
+    if (!base) {
+        throw new ConfigurationError("Missing required environment variable: TALE_BASE_URL");
+    }
+    const url = String(base).replace(/\/+$/, "") +
+        `/rbac/v1/user/${encodeURIComponent(userId)}/privileges`;
+    let response;
+    try {
+        response = await globalThis.fetch(url, {
+            method: "DELETE",
+            headers: {
+                "Content-Type": "application/json",
+                "x-t-token": token,
+            },
+            body: JSON.stringify(request),
+        });
+    }
+    catch (error) {
+        throw new NetworkError(`Failed to unassign privileges from user: ${error instanceof Error ? error.message : "Unknown error"}`);
+    }
+    const json = (await response.json());
+    if (json.code !== 200) {
+        const errorMsg = typeof json.msg === "string"
+            ? json.msg
+            : "Failed to unassign privileges from user";
+        throw new ApiError(errorMsg, response.status, json.code);
+    }
+}
+// ==================== Role Privilege Management ====================
+/**
+ * Assigns privileges to a role.
+ *
+ * @param roleId - Role ID
+ * @param request - Request containing privilege IDs to assign
+ * @param options - Optional configuration
+ * @returns Promise resolving to list of assigned privileges
+ * @throws {ConfigurationError} When required environment variables are missing
+ * @throws {ApiError} When API request fails
+ * @throws {NetworkError} When network request fails
+ *
+ * @example
+ * ```typescript
+ * import { assignPrivilegesToRole } from '@tale/client';
+ *
+ * try {
+ *   const privileges = await assignPrivilegesToRole('role_id_here', {
+ *     privilege_ids: ['priv1', 'priv2']
+ *   });
+ *   console.log('Privileges assigned successfully');
+ * } catch (error) {
+ *   console.error('Failed to assign privileges:', error.message);
+ * }
+ * ```
+ */
+export async function assignPrivilegesToRole(roleId, request, options) {
+    if (!roleId || roleId.trim() === "") {
+        throw new ApiError("role_id is required", 400, "9400");
+    }
+    if (!request.privilege_ids ||
+        !Array.isArray(request.privilege_ids) ||
+        request.privilege_ids.length === 0) {
+        throw new ApiError("privilege_ids is required and must be a non-empty array", 400, "9400");
+    }
+    const token = options?.appToken ?? (await getAppToken(options));
+    const env = globalThis?.process?.env ?? import.meta?.env ?? undefined;
+    const base = options?.baseUrl ?? env?.TALE_BASE_URL ?? undefined;
+    if (!base) {
+        throw new ConfigurationError("Missing required environment variable: TALE_BASE_URL");
+    }
+    const url = String(base).replace(/\/+$/, "") +
+        `/rbac/v1/role/${encodeURIComponent(roleId)}/privileges`;
+    let response;
+    try {
+        response = await globalThis.fetch(url, {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json",
+                "x-t-token": token,
+            },
+            body: JSON.stringify(request),
+        });
+    }
+    catch (error) {
+        throw new NetworkError(`Failed to assign privileges to role: ${error instanceof Error ? error.message : "Unknown error"}`);
+    }
+    const json = (await response.json());
+    if (json.code !== 200) {
+        const errorMsg = typeof json.msg === "string"
+            ? json.msg
+            : "Failed to assign privileges to role";
+        throw new ApiError(errorMsg, response.status, json.code);
+    }
+    if (!json.data || !Array.isArray(json.data)) {
+        throw new ApiError("Invalid privilege assignment response: missing data", response.status);
+    }
+    return json.data;
+}
+/**
+ * Unassigns privileges from a role.
+ *
+ * @param roleId - Role ID
+ * @param request - Request containing privilege IDs to unassign
+ * @param options - Optional configuration
+ * @returns Promise that resolves when unassignment is successful
+ * @throws {ConfigurationError} When required environment variables are missing
+ * @throws {ApiError} When API request fails
+ * @throws {NetworkError} When network request fails
+ *
+ * @example
+ * ```typescript
+ * import { unassignPrivilegesFromRole } from '@tale/client';
+ *
+ * try {
+ *   await unassignPrivilegesFromRole('role_id_here', {
+ *     privilege_ids: ['priv1', 'priv2']
+ *   });
+ *   console.log('Privileges unassigned successfully');
+ * } catch (error) {
+ *   console.error('Failed to unassign privileges:', error.message);
+ * }
+ * ```
+ */
+export async function unassignPrivilegesFromRole(roleId, request, options) {
+    if (!roleId || roleId.trim() === "") {
+        throw new ApiError("role_id is required", 400, "9400");
+    }
+    if (!request.privilege_ids ||
+        !Array.isArray(request.privilege_ids) ||
+        request.privilege_ids.length === 0) {
+        throw new ApiError("privilege_ids is required and must be a non-empty array", 400, "9400");
+    }
+    const token = options?.appToken ?? (await getAppToken(options));
+    const env = globalThis?.process?.env ?? import.meta?.env ?? undefined;
+    const base = options?.baseUrl ?? env?.TALE_BASE_URL ?? undefined;
+    if (!base) {
+        throw new ConfigurationError("Missing required environment variable: TALE_BASE_URL");
+    }
+    const url = String(base).replace(/\/+$/, "") +
+        `/rbac/v1/role/${encodeURIComponent(roleId)}/privileges`;
+    let response;
+    try {
+        response = await globalThis.fetch(url, {
+            method: "DELETE",
+            headers: {
+                "Content-Type": "application/json",
+                "x-t-token": token,
+            },
+            body: JSON.stringify(request),
+        });
+    }
+    catch (error) {
+        throw new NetworkError(`Failed to unassign privileges from role: ${error instanceof Error ? error.message : "Unknown error"}`);
+    }
+    const json = (await response.json());
+    if (json.code !== 200) {
+        const errorMsg = typeof json.msg === "string"
+            ? json.msg
+            : "Failed to unassign privileges from role";
+        throw new ApiError(errorMsg, response.status, json.code);
+    }
+}