UNPKG

@accounter/server

Version:
40 lines (39 loc) 2.08 kB
import { AdminContextProvider } from '../../admin-context/providers/admin-context.provider.js'; import type { AdminContext } from '../../admin-context/types.js'; import { AuthContextProvider } from './auth-context.provider.js'; /** * Single, reusable entry point for request-level business scope decisions. * * Resolvers and providers should use this rather than re-implementing scope * narrowing or reaching into the admin context per module: * - reads default to all accessible businesses, narrowed by request args; * - writes require an explicit, membership-validated single target; * - per-business preferences are resolved within the authorized read scope. */ export declare class ScopeProvider { private authContextProvider; private adminContextProvider; constructor(authContextProvider: AuthContextProvider, adminContextProvider: AdminContextProvider); private requireAuthContext; /** * The effective read scope: the request's authorized scope * (header ∩ memberships, resolved by the auth context) narrowed by the * optionally-provided args business ids. Defaults to all accessible * businesses. Throws when args request a business outside the authorized * scope (callers must reject, never broaden). */ getReadScope(argsBusinessIds?: string[]): Promise<string[]>; /** * Validate and return the single write-target business. Writes always take an * explicit business id (never inferred from the read scope); the target must * be one of the user's memberships. */ resolveWriteTarget(requestedBusinessId: string | null | undefined): Promise<string>; /** * Resolve a single business preference (e.g. `defaultLocalCurrency`) for a * specific business within the authorized read scope. Replaces per-field * reads of the request's single admin context, so multi-business reads can * resolve preferences from each row's owning business. */ getBusinessPreference<K extends keyof AdminContext>(businessId: string, key: K): Promise<AdminContext[K] | null>; }