@k-msg/channel
Version:
AlimTalk channel and sender number management
125 lines (124 loc) • 3.82 kB
TypeScript
/**
* Permission Management System
* 채널 및 발신번호 액세스 권한 관리
*/
import { EventEmitter } from "../shared/event-emitter";
export interface User {
id: string;
email: string;
name: string;
roles: Role[];
isActive: boolean;
createdAt: Date;
updatedAt: Date;
}
export interface Role {
id: string;
name: string;
permissions: Permission[];
description?: string;
isSystem: boolean;
createdAt: Date;
updatedAt: Date;
}
export interface Permission {
id: string;
resource: ResourceType;
action: ActionType;
scope: PermissionScope;
conditions?: PermissionCondition[];
}
export declare enum ResourceType {
CHANNEL = "channel",
SENDER_NUMBER = "senderNumber",
TEMPLATE = "template",
MESSAGE = "message",
USER = "user",
ROLE = "role",
AUDIT_LOG = "auditLog",
ANALYTICS = "analytics"
}
export declare enum ActionType {
CREATE = "create",
READ = "read",
UPDATE = "update",
DELETE = "delete",
VERIFY = "verify",
SUSPEND = "suspend",
ACTIVATE = "activate",
SEND = "send",
MANAGE = "manage"
}
export declare enum PermissionScope {
GLOBAL = "global",
ORGANIZATION = "organization",
TEAM = "team",
PERSONAL = "personal"
}
export interface PermissionCondition {
field: string;
operator: "equals" | "not_equals" | "in" | "not_in" | "contains" | "starts_with";
value: any;
}
export interface AccessContext {
userId: string;
organizationId?: string;
teamId?: string;
resourceOwnerId?: string;
metadata?: Record<string, any>;
}
export interface PermissionCheck {
userId: string;
resource: ResourceType;
action: ActionType;
resourceId?: string;
context?: AccessContext;
}
export interface PermissionResult {
granted: boolean;
reason?: string;
matchedPermissions: Permission[];
deniedReasons: string[];
}
export declare class PermissionManager extends EventEmitter {
private users;
private roles;
private userRoleCache;
private permissionCache;
private cacheExpiry;
private readonly CACHE_DURATION;
constructor();
createUser(userData: Omit<User, "id" | "createdAt" | "updatedAt">): Promise<User>;
getUser(userId: string): Promise<User | null>;
updateUser(userId: string, updates: Partial<User>): Promise<User>;
deleteUser(userId: string): Promise<boolean>;
createRole(roleData: Omit<Role, "id" | "createdAt" | "updatedAt">): Promise<Role>;
getRole(roleId: string): Promise<Role | null>;
updateRole(roleId: string, updates: Partial<Role>): Promise<Role>;
deleteRole(roleId: string): Promise<boolean>;
assignRoleToUser(userId: string, roleId: string): Promise<void>;
removeRoleFromUser(userId: string, roleId: string): Promise<void>;
checkPermission(check: PermissionCheck): Promise<PermissionResult>;
hasPermission(userId: string, resource: ResourceType, action: ActionType, resourceId?: string, context?: AccessContext): Promise<boolean>;
requirePermission(userId: string, resource: ResourceType, action: ActionType, resourceId?: string, context?: AccessContext): Promise<void>;
getUserPermissions(userId: string): Promise<Permission[]>;
getUserRoles(userId: string): Promise<Role[]>;
listUsers(filters?: {
isActive?: boolean;
roleId?: string;
}): User[];
listRoles(): Role[];
private performPermissionCheck;
private doesPermissionMatch;
private checkConditions;
private evaluateCondition;
private initializeSystemRoles;
private updateUserRoleCache;
private clearUserPermissionCache;
private clearRolePermissionCache;
private getCacheKey;
private getFromCache;
private setCache;
private generateUserId;
private generateRoleId;
}