{"version":3,"sources":["../src/server/permissions.ts","../src/adapters/mongodb.ts"],"names":[],"mappings":";;;AAeA,eAAsB,kBAAA,CACpB,MACA,OAAA,EACuB;AACvB,EAAA,OAAO,OAAA,CAAQ,mBAAmB,IAAI,CAAA;AACxC;AAkBA,eAAsB,aAAA,CACpB,MAAA,EACA,UAAA,EACA,OAAA,EACkB;AAClB,EAAA,MAAM,IAAA,GAAO,MAAM,OAAA,CAAQ,WAAA,CAAY,MAAM,CAAA;AAE7C,EAAA,IAAI,CAAC,IAAA,EAAM;AACT,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,MAAM,WAAA,GAAc,MAAM,kBAAA,CAAmB,IAAA,EAAM,OAAO,CAAA;AAC1D,EAAA,OAAO,WAAA,CAAY,SAAS,UAAU,CAAA;AACxC;AAmBA,eAAsB,gBAAA,CACpB,MAAA,EACA,WAAA,EACA,OAAA,EACkB;AAClB,EAAA,MAAM,IAAA,GAAO,MAAM,OAAA,CAAQ,WAAA,CAAY,MAAM,CAAA;AAE7C,EAAA,IAAI,CAAC,IAAA,EAAM;AACT,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,MAAM,eAAA,GAAkB,MAAM,kBAAA,CAAmB,IAAA,EAAM,OAAO,CAAA;AAC9D,EAAA,OAAO,YAAY,IAAA,CAAK,CAAA,CAAA,KAAK,eAAA,CAAgB,QAAA,CAAS,CAAC,CAAC,CAAA;AAC1D;AAmBA,eAAsB,iBAAA,CACpB,MAAA,EACA,WAAA,EACA,OAAA,EACkB;AAClB,EAAA,MAAM,IAAA,GAAO,MAAM,OAAA,CAAQ,WAAA,CAAY,MAAM,CAAA;AAE7C,EAAA,IAAI,CAAC,IAAA,EAAM;AACT,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,MAAM,eAAA,GAAkB,MAAM,kBAAA,CAAmB,IAAA,EAAM,OAAO,CAAA;AAC9D,EAAA,OAAO,YAAY,KAAA,CAAM,CAAA,CAAA,KAAK,eAAA,CAAgB,QAAA,CAAS,CAAC,CAAC,CAAA;AAC3D;AAkBA,eAAsB,OAAA,CACpB,MAAA,EACA,IAAA,EACA,OAAA,EACkB;AAClB,EAAA,MAAM,QAAA,GAAW,MAAM,OAAA,CAAQ,WAAA,CAAY,MAAM,CAAA;AACjD,EAAA,OAAO,QAAA,KAAa,IAAA;AACtB;AAeA,eAAsB,UAAA,CACpB,MAAA,EACA,KAAA,EACA,OAAA,EACkB;AAClB,EAAA,MAAM,QAAA,GAAW,MAAM,OAAA,CAAQ,WAAA,CAAY,MAAM,CAAA;AACjD,EAAA,OAAO,QAAA,GAAW,KAAA,CAAM,QAAA,CAAS,QAAQ,CAAA,GAAI,KAAA;AAC/C;AAqBA,eAAsB,iBAAA,CACpB,MAAA,EACA,UAAA,EACA,OAAA,EACe;AACf,EAAA,MAAM,QAAA,GAAW,MAAM,aAAA,CAAc,MAAA,EAAQ,YAAY,OAAO,CAAA;AAEhE,EAAA,IAAI,CAAC,QAAA,EAAU;AACb,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,mBAAA,EAAsB,UAAU,CAAA,CAAE,CAAA;AAAA,EACpD;AACF;AAoBA,eAAsB,WAAA,CACpB,MAAA,EACA,IAAA,EACA,OAAA,EACe;AACf,EAAA,MAAM,YAAA,GAAe,MAAM,OAAA,CAAQ,MAAA,EAAQ,MAAM,OAAO,CAAA;AAExD,EAAA,IAAI,CAAC,YAAA,EAAc;AACjB,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,eAAA,EAAkB,IAAI,CAAA,CAAE,CAAA;AAAA,EAC1C;AACF;AAUA,eAAsB,oBAAA,CACpB,MAAA,EACA,WAAA,EACA,OAAA,EACe;AACf,EAAA,MAAM,QAAA,GAAW,MAAM,gBAAA,CAAiB,MAAA,EAAQ,aAAa,OAAO,CAAA;AAEpE,EAAA,IAAI,CAAC,QAAA,EAAU;AACb,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,mCAAA,EAAsC,YAAY,IAAA,CAAK,IAAI,CAAC,CAAA,CAAE,CAAA;AAAA,EAChF;AACF;AAUA,eAAsB,qBAAA,CACpB,MAAA,EACA,WAAA,EACA,OAAA,EACe;AACf,EAAA,MAAM,QAAA,GAAW,MAAM,iBAAA,CAAkB,MAAA,EAAQ,aAAa,OAAO,CAAA;AAErE,EAAA,IAAI,CAAC,QAAA,EAAU;AACb,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,mCAAA,EAAsC,YAAY,IAAA,CAAK,IAAI,CAAC,CAAA,CAAE,CAAA;AAAA,EAChF;AACF;;;AC5OO,IAAM,iBAAN,MAA4C;AAAA,EAKjD,YAAY,MAAA,EAA8B;AACxC,IAAA,IAAA,CAAK,KAAK,MAAA,CAAO,EAAA;AACjB,IAAA,IAAA,CAAK,mBAAA,GAAsB,OAAO,eAAA,IAAmB,OAAA;AACrD,IAAA,IAAA,CAAK,mBAAA,GAAsB,OAAO,eAAA,IAAmB,OAAA;AAAA,EACvD;AAAA,EAEA,IAAY,eAAA,GAA4C;AACtD,IAAA,OAAO,IAAA,CAAK,EAAA,CAAG,UAAA,CAAyB,IAAA,CAAK,mBAAmB,CAAA;AAAA,EAClE;AAAA,EAEA,IAAY,eAAA,GAA4C;AACtD,IAAA,OAAO,IAAA,CAAK,EAAA,CAAG,UAAA,CAAyB,IAAA,CAAK,mBAAmB,CAAA;AAAA,EAClE;AAAA,EAEA,MAAM,SAAS,QAAA,EAA8C;AAC3D,IAAA,OAAO,IAAA,CAAK,gBAAgB,OAAA,CAAQ;AAAA,MAClC,IAAA,EAAM,QAAA;AAAA,MACN,GAAA,EAAK;AAAA,QACH,EAAE,YAAY,IAAA,EAAK;AAAA,QACnB,EAAE,UAAA,EAAY,EAAE,OAAA,EAAS,OAAM;AAAE;AACnC,KACD,CAAA;AAAA,EACH;AAAA,EAEA,MAAM,YAAY,MAAA,EAAsC;AAEtD,IAAA,IAAI,IAAA;AAEJ,IAAA,IAAI;AACF,MAAA,MAAM,EAAE,QAAA,EAAS,GAAI,MAAM,OAAO,SAAS,CAAA;AAC3C,MAAA,IAAA,GAAO,MAAM,IAAA,CAAK,eAAA,CAAgB,OAAA,CAAQ,EAAE,KAAK,IAAI,QAAA,CAAS,MAAM,CAAA,EAAU,CAAA;AAAA,IAChF,CAAA,CAAA,MAAQ;AAEN,MAAA,IAAA,GAAO,MAAM,IAAA,CAAK,eAAA,CAAgB,QAAQ,EAAE,GAAA,EAAK,QAAe,CAAA;AAAA,IAClE;AAEA,IAAA,OAAO,MAAM,IAAA,IAAQ,IAAA;AAAA,EACvB;AAAA,EAEA,MAAM,mBAAmB,QAAA,EAAuC;AAC9D,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,QAAA,CAAS,QAAQ,CAAA;AAEzC,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,OAAO,EAAC;AAAA,IACV;AAGA,IAAA,MAAM,cAAc,IAAI,GAAA,CAAgB,IAAA,CAAK,WAAA,IAAe,EAAE,CAAA;AAG9D,IAAA,IAAI,KAAK,QAAA,EAAU;AACjB,MAAA,MAAM,oBAAA,GAAuB,MAAM,IAAA,CAAK,kBAAA,CAAmB,KAAK,QAAgB,CAAA;AAChF,MAAA,oBAAA,CAAqB,OAAA,CAAQ,CAAA,CAAA,KAAK,WAAA,CAAY,GAAA,CAAI,CAAC,CAAC,CAAA;AAAA,IACtD;AAEA,IAAA,OAAO,KAAA,CAAM,KAAK,WAAW,CAAA;AAAA,EAC/B;AACF","file":"index.mjs","sourcesContent":["import type { RBACAdapter, Permission, Role } from '../types';\n\n/**\n * Get all permissions for a role\n *\n * @param role - The role name\n * @param adapter - RBAC adapter instance\n * @returns Array of permissions\n *\n * @example\n * ```typescript\n * const permissions = await getRolePermissions('admin', adapter);\n * console.log(permissions); // ['users.create', 'users.delete', ...]\n * ```\n */\nexport async function getRolePermissions(\n  role: Role,\n  adapter: RBACAdapter\n): Promise<Permission[]> {\n  return adapter.getRolePermissions(role);\n}\n\n/**\n * Check if a user has a specific permission\n *\n * @param userId - User ID\n * @param permission - Permission to check\n * @param adapter - RBAC adapter instance\n * @returns Boolean indicating if user has permission\n *\n * @example\n * ```typescript\n * const canDelete = await hasPermission(userId, 'users.delete', adapter);\n * if (canDelete) {\n *   // User can delete\n * }\n * ```\n */\nexport async function hasPermission(\n  userId: string,\n  permission: Permission,\n  adapter: RBACAdapter\n): Promise<boolean> {\n  const role = await adapter.getUserRole(userId);\n\n  if (!role) {\n    return false;\n  }\n\n  const permissions = await getRolePermissions(role, adapter);\n  return permissions.includes(permission);\n}\n\n/**\n * Check if a user has any of the specified permissions\n *\n * @param userId - User ID\n * @param permissions - Array of permissions to check\n * @param adapter - RBAC adapter instance\n * @returns Boolean indicating if user has at least one permission\n *\n * @example\n * ```typescript\n * const canManageUsers = await hasAnyPermission(\n *   userId,\n *   ['users.create', 'users.update', 'users.delete'],\n *   adapter\n * );\n * ```\n */\nexport async function hasAnyPermission(\n  userId: string,\n  permissions: Permission[],\n  adapter: RBACAdapter\n): Promise<boolean> {\n  const role = await adapter.getUserRole(userId);\n\n  if (!role) {\n    return false;\n  }\n\n  const userPermissions = await getRolePermissions(role, adapter);\n  return permissions.some(p => userPermissions.includes(p));\n}\n\n/**\n * Check if a user has all of the specified permissions\n *\n * @param userId - User ID\n * @param permissions - Array of permissions to check\n * @param adapter - RBAC adapter instance\n * @returns Boolean indicating if user has all permissions\n *\n * @example\n * ```typescript\n * const canFullyManageUsers = await hasAllPermissions(\n *   userId,\n *   ['users.create', 'users.update', 'users.delete'],\n *   adapter\n * );\n * ```\n */\nexport async function hasAllPermissions(\n  userId: string,\n  permissions: Permission[],\n  adapter: RBACAdapter\n): Promise<boolean> {\n  const role = await adapter.getUserRole(userId);\n\n  if (!role) {\n    return false;\n  }\n\n  const userPermissions = await getRolePermissions(role, adapter);\n  return permissions.every(p => userPermissions.includes(p));\n}\n\n/**\n * Check if a user has a specific role\n *\n * @param userId - User ID\n * @param role - Role to check\n * @param adapter - RBAC adapter instance\n * @returns Boolean indicating if user has role\n *\n * @example\n * ```typescript\n * const isAdmin = await hasRole(userId, 'admin', adapter);\n * if (isAdmin) {\n *   // User is admin\n * }\n * ```\n */\nexport async function hasRole(\n  userId: string,\n  role: Role,\n  adapter: RBACAdapter\n): Promise<boolean> {\n  const userRole = await adapter.getUserRole(userId);\n  return userRole === role;\n}\n\n/**\n * Check if a user has any of the specified roles\n *\n * @param userId - User ID\n * @param roles - Array of roles to check\n * @param adapter - RBAC adapter instance\n * @returns Boolean indicating if user has at least one role\n *\n * @example\n * ```typescript\n * const canManage = await hasAnyRole(userId, ['admin', 'manager'], adapter);\n * ```\n */\nexport async function hasAnyRole(\n  userId: string,\n  roles: Role[],\n  adapter: RBACAdapter\n): Promise<boolean> {\n  const userRole = await adapter.getUserRole(userId);\n  return userRole ? roles.includes(userRole) : false;\n}\n\n/**\n * Require a specific permission or throw an error\n *\n * @param userId - User ID\n * @param permission - Permission to require\n * @param adapter - RBAC adapter instance\n * @throws Error if user lacks permission\n *\n * @example\n * ```typescript\n * // In API route\n * export async function POST(request: Request) {\n *   const session = await auth();\n *   await requirePermission(session.user.id, 'users.create', adapter);\n *\n *   // User has permission, proceed...\n * }\n * ```\n */\nexport async function requirePermission(\n  userId: string,\n  permission: Permission,\n  adapter: RBACAdapter\n): Promise<void> {\n  const hasPerms = await hasPermission(userId, permission, adapter);\n\n  if (!hasPerms) {\n    throw new Error(`Permission denied: ${permission}`);\n  }\n}\n\n/**\n * Require a specific role or throw an error\n *\n * @param userId - User ID\n * @param role - Role to require\n * @param adapter - RBAC adapter instance\n * @throws Error if user lacks role\n *\n * @example\n * ```typescript\n * export async function POST(request: Request) {\n *   const session = await auth();\n *   await requireRole(session.user.id, 'admin', adapter);\n *\n *   // User is admin, proceed...\n * }\n * ```\n */\nexport async function requireRole(\n  userId: string,\n  role: Role,\n  adapter: RBACAdapter\n): Promise<void> {\n  const hasRoleCheck = await hasRole(userId, role, adapter);\n\n  if (!hasRoleCheck) {\n    throw new Error(`Role required: ${role}`);\n  }\n}\n\n/**\n * Require any of the specified permissions or throw an error\n *\n * @param userId - User ID\n * @param permissions - Array of permissions (user needs at least one)\n * @param adapter - RBAC adapter instance\n * @throws Error if user lacks all permissions\n */\nexport async function requireAnyPermission(\n  userId: string,\n  permissions: Permission[],\n  adapter: RBACAdapter\n): Promise<void> {\n  const hasPerms = await hasAnyPermission(userId, permissions, adapter);\n\n  if (!hasPerms) {\n    throw new Error(`Permission denied: requires one of ${permissions.join(', ')}`);\n  }\n}\n\n/**\n * Require all of the specified permissions or throw an error\n *\n * @param userId - User ID\n * @param permissions - Array of permissions (user needs all)\n * @param adapter - RBAC adapter instance\n * @throws Error if user lacks any permission\n */\nexport async function requireAllPermissions(\n  userId: string,\n  permissions: Permission[],\n  adapter: RBACAdapter\n): Promise<void> {\n  const hasPerms = await hasAllPermissions(userId, permissions, adapter);\n\n  if (!hasPerms) {\n    throw new Error(`Permission denied: requires all of ${permissions.join(', ')}`);\n  }\n}\n","import type { Db, Collection } from 'mongodb';\r\nimport type { RBACAdapter, RoleDocument, UserDocument, Role, Permission } from '../types';\r\n\r\n/**\r\n * MongoDB adapter configuration\r\n */\r\nexport interface MongoDBAdapterConfig {\r\n  db: Db;\r\n  rolesCollection?: string;\r\n  usersCollection?: string;\r\n}\r\n\r\n/**\r\n * MongoDB adapter for RBAC\r\n *\r\n * @example\r\n * ```typescript\r\n * import { MongoClient } from 'mongodb';\r\n * import { MongoDBAdapter } from '@yourusername/next-rbac/adapters';\r\n *\r\n * const client = new MongoClient(process.env.MONGODB_URI);\r\n * await client.connect();\r\n * const db = client.db('myapp');\r\n *\r\n * const adapter = new MongoDBAdapter({ db });\r\n * ```\r\n */\r\nexport class MongoDBAdapter implements RBACAdapter {\r\n  private db: Db;\r\n  private rolesCollectionName: string;\r\n  private usersCollectionName: string;\r\n\r\n  constructor(config: MongoDBAdapterConfig) {\r\n    this.db = config.db;\r\n    this.rolesCollectionName = config.rolesCollection || 'roles';\r\n    this.usersCollectionName = config.usersCollection || 'users';\r\n  }\r\n\r\n  private get rolesCollection(): Collection<RoleDocument> {\r\n    return this.db.collection<RoleDocument>(this.rolesCollectionName);\r\n  }\r\n\r\n  private get usersCollection(): Collection<UserDocument> {\r\n    return this.db.collection<UserDocument>(this.usersCollectionName);\r\n  }\r\n\r\n  async findRole(roleName: Role): Promise<RoleDocument | null> {\r\n    return this.rolesCollection.findOne({\r\n      name: roleName,\r\n      $or: [\r\n        { deleted_at: null },\r\n        { deleted_at: { $exists: false } }\r\n      ]\r\n    });\r\n  }\r\n\r\n  async getUserRole(userId: string): Promise<Role | null> {\r\n    // Try to find by ObjectId first, then by string\r\n    let user;\r\n\r\n    try {\r\n      const { ObjectId } = await import('mongodb');\r\n      user = await this.usersCollection.findOne({ _id: new ObjectId(userId) } as any);\r\n    } catch {\r\n      // If ObjectId import fails or invalid ObjectId, try string\r\n      user = await this.usersCollection.findOne({ _id: userId } as any);\r\n    }\r\n\r\n    return user?.role || null;\r\n  }\r\n\r\n  async getRolePermissions(roleName: Role): Promise<Permission[]> {\r\n    const role = await this.findRole(roleName);\r\n\r\n    if (!role) {\r\n      return [];\r\n    }\r\n\r\n    // Get direct permissions\r\n    const permissions = new Set<Permission>(role.permissions || []);\r\n\r\n    // Recursively get inherited permissions\r\n    if (role.inherits) {\r\n      const inheritedPermissions = await this.getRolePermissions(role.inherits as Role);\r\n      inheritedPermissions.forEach(p => permissions.add(p));\r\n    }\r\n\r\n    return Array.from(permissions);\r\n  }\r\n}\r\n"]}