import { NotAllowedError } from '@backstage/errors';
import * as _backstage_plugin_permission_common from '@backstage/plugin-permission-common';
import { PermissionAttributes, ConditionalPolicyDecision, ResourcePermission } from '@backstage/plugin-permission-common';

/**
 * @public
 * 'rest' created via REST API
 * 'csv-file' created via policies-csv-file with defined path in the application configuration
 * 'configuration' created from application configuration
 * 'legacy'; preexisting policies
 */
type Source = string;
/**
 * @public
 */
type PermissionPolicyMetadata = {
    source: Source;
};
/**
 * @public
 */
type RoleMetadata = {
    description?: string;
    source?: Source;
    modifiedBy?: string;
    author?: string;
    lastModified?: string;
    createdAt?: string;
    owner?: string;
};
/**
 * @public
 */
type Policy = {
    permission?: string;
    policy?: string;
};
/**
 * @public
 */
type RoleBasedPolicy = Policy & {
    entityReference?: string;
    effect?: string;
    metadata?: PermissionPolicyMetadata;
};
/**
 * @public
 */
type Role = {
    memberReferences: string[];
    name: string;
    metadata?: RoleMetadata;
};
/**
 * @public
 */
type UpdatePolicy = {
    oldPolicy: Policy;
    newPolicy: Policy;
};
/**
 * @public
 */
type NamedPolicy = {
    name: string;
    policy: string;
};
/**
 * @public
 */
type ResourcedPolicy = NamedPolicy & {
    resourceType: string;
};
/**
 * @public
 */
type PolicyDetails = NamedPolicy | ResourcedPolicy;
/**
 * @public
 */
declare function isResourcedPolicy(policy: PolicyDetails): policy is ResourcedPolicy;
/**
 * @public
 */
type PluginPermissionMetaData = {
    pluginId: string;
    policies: PolicyDetails[];
};
/**
 * @public
 */
type NonEmptyArray<T> = [T, ...T[]];
/**
 * @public
 * Permission framework attributes action has values: 'create' | 'read' | 'update' | 'delete' | undefined.
 * But we are introducing an action named "use" when action does not exist('undefined') to avoid
 * a more complicated model with multiple policy and request shapes.
 */
declare const PermissionActionValues: readonly ["create", "read", "update", "delete", "use"];
/**
 * @public
 */
type PermissionAction = (typeof PermissionActionValues)[number];
/**
 * @public
 */
declare const toPermissionAction: (attr: PermissionAttributes) => PermissionAction;
/**
 * @public
 */
declare function isValidPermissionAction(action: string): action is PermissionAction;
/**
 * @public
 */
type PermissionInfo = {
    name: string;
    action: PermissionAction;
};
/**
 * @public
 * Frontend should use RoleConditionalPolicyDecision<PermissionAction>
 */
type RoleConditionalPolicyDecision<T extends PermissionAction | PermissionInfo> = ConditionalPolicyDecision & {
    id: number;
    roleEntityRef: string;
    permissionMapping: T[];
};
/**
 * @public
 */
declare const ConditionalAliases: {
    readonly CURRENT_USER: "currentUser";
    readonly OWNER_REFS: "ownerRefs";
};
/**
 * @public
 */
declare const CONDITION_ALIAS_SIGN = "$";
/**
 * @public
 * UnauthorizedError should be uniformely used for authorization errors.
 */
declare class UnauthorizedError extends NotAllowedError {
    constructor();
}
/**
 * @public
 * List of plugins that are supports Backstage permission framework.
 */
type PermissionDependentPluginList = {
    ids: string[];
};

/**
 * @public
 */
declare const RESOURCE_TYPE_POLICY_ENTITY = "policy-entity";
/**
 * @public
 * Convenience type for permission entity
 */
type PolicyEntityPermission = ResourcePermission<typeof RESOURCE_TYPE_POLICY_ENTITY>;
/**
 * @public
 * This permission is used to authorize actions that involve reading
 * permission policies.
 */
declare const policyEntityReadPermission: ResourcePermission<"policy-entity">;
/**
 * @public
 * This permission is used to authorize the creation of new permission policies.
 */
declare const policyEntityCreatePermission: _backstage_plugin_permission_common.BasicPermission;
/**
 * @public
 * This permission is used to authorize actions that involve removing permission
 * policies.
 */
declare const policyEntityDeletePermission: ResourcePermission<"policy-entity">;
/**
 * @public
 * This permission is used to authorize updating permission policies
 */
declare const policyEntityUpdatePermission: ResourcePermission<"policy-entity">;
/**
 * @public
 * List of all permissions on permission polices.
 */
declare const policyEntityPermissions: (ResourcePermission<"policy-entity"> | _backstage_plugin_permission_common.BasicPermission)[];

export { CONDITION_ALIAS_SIGN, ConditionalAliases, type NamedPolicy, type NonEmptyArray, type PermissionAction, PermissionActionValues, type PermissionDependentPluginList, type PermissionInfo, type PermissionPolicyMetadata, type PluginPermissionMetaData, type Policy, type PolicyDetails, type PolicyEntityPermission, RESOURCE_TYPE_POLICY_ENTITY, type ResourcedPolicy, type Role, type RoleBasedPolicy, type RoleConditionalPolicyDecision, type RoleMetadata, type Source, UnauthorizedError, type UpdatePolicy, isResourcedPolicy, isValidPermissionAction, policyEntityCreatePermission, policyEntityDeletePermission, policyEntityPermissions, policyEntityReadPermission, policyEntityUpdatePermission, toPermissionAction };
