import { IIdentified, IManagedObject, InventoryService, UserService } from '@c8y/client'; import { AppStateService } from './ui-state.service'; import * as i0 from "@angular/core"; export type CanEditConfig = { /** * Skips roles check. */ skipRolesCheck?: boolean; /** * Skips managed object ownership check. */ skipOwnerCheck?: boolean; /** * Skips checks with a query to the inventory API. */ skipRequestCheck?: boolean; }; export declare class Permissions { private appState; private inventory; private user; static ROLE_ADVANCED_SOFTWARE_ADMIN: string; static ROLE_ADVANCED_SOFTWARE_READ: string; static ROLE_ALARM_ADMIN: string; static ROLE_ALARM_READ: string; static ROLE_ANALYTICSBUILDER_READ: string; static ROLE_APPLICATION_MANAGEMENT_ADMIN: string; static ROLE_APPLICATION_MANAGEMENT_READ: string; static ROLE_AUDIT_ADMIN: string; static ROLE_AUDIT_READ: string; static ROLE_BINARY_ADMIN: string; static ROLE_BINARY_CREATE: string; static ROLE_BINARY_READ: string; static ROLE_BULK_OPERATION_ADMIN: string; static ROLE_BULK_OPERATION_READ: string; static ROLE_CEP_MANAGEMENT_ADMIN: string; static ROLE_CEP_MANAGEMENT_READ: string; static ROLE_DATA_BROKER_ADMIN: string; static ROLE_DATA_BROKER_READ: string; static ROLE_DEVICE_CONTROL_ADMIN: string; static ROLE_DEVICE_CONTROL_READ: string; static ROLE_EMAIL_CREATE: string; static ROLE_EPLAPPS_READ: string; static ROLE_EVENT_ADMIN: string; static ROLE_EVENT_READ: string; static ROLE_GENERIC_MQTT_ADMIN: string; static ROLE_IDENTITY_ADMIN: string; static ROLE_IDENTITY_READ: string; static ROLE_INVENTORY_ADMIN: string; static ROLE_INVENTORY_CREATE: string; static ROLE_INVENTORY_READ: string; static ROLE_MACHINE_LEARNING_READ: string; static ROLE_MANAGED_OBJECT_ADMIN: string; static ROLE_MANAGED_OBJECT_CREATE: string; static ROLE_MANAGED_OBJECT_READ: string; static ROLE_MEASUREMENT_ADMIN: string; static ROLE_MEASUREMENT_READ: string; static ROLE_MQTT_CONNECT_ADMIN: string; static ROLE_MQTT_SERVICE_ADMIN: string; static ROLE_NOTIFICATION_2_ADMIN: string; static ROLE_OPTION_MANAGEMENT_ADMIN: string; static ROLE_OPTION_MANAGEMENT_READ: string; static ROLE_PROVISIONING_CREATE: string; static ROLE_PROVISIONING_READ: string; static ROLE_PROVISIONING_UPDATE: string; static ROLE_REMOTE_ACCESS_ADMIN: string; static ROLE_RETENTION_RULE_ADMIN: string; static ROLE_RETENTION_RULE_READ: string; static ROLE_SCHEDULE_REPORT_ADMIN: string; static ROLE_SIMULATOR_ADMIN: string; static ROLE_SMARTGROUP_ADMIN: string; static ROLE_SMARTGROUP_CREATE: string; static ROLE_SMARTGROUP_UPDATE: string; static ROLE_SMARTRULE_ADMIN: string; static ROLE_SMARTRULE_READ: string; static ROLE_SMS_ADMIN: string; static ROLE_SMS_READ: string; static ROLE_TENANT_ADMIN: string; static ROLE_TENANT_MANAGEMENT_ADMIN: string; static ROLE_TENANT_MANAGEMENT_CREATE: string; static ROLE_TENANT_MANAGEMENT_READ: string; static ROLE_TENANT_MANAGEMENT_UPDATE: string; static ROLE_TENANT_STATISTICS_READ: string; static ROLE_USER_MANAGEMENT_ADMIN: string; static ROLE_USER_MANAGEMENT_CREATE: string; static ROLE_USER_MANAGEMENT_OWN_ADMIN: string; static ROLE_USER_MANAGEMENT_OWN_READ: string; static ROLE_USER_MANAGEMENT_READ: string; constructor(appState: AppStateService, inventory: InventoryService, user: UserService); /** * Checks if the current user has write permissions for the given mo * (either through global role, individual device permissions or via inventory roles). * * ```ts * async canEditGroup(group: IManagedObject): Promise { * return await this.permissions.canEdit( * [Permissions.ROLE_INVENTORY_ADMIN, Permissions.ROLE_MANAGED_OBJECT_ADMIN], * group * ); * } * ``` * * @param roleIds - The array of role ids to check if the current user have at least one of them. * @param mo - The managed object for which we are checking whether the user has access. * @param config - A configuration object that can take the following values: `skipRolesCheck`: `boolean` - skips roles check, `skipOwnerCheck`: `boolean` - skips ownership check, `skipRequestCheck`: `boolean` - skips checks with a query to the inventory API. UI will make a query to backend whether the user can edit the managed object. A rejection from BE indicates a lack of permission. * * @returns A Promise resolving to a boolean value. `true` if editing is permitted based on the given parameters and configuration; otherwise, `false`. * */ canEdit(roleIds: string[], mo: IManagedObject | IIdentified, config?: CanEditConfig): Promise; /** * Checks if the current user has the specified role. * * ```ts * hasSmsReadRole(): boolean { * return this.permissions.hasRole(Permissions.ROLE_SMS_READ); * }; * ``` * * @param roleId - The ID of the role to check against the current user's roles. * @returns A boolean value indicating whether the current user has the specified role. * @throws Error if no user is currently logged in. * */ hasRole(roleId: string): boolean; /** * Checks if the current user possesses all the specified roles. * * ```ts * hasMOReadAndBinaryReadRoles(): boolean { * return this.permissions.hasAllRoles([ * Permissions.ROLE_MANAGED_OBJECT_READ, * Permissions.ROLE_BINARY_READ * ]); * } * ``` * * @param roleIds - An array of strings representing the role IDs to check against the current user's roles. * @returns A boolean value indicating whether the current user has all the specified roles. * @throws Error if no user is currently logged in. * */ hasAllRoles(roleIds: string[]): boolean; /** * Checks if the current user possesses any of the specified roles. * * ```ts * hasTenantAdminOrTenantManagementAdminRoles(): boolean { * return this.permissions.hasAnyRole([ * Permissions.ROLE_TENANT_ADMIN, * Permissions.ROLE_TENANT_MANAGEMENT_ADMIN * ]); * }; * ``` * * @param roleIds - An array of strings representing the role IDs to check against the current user's roles. * @returns A boolean value indicating whether the current user has any of the specified roles. * @throws Error if no user is currently logged in. * */ hasAnyRole(roleIds: string[]): boolean; /** * Checks if the current user possesses any of the specified global roles. * * ```ts * hasAnyGlobalRoles(dashboard: ContextDashboardManagedObject): boolean { * const globalRolesIds = dashboard?.c8y_Dashboard?.globalRolesIds; * return this.permissions.hasAnyGlobalRole(globalRolesIds); * } * ``` * * @param globalRolesIds - An array of numbers representing the global role IDs to check against the current user's roles. * @returns A boolean value indicating whether the current user has any of the specified global roles. * @throws Error if no user is currently logged in. * */ hasAnyGlobalRole(globalRolesIds: number[]): boolean; /** * Checks if the current user is the owner of the managed object. * Utilizes memoization to cache the result based on the managed object's id, * improving performance for subsequent checks of the same object. * * ```ts * const managedObject = { id: '123', owner: 'johnDoe' }; * this.checkIfOwner(managedObject).then(isOwner => { * console.log(isOwner); * }); * ``` * * @param mo - The managed object to check ownership against. * @returns A promise that resolves to `true` if the current user is the owner of the managed object, and `false` otherwise. * */ protected checkIfOwner(mo: IManagedObject | IIdentified): Promise; /** * Attempts to perform a partial update on a managed object as a means to check for edit permissions. * Utilizes memoization to cache the result based on the managed object's id, * thereby avoiding unnecessary repeated requests for the same object. * * This method essentially tests if the current user has permission to update the managed object, * serving as an indirect permission check. * * ```ts * const managedObject = { id: '456' }; * this.checkWithRequest(managedObject).then(hasPermission => { * console.log(hasPermission); * }).catch(error => { * console.error(error); * }); * ``` * * @param mo - The managed object to test edit permissions on. * @returns A promise that resolves to `true` if the update request succeeds (indicating edit permissions), and `false` if it fails. * */ protected checkWithRequest(mo: IManagedObject | IIdentified): Promise; /** * Checks if the current user has the necessary permissions to edit a managed object. * This method considers various conditions to determine editability, including role checks, * ownership, and custom request-based checks. Each of these checks can be optionally skipped * based on the provided configuration. * * @param roleIds - An array of role IDs to check against the current user's roles. * @param mo - The managed object or an identified resource to check edit permissions for. * @param config - Configuration options to customize the checks performed. This includes options to skip role checks, owner checks, or custom request checks. * @returns A promise that resolves to `true` if the current user can edit the managed object based on the given conditions, and `false` otherwise. * */ private checkIfCanEdit; static ɵfac: i0.ɵɵFactoryDeclaration; static ɵprov: i0.ɵɵInjectableDeclaration; } //# sourceMappingURL=permissions.service.d.ts.map