import { Column, Table } from "@microtica/database";
import { Request, Response } from "express";
import * as _ from "lodash";
import { AuthHeaders, Dictionary } from ".";
import { AssigneeType, EntityPermission } from "./entity-permission";
declare type Procedure = () => void;
export declare enum AccessPermission {
    GrantAccess = "GRANT_ACCESS",
    RevokeAccess = "REVOKE_ACCESS"
}
export interface Auth {
    id: string;
    type?: string;
    plain?: string;
    roles?: string[];
    groups?: string[];
}
export interface AccessList {
    assigneeId: string;
    assigneeType: AssigneeType;
    permissions: string[];
}
export interface AuthRequest extends Request {
    auth?: Auth;
}
export declare class AuthManager {
    protected auth?: Auth | undefined;
    constructor(auth?: Auth | undefined);
    private static serializePermissions;
    private static deserializePermissions;
    /**
     * Returns all the needed Authorization Headers
     *
     * @param headers The Header object of the request
     * @returns Returns an object with all the AuthHeaders extracted from the Request.Headers
     */
    static getAuthHeaders(headers: _.Dictionary<string>): AuthHeaders;
    /**
     * Grants certain permissions to the given user or group on the entity provided.
     *
     * @param assigneeId The assigneeId you want to grant access to
     * @param assigneeType The assigneeType of the assignee
     * @param entityId The Entity you want to grant the access on
     * @param permissions The permissions you want to be granted
     * @returns Returns an object with a done boolean parameter
     */
    grantAccess(assigneeId: string, assigneeType: AssigneeType, entityId: string, permissions: string[]): Promise<{
        done: boolean;
    }>;
    /**
     * Removes all access from the given assignee, on the given entity
     *
     * @param assigneeId The Assignee you want to revoke all access from
     * @param entityId The entity you want that access revoked
     * @returns Returns an object with a done boolean parameter
     */
    revokeAccess(assigneeId: string, entityId: string): Promise<{
        done: boolean;
    }>;
    /**
     * Sets an Access List to the given entityId
     *
     * @param entityId The entity you want to set the access list to
     * @param accessList The access list you want to set
     * @returns Returns an object with a done boolean parameter
     */
    forceInheritAccess(entityId: string, accessList: AccessList[]): Promise<{
        done: boolean;
    }>;
    /**
     * Returns the Access List for the given Entity
     *
     * @param entityId The entity, which you want the access list for
     * @returns Returns an array with data of the EntityPermission Table
     */
    getAccessList(entityId: string): Promise<(EntityPermission & {
        permissions: string[];
    })[]>;
    /**
     * Returns the Access List for multiple entities
     *
     * @param entityIds The entities, which you want the access list for
     * @returns Returns a dictionary of arrays with data of the EntityPermission Table
    */
    getAccessListForMultipleEntities(entityIds: string[]): Promise<Dictionary<(EntityPermission & {
        permissions: string[];
    })[]>>;
    /**
     * Returns an Access List for the given Assignee Type and Entity
     *
     * @param entityId The entity, which you want the access list for
     * @param filterAssigneeType The assignee type you want from the access list
     * @returns Returns an array of the Access Lists on the entityId
     */
    getAccessListByType(entityId: string, filterAssigneeType?: AssigneeType): Promise<AccessList[]>;
    /**
     * Returns a query of the entity table with the entities/data with sufficient access
     * if given a parentId, returns a query of the entities/data the parent has access to
     * if not, returns a query of the entities/data the User has access to
     *
     * @param entity The EntityTable
     * @param parentId The Parent ID to check access against
     * @returns A query with the EntityTable joined with EntityPermission Table
     */
    listEntities<T>(entity: Table<T> & {
        id: Column<string>;
    }, parentId?: string): import("anydb-sql").Group<import("anydb-sql").Query<T>>;
}
/**
 * Returns the Authorization Function
 *
 * @param requiredPermissions The Required Permissions for the User to pass
 * @returns Returns the authorize function
 */
export declare function authorize(...requiredPermissions: string[]): (req: AuthRequest, res: Response, next: Procedure) => void | import("express-serve-static-core").Response;
/**
 * Returns the Authorization Function
 *
 * @param entityParam The Entity to authorize against
 * @param requiredPermissions The Required Permissions for the User to pass
 * @returns Returns the authorize function
 */
export declare function authorizeStrict(entityParam: string, requiredPermissions: string[]): (req: AuthRequest, res: Response, next: Procedure) => void | import("express-serve-static-core").Response;
export {};