import { Attribute } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/attribute';
import { RoleAssociation, Subject, DeepPartial } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/auth';
import { Meta } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/meta';
import { FilterOp } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/resource_base';
import { Response_Decision, ReverseQuery } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/access_control';
import { Effect } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/rule';
import { PolicySetRQ } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/policy_set';
import { PolicyRQ } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/policy';
import { RuleRQ, Target as AttributeTarget } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/rule';
import { Response_Decision as Decision, Context, Response } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/access_control';
export { Decision, Context, RuleRQ, PolicyRQ, PolicySetRQ, Response as ACSResponse, AttributeTarget, };
export declare enum AuthZAction {
    CREATE = "CREATE",
    READ = "READ",
    MODIFY = "MODIFY",
    DELETE = "DELETE",
    EXECUTE = "EXECUTE",
    DROP = "DROP",
    ALL = "*"
}
export declare enum Operation {
    isAllowed = "isAllowed",
    whatIsAllowed = "whatIsAllowed"
}
export interface ACSResource {
    resource: string;
    id?: string | string[];
    property?: string[];
}
export interface CtxResource {
    id: string;
    meta: {
        created?: Date;
        modified?: Date;
        modified_by?: string;
        owners: Attribute[];
    };
    [key: string]: any;
}
export interface ACSClientContext {
    subject?: DeepPartial<Subject>;
    resources?: CtxResource[];
}
export interface Database {
    database: 'arangoDB' | 'postgres';
}
export interface AuthZSubject {
    id: string;
}
export interface HierarchicalScope {
    id: string;
    role?: string;
    children?: HierarchicalScope[];
}
export interface ResolvedSubject {
    id: string;
    scope: string;
    token: string;
    role_associations?: RoleAssociation[];
    hierarchical_scopes?: HierarchicalScope[];
}
export interface Obligation {
    resource: string;
    property: string[];
}
export type DecisionResponse = Response & {
    obligations?: Obligation[];
};
export interface Target<TSubject, TResource, TAction> {
    subjects: TSubject;
    resources: TResource;
    actions: TAction;
}
export interface Request<TTarget, TContext> {
    target: TTarget;
    context: TContext;
}
/**
 * isAllowed Authorization interface
 */
export interface AuthZ<TSubject, TContext = any, TResource = ACSResource, TAction = AuthZAction> {
    /**
     * Check is the subject is allowed to do an action on a specific resource
     */
    isAllowed(request: Request<Target<TSubject, TResource, TAction>, TContext>, ctx: ACSClientContext, useCache: boolean, roleScopingEntityURN: string): Promise<DecisionResponse>;
}
export interface Credentials {
    type: string;
    [key: string]: any;
}
export type AuthZTarget = Target<Subject, ACSResource[], AuthZAction>;
export type NoAuthTarget = Target<UnauthenticatedData, ACSResource[], AuthZAction>;
export type AuthZWhatIsAllowedTarget = Target<Subject, ACSResource[], AuthZAction>;
export type NoAuthWhatIsAllowedTarget = Target<UnauthenticatedData, ACSResource[], AuthZAction>;
export interface AuthZContext {
    security: any;
}
export interface ResourceData {
    id: string;
    meta: Meta;
    [key: string]: any;
}
export interface AuthZRequest extends Request<AuthZTarget, AuthZContext> {
    target: AuthZTarget;
    context: AuthZContext;
}
export interface AuthZResponse extends Response {
    decision: Response_Decision;
    obligation: string;
}
export interface IAuthZ extends AuthZ<Subject | UnauthenticatedData, AuthZContext, ACSResource[], AuthZAction> {
    whatIsAllowed: (request: Request<AuthZWhatIsAllowedTarget | NoAuthWhatIsAllowedTarget, AuthZContext>, ctx: ACSClientContext, useCache: boolean, roleScopingEntityURN: string) => Promise<PolicySetRQResponse>;
}
export interface UserCredentials extends Credentials {
    identifier: string;
    password: string;
}
export interface OwnerAttribute {
    id: string;
    value: string;
}
export interface UnauthenticatedContext {
    session: UnauthenticatedSession;
}
export interface UnauthenticatedSession {
    data: UnauthenticatedData;
}
export interface UnauthenticatedData {
    unauthenticated: true;
}
export interface UserScope {
    role_associations: RoleAssociation[];
    scopeOrganization: string;
}
export interface AccessControlObjectInterface {
    id?: string;
    name?: string;
    description?: string;
    target?: AttributeTarget;
    effect?: Effect;
    condition?: string;
}
export interface ResourceFilterMap {
    resource: string;
    filters: FilterOp[];
}
export interface CustomQueryArgs {
    resource: string;
    custom_queries: string[];
    custom_arguments: any;
}
export type PolicySetRQResponse = ReverseQuery & {
    filters?: ResourceFilterMap[];
    custom_query_args?: CustomQueryArgs[];
    obligations?: Obligation[];
    decision?: Response_Decision;
};
export interface TargetReq {
    subjects: Attribute[];
    resources: Attribute[];
    actions: Attribute[];
}
export interface ACSClientOptions {
    operation?: Operation;
    database?: 'arangoDB' | 'postgres';
    useCache?: boolean;
}
//# sourceMappingURL=interfaces.d.ts.map