import { type CallContext } from 'nice-grpc'; import { Logger } from '@restorecommerce/logger'; import { Client } from '@restorecommerce/grpc-client'; import { UserServiceDefinition } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/user.js'; import { type ResourceList, type ResourceListResponse, type DeleteRequest, ReadRequest } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/resource_base.js'; import { Operation, ACSResource, AuthZAction, ACSClientContext } from './interfaces.js'; import { Subject } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/auth.js'; export type AccessControlledServiceRequest = ResourceList & ReadRequest; export type DatabaseProvider = 'arangoDB' | 'postgres'; export type ResourceFactory = (self: any, request: T, ...args: any) => Promise; export type MetaDataInjector = (self: any, request: T, ...args: any) => Promise; export type SubjectResolver = (self: any, request: T, ...args: any) => Promise; export type DatabaseSelector = (self: any, request: T, ...args: any) => Promise; export type ACSClientContextFactory = (self: any, request: T, ...args: any) => Promise; /** * @param action AuthZAction of that function (required), * @param opatation Operation [isAllowed | whatIsAllowed] (required), * @param subject SubjectResolver should resolve the subject.id by a given token (default: DefaultSubjectResolver) * @param meta MetaDataInjector should inject meta data to each item of resource (default: DefaultMetaDataInjector) * @param context ACSClientContext | ACSClientContextFactory should provide a static of dynamic ACSContext (default: DefaultACSClientContextFactory) * @param resource ACSResource[] | ResourceFactory should provide a static or dynamic ACSResource (default: DefaultResourceFactory) * @param database DatabaseProvider | DatabaseSelector - (detault: cfg.get('authorization:database') ?? 'arangoDB') * @param useCache boolean (default: cfg.get('authorization:cache:enabled') ?? false) */ export type AccessControlledFunctionOptions = { action: AuthZAction; operation: Operation; subject?: SubjectResolver | null; meta?: MetaDataInjector | null; context?: ACSClientContext | ACSClientContextFactory; resource?: ACSResource[] | ResourceFactory; database?: DatabaseProvider | DatabaseSelector; useCache?: boolean; }; export interface AccessControllableService { name: string; /** * Get resources by ID. * Required by access controllable services for checking inner state! * * @param ids - a list of requested resource.id(s) * @param subject - the calling subject * @param context - incomming grpc + http header context * @param bypassACS - set true during inner ACS calles to avoid recursive loops! */ get(ids: string[], subject?: Subject, context?: CallContext, bypassACS?: boolean): Promise; } export interface AccessControlledService extends AccessControllableService { readonly __userService: Client; readonly __acsDatabaseProvider: DatabaseProvider; readonly logger?: Logger; } export declare const DefaultACSClientContextFactory: (self: AccessControllableService, request: T & DeleteRequest, context?: CallContext) => Promise; export declare const DefaultResourceFactory: (...resourceNames: string[]) => ResourceFactory; export declare const DefaultResourceFactoryInstance: ResourceFactory; export declare const DefaultSubjectResolver: (self: any, request: T, ...args: any) => Promise; export declare const DefaultMetaDataInjector: (self: any, request: T, ...args: any) => Promise; export declare function access_controlled_service(baseService: T): T; export declare function access_controlled_function(kwargs: AccessControlledFunctionOptions): any; export declare function resolves_subject(subjectResolver?: SubjectResolver): any; export declare function injects_meta_data(metaDataInjector?: MetaDataInjector): any; //# sourceMappingURL=decorators.d.ts.map