import { MultistringAddress, AddressMap } from './addrmap';
import { SerializableData } from './serializer';
import { RpcChannel, RpcFunction } from './registry';
export declare type AccessPolicy = boolean;
export declare const AccessPolicy: {
    ALLOW: boolean;
    DENY: boolean;
};
export declare type OptAccessPolicy = AccessPolicy | undefined | null;
export declare const OptAccessPolicy: {
    NONE: null;
} & {
    ALLOW: boolean;
    DENY: boolean;
};
export interface CanCallOpts {
    args: SerializableData[];
    wc: string[];
    channel: RpcChannel;
    func?: RpcFunction;
}
export declare type AccessCanFunction = (addr: MultistringAddress, opts: CanCallOpts) => OptAccessPolicy;
/**
 * Controls access to RPC endpoints based on address AND arguments.
 */
export interface AccessController {
    can(addr: MultistringAddress, opts: CanCallOpts): OptAccessPolicy;
}
/**
 * Always allows access.
 */
export declare class AllowAccessController implements AccessController {
    can(): AccessPolicy;
}
/**
 * Always denies access.
 */
export declare class DenyAccessController implements AccessController {
    can(): AccessPolicy;
}
/**
 * Controls access based on a single function
 */
export declare class FunctionAccessController implements AccessController {
    readonly can: AccessCanFunction;
    constructor(can: AccessCanFunction);
}
/**
 * Gives higher `AccessController`s in the chain priority.
 */
export declare class ChainedAccessController implements AccessController {
    default_ap: OptAccessPolicy;
    readonly access_chain: AccessController[];
    constructor(default_ap?: OptAccessPolicy);
    can(addr: MultistringAddress, opts: CanCallOpts): OptAccessPolicy;
}
/**
 * The old type of access control based on an address-to-policy map.
 */
export declare class LegacyAccessController implements AccessController {
    readonly map: AddressMap<boolean>;
    can(to: MultistringAddress): OptAccessPolicy;
}
/**
 * Lookup a function to determine access on a per-address basis
 */
export declare class FunctionLookupAccessController implements AccessController {
    readonly map: AddressMap<AccessCanFunction>;
    can(to: MultistringAddress, opts: CanCallOpts): OptAccessPolicy;
}
export declare const CanCallFunction: unique symbol;
export declare const RequiresPermissions: unique symbol;
export interface PermissionedCanCallOpts extends CanCallOpts {
    require: (perm: string) => void;
    perms: Set<string>;
}
export declare type PermissionedAccessCanFunction = (addr: MultistringAddress, opts: PermissionedCanCallOpts) => OptAccessPolicy;
/**
 * First, this `AccessController` will check the `RequiresPermissions` property
 * on the target function. If any of these are missing from the member `perms`
 * set, then access is denied. Otherwise, if `CanCallFunction` is defined, then
 * its result is returned. The `CanCallFunction` may also require permissions.
 */
export declare class AutoFunctionAccessController implements AccessController {
    perms: Set<string>;
    constructor(perms?: Set<string>);
    can(to: MultistringAddress, opts: CanCallOpts): OptAccessPolicy;
}
export declare function RequirePermissions(perms: string[]): (target: any, propertyKey: string, descriptor: PropertyDescriptor) => void;
export declare function SetCanCallFunc(can: AccessCanFunction): (target: any, propertyKey: string, descriptor: PropertyDescriptor) => void;