@noony-serverless/core

/** * Expression Permission Resolver * * Advanced permission resolver supporting complex boolean expressions with * AND, OR, and NOT operations. Limited to 2-level nesting to prevent * performance degradation while maintaining flexibility for complex * authorization scenarios. * * Supported Expression Structure: * - Leaf permissions: { permission: "admin.users" } * - AND operations: { and: [expr1, expr2, ...] } * - OR operations: { or: [expr1, expr2, ...] } * - NOT operations: { not: expr } * - Maximum 2-level nesting depth * * Performance Features: * - Result caching for expensive expression evaluations * - Short-circuit evaluation (AND stops at first false, OR stops at first true) * - Expression normalization for consistent cache keys * - Performance metrics and monitoring * * Example Expressions: * ``` * // Simple OR: user needs admin OR manager role * { or: [{ permission: "admin.platform" }, { permission: "role.manager" }] } * * // Complex AND/OR: (admin OR (manager AND finance)) * { * or: [ * { permission: "admin.platform" }, * { and: [{ permission: "role.manager" }, { permission: "department.finance" }] } * ] * } * ``` * * @author Noony Framework Team * @version 1.0.0 */ import { PermissionResolver, PermissionResolverType, PerformanceCharacteristics, PermissionCheckResult, PermissionExpression } from './PermissionResolver'; import { CacheAdapter } from '../cache/CacheAdapter'; /** * Expression permission resolver for complex boolean logic */ export declare class ExpressionPermissionResolver extends PermissionResolver<PermissionExpression> { private readonly cache; private readonly maxNestingDepth; private checkCount; private totalResolutionTimeUs; private cacheHits; private cacheMisses; private expressionComplexityStats; constructor(cache: CacheAdapter); /** * Check if user permissions satisfy the permission expression * * @param userPermissions - Set of user's permissions for O(1) lookup * @param expression - Permission expression to evaluate * @returns Promise resolving to true if expression evaluates to true */ check(userPermissions: Set<string>, expression: PermissionExpression): Promise<boolean>; /** * Check permissions with detailed result information */ checkWithResult(userPermissions: Set<string>, expression: PermissionExpression): Promise<PermissionCheckResult>; /** * Evaluate permission expression recursively * * @param userPermissions - User's permissions as Set for O(1) lookup * @param expression - Expression to evaluate * @param depth - Current nesting depth * @returns Boolean result of expression evaluation */ private evaluateExpression; /** * Evaluate expression with detailed result information */ private evaluateExpressionWithDetails; /** * Track expression complexity for analytics */ private trackComplexity; /** * Get the depth of an expression */ private getExpressionDepth; /** * Get resolver type for identification */ getType(): PermissionResolverType; /** * Get performance characteristics for monitoring */ getPerformanceCharacteristics(): PerformanceCharacteristics; /** * Get performance statistics */ getStats(): { checkCount: number; averageResolutionTimeUs: number; totalResolutionTimeUs: number; cacheHitRate: number; cacheHits: number; cacheMisses: number; complexityDistribution: { simple: number; moderate: number; complex: number; }; }; /** * Reset performance statistics */ resetStats(): void; /** * Get resolver name for debugging */ getName(): string; /** * Check if this resolver can handle the given requirement type */ canHandle(requirement: any): requirement is PermissionExpression; /** * Normalize expression for consistent cache keys * * Sorts arrays and standardizes structure for reliable caching */ static normalizeExpression(expression: PermissionExpression): PermissionExpression; } //# sourceMappingURL=ExpressionPermissionResolver.d.ts.map