@restorecommerce/acs-client/lib/acs/resolver.d.ts

Access Control Service Client

import { Subject, DeepPartial } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/auth';
import { Request } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/access_control';
import { FilterOp } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/resource_base';
import { ACSAuthZ } from './authz';
import { ACSClientContext, DecisionResponse, PolicySetRQResponse, ACSResource, AuthZAction, ACSClientOptions } from './interfaces';
export declare const isAllowedRequest: (subject: Subject, resources: ACSResource[], actions: AuthZAction, ctx: ACSClientContext, useCache: boolean) => Promise<DecisionResponse>;
/**
 * It turns an API request as can be found in typical Web frameworks like express, koa etc.
 * into a proper ACS request. For `whatIsAllowed` operation it returns the filters
 * to enforce the applicapble poilicies. The response is `Decision`
 * or policy set reverse query `PolicySetRQ` depending on the requeste operation `isAllowed()` or
 * `whatIsAllowed()` respectively.
 * @param {Subject} subject Contains subject information
 * @param {ACSResource[]} resource Contains resource name, resource instance and optional resource properties
 * @param {AuthZAction} action Action to be performed on resource
 * @param {ACSClientContext} ctx Context containing Subject and Context Resources for ACS
 * @param {Operation} operation Operation to perform `isAllowed` or `whatIsAllowed`,
 * if this param is missing defaults to `isAllowed` operation
 * @param {Database} database database used either `arangoDB` or `postgres`,
 * if this param is missing defaults to `arangoDB`
 * @param {boolean} useCache by default ACS caching is used, if set to false then ACS cache
 * is not used and ACS request is made to `access-control-srv`
 * @returns {DecisionResponse | PolicySetRQResponse}
 */
export declare const accessRequest: (subject: DeepPartial<Subject>, resource: ACSResource[], action: AuthZAction, ctx: ACSClientContext, options?: ACSClientOptions) => Promise<DecisionResponse | PolicySetRQResponse>;
/**
 * Exposes the isAllowed() api of `access-control-srv` and retruns the response
 * as `Decision`.
 * @param {ACSRequest} request input authorization request
 * @param {ACSContext} ctx Context Object containing requester's subject information
 * @return {Decision} PERMIT or DENY or INDETERMINATE
 */
export declare const isAllowed: (request: Request, authZ: ACSAuthZ) => Promise<DecisionResponse>;
/**
 * Exposes the whatIsAllowed() api of `access-control-srv` and retruns the response
 * a policy set reverse query `PolicySetRQ`
 * @param {ACSRequest} authZRequest input authorization request
 * @param {ACSContext} ctx Context Object containing requester's subject information
 * @return {PolicySetRQ} set of applicable policies and rules for the input request
 */
export declare const whatIsAllowed: (request: Request, authZ: ACSAuthZ) => Promise<PolicySetRQResponse>;
export interface Output {
    details?: PayloadStatus[];
    error?: OutputError;
}
export interface OutputError {
    message: string;
    code: number;
}
export interface PayloadStatus {
    payload: any;
    status: {
        message: string;
        code: number;
    };
}
export interface LoginResult {
    me?: Subject;
    error?: LoginError;
}
export interface LoginError {
    code: string;
    message: string;
}
export interface QueryArguments {
    filters?: FilterOp[];
    limit?: any;
    sort?: any;
    offset?: any;
    custom_queries: string[];
    custom_arguments: any;
}
export interface UserQueryArguments extends QueryArguments {
    user_role: RoleRequest;
}
export interface RoleRequest {
    role: string;
    organizations: string[];
}
//# sourceMappingURL=resolver.d.ts.map