import { Authenticatable } from "../interfaces/authenticatable.interface"; export declare class PermissionService { /** * Validates that a permission string matches an accepted format. * Throws on invalid formats — this is a programmer/data error. * * @param permission - The permission string to validate * @throws {Error} If the format is invalid */ static validateFormat(permission: string): void; /** * Checks if a principal has a specific permission. * * @param principal - The authenticated entity to check * @param permission - The permission to check for * @returns true if the principal has the permission, false otherwise */ hasPermission(principal: Authenticatable, permission: string): boolean; /** * Checks if a principal has all of the specified permissions. * * @param principal - The authenticated entity to check * @param permissions - The permissions to check for (AND logic) * @returns true if the principal has all permissions, false otherwise */ hasAllPermissions(principal: Authenticatable, permissions: string[]): boolean; /** * Checks if a principal has any of the specified permissions. * * @param principal - The authenticated entity to check * @param permissions - The permissions to check for (OR logic) * @returns true if the principal has at least one permission, false otherwise */ hasAnyPermission(principal: Authenticatable, permissions: string[]): boolean; /** * Requires a principal to have a specific permission, throws if not. * * @param principal - The authenticated entity to check * @param permission - The permission required * @throws {PermissionDeniedException} If the principal lacks the permission */ requirePermission(principal: Authenticatable, permission: string): void; /** * Requires a principal to have all specified permissions, throws if not. * * @param principal - The authenticated entity to check * @param permissions - The permissions required (AND logic) * @throws {PermissionDeniedException} If the principal lacks any permission */ requireAllPermissions(principal: Authenticatable, permissions: string[]): void; /** * Requires a principal to have at least one of the specified permissions. * * @param principal - The authenticated entity to check * @param permissions - The permissions to check (OR logic) * @throws {PermissionDeniedException} If the principal has none of the permissions */ requireAnyPermission(principal: Authenticatable, permissions: string[]): void; /** * Checks if a granted permission matches a required permission. * Supports wildcards: * - `*` matches any permission * - `*:resource` matches any action on that resource * - `action:*` matches that action on any resource * * @param granted - The permission the principal has * @param required - The permission being checked * @returns true if the granted permission satisfies the requirement */ private matchesPermission; }