import * as z from 'zod/v4'; import { Role } from './roles'; export declare const JurisdictionFilter: z.ZodEnum<{ administrativeArea: "administrativeArea"; location: "location"; all: "all"; }>; export type JurisdictionFilter = z.infer; export declare const UserFilter: z.ZodEnum<{ user: "user"; }>; export type UserFilter = z.infer; /** * The different types of scopes that can be used to control access to records. Each type has different options that can be used to further filter the records that the scope applies to. * When adding new scope types, they should be added to the appropriate section based on the options they require. * * @see scopeOptionsPlaceEvent @see scopeOptionsDeclared @see scopeOptionsFull */ export declare const RecordScopeTypeV2: z.ZodEnum<{ "record.search": "record.search"; "record.create": "record.create"; "record.read": "record.read"; "record.declare": "record.declare"; "record.notify": "record.notify"; "record.edit": "record.edit"; "record.reject": "record.reject"; "record.archive": "record.archive"; "record.review-duplicates": "record.review-duplicates"; "record.register": "record.register"; "record.print-certified-copies": "record.print-certified-copies"; "record.request-correction": "record.request-correction"; "record.correct": "record.correct"; "record.unassign-others": "record.unassign-others"; "record.custom-action": "record.custom-action"; }>; export type RecordScopeTypeV2 = z.infer; declare const AllScopeOptions: z.ZodObject<{ ids: z.ZodPipe, z.ZodArray>; accessLevel: z.ZodOptional>; role: z.ZodOptional, z.ZodOptional>>>; event: z.ZodPipe, z.ZodOptional>>; placeOfEvent: z.ZodOptional>; declaredIn: z.ZodOptional>; declaredBy: z.ZodOptional>; registeredIn: z.ZodOptional>; registeredBy: z.ZodOptional>; }, z.core.$strip>; type AllScopeOptions = z.infer; export declare const ScopeOptionKey: z.ZodEnum<{ role: "role"; event: "event"; placeOfEvent: "placeOfEvent"; declaredIn: "declaredIn"; declaredBy: "declaredBy"; registeredIn: "registeredIn"; registeredBy: "registeredBy"; accessLevel: "accessLevel"; ids: "ids"; }>; export type ScopeOptionKey = z.infer; export declare const ScopesWithPlaceEventOptions: z.ZodEnum<{ "record.create": "record.create"; "record.declare": "record.declare"; "record.notify": "record.notify"; }>; export declare const ScopesWithDeclaredOptions: z.ZodEnum<{ "record.edit": "record.edit"; "record.reject": "record.reject"; "record.archive": "record.archive"; "record.review-duplicates": "record.review-duplicates"; "record.register": "record.register"; }>; export declare const ScopesWithFullOptions: z.ZodEnum<{ "record.search": "record.search"; "record.read": "record.read"; "record.request-correction": "record.request-correction"; "record.correct": "record.correct"; "record.unassign-others": "record.unassign-others"; }>; export declare const RecordScopeV2: z.ZodDiscriminatedUnion<[z.ZodObject<{ type: z.ZodEnum<{ "record.create": "record.create"; "record.declare": "record.declare"; "record.notify": "record.notify"; }>; options: z.ZodOptional, z.ZodOptional>>; placeOfEvent: z.ZodOptional>; }, z.core.$strip>>; }, z.core.$strip>, z.ZodObject<{ type: z.ZodEnum<{ "record.edit": "record.edit"; "record.reject": "record.reject"; "record.archive": "record.archive"; "record.review-duplicates": "record.review-duplicates"; "record.register": "record.register"; }>; options: z.ZodOptional, z.ZodOptional>>; placeOfEvent: z.ZodOptional>; declaredIn: z.ZodOptional>; declaredBy: z.ZodOptional>; }, z.core.$strip>>; }, z.core.$strip>, z.ZodObject<{ type: z.ZodEnum<{ "record.search": "record.search"; "record.read": "record.read"; "record.request-correction": "record.request-correction"; "record.correct": "record.correct"; "record.unassign-others": "record.unassign-others"; }>; options: z.ZodOptional, z.ZodOptional>>; placeOfEvent: z.ZodOptional>; declaredIn: z.ZodOptional>; declaredBy: z.ZodOptional>; registeredIn: z.ZodOptional>; registeredBy: z.ZodOptional>; }, z.core.$strip>>; }, z.core.$strip>, z.ZodObject<{ type: z.ZodLiteral<"record.custom-action">; options: z.ZodOptional, z.ZodOptional>>; placeOfEvent: z.ZodOptional>; declaredIn: z.ZodOptional>; declaredBy: z.ZodOptional>; registeredIn: z.ZodOptional>; registeredBy: z.ZodOptional>; customActionTypes: z.ZodPipe, z.ZodOptional>>; }, z.core.$strip>>; }, z.core.$strip>, z.ZodObject<{ type: z.ZodLiteral<"record.print-certified-copies">; options: z.ZodOptional, z.ZodOptional>>; placeOfEvent: z.ZodOptional>; declaredIn: z.ZodOptional>; declaredBy: z.ZodOptional>; registeredIn: z.ZodOptional>; registeredBy: z.ZodOptional>; templates: z.ZodPipe, z.ZodOptional>>; }, z.core.$strip>>; }, z.core.$strip>], "type">; declare const SystemScopeType: z.ZodEnum<{ "organisation.read-locations": "organisation.read-locations"; "user.read": "user.read"; "user.create": "user.create"; "user.edit": "user.edit"; "user.search": "user.search"; }>; export type SystemScopeType = z.infer; declare const UserScopeType: z.ZodEnum<{ "user.read": "user.read"; "user.create": "user.create"; "user.edit": "user.edit"; "user.search": "user.search"; }>; export type UserScopeType = z.infer; declare const ScopesWithRoleOption: z.ZodEnum<{ "user.create": "user.create"; "user.edit": "user.edit"; }>; export type ScopesWithRoleOption = z.infer; export declare const UserScopeV2: z.ZodDiscriminatedUnion<[z.ZodObject<{ type: z.ZodEnum<{ "user.create": "user.create"; "user.edit": "user.edit"; }>; options: z.ZodOptional>; role: z.ZodOptional, z.ZodOptional>>>; }, z.core.$strip>>; }, z.core.$strip>, z.ZodObject<{ type: z.ZodEnum<{ "user.read": "user.read"; "user.search": "user.search"; }>; options: z.ZodOptional>; }, z.core.$strip>>; }, z.core.$strip>], "type">; export type UserScopeV2 = z.infer; export declare function scopeUsesRoleOptions(scope: UserScopeV2): scope is Extract; export declare function scopeUsesDeclaredOptions(scope: Scope): scope is Extract; }>; export declare function scopeUsesFullOptions(scope: Scope): scope is Extract; }>; export declare function scopeUsesPrintCertifiedCopiesOptions(scope: Scope): scope is Extract; export declare function isCustomActionScope(scope: Scope): scope is Extract; export declare const ResolvedRecordScopeV2: z.ZodDiscriminatedUnion<[z.ZodObject<{ type: z.ZodEnum<{ "record.create": "record.create"; "record.declare": "record.declare"; "record.notify": "record.notify"; }>; options: z.ZodOptional, z.ZodOptional>>; placeOfEvent: z.ZodOptional>>; }, z.core.$strip>>; }, z.core.$strip>, z.ZodObject<{ type: z.ZodEnum<{ "record.edit": "record.edit"; "record.reject": "record.reject"; "record.archive": "record.archive"; "record.review-duplicates": "record.review-duplicates"; "record.register": "record.register"; }>; options: z.ZodOptional, z.ZodOptional>>; placeOfEvent: z.ZodOptional>>; declaredIn: z.ZodOptional>>; declaredBy: z.ZodOptional; }, z.core.$strip>>; }, z.core.$strip>, z.ZodObject<{ type: z.ZodEnum<{ "record.search": "record.search"; "record.read": "record.read"; "record.request-correction": "record.request-correction"; "record.correct": "record.correct"; "record.unassign-others": "record.unassign-others"; }>; options: z.ZodOptional, z.ZodOptional>>; placeOfEvent: z.ZodOptional>>; declaredIn: z.ZodOptional>>; declaredBy: z.ZodOptional; registeredIn: z.ZodOptional>>; registeredBy: z.ZodOptional; }, z.core.$strip>>; }, z.core.$strip>, z.ZodObject<{ type: z.ZodLiteral<"record.print-certified-copies">; options: z.ZodOptional, z.ZodOptional>>; placeOfEvent: z.ZodOptional>>; declaredIn: z.ZodOptional>>; declaredBy: z.ZodOptional; registeredIn: z.ZodOptional>>; registeredBy: z.ZodOptional; templates: z.ZodOptional>; }, z.core.$strip>>; }, z.core.$strip>], "type">; export type RecordScopeV2 = z.infer; export type ResolvedRecordScopeV2 = z.infer; /** The primary scope schema which gathers all scope types together. All scopes are discriminated by type and options are determined according to the type. */ export declare const Scope: z.ZodDiscriminatedUnion<[z.ZodObject<{ type: z.ZodEnum<{ bypassratelimit: "bypassratelimit"; "record.reindex": "record.reindex"; "user.data-seeding": "user.data-seeding"; "integration.create": "integration.create"; "record.import": "record.import"; "config.update-all": "config.update-all"; "attachment.upload": "attachment.upload"; "profile.electronic-signature": "profile.electronic-signature"; "user.read-only-my-audit": "user.read-only-my-audit"; "performance.read": "performance.read"; "performance.read-dashboards": "performance.read-dashboards"; "performance.vital-statistics-export": "performance.vital-statistics-export"; "record.confirm-registration": "record.confirm-registration"; "record.reject-registration": "record.reject-registration"; }>; }, z.core.$strip>, z.ZodObject<{ type: z.ZodEnum<{ "record.create": "record.create"; "record.declare": "record.declare"; "record.notify": "record.notify"; }>; options: z.ZodOptional, z.ZodOptional>>; placeOfEvent: z.ZodOptional>; }, z.core.$strip>>; }, z.core.$strip>, z.ZodObject<{ type: z.ZodEnum<{ "record.edit": "record.edit"; "record.reject": "record.reject"; "record.archive": "record.archive"; "record.review-duplicates": "record.review-duplicates"; "record.register": "record.register"; }>; options: z.ZodOptional, z.ZodOptional>>; placeOfEvent: z.ZodOptional>; declaredIn: z.ZodOptional>; declaredBy: z.ZodOptional>; }, z.core.$strip>>; }, z.core.$strip>, z.ZodObject<{ type: z.ZodEnum<{ "record.search": "record.search"; "record.read": "record.read"; "record.request-correction": "record.request-correction"; "record.correct": "record.correct"; "record.unassign-others": "record.unassign-others"; }>; options: z.ZodOptional, z.ZodOptional>>; placeOfEvent: z.ZodOptional>; declaredIn: z.ZodOptional>; declaredBy: z.ZodOptional>; registeredIn: z.ZodOptional>; registeredBy: z.ZodOptional>; }, z.core.$strip>>; }, z.core.$strip>, z.ZodObject<{ type: z.ZodLiteral<"record.custom-action">; options: z.ZodOptional, z.ZodOptional>>; placeOfEvent: z.ZodOptional>; declaredIn: z.ZodOptional>; declaredBy: z.ZodOptional>; registeredIn: z.ZodOptional>; registeredBy: z.ZodOptional>; customActionTypes: z.ZodPipe, z.ZodOptional>>; }, z.core.$strip>>; }, z.core.$strip>, z.ZodObject<{ type: z.ZodLiteral<"record.print-certified-copies">; options: z.ZodOptional, z.ZodOptional>>; placeOfEvent: z.ZodOptional>; declaredIn: z.ZodOptional>; declaredBy: z.ZodOptional>; registeredIn: z.ZodOptional>; registeredBy: z.ZodOptional>; templates: z.ZodPipe, z.ZodOptional>>; }, z.core.$strip>>; }, z.core.$strip>, z.ZodObject<{ type: z.ZodEnum<{ "user.create": "user.create"; "user.edit": "user.edit"; }>; options: z.ZodOptional>; role: z.ZodOptional, z.ZodOptional>>>; }, z.core.$strip>>; }, z.core.$strip>, z.ZodObject<{ type: z.ZodEnum<{ "user.read": "user.read"; "user.search": "user.search"; }>; options: z.ZodOptional>; }, z.core.$strip>>; }, z.core.$strip>, z.ZodObject<{ type: z.ZodLiteral<"organisation.read-locations">; options: z.ZodOptional>; }, z.core.$strip>>; }, z.core.$strip>, z.ZodObject<{ type: z.ZodLiteral<"workqueue">; options: z.ZodObject<{ ids: z.ZodPipe, z.ZodArray>; }, z.core.$strip>; }, z.core.$strip>, z.ZodObject<{ type: z.ZodLiteral<"dashboard.view">; options: z.ZodObject<{ ids: z.ZodPipe, z.ZodArray>; }, z.core.$strip>; }, z.core.$strip>], "type">; export type Scope = z.infer; export declare const ScopeType: z.ZodEnum<{ "record.search": "record.search"; "record.create": "record.create"; "record.read": "record.read"; "record.declare": "record.declare"; "record.notify": "record.notify"; "record.edit": "record.edit"; "record.reject": "record.reject"; "record.archive": "record.archive"; "record.review-duplicates": "record.review-duplicates"; "record.register": "record.register"; "record.print-certified-copies": "record.print-certified-copies"; "record.request-correction": "record.request-correction"; "record.correct": "record.correct"; "record.unassign-others": "record.unassign-others"; "record.custom-action": "record.custom-action"; bypassratelimit: "bypassratelimit"; "record.reindex": "record.reindex"; "user.data-seeding": "user.data-seeding"; "integration.create": "integration.create"; "record.import": "record.import"; "config.update-all": "config.update-all"; "attachment.upload": "attachment.upload"; "profile.electronic-signature": "profile.electronic-signature"; "user.read-only-my-audit": "user.read-only-my-audit"; "performance.read": "performance.read"; "performance.read-dashboards": "performance.read-dashboards"; "performance.vital-statistics-export": "performance.vital-statistics-export"; "record.confirm-registration": "record.confirm-registration"; "record.reject-registration": "record.reject-registration"; "organisation.read-locations": "organisation.read-locations"; "user.read": "user.read"; "user.create": "user.create"; "user.edit": "user.edit"; "user.search": "user.search"; workqueue: "workqueue"; "dashboard.view": "dashboard.view"; }>; export type ScopeType = z.infer; /** * Branded encoded scope string, in query string format. * */ export declare const EncodedScope: z.core.$ZodBranded; export type EncodedScope = z.infer; /** * Encodes a scope object into an EncodedScope branded query string. * * * @param scope - The scope object to encode. * @returns The encoded scope as a branded string (`EncodedScope`). */ export declare const encodeScope: (scope: Scope) => EncodedScope; /** * Converts an encoded scope string into a scope object. * * @param scope - The encoded scope string to decode. * @returns The decoded scope object. */ export declare const decodeScope: (encodedScope: EncodedScope) => { type: "record.create" | "record.declare" | "record.notify"; options?: { event?: string[] | undefined; placeOfEvent?: "administrativeArea" | "location" | "all" | undefined; } | undefined; } | { type: "record.edit" | "record.reject" | "record.archive" | "record.review-duplicates" | "record.register"; options?: { event?: string[] | undefined; placeOfEvent?: "administrativeArea" | "location" | "all" | undefined; declaredIn?: "administrativeArea" | "location" | "all" | undefined; declaredBy?: "user" | undefined; } | undefined; } | { type: "record.search" | "record.read" | "record.request-correction" | "record.correct" | "record.unassign-others"; options?: { event?: string[] | undefined; placeOfEvent?: "administrativeArea" | "location" | "all" | undefined; declaredIn?: "administrativeArea" | "location" | "all" | undefined; declaredBy?: "user" | undefined; registeredIn?: "administrativeArea" | "location" | "all" | undefined; registeredBy?: "user" | undefined; } | undefined; } | { type: "record.custom-action"; options?: { event?: string[] | undefined; placeOfEvent?: "administrativeArea" | "location" | "all" | undefined; declaredIn?: "administrativeArea" | "location" | "all" | undefined; declaredBy?: "user" | undefined; registeredIn?: "administrativeArea" | "location" | "all" | undefined; registeredBy?: "user" | undefined; customActionTypes?: string[] | undefined; } | undefined; } | { type: "record.print-certified-copies"; options?: { event?: string[] | undefined; placeOfEvent?: "administrativeArea" | "location" | "all" | undefined; declaredIn?: "administrativeArea" | "location" | "all" | undefined; declaredBy?: "user" | undefined; registeredIn?: "administrativeArea" | "location" | "all" | undefined; registeredBy?: "user" | undefined; templates?: string[] | undefined; } | undefined; } | { type: "user.create" | "user.edit"; options?: { accessLevel?: "administrativeArea" | "location" | "all" | undefined; role?: string[] | undefined; } | undefined; } | { type: "user.read" | "user.search"; options?: { accessLevel?: "administrativeArea" | "location" | "all" | undefined; } | undefined; } | { type: "bypassratelimit" | "record.reindex" | "user.data-seeding" | "integration.create" | "record.import" | "config.update-all" | "attachment.upload" | "profile.electronic-signature" | "user.read-only-my-audit" | "performance.read" | "performance.read-dashboards" | "performance.vital-statistics-export" | "record.confirm-registration" | "record.reject-registration"; } | { type: "organisation.read-locations"; options?: { accessLevel?: "administrativeArea" | "location" | "all" | undefined; } | undefined; } | { type: "workqueue"; options: { ids: string[]; }; } | { type: "dashboard.view"; options: { ids: string[]; }; } | undefined; /** * Function to get the value of a scope option (aka. scope attribute) * * @param scope - The scope to get the value of the option from. * @param option - The option to get the value of. * @returns The value of the scope option. Will return the default value if the option is not set. */ export declare function getScopeOptionValue(scope: Scope, option: T): AllScopeOptions[T] | undefined; export declare function getAcceptedScopesByType({ acceptedScopes, scopes }: { acceptedScopes: ScopeType[]; scopes: EncodedScope[]; }): Scope[]; /** * Checks if the provided scopes or token contain any of the accepted scopes. * * Overloads: * - `hasAnyScope(token, scopes)` → extracts scopes from a token * - `hasAnyScope(scopes, scopes)` → checks directly from a scope array */ /** * Checks if the provided token contains any of the accepted scopes. * * @param {string} token - The authentication JWT token. * @param {ScopeType[]} scopes - An array of scope types to check for. * @returns {boolean} True if the token contains at least one of the accepted scopes, false otherwise. */ export declare function hasAnyScope(token: string, scopes: ScopeType[]): boolean; /** * Checks if the provided array of scopes contains any of the accepted scopes. * * @param {EncodedScope[]} userScopes - Array of scopes to check. * @param {ScopeType[]} scopes - An array of scope types to check for. * @returns {boolean} True if the scope list contains at least one of the accepted scopes. */ export declare function hasAnyScope(userScopes: EncodedScope[], scopes: ScopeType[]): boolean; /** * Checks whether a scope exists either inside a JWT token or * within a provided list of scopes. * * Overloads: * - `hasScope(token, scope)` → extracts scopes from a token * - `hasScope(scopes, scope)` → checks directly from a scope array */ /** * Checks if the provided token contains the given scope. * * @param token - The authentication JWT token. * @param scope - The scope type to check for. * @returns True if the token contains the specified scope. */ export declare function hasScope(token: string, scope: ScopeType): boolean; /** * Checks if the provided list of scopes contains the given scope. * * @param scopes - Array of scopes to check. * @param scope - The scope type to check for. * @returns True if the scope list contains the specified scope. */ export declare function hasScope(scopes: EncodedScope[], scope: ScopeType): boolean; /** * Checks if the given event type is allowed by the accepted scopes. If no specific event types are defined, it returns true. * * @param {Scope[]} userScopes - The scopes of the user. * @param {string} eventType - The event type to check for permission. * @returns {boolean} Returns true if the event type is allowed by the scope. */ export declare function canUserCreateEvent(userScopes: EncodedScope[], eventType: string): boolean; /** * Helper for defining scopes for user roles. Should be used in country config. * * @param scopes Array of scopes in object format. * @returns Array of scopes in string format, encoded for use in JWT tokens. */ export declare function defineScopes(scopes: Scope[]): (string & z.core.$brand<"EncodedScope">)[]; /** * Helper for defining user roles. Should be used in country config. * * @param roles Array of roles in object format. */ export declare function defineRoles(roles: Role[]): { id: string; scopes: (string & z.core.$brand<"EncodedScope">)[]; }[]; export {}; //# sourceMappingURL=scopes.d.ts.map