import { ACSClientContext, AuthZAction, AuthZContext, AuthZTarget, AuthZWhatIsAllowedTarget, DecisionResponse, IAuthZ, NoAuthTarget, NoAuthWhatIsAllowedTarget, PolicySetRQResponse, Request, ACSResource } from './interfaces.js';
import { AccessControlServiceClient } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/access_control.js';
import { Attribute } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/attribute.js';
import { Subject, DeepPartial } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/auth.js';
import { Logger } from '@restorecommerce/logger';
export declare type Authorizer = ACSAuthZ;
export declare let authZ: Authorizer;
export declare let unauthZ: UnAuthZ;
export declare const createActionTarget: (action: any) => Attribute[];
export declare const createSubjectTarget: (subject: DeepPartial<Subject>) => Attribute[];
export declare const createResourceTarget: (resource: ACSResource[], action: AuthZAction) => Attribute[];
export declare class UnAuthZ implements IAuthZ {
    acs: AccessControlServiceClient;
    /**
     *
     * @param acs Access Control Service definition (gRPC)
     */
    constructor(acs: AccessControlServiceClient);
    private encode;
    isAllowed(request: Request<NoAuthTarget, AuthZContext>, ctx: ACSClientContext, useCache: boolean): Promise<DecisionResponse>;
    whatIsAllowed(request: Request<AuthZWhatIsAllowedTarget | NoAuthWhatIsAllowedTarget, AuthZContext>, ctx: ACSClientContext, useCache: boolean): Promise<PolicySetRQResponse>;
}
/**
 * General authorizer. Marshalls data and requests access to the Access Control Service (ACS).
 */
export declare class ACSAuthZ implements IAuthZ {
    acs: AccessControlServiceClient;
    /**
     *
     * @param acs Access Control Service definition (gRPC)
     */
    constructor(acs: AccessControlServiceClient, ids?: any);
    /**
     * Perform request to access-control-srv
     * @param request - authZRequest containing subject, resources and action
     * @param useCache
     * @returns {DecisionResponse}
     */
    isAllowed(request: Request<AuthZTarget, AuthZContext>, ctx: ACSClientContext, useCache: boolean): Promise<DecisionResponse>;
    /**
    * Perform request to access-control-srv
    * @param request - authZRequest containing subject, resource and action
    * @returns {PolicySetRQ}
    * @param resource
    */
    whatIsAllowed(request: Request<AuthZWhatIsAllowedTarget, AuthZContext>, ctx: ACSClientContext, useCache: boolean): Promise<PolicySetRQResponse>;
    private encode;
    prepareRequest(request: Request<AuthZTarget | AuthZWhatIsAllowedTarget, AuthZContext>): any;
}
export declare const initAuthZ: (config?: any, logger?: Logger) => Promise<void | ACSAuthZ>;
//# sourceMappingURL=authz.d.ts.map