import { GraphqlClient } from './../common/GraphqlClient'; import { ManagementTokenProvider } from './ManagementTokenProvider'; import { ManagementClientOptions } from './types'; import { PaginatedPolicies, PolicyAssignmentTargetType, PolicyStatement, Policy, CommonMessage, PaginatedPolicyAssignments } from '../../types/graphql.v2'; import { DeepPartial } from '../../types/index'; /** * @class PoliciesManagementClient Management strategy * @name PoliciesManagementClient * @description The core of Approw's access control and authority management model is designed around two points: **Resource** and **Policy**. A policy defines a certain operation authority(s) for a certain resource (class). By authorizing the policy to a user (or role), you can know whether the user (or role) has operation authority for a certain operation of a resource . * * This module can be used to add, delete, modify, and check policies, and manage policy authorization. Policies can be granted to users or roles. For details, please see https://docs.approw.co/docs/access-control/index.html * * @example * * Please use the module in the following ways: * \`\`\`javascript * import { ManagementClient } from "appow-js-sdk" * const managementClient = new ManagementClient({ * userPoolId: "YOUR_USERPOOL_ID", * secret: "YOUR_USERPOOL_SECRET", * }) * managementClient.policies.list // Get a list of strategies * managementClient.policies.create // Create strategy * managementClient.policies.listUsers // Obtain policy authorization records * \`\`\` * */ export declare class PoliciesManagementClient { options: ManagementClientOptions; graphqlClient: GraphqlClient; tokenProvider: ManagementTokenProvider; constructor(options: ManagementClientOptions, graphqlClient: GraphqlClient, tokenProvider: ManagementTokenProvider); /** * @name create * @name_zh Create strategy * @description Create strategy * * @param {string} code Strategy Unique Mark * @param {PolicyStatement[]} Strategy statement, detailed format and description, please see https://docs.approw.co/docs/access-control/index.html * @param {string} [description] Description * * @example * * import { PolicyEffect } from "appow-js-sdk" * * const statements = [ * { * resource: 'books:123', * effect: PolicyEffect.Allow, * actions: ['books:edit'] * } * ]; * * const policy = await managementClient.policies.create(code, statements); * * @returns {Promise>} * @memberof PoliciesManagementClient */ create({ code, statements, description, namespace }: { code: string; statements: PolicyStatement[]; description?: string; namespace?: string; }): Promise>; /** * @name delete * @name_zh Delete strategy * @description Delete strategy. The built-in strategy of the system is officially maintained by Approw and cannot be modified or deleted. * * @example * * const { code, message } = await managementClient.policies.delete("CODE"); // 通过 code 是否为 200 判断操作是否成功 * * * @param {string} code Strategy Unique Mark * @returns {Promise} * @memberof PoliciesManagementClient * */ delete(code: string, namespace?: string): Promise; /** * @name deleteMany * @name_zh Batch delete strategy * @description Batch delete strategy, the system built-in strategy is officially maintained by Approw and cannot be modified or deleted. * * @example * * const { code, message } = await managementClient.policies.deleteMany(["CODE"]); // Judge whether the operation is successful by whether the code is 200 * * * @param {string} codeList List of Strategy Unique Flags * @returns {Promise} * @memberof PoliciesManagementClient * */ deleteMany(codeList: string[], namespace?: string): Promise; /** * @name update * @name_zh Update strategy * @description Update strategy, the system built-in strategy is officially maintained by Approw and cannot be modified or deleted. * * @param {string} code Strategy Unique Mark * @param {Object} updates * @param {string} [updates.description] Description * @param {PolicyStatement[]} [updates.statements] Policy statement, detailed format and description, please see https://docs.approw.co/docs/access-control/index.html * @param {string} [updates.newCode] If the new unique sign is passed in, it must be guaranteed to be unique in the user pool. * * @example * * const policy = await managementClient.policies.update('CODE', { newCode: 'NEWCODE' }); * * @returns {Promise>} * @memberof PoliciesManagementClient * */ update(code: string, updates: { statements?: PolicyStatement[]; description?: string; newCode?: string; namespace?: string; }): Promise>; /** * @name detail * @name_zh Get policy details * @description Get policy details * * @param {string} code Strategy Unique Mark * * const policy = await managementClient.policies.detail('CODE'); * * @returns {Promise>} * @memberof PoliciesManagementClient */ detail(code: string, namespace?: string): Promise>; /** * @name list * @name_zh Get a list of strategies * @description Get a list of strategies * * @param {Object} options * @param {number} [options.page=1] * @param {number} [options.limit=10] * @param {number} [options.namespace='default'] Permission group * @param {boolean} [options.excludeDefault=true] Whether to exclude system default resources * * @example * * const { list, totalCount } = await managementClient.policies.list({ * excludeDefault: false // Contains system default policies * }); * * @returns {Promise>} * @memberof PoliciesManagementClient */ list(options?: { page?: number; limit?: number; namespace?: string; }): Promise>; /** * @name listAssignments * @name_zh Obtain policy authorization records * @description Obtain policy authorization records * * @param {string} code Strategy Unique Mark * @param {number} [page=1] * @param {number} [limit=10] * * @example * * const { totalCount, list } = await managementClient.policies.listAssignments("CODE"); * * // list data example * *[ * { * code: "PolicyCode", // Strategy Unique Mark * targetType: 'USER', // 'USER' is user, 'ROLE' is role * targetIdentifier: '5f8812866795cc0026352fc5' // user ID or role code * }, * { * code: "PolicyCode", // Strategy Unique Mark * targetType: 'ROLE', // 'USER' is user, 'ROLE' is role * targetIdentifier: 'ROLE_CODE' // user ID or role code * } *] * * @returns {Promise} * @memberof PoliciesManagementClient */ listAssignments({ code, namespace, page, limit }: { code: string; namespace?: string; page?: number; limit?: number; }): Promise; /** * @name addAssignments * @name_zh Add policy authorization * @description Add policy authorization, you can authorize the policy to users and roles, and the policy authorized to the role will be inherited by all users under the role. This interface can perform batch operations. * * @param {string[]} policies Strategy code list * @param {PolicyAssignmentTargetType} targetType Optional values ​​are USER (user) and ROLE (role) * @param {string[]} targetIdentifiers User id list and role code list * * @example * * import { PolicyAssignmentTargetType } from "appow-js-sdk" * * await managementClient.policies.addAssignments( * ["code1", "code2"], * PolicyAssignmentTargetType.User, * ['USERID'] * ); * * await managementClient.policies.addAssignments( * ["code1", "code2"], * PolicyAssignmentTargetType.Role, * ['ROLE_CODE'] * ); * * @returns {Promise} * @memberof PoliciesManagementClient */ addAssignments(policies: string[], targetType: PolicyAssignmentTargetType, targetIdentifiers: string[], options?: { inheritByChildren?: boolean; namespace?: string; }): Promise; /** * @name removeAssignments * @name_zh Revoke policy authorization * @description To revoke policy authorization, batch operations can be performed on this interface. * * @param {string[]} policies Strategy code list * @param {PolicyAssignmentTargetType} targetType Optional values ​​are USER (user) and ROLE (role) * @param {string[]} targetIdentifiers User id list and role code list * * @example * * import { PolicyAssignmentTargetType } from "appow-js-sdk" * * await managementClient.policies.removeAssignments( * ["code1", "code2"], * PolicyAssignmentTargetType.User, * ['USERID'] * ); * * await managementClient.policies.removeAssignments( * ["code1", "code2"], * PolicyAssignmentTargetType.Role, * ['ROLE_CODE'] * ); * * @returns {Promise} * @memberof PoliciesManagementClient */ removeAssignments(policies: string[], targetType: PolicyAssignmentTargetType, targetIdentifiers: string[], namespace?: string): Promise; /** * @name enableAssignment * @name_zh Set the policy authorization status to open * @description Enable authorization, the policy authorization in the inactive state will not take effect * * @param {string} policy Strategy code * @param {PolicyAssignmentTargetType} targetType Optional values ​​are USER (user), ROLE (role), GROUP (group), ORG (organization) * @param {string} targetIdentifier User id, role code, group code, organization node ID * * @example * * import { PolicyAssignmentTargetType } from "appow-js-sdk" * * await managementClient.policies.enableAssignment( * "code1", * PolicyAssignmentTargetType.User, * 'USERID' * ); * * @returns {Promise} * @memberof PoliciesManagementClient */ enableAssignment(policy: string, targetType: PolicyAssignmentTargetType, targetIdentifier: string, namespace?: string): Promise; /** * @name disableAssignment * @name_zh Set the policy authorization status to off * @description Disable policy authorization, the policy authorization in the inactive state will not take effect * * @param {string} policy Strategy code * @param {PolicyAssignmentTargetType} targetType Optional values ​​are USER (user), ROLE (role), GROUP (group), ORG (organization) * @param {string} targetIdentifier User id, role code, group code, organization node ID * * @example * * import { PolicyAssignmentTargetType } from "appow-js-sdk" * * await managementClient.policies.disableAssignment( * "code1", * PolicyAssignmentTargetType.User, * 'USERID' * ); * * @returns {Promise} * @memberof PoliciesManagementClient */ disableAssignment(policy: string, targetType: PolicyAssignmentTargetType, targetIdentifier: string, namespace?: string): Promise; }