using Connected.Data;

namespace Connected.Security.Permissions;

/// <summary>
/// Specifies the state of each permission entry.
/// </summary>
public enum PermissionValue
{
	/// <summary>
	/// Permission is not set on the entry. This is a default value
	/// of each permission entry.
	/// </summary>
	NotSet = 0,
	/// <summary>
	/// Evidence does have a claim for the specified resource.
	/// </summary>
	Allow = 1,
	/// <summary>
	/// Evidence does not have a claim for the specified resource.
	/// </summary>
	Deny = 2
}
/// <summary>
/// Represents the permission entry for the specific resource.
/// </summary>
/// <remarks>
/// Environment's assets are protected by <see cref="IApiAuthorizationMiddleware"/>. The implementation of each
/// policy is based on the <see cref="AuthorizationAttribute{TPolicy}"/> which usually provides the Action,
/// which can be set to assets. The most common assets are <see cref="Sys.Api.IApiService"/> methods. Assets or 
/// <see cref="Component"/> define the <see cref="Method"/> which along with Action represents the basics of the permission.
/// The <see cref="IApiAuthorizationMiddleware"/> implementation contains the logic what claims are needed to perform each action. Additionally,
/// policy tipically provides a set of claims on which permissions can be set. Permissions are based on descriptors, which can be
/// User, Role or any other registered implementation of the <see cref="IPermissionDescriptor"/> interface. Descriptor provides a set of
/// schemas, usually users and roles and that concludes the permission's component model.
/// </remarks>
public interface IPermission : IPrimaryKey<int>
{
	/// <summary>
	/// The id of the evidence to which permission is bound to. This is
	/// typically provided by <see cref="IAuthorizationMiddleware"/>.
	/// </summary>
	string Evidence { get; }
	/// <summary>
	/// The type of the evidence to which permission is bound to. This is 
	/// typically provided by <see cref="IAuthorizationMiddleware"/>.
	/// </summary>
	string Schema { get; }
	/// <summary>
	/// The claim to which permission is bound to. This is typically 
	/// provided by <see cref="IApiAuthorizationMiddleware"/>.
	/// </summary>
	string Claim { get; }
	/// <summary>
	/// The primary key of the entity. Can be null if permission is not record based.
	/// </summary>
	string? PrimaryKey { get; }
	/// <summary>
	/// The entity to which permission is bound to. Can be null if permission is 
	/// environment wide and not bound to a specific entity.
	/// </summary>
	string? Entity { get; }
	/// <summary>
	/// The actual value of the permission.
	/// </summary>
	PermissionValue Value { get; }
	/// <summary>
	/// The component to which permission is bound to. This is important for advanced
	/// permission models, for example where admins require the specific permission to be
	/// set on a specific service method but the policy is shared between many different
	/// services.
	/// </summary>
	string? Component { get; }
	/// <summary>
	/// The component's method for advanced permission models.
	/// </summary>
	string? Method { get; }
}