namespace ROLAC.API.DTOs.Permissions;

/// <summary>Effective action flags for one module (union across a user's roles).</summary>
public class ModuleActions
{
    public bool Read    { get; set; }
    public bool Write   { get; set; }
    public bool Delete  { get; set; }
    public bool Approve { get; set; }

    public bool Any => Read || Write || Delete || Approve;
}

/// <summary>One module's grant for a single role — used in the admin matrix and updates.</summary>
public class ModulePermissionDto
{
    public string Module     { get; set; } = null!;
    public bool   CanRead    { get; set; }
    public bool   CanWrite   { get; set; }
    public bool   CanDelete  { get; set; }
    public bool   CanApprove { get; set; }
}

/// <summary>One role's full row in the admin matrix (every module, dense).</summary>
public class RolePermissionRow
{
    public string  RoleName     { get; set; } = null!;
    public string? Description   { get; set; }
    /// <summary>super_admin is shown read-only/full — it bypasses the matrix.</summary>
    public bool    IsSuperAdmin { get; set; }
    public List<ModulePermissionDto> Modules { get; set; } = [];
}

/// <summary>GET /api/permissions — the whole matrix plus the catalog for grid headers.</summary>
public class PermissionMatrixDto
{
    public IReadOnlyList<string> AllModules { get; set; } = [];
    public IReadOnlyList<string> AllActions { get; set; } = [];
    public List<RolePermissionRow> Roles    { get; set; } = [];
}

/// <summary>GET /api/permissions/catalog — module + action names for building the UI.</summary>
public class PermissionCatalogDto
{
    public IReadOnlyList<string> Modules { get; set; } = [];
    public IReadOnlyList<string> Actions { get; set; } = [];
}

/// <summary>PUT /api/permissions/{roleName} — replaces a role's grants.</summary>
public class UpdateRolePermissionsRequest
{
    public List<ModulePermissionDto> Modules { get; set; } = [];
}