ROLAC/API/ROLAC.API/Authorization/Modules.cs

namespace ROLAC.API.Authorization;

/// <summary>
/// Canonical list of permission-controlled modules. The names are stored verbatim
/// in <see cref="Entities.RolePermission.Module"/> and used in <c>[HasPermission]</c>
/// attributes, so changing a string here is a breaking change requiring a data update.
/// </summary>
public static class Modules
{
    public const string Members           = "Members";
    public const string Users             = "Users";
    public const string Givings           = "Givings";
    public const string GivingCategories  = "GivingCategories";
    public const string Expenses          = "Expenses";
    public const string ExpenseCategories = "ExpenseCategories";
    public const string OfferingSessions  = "OfferingSessions";
    public const string Ministries        = "Ministries";
    public const string FinanceDashboard  = "FinanceDashboard";
    public const string MonthlyStatements = "MonthlyStatements";
    public const string ChurchProfile     = "ChurchProfile";
    public const string Disbursements     = "Disbursements";
    public const string MealAttendance    = "MealAttendance";
    public const string Permissions       = "Permissions";
    public const string SystemLogs        = "SystemLogs";
    public const string AuditLogs         = "AuditLogs";
    public const string Settings          = "Settings";

    /// <summary>All modules, in display order — drives the admin matrix UI.</summary>
    public static readonly IReadOnlyList<string> All =
    [
        Members,
        Users,
        Givings,
        GivingCategories,
        Expenses,
        ExpenseCategories,
        OfferingSessions,
        Ministries,
        FinanceDashboard,
        MonthlyStatements,
        ChurchProfile,
        Disbursements,
        MealAttendance,
        Permissions,
        SystemLogs,
        AuditLogs,
        Settings,
    ];

    public static bool IsValid(string module) => All.Contains(module);
}

/// <summary>
/// The four actions a role can be granted on a module. The default HTTP-verb mapping
/// is GET→Read, POST/PUT/PATCH→Write, DELETE→Delete; "Approve" is applied explicitly
/// to state-transition endpoints (approve / finalize / issue / sign, etc.).
/// </summary>
public static class PermissionActions
{
    public const string Read    = "Read";
    public const string Write   = "Write";
    public const string Delete  = "Delete";
    public const string Approve = "Approve";

    public static readonly IReadOnlyList<string> All = [Read, Write, Delete, Approve];

    public static bool IsValid(string action) => All.Contains(action);
}