package ports

import (
	"Yimaru-Backend/internal/domain"
	"context"
)

type RBACStore interface {
	CreateRole(ctx context.Context, name, description string, isSystem bool) (domain.RoleRecord, error)
	GetRoleByID(ctx context.Context, id int64) (domain.RoleRecord, error)
	GetRoleByName(ctx context.Context, name string) (domain.RoleRecord, error)
	ListRoles(ctx context.Context, filter domain.RoleListFilter) ([]domain.RoleRecord, int64, error)
	UpdateRole(ctx context.Context, id int64, name, description string) error
	DeleteRole(ctx context.Context, id int64) error

	UpsertPermission(ctx context.Context, seed domain.PermissionSeed) (domain.Permission, error)
	ListPermissions(ctx context.Context) ([]domain.Permission, error)
	ListPermissionGroups(ctx context.Context) ([]string, error)
	GetPermissionByKey(ctx context.Context, key string) (domain.Permission, error)

	SetRolePermissions(ctx context.Context, roleID int64, permissionIDs []int64) error
	// AddRolePermissions inserts permissions into role without removing existing ones.
	// It is safe to call repeatedly (idempotent) as it relies on ON CONFLICT DO NOTHING.
	AddRolePermissions(ctx context.Context, roleID int64, permissionIDs []int64) error
	GetRolePermissions(ctx context.Context, roleID int64) ([]domain.Permission, error)

	GetAllRolesWithPermissions(ctx context.Context) (map[string]map[string]struct{}, error)
}