using Microsoft.AspNetCore.Authorization;
using Microsoft.Extensions.DependencyInjection;

namespace ScadaLink.Security;

public static class AuthorizationPolicies
{
    public const string RequireAdmin = "RequireAdmin";
    public const string RequireDesign = "RequireDesign";
    public const string RequireDeployment = "RequireDeployment";

    public static IServiceCollection AddScadaLinkAuthorization(this IServiceCollection services)
    {
        services.AddAuthorization(options =>
        {
            options.AddPolicy(RequireAdmin, policy =>
                policy.RequireClaim(JwtTokenService.RoleClaimType, "Admin"));

            options.AddPolicy(RequireDesign, policy =>
                policy.RequireClaim(JwtTokenService.RoleClaimType, "Design"));

            options.AddPolicy(RequireDeployment, policy =>
                policy.RequireClaim(JwtTokenService.RoleClaimType, "Deployment"));
        });

        services.AddSingleton<IAuthorizationHandler, SiteScopeAuthorizationHandler>();

        return services;
    }
}