using System.Collections.Generic;

namespace ZB.MOM.WW.OtOpcUa.Host.Domain
{
    /// <summary>
    ///     Pluggable interface for validating user credentials. Implement for different backing stores (config file, LDAP,
    ///     etc.).
    /// </summary>
    public interface IUserAuthenticationProvider
    {
        /// <summary>
        ///     Validates a username/password combination.
        /// </summary>
        bool ValidateCredentials(string username, string password);
    }

    /// <summary>
    ///     Extended interface for providers that can resolve application-level roles for authenticated users.
    ///     When the auth provider implements this interface, OnImpersonateUser uses the returned roles
    ///     to control write and alarm-ack permissions.
    /// </summary>
    public interface IRoleProvider
    {
        /// <summary>
        ///     Returns the set of application-level roles granted to the user.
        /// </summary>
        IReadOnlyList<string> GetUserRoles(string username);
    }

    /// <summary>
    ///     Well-known application-level role names used for permission enforcement.
    /// </summary>
    public static class AppRoles
    {
        public const string ReadOnly = "ReadOnly";
        public const string WriteOperate = "WriteOperate";
        public const string WriteTune = "WriteTune";
        public const string WriteConfigure = "WriteConfigure";
        public const string AlarmAck = "AlarmAck";
    }
}