namespace ZB.MOM.WW.OtOpcUa.Admin.Services;

/// <summary>
///     The three admin roles per <c>admin-ui.md</c> §"Admin Roles" — mapped from LDAP groups at
///     sign-in. Each role has a fixed set of capabilities (cluster CRUD, draft → publish, fleet
///     admin). The ACL-driven runtime permissions (<c>NodePermissions</c>) govern OPC UA clients;
///     these roles govern the Admin UI itself.
/// </summary>
public static class AdminRoles
{
    public const string ConfigViewer = "ConfigViewer";
    public const string ConfigEditor = "ConfigEditor";
    public const string FleetAdmin = "FleetAdmin";

    public static IReadOnlyList<string> All => [ConfigViewer, ConfigEditor, FleetAdmin];
}