using System.Security.Claims;

namespace ZB.MOM.WW.MxGateway.Server.Dashboard;

public sealed class DashboardApiKeyAuthorization
{
    /// <summary>Determines whether the user can manage API keys.</summary>
    /// <param name="user">The authenticated user principal.</param>
    /// <returns>True if the user is an authenticated admin; otherwise false.</returns>
    public bool CanManage(ClaimsPrincipal user)
    {
        if (user.Identity?.IsAuthenticated != true)
        {
            return false;
        }

        return user.IsInRole(DashboardRoles.Admin);
    }
}