using System.Security.Claims;
using Microsoft.Extensions.Options;
using MxGateway.Server.Configuration;

namespace MxGateway.Server.Dashboard;

public sealed class DashboardApiKeyAuthorization(IOptions<GatewayOptions> options)
{
    public bool CanManage(ClaimsPrincipal user)
    {
        if (user.Identity?.IsAuthenticated != true)
        {
            return false;
        }

        string requiredGroup = options.Value.Ldap.RequiredGroup;
        IEnumerable<string> groups = user.FindAll(DashboardAuthenticationDefaults.LdapGroupClaimType)
            .Select(claim => claim.Value);

        return DashboardAuthenticator.IsMemberOfRequiredGroup(groups, requiredGroup);
    }
}