package auth

import "github.com/orchard9/rdev/internal/domain"

// Scope is an alias for domain.Scope.
// All scope constants, helpers, and validation live in domain/apikey.go.
type Scope = domain.Scope

// Re-exported scope constants for backward compatibility.
// Consumers should migrate to domain.ScopeXxx over time.
const (
	ScopeProjectsRead    = domain.ScopeProjectsRead
	ScopeProjectsExecute = domain.ScopeProjectsExecute
	ScopeKeysRead        = domain.ScopeKeysRead
	ScopeKeysWrite       = domain.ScopeKeysWrite
	ScopeAuditRead       = domain.ScopeAuditRead
	ScopeQueueRead       = domain.ScopeQueueRead
	ScopeQueueWrite      = domain.ScopeQueueWrite
	ScopeWebhookRead     = domain.ScopeWebhookRead
	ScopeWebhookWrite    = domain.ScopeWebhookWrite
	ScopeWorkersRead     = domain.ScopeWorkersRead
	ScopeWorkersWrite    = domain.ScopeWorkersWrite
	ScopeBuildRead       = domain.ScopeBuildRead
	ScopeBuildWrite      = domain.ScopeBuildWrite
	ScopeVerifyRead      = domain.ScopeVerifyRead
	ScopeVerifyWrite     = domain.ScopeVerifyWrite
	ScopeSessionsRead    = domain.ScopeSessionsRead
	ScopeSessionsExecute = domain.ScopeSessionsExecute
	ScopeAdmin           = domain.ScopeAdmin
)

// Re-exported scope helpers for backward compatibility.
var (
	AllScopes         = domain.AllScopes
	ScopeDescriptions = domain.ScopeDescriptions
)

// ScopesFromStrings converts string slice to Scope slice.
func ScopesFromStrings(ss []string) []Scope {
	return domain.ScopesFromStrings(ss)
}

// ScopesToStrings converts Scope slice to string slice.
func ScopesToStrings(scopes []Scope) []string {
	return domain.ScopesToStrings(scopes)
}

// ValidateScopes checks if all scopes are valid.
func ValidateScopes(scopes []Scope) bool {
	return domain.ValidateScopes(scopes)
}

// HasScope checks if a scope list contains a required scope.
func HasScope(scopes []Scope, required Scope) bool {
	return domain.HasScope(scopes, required)
}

// HasAnyScope checks if a scope list contains any of the required scopes.
func HasAnyScope(scopes []Scope, required ...Scope) bool {
	return domain.HasAnyScope(scopes, required...)
}

// HasProjectAccess checks if the key has access to a specific project.
// projectIDs nil means access to all projects.
func HasProjectAccess(allowedProjects []string, projectID string) bool {
	if allowedProjects == nil {
		return true
	}
	for _, p := range allowedProjects {
		if p == projectID {
			return true
		}
	}
	return false
}