"""
Role-Based Access Control (RBAC) for Zenith Fraud Detection Platform
"""

from enum import Enum


class Permission(str, Enum):
    # Case permissions
    VIEW_CASES = "view_cases"
    CREATE_CASES = "create_cases"
    EDIT_CASES = "edit_cases"
    DELETE_CASES = "delete_cases"
    CLOSE_CASES = "close_cases"

    # Transaction permissions
    VIEW_TRANSACTIONS = "view_transactions"
    UPLOAD_TRANSACTIONS = "upload_transactions"
    EDIT_TRANSACTIONS = "edit_transactions"

    # Evidence permissions
    VIEW_EVIDENCE = "view_evidence"
    UPLOAD_EVIDENCE = "upload_evidence"
    DELETE_EVIDENCE = "delete_evidence"

    # User permissions
    MANAGE_USERS = "manage_users"
    VIEW_USERS = "view_users"

    # System permissions
    VIEW_REPORTS = "view_reports"
    MANAGE_SYSTEM = "manage_system"
    VIEW_AUDIT = "view_audit"


# Role definitions
ROLE_PERMISSIONS: dict[str, list[str]] = {
    "viewer": [
        Permission.VIEW_CASES,
        Permission.VIEW_TRANSACTIONS,
        Permission.VIEW_EVIDENCE,
        Permission.VIEW_REPORTS,
    ],
    "analyst": [
        Permission.VIEW_CASES,
        Permission.CREATE_CASES,
        Permission.EDIT_CASES,
        Permission.VIEW_TRANSACTIONS,
        Permission.UPLOAD_TRANSACTIONS,
        Permission.EDIT_TRANSACTIONS,
        Permission.VIEW_EVIDENCE,
        Permission.UPLOAD_EVIDENCE,
        Permission.VIEW_REPORTS,
        Permission.VIEW_AUDIT,
    ],
    "investigator": [
        Permission.VIEW_CASES,
        Permission.CREATE_CASES,
        Permission.EDIT_CASES,
        Permission.CLOSE_CASES,
        Permission.DELETE_CASES,
        Permission.VIEW_TRANSACTIONS,
        Permission.UPLOAD_TRANSACTIONS,
        Permission.EDIT_TRANSACTIONS,
        Permission.VIEW_EVIDENCE,
        Permission.UPLOAD_EVIDENCE,
        Permission.DELETE_EVIDENCE,
        Permission.VIEW_REPORTS,
        Permission.VIEW_AUDIT,
    ],
    "manager": [
        Permission.VIEW_CASES,
        Permission.CREATE_CASES,
        Permission.EDIT_CASES,
        Permission.CLOSE_CASES,
        Permission.DELETE_CASES,
        Permission.VIEW_TRANSACTIONS,
        Permission.UPLOAD_TRANSACTIONS,
        Permission.EDIT_TRANSACTIONS,
        Permission.VIEW_EVIDENCE,
        Permission.UPLOAD_EVIDENCE,
        Permission.DELETE_EVIDENCE,
        Permission.MANAGE_USERS,
        Permission.VIEW_USERS,
        Permission.VIEW_REPORTS,
        Permission.VIEW_AUDIT,
    ],
    "admin": [
        Permission.VIEW_CASES,
        Permission.CREATE_CASES,
        Permission.EDIT_CASES,
        Permission.CLOSE_CASES,
        Permission.DELETE_CASES,
        Permission.VIEW_TRANSACTIONS,
        Permission.UPLOAD_TRANSACTIONS,
        Permission.EDIT_TRANSACTIONS,
        Permission.VIEW_EVIDENCE,
        Permission.UPLOAD_EVIDENCE,
        Permission.DELETE_EVIDENCE,
        Permission.MANAGE_USERS,
        Permission.VIEW_USERS,
        Permission.MANAGE_SYSTEM,
        Permission.VIEW_REPORTS,
        Permission.VIEW_AUDIT,
    ],
}


def has_permission(user_role: str, permission: str) -> bool:
    """Check if a user role has a specific permission"""
    if user_role not in ROLE_PERMISSIONS:
        return False
    return permission in ROLE_PERMISSIONS[user_role]


def get_role_permissions(role: str) -> list[str]:
    """Get all permissions for a role"""
    return ROLE_PERMISSIONS.get(role, [])