package management

import (
	"context"

	"github.com/tech/sendico/pkg/model"
	"go.mongodb.org/mongo-driver/bson/primitive"
)

type Permission interface {
	// Grant a permission to a role with an optional object scope and specified effect.
	// Use primitive.NilObjectID for 'any' objectRef.
	GrantToRole(ctx context.Context, policy *model.RolePolicy) error

	// Revoke a permission from a role with an optional object scope and specified effect.
	// Use primitive.NilObjectID for 'any' objectRef.
	RevokeFromRole(ctx context.Context, policy *model.RolePolicy) error

	// Retrieve all policies assigned to a specific role, including scope and effects.
	GetPolicies(
		ctx context.Context,
		roleRef primitive.ObjectID,
	) ([]model.RolePolicy, error)

	// Persist any changes made to permissions.
	Save() error
}