package rbac

type Role string

const (
	RoleViewer     Role = "viewer"
	RoleAdmin      Role = "admin"
	RoleSuperadmin Role = "superadmin"
	RolePublic     Role = "public"
)

var RoleHierarchy = map[Role]int{
	RoleViewer:     0,
	RoleAdmin:      1,
	RoleSuperadmin: 2,
}

func HasPermission(userRole Role, requiredRole Role) bool {
	if requiredRole == "" {
		return true
	}
	userLevel, ok := RoleHierarchy[userRole]
	if !ok {
		return false
	}
	requiredLevel, ok := RoleHierarchy[requiredRole]
	if !ok {
		return false
	}
	return userLevel >= requiredLevel
}

func RoleFromString(s string) Role {
	switch s {
	case "viewer":
		return RoleViewer
	case "admin":
		return RoleAdmin
	case "superadmin":
		return RoleSuperadmin
	default:
		return ""
	}
}