syntax = "proto3";

package rbac.v1;

option go_package = "git.lendry.ru/lendry-erp/proto.git/go;pb";



service RbacService {
  rpc CreateRole(CreateRoleRequest) returns (ModifyRoleResponse);
  rpc UpdateRole(UpdateRoleRequest) returns (ModifyRoleResponse);
  rpc DeleteRole(DeleteRoleRequest) returns (DeleteRoleResponse);
  
  rpc CreatePermission(CreatePermissionRequest) returns (ModifyPermissionResponse);
  rpc UpdatePermission(UpdatePermissionRequest) returns (ModifyPermissionResponse);

  rpc GetAllPermissions (GetAllPermissionsRequest) returns (GetAllPermissionsResponse);
  rpc GetAllRoles(GetAllRolesRequest) returns (GetAllRolesResponse);

  rpc AssignRolesByName(AssignRolesByNameRequest) returns (ModifyRoleResponse);
  rpc GetUserRolesAndPermissions(GetUserRolesRequest) returns (GetUserRolesResponse);
  rpc AssignRoleToUser(AssignRoleToUserRequest) returns (ModifyRoleResponse);
  rpc RevokeRoleFromUser(RevokeRoleFromUserRequest) returns (ModifyRoleResponse);

  rpc SyncLdapRoles(SyncLdapRolesRequest) returns (ModifyRoleResponse);
}

message GetAllPermissionsRequest {
    string user_id = 1;
    string session_id=2;
}

message GetAllPermissionsResponse {
    repeated Permission permissions = 1;
}

message Permission {
    string id = 1;
    string code = 2;
    string description = 3;
    string module = 4;
    repeated string roles = 5;
}

message GetAllRolesRequest {
    string user_id = 1;
    string session_id=2;
}

message GetAllRolesResponse {
    repeated Roles roles = 1;
}

message CreateRoleRequest {
    string name = 1;
    int32 level = 2;
    repeated string permission_codes = 3;
}

message UpdateRoleRequest {
    string id = 1;
    optional string name = 2;
    optional int32 level = 3;
    repeated string permission_codes = 4;
}

message ModifyRoleResponse {
    bool success = 1;
    string message = 2;
}

message DeleteRoleRequest {
    string id = 1;
}

message DeleteRoleResponse {
    bool success = 1;
    string message = 2;
    optional string fallback_role_name = 3;
}

message CreatePermissionRequest {
    string code = 1;
    string description = 2;
    string module = 3;
}

message UpdatePermissionRequest {
    string id = 1;
    repeated string role_ids = 2; // Привязка к конкретным ролям
}

message ModifyPermissionResponse {
    bool success = 1;
    string message = 2;
}

message Roles {
    string id = 1;
    string name = 2;
    int32 level = 3;
    repeated string permissions = 4;
    repeated string ldap_mapping = 5;
    repeated string accounts = 6;
}

message GetUserRolesRequest {
  string user_id = 1;
}

message GetUserRolesResponse {
  repeated string roles = 1; // например: ["ADMIN", "MANAGER"]
  repeated string permissions = 2; // например: ["users:read", "billing:write"]
  int32 max_role_level = 3; // Максимальный уровень роли пользователя
}

message AssignRolesByNameRequest {
  string user_id = 1;
  repeated string roles = 2;
}
message AssignRoleToUserRequest {
  string user_id = 1;
  int32 role_id = 2;
}

message RevokeRoleFromUserRequest {
  string user_id = 1;
  int32 role_id = 2;
}

message SyncLdapRolesRequest {
  string user_id = 1;
  repeated string ldap_groups = 2;
}