package users

import (
	"nadir/internal/rbac"

	"github.com/danielgtaylor/huma/v2"
)

const ModuleID = "users"

// sessionStore is the subset of SessionStore that password changes need:
// invalidate all existing sessions for a user whose password just changed.
type sessionStore interface {
	DeleteByUsername(username string) error
}

type Module struct {
	sessions sessionStore
}

func New(sessions sessionStore) *Module { return &Module{sessions: sessions} }

func (m *Module) ID() string   { return ModuleID }

// Permissions: read to list/inspect accounts; write to create and change
// passwords; root to delete (irreversible).
func (m *Module) Permissions() []rbac.Permission {
	return []rbac.Permission{rbac.Read, rbac.Write, rbac.Root}
}

func (m *Module) Register(api huma.API) {
	registerUsers(api, m.sessions)
}

func op(permission string) map[string]any {
	return map[string]any{"module": ModuleID, "permission": permission}
}