package usecase

import (
	"context"

	"gateway/internal/model/permission/domain/entity"
	"gateway/internal/model/permission/domain/enum"
)

// UpsertMappingParam carries the fields a tenant admin submits when
// editing role mappings. ExternalKey is opaque: for Zitadel it's the
// project role key, for LDAP it's the group DN, for SCIM it's the group
// displayName.
type UpsertMappingParam struct {
	TenantID        string
	ExternalSource  enum.RoleSource
	ExternalKey     string
	InternalRoleKey string
}

// ListMappingQuery filters role mapping queries.
type ListMappingQuery struct {
	Source *enum.RoleSource
	Offset int64
	Limit  int64
}

// RoleMappingUseCase manages external→internal role mappings used by
// SyncFromX flows.
type RoleMappingUseCase interface {
	Upsert(ctx context.Context, param *UpsertMappingParam) (*entity.RoleMapping, error)
	Delete(ctx context.Context, tenantID string, source enum.RoleSource, externalKey string) error
	GetByExternal(
		ctx context.Context,
		tenantID string,
		source enum.RoleSource,
		externalKey string,
	) (*entity.RoleMapping, error)
	List(ctx context.Context, tenantID string, query *ListMappingQuery) ([]*entity.RoleMapping, int64, error)
}