package domain

import "fmt"

// Module-wide sentinel errors. They are intentionally untyped so callers
// wrap them with library/errors.Builder when surfacing to HTTP/RPC layers.
var (
	ErrPermissionNotFound = fmt.Errorf("permission: permission not found")
	ErrPermissionDup      = fmt.Errorf("permission: duplicate permission")
	ErrPermissionClosed   = fmt.Errorf("permission: permission is closed")
	ErrPermissionInTenant = fmt.Errorf("permission: permission not in catalog")

	ErrRoleNotFound        = fmt.Errorf("permission: role not found")
	ErrRoleDuplicate       = fmt.Errorf("permission: duplicate role key in tenant")
	ErrRoleSystemImmutable = fmt.Errorf("permission: system role is immutable")
	ErrRoleNotInTenant     = fmt.Errorf("permission: role does not belong to tenant")
	ErrRoleKeyReserved     = fmt.Errorf("permission: role key uses reserved prefix")
	ErrRoleKeyInvalid      = fmt.Errorf("permission: role key format invalid")

	ErrUserRoleNotFound  = fmt.Errorf("permission: user role assignment not found")
	ErrUserRoleDuplicate = fmt.Errorf("permission: duplicate user role assignment")

	ErrRoleMappingNotFound  = fmt.Errorf("permission: role mapping not found")
	ErrRoleMappingDuplicate = fmt.Errorf("permission: duplicate role mapping")

	ErrCasbinNotConfigured = fmt.Errorf("permission: casbin enforcer not configured")
	ErrInvalidCheckRequest = fmt.Errorf("permission: invalid check request")
	ErrInvalidStatus       = fmt.Errorf("permission: invalid status value")
)