package repository

import "context"

// CasbinPolicyAdapter is the persistence interface used by the RBAC
// usecase to load/save Casbin policy for a single tenant. The Mongo /
// Redis implementations live under repository/.
//
// A "rule" is the stringified Casbin tuple, e.g.
//
//	["p", "tenant_admin", "/api/v1/permissions/*", "GET|POST"]
//	["g", "TENANT-100001", "tenant_admin"]
//
// Rule format mirrors casbin's [][]string convention exactly.
type CasbinPolicyAdapter interface {
	// LoadAll returns every rule for tenantID. An empty slice means
	// "tenant has no policy" — callers should still call
	// enforcer.LoadFilteredPolicy with the tenant filter.
	LoadAll(ctx context.Context, tenantID string) ([][]string, error)

	// SaveAll replaces all rules for tenantID with rules. Implementations
	// MUST do this atomically (Redis MULTI / Mongo transaction).
	SaveAll(ctx context.Context, tenantID string, rules [][]string) error

	// AddPolicy adds a single rule.
	AddPolicy(ctx context.Context, tenantID string, rule []string) error

	// RemovePolicy removes a single rule.
	RemovePolicy(ctx context.Context, tenantID string, rule []string) error

	// Clear empties all rules for tenantID (used by tests + tenant disable).
	Clear(ctx context.Context, tenantID string) error
}