import { IsArray, IsEnum, IsNotEmpty, IsString, ValidateNested } from 'class-validator';
import { Type } from 'class-transformer';
import { AccessLevel } from '../../../entities/role-permission.entity';

/**
 * Single permission entry for a module.
 * Per CLAUDE.md: Access levels per module: None / View / Create / Edit / Delete
 */
export class PermissionEntryDto {
  @IsString()
  @IsNotEmpty()
  module: string;

  @IsEnum(AccessLevel)
  @IsNotEmpty()
  access_level: AccessLevel;
}

/**
 * AssignPermissionsDto — bulk set permissions for a role.
 * Replaces all existing permissions for the role with this set.
 *
 * Per scope doc: Permissions Matrix (None/View/Create/Edit/Delete per module)
 * Per CLAUDE.md: On permission update → always invalidate Redis cache
 */
export class AssignPermissionsDto {
  @IsArray()
  @ValidateNested({ each: true })
  @Type(() => PermissionEntryDto)
  @IsNotEmpty()
  permissions: PermissionEntryDto[];
}