import { createAccessControl } from 'better-auth/plugins/access'

export const statement = {
  application_form: ['create', 'read', 'update', 'delete', 'approve', 'reject', 'submit'],
  agreement: ['create', 'read', 'update', 'sign', 'approve', 'reject'],
  organization: ['create', 'read', 'update', 'delete', 'manage_settings'],
  member: ['create', 'read', 'update', 'delete', 'invite', 'remove'],
  comment: ['create', 'read', 'update', 'delete'],
  document: ['create', 'read', 'update', 'delete', 'download', 'upload']
} as const

export const accessControl = createAccessControl(statement)

// Roles with specific permissions
export const employerRole = accessControl.newRole({
  application_form: ['create', 'read', 'approve', 'reject'],
  agreement: ['create', 'read', 'sign', 'approve'],
  member: ['invite', 'read'],
  comment: ['create', 'read', 'update', 'delete'],
  document: ['create', 'read', 'update', 'delete', 'download', 'upload']
})

export const worksCouncilMemberRole = accessControl.newRole({
  application_form: ['create', 'read', 'update', 'submit'],
  agreement: ['read', 'sign', 'approve'],
  member: ['read'],
  comment: ['create', 'read', 'update', 'delete'],
  document: ['create', 'read', 'update', 'download', 'upload']
})

export const employeeRole = accessControl.newRole({
  application_form: ['read'],
  agreement: ['read'],
  member: ['read'],
  comment: ['create', 'read'],
  document: ['read', 'download']
})

export const adminRole = accessControl.newRole({
  application_form: ['create', 'read', 'update', 'delete', 'approve', 'reject'],
  agreement: ['create', 'read', 'update', 'sign', 'approve', 'reject'],
  organization: ['create', 'read', 'update', 'delete', 'manage_settings'],
  member: ['create', 'read', 'update', 'delete', 'invite', 'remove'],
  comment: ['create', 'read', 'update', 'delete'],
  document: ['create', 'read', 'update', 'delete', 'download', 'upload']
})

export const ROLES = {
  EMPLOYER: 'employer',
  WORKS_COUNCIL_MEMBER: 'works_council_member',
  EMPLOYEE: 'employee',
  ADMIN: 'admin'
} as const

export type LegalRole = (typeof ROLES)[keyof typeof ROLES]