package config

// All available admin scopes
const (
	// Social moderation over the chat and forums.
	// - Chat: have operator controls in the chat room
	// - Forum: ability to edit and delete user posts
	// - Photo: omniscient view of all gallery photos, can edit/delete photos
	// - Inner circle: ability to remove users from it
	ScopeChatModerator   = "social.moderator.chat"
	ScopeForumModerator  = "social.moderator.forum"
	ScopePhotoModerator  = "social.moderator.photo"
	ScopeCircleModerator = "social.moderator.inner-circle"

	// Certification photo management
	// - Approve: ability to respond to pending certification pics
	// - List: paginate thru all approved or rejected photos
	// - View: inspect specific user photos
	ScopeCertificationApprove = "certification.approve"
	ScopeCertificationList    = "certification.list"
	ScopeCertificationView    = "certification.view"

	// Website administration
	// - Forum: ability to manage available forums
	// - Scopes: ability to manage admin groups & scopes
	// - Maintenance mode
	ScopeForumAdmin      = "admin.forum.manage"
	ScopeAdminScopeAdmin = "admin.scope.manage"
	ScopeMaintenance     = "admin.maintenance"

	// User account admin
	// - Impersonate: ability to log in as a user account
	// - Ban: ability to ban/unban users
	// - Delete: ability to delete user accounts
	ScopeUserInsight     = "admin.user.insights"
	ScopeUserImpersonate = "admin.user.impersonate"
	ScopeUserBan         = "admin.user.ban"
	ScopeUserDelete      = "admin.user.delete"
	ScopeUserPromote     = "admin.user.promote"

	// Other admin views
	ScopeFeedbackAndReports = "admin.feedback"
	ScopeChangeLog          = "admin.changelog"
	ScopeUserNotes          = "admin.user.notes"

	// Admins with this scope can not be blocked by users.
	ScopeUnblockable = "admin.unblockable"

	// Special scope to mark an admin automagically in the Inner Circle
	ScopeIsInnerCircle = "admin.override.inner-circle"

	// The global wildcard scope gets all available permissions.
	ScopeSuperuser = "*"
)

// Friendly description for each scope.
var AdminScopeDescriptions = map[string]string{
	ScopeChatModerator:        "Have operator controls in the chat room (can mark cameras as explicit, or kick/ban people from chat).",
	ScopeForumModerator:       "Ability to moderate the forum (edit or delete posts).",
	ScopePhotoModerator:       "Ability to moderate photo galleries (can see all private or friends-only photos, and edit or delete them).",
	ScopeCircleModerator:      "Ability to remove members from the inner circle.",
	ScopeCertificationApprove: "Ability to see pending certification pictures and approve or reject them.",
	ScopeCertificationList:    "Ability to see existing certification pictures that have already been approved or rejected.",
	ScopeCertificationView:    "Ability to see and double check a specific user's certification picture on demand.",
	ScopeForumAdmin:           "Ability to manage forums themselves (add or remove forums, edit their properties).",
	ScopeAdminScopeAdmin:      "Ability to manage admin permissions for other admin accounts.",
	ScopeMaintenance:          "Ability to activate maintenance mode functions of the website (turn features on or off, disable signups or logins, etc.)",
	ScopeUserInsight:          "Ability to see admin insights about a user profile (e.g. their block lists and who blocks them).",
	ScopeUserImpersonate:      "Ability to log in as any user account (note: this action is logged and notifies all admins when it happens. Admins must write a reason and it is used to diagnose customer support issues, help with their certification picture, or investigate a reported Direct Message conversation they had).",
	ScopeUserBan:              "Ability to ban or unban user accounts.",
	ScopeUserDelete:           "Ability to fully delete user accounts on their behalf.",
	ScopeUserPromote:          "Ability to add or remove the admin status flag on a user profile.",
	ScopeFeedbackAndReports:   "Ability to see admin reports and user feedback.",
	ScopeChangeLog:            "Ability to see website change logs (e.g. history of a certification photo, gallery photo settings, etc.)",
	ScopeUserNotes:            "Ability to see all notes written about a user, or to see all notes written by admins.",
	ScopeUnblockable:          "This admin can not be added to user block lists.",
	ScopeIsInnerCircle:        "This admin is automatically part of the inner circle.",
	ScopeSuperuser:            "This admin has access to ALL admin features on the website.",
}

// Number of expected scopes for unit test and validation.
const QuantityAdminScopes = 20

// The specially named Superusers group.
const AdminGroupSuperusers = "Superusers"

// ListAdminScopes returns the listing of all available admin scopes.
func ListAdminScopes() []string {
	return []string{
		ScopeChatModerator,
		ScopeForumModerator,
		ScopePhotoModerator,
		ScopeCircleModerator,
		ScopeCertificationApprove,
		ScopeCertificationList,
		ScopeCertificationView,
		ScopeForumAdmin,
		ScopeAdminScopeAdmin,
		ScopeMaintenance,
		ScopeUserInsight,
		ScopeUserImpersonate,
		ScopeUserBan,
		ScopeUserDelete,
		ScopeUserPromote,
		ScopeFeedbackAndReports,
		ScopeChangeLog,
		ScopeUserNotes,
		ScopeUnblockable,
		ScopeIsInnerCircle,
	}
}

func AdminScopeDescription(scope string) string {
	return AdminScopeDescriptions[scope]
}