/// Système de permissions granulaires ultra-sophistiqué
/// Plus de 50 permissions atomiques avec héritage intelligent
library permission_matrix;

/// Matrice de permissions atomiques pour contrôle granulaire
/// 
/// Chaque permission suit la convention : `domain.action.scope`
/// Exemples : `members.edit.own`, `finances.view.all`, `system.admin.global`
class PermissionMatrix {
  // === PERMISSIONS SYSTÈME ===
  static const String SYSTEM_ADMIN = 'system.admin.global';
  static const String SYSTEM_CONFIG = 'system.config.global';
  static const String SYSTEM_MONITORING = 'system.monitoring.view';
  static const String SYSTEM_BACKUP = 'system.backup.manage';
  static const String SYSTEM_SECURITY = 'system.security.manage';
  static const String SYSTEM_AUDIT = 'system.audit.view';
  static const String SYSTEM_LOGS = 'system.logs.view';
  static const String SYSTEM_MAINTENANCE = 'system.maintenance.execute';

  // === PERMISSIONS ORGANISATION ===
  static const String ORG_CREATE = 'organization.create.global';
  static const String ORG_DELETE = 'organization.delete.own';
  static const String ORG_CONFIG = 'organization.config.own';
  static const String ORG_BRANDING = 'organization.branding.manage';
  static const String ORG_SETTINGS = 'organization.settings.manage';
  static const String ORG_PERMISSIONS = 'organization.permissions.manage';
  static const String ORG_WORKFLOWS = 'organization.workflows.manage';
  static const String ORG_INTEGRATIONS = 'organization.integrations.manage';

  // === PERMISSIONS DASHBOARD ===
  static const String DASHBOARD_VIEW = 'dashboard.view.own';
  static const String DASHBOARD_ADMIN = 'dashboard.admin.view';
  static const String DASHBOARD_ANALYTICS = 'dashboard.analytics.view';
  static const String DASHBOARD_REPORTS = 'dashboard.reports.generate';
  static const String DASHBOARD_EXPORT = 'dashboard.export.data';
  static const String DASHBOARD_CUSTOMIZE = 'dashboard.customize.layout';

  // === PERMISSIONS MEMBRES ===
  static const String MEMBERS_VIEW_ALL = 'members.view.all';
  static const String MEMBERS_VIEW_OWN = 'members.view.own';
  static const String MEMBERS_CREATE = 'members.create.organization';
  static const String MEMBERS_EDIT_ALL = 'members.edit.all';
  static const String MEMBERS_EDIT_OWN = 'members.edit.own';
  static const String MEMBERS_EDIT_BASIC = 'members.edit.basic';
  static const String MEMBERS_DELETE = 'members.delete.organization';
  static const String MEMBERS_DELETE_ALL = 'members.delete.all';
  static const String MEMBERS_APPROVE = 'members.approve.requests';
  static const String MEMBERS_SUSPEND = 'members.suspend.organization';
  static const String MEMBERS_EXPORT = 'members.export.data';
  static const String MEMBERS_IMPORT = 'members.import.data';
  static const String MEMBERS_COMMUNICATE = 'members.communicate.all';

  // === PERMISSIONS FINANCES ===
  static const String FINANCES_VIEW_ALL = 'finances.view.all';
  static const String FINANCES_VIEW_OWN = 'finances.view.own';
  static const String FINANCES_EDIT_ALL = 'finances.edit.all';
  static const String FINANCES_MANAGE = 'finances.manage.organization';
  static const String FINANCES_APPROVE = 'finances.approve.transactions';
  static const String FINANCES_REPORTS = 'finances.reports.generate';
  static const String FINANCES_BUDGET = 'finances.budget.manage';
  static const String FINANCES_AUDIT = 'finances.audit.access';

  // === PERMISSIONS ÉVÉNEMENTS ===
  static const String EVENTS_VIEW_ALL = 'events.view.all';
  static const String EVENTS_VIEW_PUBLIC = 'events.view.public';
  static const String EVENTS_CREATE = 'events.create.organization';
  static const String EVENTS_EDIT_ALL = 'events.edit.all';
  static const String EVENTS_EDIT_OWN = 'events.edit.own';
  static const String EVENTS_DELETE = 'events.delete.organization';
  static const String EVENTS_PARTICIPATE = 'events.participate.public';
  static const String EVENTS_MODERATE = 'events.moderate.organization';
  static const String EVENTS_ANALYTICS = 'events.analytics.view';

  // === PERMISSIONS SOLIDARITÉ ===
  static const String SOLIDARITY_VIEW_ALL = 'solidarity.view.all';
  static const String SOLIDARITY_VIEW_OWN = 'solidarity.view.own';
  static const String SOLIDARITY_VIEW_PUBLIC = 'solidarity.view.public';
  static const String SOLIDARITY_CREATE = 'solidarity.create.request';
  static const String SOLIDARITY_EDIT_ALL = 'solidarity.edit.all';
  static const String SOLIDARITY_APPROVE = 'solidarity.approve.requests';
  static const String SOLIDARITY_PARTICIPATE = 'solidarity.participate.actions';
  static const String SOLIDARITY_MANAGE = 'solidarity.manage.organization';
  static const String SOLIDARITY_FUND = 'solidarity.fund.manage';

  // === PERMISSIONS COMMUNICATION ===
  static const String COMM_SEND_ALL = 'communication.send.all';
  static const String COMM_SEND_MEMBERS = 'communication.send.members';
  static const String COMM_MODERATE = 'communication.moderate.organization';
  static const String COMM_BROADCAST = 'communication.broadcast.organization';
  static const String COMM_TEMPLATES = 'communication.templates.manage';

  // === PERMISSIONS RAPPORTS ===
  static const String REPORTS_VIEW_ALL = 'reports.view.all';
  static const String REPORTS_GENERATE = 'reports.generate.organization';
  static const String REPORTS_EXPORT = 'reports.export.data';
  static const String REPORTS_SCHEDULE = 'reports.schedule.automated';

  // === PERMISSIONS MODÉRATION ===
  static const String MODERATION_CONTENT = 'moderation.content.manage';
  static const String MODERATION_USERS = 'moderation.users.manage';
  static const String MODERATION_REPORTS = 'moderation.reports.handle';

  /// Toutes les permissions disponibles dans le système
  static const List<String> ALL_PERMISSIONS = [
    // Système
    SYSTEM_ADMIN, SYSTEM_CONFIG, SYSTEM_MONITORING, SYSTEM_BACKUP,
    SYSTEM_SECURITY, SYSTEM_AUDIT, SYSTEM_LOGS, SYSTEM_MAINTENANCE,
    
    // Organisation
    ORG_CREATE, ORG_DELETE, ORG_CONFIG, ORG_BRANDING, ORG_SETTINGS,
    ORG_PERMISSIONS, ORG_WORKFLOWS, ORG_INTEGRATIONS,
    
    // Dashboard
    DASHBOARD_VIEW, DASHBOARD_ADMIN, DASHBOARD_ANALYTICS, DASHBOARD_REPORTS,
    DASHBOARD_EXPORT, DASHBOARD_CUSTOMIZE,
    
    // Membres
    MEMBERS_VIEW_ALL, MEMBERS_VIEW_OWN, MEMBERS_CREATE, MEMBERS_EDIT_ALL,
    MEMBERS_EDIT_OWN, MEMBERS_DELETE, MEMBERS_APPROVE, MEMBERS_SUSPEND,
    MEMBERS_EXPORT, MEMBERS_IMPORT, MEMBERS_COMMUNICATE,
    
    // Finances
    FINANCES_VIEW_ALL, FINANCES_VIEW_OWN, FINANCES_MANAGE, FINANCES_APPROVE,
    FINANCES_REPORTS, FINANCES_BUDGET, FINANCES_AUDIT,
    
    // Événements
    EVENTS_VIEW_ALL, EVENTS_VIEW_PUBLIC, EVENTS_CREATE, EVENTS_EDIT_ALL,
    EVENTS_EDIT_OWN, EVENTS_DELETE, EVENTS_MODERATE, EVENTS_ANALYTICS,
    
    // Solidarité
    SOLIDARITY_VIEW_ALL, SOLIDARITY_VIEW_OWN, SOLIDARITY_CREATE,
    SOLIDARITY_APPROVE, SOLIDARITY_MANAGE, SOLIDARITY_FUND,
    
    // Communication
    COMM_SEND_ALL, COMM_SEND_MEMBERS, COMM_MODERATE, COMM_BROADCAST,
    COMM_TEMPLATES,
    
    // Rapports
    REPORTS_VIEW_ALL, REPORTS_GENERATE, REPORTS_EXPORT, REPORTS_SCHEDULE,
    
    // Modération
    MODERATION_CONTENT, MODERATION_USERS, MODERATION_REPORTS,
  ];

  /// Permissions publiques (accessibles sans authentification)
  static const List<String> PUBLIC_PERMISSIONS = [
    EVENTS_VIEW_PUBLIC,
  ];

  /// Vérifie si une permission est publique
  static bool isPublicPermission(String permission) {
    return PUBLIC_PERMISSIONS.contains(permission);
  }

  /// Obtient le domaine d'une permission (partie avant le premier point)
  static String getDomain(String permission) {
    return permission.split('.').first;
  }

  /// Obtient l'action d'une permission (partie du milieu)
  static String getAction(String permission) {
    final parts = permission.split('.');
    return parts.length > 1 ? parts[1] : '';
  }

  /// Obtient la portée d'une permission (partie après le dernier point)
  static String getScope(String permission) {
    return permission.split('.').last;
  }

  /// Vérifie si une permission implique une autre (héritage)
  static bool implies(String higherPermission, String lowerPermission) {
    // Exemple : 'members.edit.all' implique 'members.view.all'
    final higherParts = higherPermission.split('.');
    final lowerParts = lowerPermission.split('.');
    
    if (higherParts.length != 3 || lowerParts.length != 3) return false;
    
    // Même domaine requis
    if (higherParts[0] != lowerParts[0]) return false;
    
    // Vérification des implications d'actions
    return _actionImplies(higherParts[1], lowerParts[1]) &&
           _scopeImplies(higherParts[2], lowerParts[2]);
  }

  /// Vérifie si une action implique une autre
  static bool _actionImplies(String higherAction, String lowerAction) {
    const actionHierarchy = {
      'admin': ['manage', 'edit', 'create', 'delete', 'view'],
      'manage': ['edit', 'create', 'delete', 'view'],
      'edit': ['view'],
      'create': ['view'],
      'delete': ['view'],
    };
    
    return actionHierarchy[higherAction]?.contains(lowerAction) ?? 
           higherAction == lowerAction;
  }

  /// Vérifie si une portée implique une autre
  static bool _scopeImplies(String higherScope, String lowerScope) {
    const scopeHierarchy = {
      'global': ['all', 'organization', 'own'],
      'all': ['organization', 'own'],
      'organization': ['own'],
    };
    
    return scopeHierarchy[higherScope]?.contains(lowerScope) ?? 
           higherScope == lowerScope;
  }
}