package dev.lions.unionflow.server.client;

import dev.lions.user.manager.dto.role.RoleDTO;
import jakarta.ws.rs.*;
import jakarta.ws.rs.core.MediaType;
import org.eclipse.microprofile.rest.client.annotation.RegisterClientHeaders;
import org.eclipse.microprofile.rest.client.inject.RegisterRestClient;

import java.util.List;

/**
 * REST Client admin pour l'API rôles de lions-user-manager (Keycloak).
 *
 * <p>Utilise {@link AdminServiceTokenHeadersFactory} pour injecter le token
 * du service account "admin-service" (client credentials grant).
 */
@Path("/api/roles")
@RegisterRestClient(configKey = "lions-user-manager-api")
@RegisterClientHeaders(AdminServiceTokenHeadersFactory.class)
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
public interface AdminRoleServiceClient {

    @GET
    @Path("/realm")
    List<RoleDTO> getRealmRoles(@QueryParam("realm") String realmName);

    @GET
    @Path("/user/realm/{userId}")
    List<RoleDTO> getUserRealmRoles(
        @PathParam("userId") String userId,
        @QueryParam("realm") String realmName
    );

    @POST
    @Path("/assign/realm/{userId}")
    void assignRealmRoles(
        @PathParam("userId") String userId,
        @QueryParam("realm") String realmName,
        RoleServiceClient.RoleNamesRequest request
    );

    @POST
    @Path("/revoke/realm/{userId}")
    void revokeRealmRoles(
        @PathParam("userId") String userId,
        @QueryParam("realm") String realmName,
        RoleServiceClient.RoleNamesRequest request
    );
}