<?php

declare(strict_types=1);

/**
 * This file is part of CodeIgniter Shield.
 *
 * (c) CodeIgniter Foundation <admin@codeigniter.com>
 *
 * For the full copyright and license information, please view
 * the LICENSE file that was distributed with this source code.
 */

namespace Config;

use CodeIgniter\Shield\Config\AuthGroups as ShieldAuthGroups;

class AuthGroups extends ShieldAuthGroups
{
    /**
     * --------------------------------------------------------------------
     * Default Group
     * --------------------------------------------------------------------
     * The group that a newly registered user is added to.
     */
    public string $defaultGroup = 'user';

    /**
     * --------------------------------------------------------------------
     * Groups
     * --------------------------------------------------------------------
     * An associative array of the available groups in the system, where the keys
     * are the group names and the values are arrays of the group info.
     *
     * Whatever value you assign as the key will be used to refer to the group
     * when using functions such as:
     *      $user->addGroup('superadmin');
     *
     * @var array<string, array<string, string>>
     *
     * @see https://codeigniter4.github.io/shield/quick_start_guide/using_authorization/#change-available-groups for more info
     */
    public array $groups = [
        'superadmin' => [
            'title'       => 'Super Admin',
            'description' => 'Complete control of the site.',
        ],
        'admin' => [
            'title'       => 'Admin',
            'description' => 'Day to day administrators of the site.',
        ],
        'developer' => [
            'title'       => 'Developer',
            'description' => 'Site programmers.',
        ],
        'user' => [
            'title'       => 'User',
            'description' => 'General users of the site. Often customers.',
        ],
        'beta' => [
            'title'       => 'Beta User',
            'description' => 'Has access to beta-level features.',
        ],
        'payroll' => [
            'title'       => 'Payroll User',
            'description' => 'Has access to Payroll features.',
        ],
        'hr' => [
            'title'       => 'HR User',
            'description' => 'Has access to Human Resources features.',
        ],
        'hr' => [
            'title'       => 'Timekeeping User',
            'description' => 'Has access to Timekeeping features.',
        ],
    ];

    /**
     * --------------------------------------------------------------------
     * Permissions
     * --------------------------------------------------------------------
     * The available permissions in the system.
     *
     * If a permission is not listed here it cannot be used.
     */
    public array $permissions = [
        'superadmin.access'   => 'Can access the sites admin area',
        'superadmin.settings' => 'Can access the main site settings',
        'superadmin.manage-superadmin'    => 'Can manage other superadmin',
        
        'admin.access'        => 'Can access the sites admin area',
        'admin.settings'      => 'Can access the main site settings',
        'admin.manage-admins' => 'Can manage other admins',
        'users.create'        => 'Can create new non-admin users',
        'users.edit'          => 'Can edit existing non-admin users',
        'users.delete'        => 'Can delete existing non-admin users',
        'beta.access'         => 'Can access beta-level features',

        'users.data-view'  => 'Can view existing data',
        'users.data-create' => 'Can create new data',
        'users.data-edit'   => 'Can edit existing data',
        'users.data-delete' => 'Can delete existing data',
        'users.data-print' => 'Can print existing data',
        'users.data-upload' => 'Can upload data',
        'users.data-download' => 'Can download data',
        'users.data-export' => 'Can export data',

        'payroll.data-create' => 'Can create new data',
        'payroll.data-edit'   => 'Can edit existing data',
        'payroll.data-delete' => 'Can delete existing data',
        'payroll.data-view'  => 'Can view existing data',
        'payroll.data-print' => 'Can print existing data',
        'payroll.data-upload' => 'Can upload data',
        'payroll.data-download' => 'Can download data',
        'payroll.data-export' => 'Can export data',

        'hr.data-create' => 'Can create new data',
        'hr.data-edit'   => 'Can edit existing data',
        'hr.data-delete' => 'Can delete existing data',
        'hr.data-view'  => 'Can view existing data',
        'hr.data-print' => 'Can print existing data',
        'hr.data-upload' => 'Can upload data',
        'hr.data-download' => 'Can download data',
        'hr.data-export' => 'Can export data',
        
        'tk.data-create' => 'Can create new data',
        'tk.data-edit'   => 'Can edit existing data',
        'tk.data-delete' => 'Can delete existing data',
        'tk.data-view'  => 'Can view existing data',
        'tk.data-print' => 'Can print existing data',
        'tk.data-upload' => 'Can upload data',
        'tk.data-download' => 'Can download data',
        'tk.data-export' => 'Can export data',
    ];

    /**
     * --------------------------------------------------------------------
     * Permissions Matrix
     * --------------------------------------------------------------------
     * Maps permissions to groups.
     *
     * This defines group-level permissions.
     */
    public array $matrix = [
        'superadmin' => [
            'superadmin.*',
            'admin.*',
            'users.*',
            'beta.*',
            'payroll.*',
            'hr.*',
            'tk.*',
        ],
        'admin' => [
            'admin.access',
            'users.create',
            'users.edit',
            'users.delete',
            'beta.access',
            'payroll.*',
            'hr.*',
            'tk.*',
        ],
        'developer' => [
            'admin.access',
            'admin.settings',
            'users.create',
            'users.edit',
            'beta.access',
        ],
        'user' => [
            'users.data-*',
        ],
        'beta' => [
            'beta.access',
        ],
        'payroll' => [
            'payroll.*',
        ],
        'hr' => [
            'hr.*',
        ],
        'tk' => [
            'tk.*',
        ],
    ];
}