using System;
using System.Collections.Generic;
namespace StellaOps.Auth.Abstractions;
///
/// Canonical scope names supported by StellaOps services.
///
public static class StellaOpsScopes
{
///
/// Scope required to trigger Concelier jobs.
///
public const string ConcelierJobsTrigger = "concelier.jobs.trigger";
///
/// Scope required to manage Concelier merge operations.
///
public const string ConcelierMerge = "concelier.merge";
///
/// Scope granting administrative access to Authority user management.
///
public const string AuthorityUsersManage = "authority.users.manage";
///
/// Scope granting administrative access to Authority client registrations.
///
public const string AuthorityClientsManage = "authority.clients.manage";
///
/// Scope granting read-only access to Authority audit logs.
///
public const string AuthorityAuditRead = "authority.audit.read";
///
/// Synthetic scope representing trusted network bypass.
///
public const string Bypass = "stellaops.bypass";
private static readonly HashSet KnownScopes = new(StringComparer.OrdinalIgnoreCase)
{
ConcelierJobsTrigger,
ConcelierMerge,
AuthorityUsersManage,
AuthorityClientsManage,
AuthorityAuditRead,
Bypass
};
///
/// Normalises a scope string (trim/convert to lower case).
///
/// Scope raw value.
/// Normalised scope or null when the input is blank.
public static string? Normalize(string? scope)
{
if (string.IsNullOrWhiteSpace(scope))
{
return null;
}
return scope.Trim().ToLowerInvariant();
}
///
/// Checks whether the provided scope is registered as a built-in StellaOps scope.
///
public static bool IsKnown(string scope)
{
ArgumentNullException.ThrowIfNull(scope);
return KnownScopes.Contains(scope);
}
///
/// Returns the full set of built-in scopes.
///
public static IReadOnlyCollection All => KnownScopes;
}