OTSSignsOrchestrator/OTSSignsOrchestrator.Server/Workers/XiboFeatureManifests.cs

namespace OTSSignsOrchestrator.Server.Workers;

/// <summary>
/// Hardcoded Xibo feature ACL manifests per role.
/// Used by Phase2Pipeline step "assign-group-acl" when calling
/// <c>POST /api/group/{id}/acl</c>.
///
/// ObjectId is the feature key, PermissionsId is the permission level ("view", "edit", "delete").
/// </summary>
public static class XiboFeatureManifests
{
    /// <summary>Viewer role: read-only access to layouts, displays, media.</summary>
    public static readonly string[] ViewerObjectIds =
    [
        "layout.view",
        "media.view",
        "display.view",
        "schedule.view",
        "report.view",
    ];

    public static readonly string[] ViewerPermissionIds =
    [
        "view",
        "view",
        "view",
        "view",
        "view",
    ];

    /// <summary>Editor role: view + edit for layouts, media, schedules.</summary>
    public static readonly string[] EditorObjectIds =
    [
        "layout.view",
        "layout.edit",
        "media.view",
        "media.edit",
        "display.view",
        "schedule.view",
        "schedule.edit",
        "report.view",
    ];

    public static readonly string[] EditorPermissionIds =
    [
        "view",
        "edit",
        "view",
        "edit",
        "view",
        "view",
        "edit",
        "view",
    ];

    /// <summary>Admin role: full access to all features.</summary>
    public static readonly string[] AdminObjectIds =
    [
        "layout.view",
        "layout.edit",
        "layout.delete",
        "media.view",
        "media.edit",
        "media.delete",
        "display.view",
        "display.edit",
        "display.delete",
        "schedule.view",
        "schedule.edit",
        "schedule.delete",
        "report.view",
        "user.view",
        "user.edit",
    ];

    public static readonly string[] AdminPermissionIds =
    [
        "view",
        "edit",
        "delete",
        "view",
        "edit",
        "delete",
        "view",
        "edit",
        "delete",
        "view",
        "edit",
        "delete",
        "view",
        "view",
        "edit",
    ];

    /// <summary>OTS IT group: full super-admin access (all features + user management).</summary>
    public static readonly string[] OtsItObjectIds =
    [
        "layout.view",
        "layout.edit",
        "layout.delete",
        "media.view",
        "media.edit",
        "media.delete",
        "display.view",
        "display.edit",
        "display.delete",
        "schedule.view",
        "schedule.edit",
        "schedule.delete",
        "report.view",
        "user.view",
        "user.edit",
        "user.delete",
        "application.view",
        "application.edit",
    ];

    public static readonly string[] OtsItPermissionIds =
    [
        "view",
        "edit",
        "delete",
        "view",
        "edit",
        "delete",
        "view",
        "edit",
        "delete",
        "view",
        "edit",
        "delete",
        "view",
        "view",
        "edit",
        "delete",
        "view",
        "edit",
    ];
}