# frozen_string_literal: true

class WafPolicyPolicy < ApplicationPolicy
  def index?
    !user.viewer? # All authenticated users except viewers can view policies
  end

  def show?
    !user.viewer? # All authenticated users except viewers can view policy details
  end

  def new?
    !user.viewer? # All authenticated users except viewers can create policies
  end

  def create?
    !user.viewer? # All authenticated users except viewers can create policies
  end

  def edit?
    !user.viewer? # All authenticated users except viewers can edit policies
  end

  def update?
    !user.viewer? # All authenticated users except viewers can update policies
  end

  def destroy?
    !user.viewer? # All authenticated users except viewers can destroy policies
  end

  def activate?
    !user.viewer? # All authenticated users except viewers can activate policies
  end

  def deactivate?
    !user.viewer? # All authenticated users except viewers can deactivate policies
  end

  # Path pattern policy permissions
  def new_path_pattern?
    create?
  end

  def create_path_pattern?
    create?
  end

  # Country policy permissions
  def new_country?
    create?
  end

  def create_country?
    create?
  end

  # ASN policy permissions
  def new_asn?
    create?
  end

  def create_asn?
    create?
  end

  # Company policy permissions
  def new_company?
    create?
  end

  def create_company?
    create?
  end

  # Network type policy permissions
  def new_network_type?
    create?
  end

  def create_network_type?
    create?
  end

  class Scope < ApplicationPolicy::Scope
    def resolve
      # All authenticated users except viewers can view all policies
      # since WAF policies are system-wide security rules
      scope.all
    end
  end
end