syntax = "proto3";

package devvit.dev_portal.internal.authorization.v1alpha;

import "devvit/remote_logger/remote_logger.proto";

option go_package = "github.snooguts.net/reddit/reddit-devplatform-monorepo/go-common/generated/protos/types/devvit/devportal/int/authorization";

// An application version installed to a specific location
message DevPortalAuthInstalledAppResource {
  DevPortalAuthAppVersionResource app = 1;
  DevPortalAuthLocationResource location = 2;
}

// Represents a specific application version
message DevPortalAuthAppVersionResource {
  string name = 1; // The short app name (slug)
  string version = 2; // Semver of the application
}

// Represents a specific subreddit
message DevPortalAuthLocationResource {
  string id = 1; // t5_ for the subreddit or t2_ for user
}

message DevPortalAuthCanViewLogsRequest {
  string user_id = 1;
  oneof installation {
    string id = 2; // Installation Id UUID
    DevPortalAuthInstalledAppResource app = 3; // An app version + location combo
  }
  // The log stream type that will be read from. Admins may have access to more
  // types than other types of users.
  devvit.remote_logger.RemoteLogType type = 4;
}

message DevPortalAuthorizationResponse {
  bool allowed = 1; // true if the requested action is allowed
  string reason = 2; // a reason for the allow/deny. This is more likely present for the deny case.
}

service DevPortalAuthorization {
  // Check if a user is allowed view logs
  rpc CanViewLogs(DevPortalAuthCanViewLogsRequest) returns (DevPortalAuthorizationResponse);
}