/*
 * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT.
 * @generated-id: 858202944dd0
 */

import * as z from "zod/v3";
import { safeParse } from "../../lib/schemas.js";
import { Result as SafeParseResult } from "../../types/fp.js";
import { SDKValidationError } from "../errors/sdkvalidationerror.js";
import {
  GrantPermission,
  GrantPermission$inboundSchema,
  GrantPermission$Outbound,
  GrantPermission$outboundSchema,
} from "./grantpermission.js";
import {
  ReadPermission,
  ReadPermission$inboundSchema,
  ReadPermission$Outbound,
  ReadPermission$outboundSchema,
} from "./readpermission.js";
import {
  WritePermission,
  WritePermission$inboundSchema,
  WritePermission$Outbound,
  WritePermission$outboundSchema,
} from "./writepermission.js";

/**
 * Describes the permissions levels that a user has for permissioned features. When the client sends this, Permissions.read and Permissions.write are the additional permissions granted to a user on top of what they have via their roles.
 *
 * @remarks
 * When the server sends this, Permissions.read and Permissions.write are the complete (merged) set of permissions the user has, and Permissions.roles is just for display purposes.
 */
export type Permissions = {
  /**
   * TODO--deprecate in favor of the read and write properties. True if the user has access to /adminsearch
   */
  canAdminSearch?: boolean | undefined;
  /**
   * TODO--deprecate in favor of the read and write properties. True if the user can administrate client API tokens with global scope
   */
  canAdminClientApiGlobalTokens?: boolean | undefined;
  /**
   * TODO--deprecate in favor of the read and write properties. True if the user has access to data loss prevention (DLP) features
   */
  canDlp?: boolean | undefined;
  /**
   * Describes the read permission levels that a user has for permissioned features. Key must be PermissionedFeatureOrObject
   */
  read?: { [k: string]: Array<ReadPermission> } | undefined;
  /**
   * Describes the write permissions levels that a user has for permissioned features. Key must be PermissionedFeatureOrObject
   */
  write?: { [k: string]: Array<WritePermission> } | undefined;
  /**
   * Describes the grant permission levels that a user has for permissioned features. Key must be PermissionedFeatureOrObject
   */
  grant?: { [k: string]: Array<GrantPermission> } | undefined;
  /**
   * The roleId of the canonical role a user has. The displayName is equal to the roleId.
   */
  role?: string | undefined;
  /**
   * The roleIds of the roles a user has.
   */
  roles?: Array<string> | undefined;
};

/** @internal */
export const Permissions$inboundSchema: z.ZodType<
  Permissions,
  z.ZodTypeDef,
  unknown
> = z.object({
  canAdminSearch: z.boolean().optional(),
  canAdminClientApiGlobalTokens: z.boolean().optional(),
  canDlp: z.boolean().optional(),
  read: z.record(z.array(ReadPermission$inboundSchema)).optional(),
  write: z.record(z.array(WritePermission$inboundSchema)).optional(),
  grant: z.record(z.array(GrantPermission$inboundSchema)).optional(),
  role: z.string().optional(),
  roles: z.array(z.string()).optional(),
});
/** @internal */
export type Permissions$Outbound = {
  canAdminSearch?: boolean | undefined;
  canAdminClientApiGlobalTokens?: boolean | undefined;
  canDlp?: boolean | undefined;
  read?: { [k: string]: Array<ReadPermission$Outbound> } | undefined;
  write?: { [k: string]: Array<WritePermission$Outbound> } | undefined;
  grant?: { [k: string]: Array<GrantPermission$Outbound> } | undefined;
  role?: string | undefined;
  roles?: Array<string> | undefined;
};

/** @internal */
export const Permissions$outboundSchema: z.ZodType<
  Permissions$Outbound,
  z.ZodTypeDef,
  Permissions
> = z.object({
  canAdminSearch: z.boolean().optional(),
  canAdminClientApiGlobalTokens: z.boolean().optional(),
  canDlp: z.boolean().optional(),
  read: z.record(z.array(ReadPermission$outboundSchema)).optional(),
  write: z.record(z.array(WritePermission$outboundSchema)).optional(),
  grant: z.record(z.array(GrantPermission$outboundSchema)).optional(),
  role: z.string().optional(),
  roles: z.array(z.string()).optional(),
});

export function permissionsToJSON(permissions: Permissions): string {
  return JSON.stringify(Permissions$outboundSchema.parse(permissions));
}
export function permissionsFromJSON(
  jsonString: string,
): SafeParseResult<Permissions, SDKValidationError> {
  return safeParse(
    jsonString,
    (x) => Permissions$inboundSchema.parse(JSON.parse(x)),
    `Failed to parse 'Permissions' from JSON`,
  );
}