auth-policy 0.0.2

use crate::{
    decision::{Decision, Effect},
    error::Result,
    policy::Policy,
    request::Request,
};

#[derive(Debug)]
pub struct PolicyEngine {
    policies: Vec<Policy>,
    default_effect: Effect,
}

impl PolicyEngine {
    /// Create an empty engine that defaults to denying requests when no policy applies.
    pub fn new() -> Self {
        Self {
            policies: Vec::new(),
            default_effect: Effect::Deny,
        }
    }

    /// Build an engine from an iterator of policies.
    pub fn from_policies<I>(policies: I) -> Self
    where
        I: IntoIterator<Item = Policy>,
    {
        let mut engine = Self::new();
        engine.policies.extend(policies);
        engine
    }

    /// Set the default effect returned when no policy matches.
    pub fn with_default_effect(mut self, effect: Effect) -> Self {
        self.default_effect = effect;
        self
    }

    /// Add a policy to the engine.
    pub fn add_policy(&mut self, policy: Policy) {
        self.policies.push(policy);
    }

    /// Evaluate the request against the configured policies.
    pub fn evaluate(&self, request: &Request) -> Result<Decision> {
        for policy in &self.policies {
            if let Some(effect) = policy.evaluate(request)? {
                return Ok(Decision::from_effect(effect));
            }
        }

        Ok(Decision::from_effect(self.default_effect))
    }
}

impl Default for PolicyEngine {
    fn default() -> Self {
        Self::new()
    }
}