use rust_rbac::{RbacService, MemoryStorage, Permission, Role};
#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
let storage = MemoryStorage::new();
let rbac = RbacService::new(storage);
let create_post = Permission::new("create-post");
let edit_post = Permission::new("edit-post");
let delete_post = Permission::new("delete-post");
let view_dashboard = Permission::new("view-dashboard");
println!("Creating permissions...");
rbac.create_permission(&create_post).await?;
rbac.create_permission(&edit_post).await?;
rbac.create_permission(&delete_post).await?;
rbac.create_permission(&view_dashboard).await?;
let author = Role::with_description("author", "Can create and edit own posts");
let editor = Role::with_description("editor", "Can edit and delete any post");
let admin = Role::with_description("admin", "Has full access to the system");
println!("Creating roles...");
rbac.create_role(&author).await?;
rbac.create_role(&editor).await?;
rbac.create_role(&admin).await?;
println!("Assigning permissions to roles...");
rbac.assign_permission_to_role("create-post", "author").await?;
rbac.assign_permission_to_role("edit-post", "author").await?;
rbac.assign_permission_to_role("edit-post", "editor").await?;
rbac.assign_permission_to_role("delete-post", "editor").await?;
rbac.assign_permission_to_role("create-post", "admin").await?;
rbac.assign_permission_to_role("edit-post", "admin").await?;
rbac.assign_permission_to_role("delete-post", "admin").await?;
rbac.assign_permission_to_role("view-dashboard", "admin").await?;
let alice_id = "user-alice";
let bob_id = "user-bob";
let charlie_id = "user-charlie";
println!("Assigning roles to users...");
rbac.assign_role_to_subject("author", alice_id).await?;
rbac.assign_role_to_subject("editor", bob_id).await?;
rbac.assign_role_to_subject("admin", charlie_id).await?;
println!("\nChecking permissions:");
println!("Alice (author):");
println!(" Can create post: {}", rbac.subject_has_permission(alice_id, "create-post").await?);
println!(" Can edit post: {}", rbac.subject_has_permission(alice_id, "edit-post").await?);
println!(" Can delete post: {}", rbac.subject_has_permission(alice_id, "delete-post").await?);
println!(" Can view dashboard: {}", rbac.subject_has_permission(alice_id, "view-dashboard").await?);
println!("\nBob (editor):");
println!(" Can create post: {}", rbac.subject_has_permission(bob_id, "create-post").await?);
println!(" Can edit post: {}", rbac.subject_has_permission(bob_id, "edit-post").await?);
println!(" Can delete post: {}", rbac.subject_has_permission(bob_id, "delete-post").await?);
println!(" Can view dashboard: {}", rbac.subject_has_permission(bob_id, "view-dashboard").await?);
println!("\nCharlie (admin):");
println!(" Can create post: {}", rbac.subject_has_permission(charlie_id, "create-post").await?);
println!(" Can edit post: {}", rbac.subject_has_permission(charlie_id, "edit-post").await?);
println!(" Can delete post: {}", rbac.subject_has_permission(charlie_id, "delete-post").await?);
println!(" Can view dashboard: {}", rbac.subject_has_permission(charlie_id, "view-dashboard").await?);
println!("\nAssigning direct permission to Alice...");
rbac.assign_permission_to_subject("view-dashboard", alice_id).await?;
println!("Alice after direct permission assignment:");
println!(" Can view dashboard: {}", rbac.subject_has_permission(alice_id, "view-dashboard").await?);
Ok(())
}