"""
Security system for Sideline plugins.

Provides permission-based security model for plugin execution.
"""

from enum import Enum, auto
from typing import Set


class SecurityCapability(Enum):
    """Security capability/permission definitions."""

    READ = auto()  # Read access to buffer/data
    WRITE = auto()  # Write access to buffer
    NETWORK = auto()  # Network access
    FILESYSTEM = auto()  # File system access
    SYSTEM = auto()  # System information access

    def __str__(self) -> str:
        return f"security.{self.name.lower()}"

    @classmethod
    def from_string(cls, permission: str) -> "SecurityCapability":
        """Parse security capability from string."""
        if permission.startswith("security."):
            permission = permission[9:]  # Remove "security." prefix
        try:
            return cls[permission.upper()]
        except KeyError:
            raise ValueError(f"Unknown security capability: {permission}")


class SecurityManager:
    """Manages security permissions for plugin execution."""

    def __init__(self):
        self._granted_permissions: Set[str] = set()

    def grant(self, permission: SecurityCapability | str) -> None:
        """Grant a security permission."""
        if isinstance(permission, SecurityCapability):
            permission = str(permission)
        self._granted_permissions.add(permission)

    def revoke(self, permission: SecurityCapability | str) -> None:
        """Revoke a security permission."""
        if isinstance(permission, SecurityCapability):
            permission = str(permission)
        self._granted_permissions.discard(permission)

    def has(self, permission: SecurityCapability | str) -> bool:
        """Check if a permission is granted."""
        if isinstance(permission, SecurityCapability):
            permission = str(permission)
        return permission in self._granted_permissions

    def has_all(self, permissions: Set[str]) -> bool:
        """Check if all permissions are granted."""
        return all(self.has(p) for p in permissions)

    def get_granted(self) -> Set[str]:
        """Get all granted permissions."""
        return self._granted_permissions.copy()

    def reset(self) -> None:
        """Reset all permissions."""
        self._granted_permissions.clear()


# Global security manager instance
_global_security = SecurityManager()


def get_global_security() -> SecurityManager:
    """Get the global security manager instance."""
    return _global_security


def grant(permission: SecurityCapability | str) -> None:
    """Grant a global security permission."""
    _global_security.grant(permission)


def revoke(permission: SecurityCapability | str) -> None:
    """Revoke a global security permission."""
    _global_security.revoke(permission)


def has(permission: SecurityCapability | str) -> bool:
    """Check if a global permission is granted."""
    return _global_security.has(permission)