package croplogic.authz

import rego.v1

has_feature_rule(feature) if {
  is_sensor_7_in_1_feature(feature)
}

feature_rule(feature) := {
  "code": "sensor-7-in-1-requires-sensor-code",
  "allow": true,
  "reason": "sensor-7-in-1 feature requires sensor_codes to include sensor-7-in-1",
} if {
  is_sensor_7_in_1_feature(feature)
  has_sensor_code("sensor-7-in-1")
}

feature_rule(feature) := {
  "code": "sensor-7-in-1-requires-sensor-code",
  "allow": false,
  "reason": "sensor-7-in-1 feature requires sensor_codes to include sensor-7-in-1",
} if {
  is_sensor_7_in_1_feature(feature)
  not has_sensor_code("sensor-7-in-1")
}

is_sensor_7_in_1_feature(feature) if {
  lower(sprintf("%v", [feature])) == "sensor-7-in-1"
}

has_sensor_code(code) if {
  sensor_codes := object.get(input.resource, "sensor_codes", [])
  is_array(sensor_codes)
  sensor_code := sensor_codes[_]
  lower(sprintf("%v", [sensor_code])) == lower(sprintf("%v", [code]))
}

has_sensor_code(code) if {
  sensor_code := object.get(input.resource, "sensor_codes", null)
  sensor_code != null
  not is_array(sensor_code)
  lower(sprintf("%v", [sensor_code])) == lower(sprintf("%v", [code]))
}