"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.AdminAuditService = exports.AdminBypassService = void 0;
const UserAggregate_1 = require("../../Domain/User/UserAggregate");
const Logger_1 = require("./Logger");
/**
 * Admin Bypass Service - Centralized admin privilege checking and logging
 */
class AdminBypassService {
    /**
     * Check if user has admin privileges
     * @param userState - User's current state
     * @returns true if user is admin
     */
    static isAdmin(userState) {
        return userState === UserAggregate_1.UserState.ADMIN;
    }
    /**
     * Check if user should bypass all restrictions
     * @param userState - User's current state
     * @returns true if restrictions should be bypassed
     */
    static shouldBypassRestrictions(userState) {
        return this.isAdmin(userState);
    }
    /**
     * Log admin bypass action for audit trail
     * @param action - Description of the action being bypassed
     * @param adminUserId - ID of the admin user
     * @param targetId - ID of the target resource
     * @param details - Additional details about the bypass
     * @param req - Optional request object for context
     * @param res - Optional response object for context
     */
    static logAdminBypass(action, adminUserId, targetId, details, req, res) {
        (0, Logger_1.logAuth)(`ADMIN_BYPASS: ${action}`, adminUserId, {
            targetId,
            action,
            bypassReason: 'Admin privileges',
            timestamp: new Date().toISOString(),
            ...details
        }, req, res);
    }
}
exports.AdminBypassService = AdminBypassService;
/**
 * Admin Audit Service - Enhanced logging for all admin actions
 */
class AdminAuditService {
    /**
     * Log comprehensive admin action for audit trail
     * @param action - Action being performed
     * @param adminUserId - ID of the admin user
     * @param details - Detailed information about the action
     * @param req - Request object for context
     * @param res - Response object for context
     */
    static logAdminAction(action, adminUserId, details, req, res) {
        const auditData = {
            timestamp: new Date().toISOString(),
            adminUserId,
            action,
            ...details,
            ip: req?.ip,
            userAgent: req?.get('User-Agent'),
            endpoint: req?.path,
            method: req?.method,
            requestId: req?.headers['x-request-id'] || 'unknown'
        };
        // Enhanced logging for admin actions
        (0, Logger_1.logAuth)(`ADMIN_AUDIT: ${action}`, adminUserId, auditData, req, res);
        // Additional security logging for sensitive operations
        if (details.sensitive) {
            (0, Logger_1.logAuth)(`ADMIN_SENSITIVE: ${action}`, adminUserId, {
                ...auditData,
                alertLevel: 'HIGH',
                requiresReview: true
            }, req, res);
        }
    }
    /**
     * Log bulk admin operations
     * @param action - Bulk action being performed
     * @param adminUserId - ID of the admin user
     * @param affectedCount - Number of resources affected
     * @param targetType - Type of resources affected
     * @param req - Request object for context
     * @param res - Response object for context
     */
    static logBulkAdminAction(action, adminUserId, affectedCount, targetType, req, res) {
        this.logAdminAction(`BULK_${action}`, adminUserId, {
            targetType: targetType,
            targetId: `bulk-${affectedCount}-items`,
            operation: 'update',
            metadata: { affectedCount },
            sensitive: affectedCount > 10 // Mark large bulk operations as sensitive
        }, req, res);
    }
}
exports.AdminAuditService = AdminAuditService;
//# sourceMappingURL=AdminBypassService.js.map