// GitLab Cedar Schema Definition
// Defines entity types and actions for GitLab authorization

// User entity represents GitLab users
entity User = {
    username: String,
    name: String,
    admin: Bool,
    blocked: Bool,
    external: Bool,
    bot: Bool,
    access_level: Long,
};

// Group/Namespace entity (can be nested)
entity Namespace = {
    name: String,
    path: String,
    full_path: String,
    kind: String, // "user" or "group"
    visibility_level: String,
    members: Set<User>,
} tags Set<String>;

// Project entity represents GitLab projects
entity Project = {
    name: String,
    path: String,
    full_path: String,
    visibility: String, // "public", "internal", "private"
    archived: Bool,
    members: Set<User>, // Project members
} tags Set<String>;

// Group alias for Namespace
entity Group = {
    name: String,
    path: String,
    full_path: String,
    visibility: String,
    members: Set<User>,
} tags Set<String>;

// Project membership relationship
entity ProjectMembership = {
    user_id: Long,
    project_id: Long,
    access_level: Long,
    expires_at: String,
} tags Set<String>;

// Group membership relationship  
entity GroupMembership = {
    user_id: Long,
    group_id: Long,
    access_level: Long,
    expires_at: String,
} tags Set<String>;

// Issue entity
entity Issue = {
    iid: Long,
    title: String,
    state: String,
    confidential: Bool,
    author_id: Long,
    assignee_ids: Set<Long>,
    created_at: String,
    updated_at: String,
} tags Set<String>;

// Merge Request entity
entity MergeRequest = {
    iid: Long,
    title: String,
    state: String,
    merge_status: String,
    author_id: Long,
    assignee_id: Long,
    target_branch: String,
    source_branch: String,
    work_in_progress: Bool,
    created_at: String,
    updated_at: String,
} tags Set<String>;

// Actions that can be performed
action "read_project";
action "admin_project";
action "destroy_project";
action "transfer_project";
action "archive_project";
action "change_visibility_level";
action "manage_project_members";

action "read_group";
action "admin_group";
action "read_group_details";

action "read_repository";
action "download_code";
action "push_code";
action "admin_repository";
action "push_to_delete_protected_branch";

action "read_issue";
action "create_issue";
action "update_issue";
action "admin_issue";
action "create_issue_note";

action "read_merge_request";
action "create_merge_request";
action "update_merge_request";
action "admin_merge_request";
action "merge_merge_request";

action "read_wiki";
action "create_wiki_page";
action "update_wiki_page";
action "admin_wiki";

action "read_snippet";
action "create_snippet";
action "update_snippet";
action "admin_snippet";

action "read_build";
action "read_pipeline";
action "create_pipeline";
action "retry_pipeline";
action "admin_pipeline";

action "read_container_image";
action "pull_container_image";
action "push_container_image";
action "admin_container_registry";

action "read_package";
action "pull_package";
action "push_package";
action "admin_package_registry";

action "read_analytics";
action "read_cycle_analytics";
action "read_repository_analytics";

action "read_security_report";
action "admin_security_policy";
action "read_vulnerability_report";

action "read_release";
action "create_release";
action "update_release";
action "admin_release";

action "admin_project_hooks";
action "admin_project_runners";