import { Global, Module, forwardRef } from '@nestjs/common';
import { PrismaModule } from '@core/database/prisma/prisma.module';
import { AuthModule } from '@modules/organization/auth/auth.module';
import { DataScopeService } from './services/data-scope.service';
import { OrganizationContextService } from './services/organization-context.service';
import { DataScopeInterceptor } from './interceptors/data-scope.interceptor';
import { IamAuditService } from './services/iam-audit.service';
import { PermissionDelegationService } from './services/permission-delegation.service';
import { AccessReviewService } from './services/access-review.service';
import { FieldPermissionService } from './services/field-permission.service';
import { MaskingService } from './services/masking.service';
import { SystemPrincipalService } from './services/system-principal.service';
import { EmergencyBypassService } from './services/emergency-bypass.service';

/**
 * IAM 基础设施全局模块。
 *
 * 暴露 Layer 4 + 治理 + 字段级权限 + 异步身份 的共享服务，
 * 供任意业务模块注入使用。
 *
 * DataScopeInterceptor 通过 APP_INTERCEPTOR 全局注册（见 app.module.ts）。
 */
@Global()
@Module({
  imports: [PrismaModule, forwardRef(() => AuthModule)],
  providers: [
    DataScopeService,
    OrganizationContextService,
    DataScopeInterceptor,
    IamAuditService,
    PermissionDelegationService,
    AccessReviewService,
    FieldPermissionService,
    MaskingService,
    SystemPrincipalService,
    EmergencyBypassService,
  ],
  exports: [
    DataScopeService,
    OrganizationContextService,
    DataScopeInterceptor,
    IamAuditService,
    PermissionDelegationService,
    AccessReviewService,
    FieldPermissionService,
    MaskingService,
    SystemPrincipalService,
    EmergencyBypassService,
  ],
})
export class IamInfraModule {}