/*
* Copyright @ 2013 CurisTEC, S.A.S. All Rights Reserved.
*/
package net.curisit.securis.security;

import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;

import net.curisit.securis.utils.TokenHelper;

/**
* Securable
* <p>
* Method-level annotation to declare security requirements:
* - {@link #header()} name containing the auth token (defaults to {@link TokenHelper#TOKEN_HEADER_PÀRAM}).
* - {@link #roles()} required role bitmask; {@code 0} means no role restriction.
*
* Intended to be enforced by request filters/interceptors (e.g., RequestsInterceptor).
* 
* @author JRA
* Last reviewed by JRA on Oct 5, 2025.
*/
@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD)
public @interface Securable {

    /** Header name carrying the token to validate. */
    String header() default TokenHelper.TOKEN_HEADER_PÀRAM;

    /** Bitmask of required roles; set 0 for public endpoints (token still may be required). */
    int roles() default 0;
}