package ape

import (
	"fmt"

	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
)

// ChainRouterError is returned when chain router validation prevents
// the APE request from being processed (no rule found, access denied, etc.).
type ChainRouterError struct {
	operation string
	status    apechain.Status
}

func (e *ChainRouterError) Error() string {
	return fmt.Sprintf("access to operation %s is denied by access policy engine: %s", e.Operation(), e.Status())
}

func (e *ChainRouterError) Operation() string {
	return e.operation
}

func (e *ChainRouterError) Status() apechain.Status {
	return e.status
}

func newChainRouterError(operation string, status apechain.Status) *ChainRouterError {
	return &ChainRouterError{
		operation: operation,
		status:    status,
	}
}