Sharepoint-Toolbox/SharepointToolbox/Services/IUserAccessAuditService.cs

using SharepointToolbox.Core.Models;

namespace SharepointToolbox.Services;

/// <summary>
/// Scans permissions across selected sites and filters results to show
/// only what specific user(s) can access.
/// </summary>
public interface IUserAccessAuditService
{
    /// <summary>
    /// Scans all selected sites for permissions, then filters results to entries
    /// matching the specified user logins. Returns a flat list of UserAccessEntry
    /// records suitable for DataGrid binding and export.
    /// </summary>
    /// <param name="sessionManager">Session manager for creating authenticated contexts.</param>
    /// <param name="targetUserLogins">Login names (emails) of users to audit.</param>
    /// <param name="sites">Sites to scan.</param>
    /// <param name="options">Scan depth options (inherited, folders, subsites).</param>
    /// <param name="progress">Progress reporter.</param>
    /// <param name="ct">Cancellation token.</param>
    /// <returns>Flat list of access entries for the target users.</returns>
    Task<IReadOnlyList<UserAccessEntry>> AuditUsersAsync(
        ISessionManager sessionManager,
        TenantProfile currentProfile,
        IReadOnlyList<string> targetUserLogins,
        IReadOnlyList<SiteInfo> sites,
        ScanOptions options,
        IProgress<OperationProgress> progress,
        CancellationToken ct,
        Func<string, CancellationToken, Task<bool>>? onAccessDenied = null);
}