# Legacy values (admin/member) are kept for backward compatibility.
GROUP_ROLE_LABELS = {
    "group_owner": "Group Owner",
    "group_admin": "Group Admin",
    "moderator": "Moderator",
    "viewer": "Viewer",
    "auditor": "Auditor",
    "admin": "Admin",
    "member": "Member",
}

GROUP_ROLE_OPTIONS = [
    ("group_owner", GROUP_ROLE_LABELS["group_owner"]),
    ("group_admin", GROUP_ROLE_LABELS["group_admin"]),
    ("moderator", GROUP_ROLE_LABELS["moderator"]),
    ("viewer", GROUP_ROLE_LABELS["viewer"]),
    ("auditor", GROUP_ROLE_LABELS["auditor"]),
]

GROUP_ROLE_SET = {role for role, _ in GROUP_ROLE_OPTIONS} | {"admin", "member"}
GROUP_MANAGEMENT_ROLES = {"group_owner", "group_admin", "admin"}

# Roles that only site admins may assign or revoke
OWNER_ONLY_ROLES = {"group_owner"}


def can_manage_group(role: str | None) -> bool:
    return role in GROUP_MANAGEMENT_ROLES


def role_label(role: str | None) -> str:
    return GROUP_ROLE_LABELS.get(role or "", "Unknown")