package aeusadmin

import (
	"context"
	"slices"

	"git.nobla.cn/golang/aeus-admin/internal/logic"
	"git.nobla.cn/golang/aeus/middleware/auth"
	"git.nobla.cn/golang/aeus/pkg/cache"
	"git.nobla.cn/golang/aeus/pkg/errors"
	"gorm.io/gorm"
)

type PermissionChecker struct {
	db    *gorm.DB
	logic *logic.User
}

func (p *PermissionChecker) CheckPermission(ctx context.Context, permission string) (err error) {
	var (
		uid string
		ps  []string
	)
	if claims, ok := auth.FromContext(ctx); !ok {
		return errors.ErrAccessDenied
	} else {
		if uid, err = claims.GetSubject(); err != nil {
			return
		}
	}
	if ps, err = p.logic.GetPermissions(ctx, uid); err != nil {
		return
	}
	if !slices.Contains(ps, permission) {
		err = errors.ErrPermissionDenied
	}
	return
}

func NewPermissionChecker(db *gorm.DB, ch cache.Cache) *PermissionChecker {
	return &PermissionChecker{
		db:    db,
		logic: logic.NewUserLogic(db, ch),
	}
}