package permissionservicelogic

import (
	"ark-permission/gen_result/pb/permission"
	"ark-permission/internal/domain/usecase"
	"ark-permission/internal/svc"
	ers "code.30cm.net/wanderland/library-go/errors"
	"context"

	"github.com/zeromicro/go-zero/core/logx"
)

type CheckPermissionByRoleLogic struct {
	ctx    context.Context
	svcCtx *svc.ServiceContext
	logx.Logger
}

func NewCheckPermissionByRoleLogic(ctx context.Context, svcCtx *svc.ServiceContext) *CheckPermissionByRoleLogic {
	return &CheckPermissionByRoleLogic{
		ctx:    ctx,
		svcCtx: svcCtx,
		Logger: logx.WithContext(ctx),
	}
}

type checkPermissionReq struct {
	Role   string `json:"role" validate:"required"`
	Method string `json:"method" validate:"required"`
	Path   string `json:"path" validate:"required"`
}

// CheckPermissionByRole 透過角色 ID 來檢視權限
func (l *CheckPermissionByRoleLogic) CheckPermissionByRole(in *permission.CheckPermissionByRoleReq) (*permission.PermissionResp, error) {
	// 驗證所需
	if err := l.svcCtx.Validate.ValidateAll(&checkPermissionReq{
		Role:   in.GetRole(),
		Method: in.GetMethod(),
		Path:   in.GetPath(),
	}); err != nil {
		return nil, ers.InvalidFormat(err.Error())
	}

	rbacPermission, err := l.svcCtx.PolicyAgent.CheckRBACPermission(l.ctx, usecase.CheckReq{
		Roles:  []string{in.GetRole()},
		Method: in.GetMethod(),
		Path:   in.GetPath(),
	})

	if err != nil {
		return nil, ers.Forbidden(err.Error())
	}

	return &permission.PermissionResp{
		Allow:          rbacPermission.Allow,
		PermissionName: rbacPermission.PolicyName,
		PlainCode:      rbacPermission.PlainCode,
	}, nil
}