package permission

import (
	"context"
	"fmt"
)

type actorKey struct{}

// Actor identifies the calling tenant member (Bearer JWT or dev headers).
// Permission logic always needs (tenant_id, uid) so the auth → permission
// boundary is explicit; pulling from headers is dev-only.
type Actor struct {
	TenantID string
	UID      string
}

// WithActor stores tenant/uid on the context for permission logic
// handlers.
func WithActor(ctx context.Context, tenantID, uid string) context.Context {
	return context.WithValue(ctx, actorKey{}, Actor{TenantID: tenantID, UID: uid})
}

// ActorFromContext reads the actor injected by JWT middleware or dev
// headers.
func ActorFromContext(ctx context.Context) (Actor, error) {
	v, ok := ctx.Value(actorKey{}).(Actor)
	if !ok || v.TenantID == "" || v.UID == "" {
		return Actor{}, fmt.Errorf("missing bearer token or X-Tenant-ID/X-UID headers")
	}
	return v, nil
}