package role

import (
	"github.com/veypi/vbase/cfg"
	"github.com/veypi/vbase/models"
	"github.com/veypi/vigo"
	"gorm.io/gorm"
)

type GetPermissionsReq struct {
	RoleID string `src:"path@id" desc:"Role ID"`
}

func getPermissions(x *vigo.X, req *GetPermissionsReq) ([]models.Permission, error) {
	var permissions []models.Permission
	if err := cfg.DB().Where("role_id = ?", req.RoleID).Find(&permissions).Error; err != nil {
		return nil, vigo.ErrDatabase.WithError(err)
	}
	return permissions, nil
}

type UpdatePermissionsReq struct {
	RoleID      string             `src:"path@id" desc:"Role ID"`
	Permissions []PermissionInput  `json:"permissions" src:"json" desc:"Permissions to add"`
	Remove      []string           `json:"remove" src:"json" desc:"Permission IDs to remove"`
	Replace     []string           `json:"permission_ids" src:"json" desc:"Full replace (legacy)"`
}

type PermissionInput struct {
	Scope        string `json:"scope"`
	PermissionID string `json:"permission_id"`
	Level        int    `json:"level"`
}

func updatePermissions(x *vigo.X, req *UpdatePermissionsReq) error {
	var role models.Role
	if err := cfg.DB().First(&role, "id = ?", req.RoleID).Error; err != nil {
		return vigo.ErrNotFound
	}

	return cfg.DB().Transaction(func(tx *gorm.DB) error {
		// Full replace (legacy mode)
		if len(req.Replace) > 0 {
			if role.IsSystem {
				return vigo.NewError("cannot modify permissions of system role").WithCode(40300)
			}
			if err := tx.Where("role_id = ?", req.RoleID).Delete(&models.Permission{}).Error; err != nil {
				return err
			}
			for _, pid := range req.Replace {
				if err := tx.Create(&models.Permission{
					Scope: "vb", RoleID: &req.RoleID, PermissionID: pid, Level: 7,
				}).Error; err != nil {
					return err
				}
			}
			return nil
		}

		// Remove specific permissions
		if len(req.Remove) > 0 {
			if err := tx.Where("role_id = ? AND id IN ?", req.RoleID, req.Remove).
				Delete(&models.Permission{}).Error; err != nil {
				return err
			}
		}

		// Add new permissions
		if len(req.Permissions) > 0 {
			for _, p := range req.Permissions {
				if p.Level == 0 {
					p.Level = 7
				}
				if p.Scope == "" {
					p.Scope = "vb"
				}
				if err := tx.Create(&models.Permission{
					Scope: p.Scope, RoleID: &req.RoleID, PermissionID: p.PermissionID, Level: p.Level,
				}).Error; err != nil {
					return err
				}
			}
		}

		return nil
	})
}