package role

import (
	"SciencesServer/app/api/admin/controller/auth"
	"SciencesServer/app/api/admin/model"
	model2 "SciencesServer/app/common/model"
	"SciencesServer/app/service"
	"SciencesServer/app/session"
	"SciencesServer/serve/orm"
	"errors"
	"fmt"

	"gorm.io/gorm"
)

type Auth struct{ *session.Admin }

type AuthHandle func(session *session.Admin) *Auth

// Instance 角色权限列表
func (c *Auth) Instance(roleID uint64) ([]*auth.TreeChecked, error) {
	mSysAuth := model.NewSysAuth()

	out, err := mSysAuth.RoleAuth(c.TenantID, roleID)

	if err != nil {
		return nil, err
	}
	return auth.TreeCheckedFunc(out, 0), nil
}

// Bind 角色权限绑定
func (c *Auth) Bind(roleID uint64, authIDs []uint64) error {
	if c.TenantID > 0 {
		// 查询该租户下绑定的菜单信息
		mSysTenantAuth := model.NewSysTenantAuth()

		var count int64

		if err := model2.Count(mSysTenantAuth.SysTenantAuth, &count, model2.NewWhere("tenant_id", c.TenantID),
			model2.NewWhereNotIn("auth_id", authIDs)); err != nil {
			return err
		} else if count > 0 {
			return errors.New("操作异常，菜单权限异常")
		}
	}
	mSysRoleAuth := model.NewSysRoleAuth()

	return orm.GetDB().Transaction(func(tx *gorm.DB) error {
		err := model2.DeleteWhere(mSysRoleAuth.SysRoleAuth, []*model2.ModelWhere{model2.NewWhere("role_id", roleID)}, tx)

		if err != nil {
			return err
		}
		permission := service.NewPermission(
			service.WithAuthTenant(fmt.Sprintf("%d", c.TenantID)),
			service.WithAuthRoles([]string{fmt.Sprintf("%d", roleID)}),
		)
		if len(authIDs) <= 0 {
			_, err = permission.RemoveSingleRolePolicy()
			return err
		}
		// 查询权限信息
		mSysAuth := model.NewSysAuth()

		auths := make([]*model2.SysAuth, 0)

		if err = model2.ScanFields(mSysAuth.SysAuth, &auths, []string{"id", "kind", "auth"}, &model2.ModelWhereOrder{
			Where: model2.NewWhereIn("id", authIDs),
		}); err != nil {
			return err
		}
		data := make([]*model2.SysRoleAuth, 0)

		request := make([]*service.AuthRequest, 0)

		for _, v := range auths {
			data = append(data, &model2.SysRoleAuth{
				RoleID: roleID,
				AuthID: v.ID,
			})
			if v.Kind == model2.SysAuthKindForModule || v.Auth == "" {
				continue
			}
			mSysAuth.Auth = v.Auth

			request = append(request, &service.AuthRequest{
				Url:    mSysAuth.FilterAuth(),
				Method: "*",
			})
		}
		if err = model2.Creates(mSysRoleAuth.SysRoleAuth, data); err != nil {
			return err
		}
		permission.AddRequest(request)

		_, err = permission.AddPolicies()

		return err
	})
}

func NewAuth() AuthHandle {
	return func(session *session.Admin) *Auth {
		return &Auth{Admin: session}
	}
}