package tenant

import (
	"SciencesServer/app/api/admin/controller"
	model3 "SciencesServer/app/api/admin/model"
	model2 "SciencesServer/app/common/model"
	"SciencesServer/app/service"
	"SciencesServer/serve/logger"
	"SciencesServer/serve/orm"
	"SciencesServer/utils"
	"errors"

	"gorm.io/gorm"
)

type Auth struct{ *controller.Platform }

type AuthHandle func(session *service.Session) *Auth

// delete 删除所有权限
func (c *Auth) delete(tenantID uint64, tenantKey string, tx *gorm.DB) error {
	mSysRoleAuth := model3.NewSysRoleAuth()

	err := model2.DeleteWhere(mSysRoleAuth.SysRoleAuth, []*model2.ModelWhere{model2.NewWhere("tenant_id", tenantID)}, tx)

	if err != nil {
		return err
	}
	go utils.TryCatch(func() {
		permission := service.NewPermission(nil)(tenantKey, "")

		if succ, err := permission.RemoveFilteredGroupingPolicy(); err != nil {
			logger.ErrorF("删除租户【%s】权限信息错误：%v", tenantKey, err)
		} else if !succ {
			logger.ErrorF("删除租户【%s】权限信息失败", tenantKey)
		}
	})
	return nil
}

// revoke 撤销某些权限
func (c *Auth) revoke(tenantID uint64, tenantKey string, authIDs []uint64, tx *gorm.DB) error {
	// 查询该租户下不含有的权限信息
	mSysRuleAuth := model3.NewSysRoleAuth()

	out, err := mSysRuleAuth.Auths(model2.NewWhere("r.tenant_id", tenantID), model2.NewWhereNotIn("r_a.auth_id", authIDs))

	if err != nil {
		return err
	}
	if len(out) <= 0 {
		return nil
	}
	roleAuthIDs := make([]uint64, 0)
	roleIDs := make([]string, 0)
	auths := make([]*service.AuthRequest, 0)

	for _, v := range out {
		roleAuthIDs = append(roleAuthIDs, v.ID)
		roleIDs = append(roleIDs, utils.UintToString(v.RoleID))
		auths = append(auths, &service.AuthRequest{Url: v.Auth, Method: "*"})
	}
	if err = model2.DeleteWhere(mSysRuleAuth.SysRoleAuth, []*model2.ModelWhere{model2.NewWhereIn("id", roleAuthIDs)}); err != nil {
		return err
	}
	go utils.TryCatch(func() {
		//permission := service.NewPermission(roleIDs, auths...)(c.TenantKey, "")
		//// 删除角色权限
		//if _, err = permission.RemoveNamedGroupingPolicies(); err != nil {
		//	logger.ErrorF("删除租户【%s】下角色权限错误：%v", tenantKey, err)
		//	return
		//}
	})
	return nil
}

// Bind 绑定权限
func (c *Auth) Bind(tenantID uint64, authIDs []uint64) error {
	mSysTenant := model3.NewSysTenant()
	mSysTenant.ID = tenantID

	isExist, err := model2.FirstField(mSysTenant.SysTenant, []string{"id", "key"})

	if err != nil {
		return err
	} else if !isExist {
		return errors.New("租户/公司信息不存在或已被删除")
	}
	return orm.GetDB().Transaction(func(tx *gorm.DB) error {
		mSysTenantAuth := model3.NewSysTenantAuth()

		if err = model2.DeleteWhere(mSysTenantAuth.SysTenantAuth, []*model2.ModelWhere{model2.NewWhere("tenant_id", mSysTenant.ID)}, tx); err != nil {
			return err
		}
		if len(authIDs) <= 0 {
			// 删除租户下所有角色的权限
			return c.delete(mSysTenant.ID, mSysTenant.Key, tx)
		}
		return c.revoke(mSysTenant.ID, mSysTenant.Key, authIDs, tx)
	})
}

func NewAuth() AuthHandle {
	return func(session *service.Session) *Auth {
		return &Auth{Platform: &controller.Platform{Session: session}}
	}
}