package middleware

import (
	"IotAdmin/common/permission"
	log "IotAdmin/core/logger"
	"net/http"

	"IotAdmin/core/sdk"
	jwtauth "IotAdmin/core/sdk/pkg/jwt-auth"

	"github.com/gin-gonic/gin"
)

func SetDataPermission() gin.HandlerFunc {
	return func(c *gin.Context) {
		p := (&permission.DataPermission{}).NewDataPermission(c)
		c.Set(permission.DataPermissionKey, p)
		c.Next()
	}
}

// AuthCheckRole 权限检查中间件
func AuthCheckRole() gin.HandlerFunc {
	return func(c *gin.Context) {
		data, _ := c.Get(jwtauth.JwtPayloadKey)
		v := data.(jwtauth.MapClaims)
		e := sdk.Runtime.GetCasbinKey(c.Request.Host)
		res := permission.CheckRoleApi(c, v, e)
		if res {
			log.Debugf("isTrue: %v role: %s method: %s path: %s", res, v["rolekey"], c.Request.Method, c.Request.URL.Path)
			c.Next()
		} else {
			log.Warnf("isTrue: %v role: %s method: %s path: %s message: %s", res, v["rolekey"], c.Request.Method, c.Request.URL.Path, "当前接口无权限，请管理员确认！")
			c.JSON(http.StatusOK, gin.H{
				"code": 403,
				"msg":  "对不起，您没有该接口访问权限，请联系管理员",
			})
			c.Abort()
			return
		}
	}
}