package permission

import (
	log "IotAdmin/core/logger"
	"IotAdmin/core/sdk/config"
	"IotAdmin/core/sdk/pkg"
	"IotAdmin/core/sdk/pkg/jwt-auth/user"
	"IotAdmin/core/sdk/pkg/response"
	"errors"

	"github.com/gin-gonic/gin"
	"gorm.io/gorm"
)

const (
	DataPermissionKey             = "dataPermission"
	DataPermissionALL             = "1"
	DataPermissionCustom          = "2"
	DataPermissionSelfOrg         = "3"
	DataPermissionSelfOrgChildren = "4"
	DataPermissionSelf            = "5"
)

type DataPermission struct {
	DataScope string // 数据范围 1 全部 2 自定义 3 本部门 4 本部门及以下 5 仅自己
	UserId    int
	OrgId     int
	RoleId    int
}

func (m *DataPermission) NewDataPermission(c *gin.Context) *DataPermission {
	p := &DataPermission{}
	if userId := user.GetUserIdStr(c); userId != "" {
		db, err := pkg.GetOrm(c)
		if err != nil {
			log.Error(err)
		}
		p, err = BuildDataPermissionFromDb(db, userId)
		if err != nil {
			msgID := pkg.GenerateMsgIDFromContext(c)
			log.Errorf("MsgID[%s] DataPermissionAction error: %s", msgID, err)
			response.Error(c, 500, err, "权限范围鉴定错误")
			c.Abort()
		}
	}
	return p
}

func BuildDataPermissionFromDb(tx *gorm.DB, userId interface{}) (*DataPermission, error) {
	var err error
	p := &DataPermission{}
	err = tx.Table("sys_user").
		Select("sys_user.user_id", "sys_role.role_id", "sys_user.org_id", "sys_role.data_scope").
		Joins("left join sys_role on sys_role.role_id = sys_user.role_id").
		Where("sys_user.user_id = ?", userId).
		Scan(p).Error
	if err != nil {
		err = errors.New("获取用户数据出错 msg:" + err.Error())
		return nil, err
	}
	return p, nil
}

func getPermissionFromContext(c *gin.Context) *DataPermission {
	p := &DataPermission{}
	if pm, ok := c.Get(DataPermissionKey); ok {
		switch pm.(type) {
		case *DataPermission:
			p = pm.(*DataPermission)
		}
	} else {
		p = p.NewDataPermission(c)
	}
	return p
}

// GetPermissionFromContext 提供数据范围约束
func GetPermissionFromContext(c *gin.Context) *DataPermission {
	return getPermissionFromContext(c)
}

func Permission(tableName string, p *DataPermission) func(db *gorm.DB) *gorm.DB {
	return func(db *gorm.DB) *gorm.DB {
		if !config.ApplicationConfig.EnabledDP {
			return db
		}
		switch p.DataScope {
		case DataPermissionCustom:
			return db.Where(tableName+".create_by in (select sys_user.user_id from sys_role_org left join sys_user on sys_user.org_id=sys_role_org.org_id where sys_role_org.role_id = ?)", p.RoleId)
		case DataPermissionSelfOrg:
			return db.Where(tableName+".create_by in (SELECT user_id from sys_user where org_id = ? )", p.OrgId)
		case DataPermissionSelfOrgChildren:
			return db.Where(tableName+".create_by in (SELECT user_id from sys_user where sys_user.org_id in(select org_id from sys_org where org_path like ? ))", "%/"+pkg.IntToString(p.OrgId)+"/%")
		case DataPermissionSelf:
			return db.Where(tableName+".create_by = ?", p.UserId)
		default:
			return db
		}
	}
}