package mt

import (
	"encoding/json"
	"f5"
	"fmt"
	"main/constant"
	"q5"
	"strings"
)

type Permission struct {
	api *q5.ConcurrentMap[string, bool]
	ui  *q5.ConcurrentMap[string, bool]
}

type PermissionTable struct {
	f5.CustomMetaTable
	accountPermission *q5.ConcurrentMap[string, *Permission]
}

func (this *PermissionTable) Load() {
	this.accountPermission = new(q5.ConcurrentMap[string, *Permission])
	{
		if jsonStr, err := f5.ReadJsonFile("../config/permission.json"); err == nil {
			type cfgPermission struct {
				API []string `json:"api"`
				UI  []string `json:"ui"`
			}
			type AccountConfig struct {
				Roles   []string      `json:"roles"`
				Special cfgPermission `json:"special"`
			}
			permissioncfg := struct {
				Roles    map[string]cfgPermission `json:"roles"`
				Accounts map[string]AccountConfig `json:"accounts"`
			}{}

			if err := json.Unmarshal([]byte(jsonStr), &permissioncfg); err != nil {
				panic(fmt.Sprintf("load metafile json decode error %s %s", "permission.json", err))
			}

			for account, cfg := range permissioncfg.Accounts {
				accpermission := new(Permission)
				accpermission.api = new(q5.ConcurrentMap[string, bool])
				accpermission.ui = new(q5.ConcurrentMap[string, bool])
				//load permission of the account's roles
				for _, role := range cfg.Roles {
					rp, exist := permissioncfg.Roles[role]
					if !exist {
						continue
					}

					for _, v := range rp.API {
						accpermission.api.Store(v, true)
					}

					for _, v := range rp.UI {
						accpermission.ui.Store(v, true)
					}
				}

				//load special permission
				for _, v := range cfg.Special.API {
					ret := strings.HasPrefix(v, "-")
					if ret {
						v = v[1:]
					}
					accpermission.api.Store(v, !ret)
				}

				for _, v := range cfg.Special.UI {
					ret := strings.HasPrefix(v, "-")
					if ret {
						v = v[1:]
					}
					accpermission.ui.Store(v, !ret)
				}

				this.accountPermission.Store(strings.ToLower(account), accpermission)
			}
		} else {
			panic(fmt.Sprintf("load metafile error %s %s", "permission.json", err))
		}
	}
}

func (this *PermissionTable) CheckAPIPermission(account string, cmd string) bool {
	if account == "" || cmd == "" {
		return false
	}

	accper, exist := this.accountPermission.Load(account)
	if !exist {
		return false
	}

	ret, exist := (*accper).api.Load(cmd)
	if exist {
		return *ret
	}

	ret, exist = (*accper).api.Load(constant.FULL_PERMISSION)
	if exist {
		return *ret
	}

	return false
}

func (this *PermissionTable) GetUIPermission(account string) string {
	per, exist := this.accountPermission.Load(account)
	if !exist {
		return "{}"
	}

	kvlist := map[string]bool{}
	(*per).ui.Range(func(k string, v bool) bool {
		kvlist[k] = v
		return true
	})

	v, _ := json.Marshal(kvlist)
	return string(v)
}