package mysqladmin

import (
	"time"

	"git.gocasts.ir/ebhomengo/niki/entity"
	errmsg "git.gocasts.ir/ebhomengo/niki/pkg/err_msg"
	richerror "git.gocasts.ir/ebhomengo/niki/pkg/rich_error"
	"git.gocasts.ir/ebhomengo/niki/pkg/slice"
	"git.gocasts.ir/ebhomengo/niki/repository/mysql"
)

func (d *DB) GetAdminPermissions(adminID uint, role entity.AdminRole) ([]entity.AdminPermission, error) {
	const op = "mysqladmin.GetAdminPermissions"

	// get adminRoleACL
	adminRoleACL := make([]entity.AdminAccessControl, 0)

	adminRoleRows, err := d.conn.Conn().Query(`select * from admin_access_controls where actor_type = ? and actor_id = ?`,
		entity.AdminRoleActorType, role)
	if err != nil {
		return nil, richerror.New(op).WithErr(err).
			WithMessage(errmsg.ErrorMsgSomethingWentWrong).WithKind(richerror.KindUnexpected)
	}

	defer adminRoleRows.Close()

	for adminRoleRows.Next() {
		acl, err := scanAccessControl(adminRoleRows)
		if err != nil {
			return nil, richerror.New(op).WithErr(err).
				WithMessage(errmsg.ErrorMsgSomethingWentWrong).WithKind(richerror.KindUnexpected)
		}

		adminRoleACL = append(adminRoleACL, acl)
	}

	if err := adminRoleRows.Err(); err != nil {
		return nil, richerror.New(op).WithErr(err).
			WithMessage(errmsg.ErrorMsgSomethingWentWrong).WithKind(richerror.KindUnexpected)
	}

	// get adminACL
	adminACL := make([]entity.AdminAccessControl, 0)

	adminRows, err := d.conn.Conn().Query(`select * from admin_access_controls where actor_type = ? and actor_id = ?`,
		entity.AdminAdminActorType, adminID)
	if err != nil {
		return nil, richerror.New(op).WithErr(err).
			WithMessage(errmsg.ErrorMsgSomethingWentWrong).WithKind(richerror.KindUnexpected)
	}

	defer adminRows.Close()

	for adminRows.Next() {
		acl, err := scanAccessControl(adminRows)
		if err != nil {
			return nil, richerror.New(op).WithErr(err).
				WithMessage(errmsg.ErrorMsgSomethingWentWrong).WithKind(richerror.KindUnexpected)
		}

		adminACL = append(adminACL, acl)
	}

	if err := adminRows.Err(); err != nil {
		return nil, richerror.New(op).WithErr(err).
			WithMessage(errmsg.ErrorMsgSomethingWentWrong).WithKind(richerror.KindUnexpected)
	}

	// merge ACLs by permission
	adminPermissions := make([]entity.AdminPermission, 0)
	for _, r := range adminRoleACL {
		if !slice.DoesExist(adminPermissions, r.Permission) {
			adminPermissions = append(adminPermissions, r.Permission)
		}
	}
	for _, a := range adminACL {
		if !slice.DoesExist(adminPermissions, a.Permission) {
			adminPermissions = append(adminPermissions, a.Permission)
		}
	}
	if len(adminPermissions) == 0 {
		return nil, nil
	}

	return adminPermissions, nil
}

func scanAccessControl(scanner mysql.Scanner) (entity.AdminAccessControl, error) {
	var (
		createdAt time.Time
		updateAt  time.Time
		acl       entity.AdminAccessControl
	)

	err := scanner.Scan(&acl.ID, &acl.ActorID, &acl.ActorType, &acl.Permission, &createdAt, &updateAt)

	return acl, err
}