package mysqladmin

import (
	"context"
	"slices"
	"time"

	"git.gocasts.ir/ebhomengo/niki/entity"
	errmsg "git.gocasts.ir/ebhomengo/niki/pkg/err_msg"
	richerror "git.gocasts.ir/ebhomengo/niki/pkg/rich_error"
	"git.gocasts.ir/ebhomengo/niki/repository/mysql"
)

func (d *DB) GetAdminPermissions(ctx context.Context, adminID uint, role entity.AdminRole) ([]entity.AdminPermission, error) {
	const op = "mysqladmin.GetAdminPermissions"

	query := `select * from admin_access_controls where actor_type = ? and actor_id = ?`
	//nolint
	stmt, err := d.conn.PrepareStatement(ctx, mysql.StatementKeyAdminAccessControlGetPermissions, query)
	if err != nil {
		return nil, richerror.New(op).WithErr(err).
			WithMessage(errmsg.ErrorMsgCantPrepareStatement).WithKind(richerror.KindUnexpected)
	}

	// Get admin role ACL
	adminRoleRows, err := stmt.Query(entity.AdminRoleActorType, role)
	if err != nil {
		return nil, richerror.New(op).WithErr(err).
			WithMessage(errmsg.ErrorMsgSomethingWentWrong).WithKind(richerror.KindUnexpected)
	}
	defer adminRoleRows.Close()

	adminRoleACL := make([]entity.AdminAccessControl, 0)
	for adminRoleRows.Next() {
		acl, err := scanAccessControl(adminRoleRows)
		if err != nil {
			return nil, richerror.New(op).WithErr(err).
				WithMessage(errmsg.ErrorMsgSomethingWentWrong).WithKind(richerror.KindUnexpected)
		}

		adminRoleACL = append(adminRoleACL, acl)
	}

	if err = adminRoleRows.Err(); err != nil {
		return nil, richerror.New(op).WithErr(err).
			WithMessage(errmsg.ErrorMsgSomethingWentWrong).WithKind(richerror.KindUnexpected)
	}

	// Get admin ACL
	adminRows, err := stmt.Query(entity.AdminAdminActorType, adminID)
	if err != nil {
		return nil, richerror.New(op).WithErr(err).
			WithMessage(errmsg.ErrorMsgSomethingWentWrong).WithKind(richerror.KindUnexpected)
	}
	defer adminRows.Close()

	adminACL := make([]entity.AdminAccessControl, 0)
	for adminRows.Next() {
		acl, err := scanAccessControl(adminRows)
		if err != nil {
			return nil, richerror.New(op).WithErr(err).
				WithMessage(errmsg.ErrorMsgSomethingWentWrong).WithKind(richerror.KindUnexpected)
		}

		adminACL = append(adminACL, acl)
	}

	if err = adminRows.Err(); err != nil {
		return nil, richerror.New(op).WithErr(err).
			WithMessage(errmsg.ErrorMsgSomethingWentWrong).WithKind(richerror.KindUnexpected)
	}

	// merge ACLs by permission
	adminPermissions := make([]entity.AdminPermission, 0)
	for _, r := range adminRoleACL {
		if !slices.Contains(adminPermissions, r.Permission) {
			adminPermissions = append(adminPermissions, r.Permission)
		}
	}
	for _, a := range adminACL {
		if !slices.Contains(adminPermissions, a.Permission) {
			adminPermissions = append(adminPermissions, a.Permission)
		}
	}
	if len(adminPermissions) == 0 {
		return nil, nil
	}

	return adminPermissions, nil
}

func scanAccessControl(scanner mysql.Scanner) (entity.AdminAccessControl, error) {
	var (
		createdAt time.Time
		updateAt  time.Time
		acl       entity.AdminAccessControl
	)

	err := scanner.Scan(&acl.ID, &acl.ActorID, &acl.ActorType, &acl.Permission, &createdAt, &updateAt)

	return acl, err
}