package middleware

import (
	"net/http"

	"git.gocasts.ir/ebhomengo/niki/entity"
	"git.gocasts.ir/ebhomengo/niki/pkg/claim"
	errmsg "git.gocasts.ir/ebhomengo/niki/pkg/err_msg"
	adminauthorizationservice "git.gocasts.ir/ebhomengo/niki/service/admin/authorization"
	"github.com/labstack/echo/v4"
)

func AdminAuthorization(service adminauthorizationservice.Service,
	permissions ...entity.AdminPermission,
) echo.MiddlewareFunc {
	return func(next echo.HandlerFunc) echo.HandlerFunc {
		return func(c echo.Context) (err error) {
			claims := claim.GetClaimsFromEchoContext(c)

			isAllowed, err := service.CheckAccess(c.Request().Context(), claims.UserID, entity.MapToAdminRole(claims.Role), permissions...)
			if err != nil {
				return echo.NewHTTPError(http.StatusInternalServerError, errmsg.ErrorMsgSomethingWentWrong)
			}

			if !isAllowed {
				return echo.NewHTTPError(http.StatusForbidden, errmsg.ErrorMsgUserNotAllowed)
			}

			return next(c)
		}
	}
}