package models

// A Token contains the parsed results from an bearer token. Its methods are safe to use with a nil receiver, but
// the userID should be checked.
type Token struct {
	UserID      string
	Permissions []string
}

// Authenticated returns true if the token is non-nil and parsed
func (token *Token) Authenticated() bool {
	return token != nil && token.UserID != ""
}

// Permitted returns true if the token is non-nil and has the given permission or the "admin" permission
func (token *Token) Permitted(permissions ...string) bool {
	if token == nil {
		return false
	}

	for _, tokenPermission := range token.Permissions {
		if tokenPermission == "admin" {
			return true
		}

		for _, permission := range permissions {
			if permission == tokenPermission {
				return true
			}
		}
	}

	return false
}

// PermittedUser checks the first permission if the user matches, the second otherwise. This is a common
// pattern.
func (token *Token) PermittedUser(userID, permissionIfUser, permissionOtherwise string) bool {
	if token == nil {
		return false
	}

	if token.UserID == userID {
		return token.Permitted(permissionIfUser)
	}

	return token.Permitted(permissionOtherwise)
}