package auth

import (
	"fmt"
)

type User struct {
	ID   string `json:"id"`
	Name string `json:"name"`
}

type UserInfo struct {
	User
	Permissions []string `json:"permissions"`
}

type Result struct {
	User                   *UserInfo `json:"user"`
	Token                  string    `json:"token,omitempty"`
	Session                string    `json:"session,omitempty"`
	PasswordChangeRequired bool      `json:"passwordChangeRequired"`
}

func (user *UserInfo) HasIDOrPermission(userID, subject, action string) bool {
	return user.HasID(userID) || user.HasPermission(subject, action)
}

func (user *UserInfo) HasID(id string) bool {
	return user != nil && user.ID == id
}

func (user *UserInfo) HasOpPermission(userID, subject, action string) bool {
	if !user.HasID(userID) && !user.HasPermission(subject, "admin") {
		return false
	}

	return user.HasPermission(subject, action)
}

func (user *UserInfo) HasPermission(subject, action string) bool {
	if user == nil {
		return false
	}

	anyAll := "*.*"
	anyAction := fmt.Sprintf("%s.*", subject)
	anySubject := fmt.Sprintf("*.%s", action)
	specific := fmt.Sprintf("%s.%s", subject, action)

	if action == "admin" {
		anyAction = specific
	}

	for _, perm := range user.Permissions {
		if perm == anyAll || perm == anyAction || perm == anySubject || perm == specific {
			return true
		}
	}

	return false
}