package model

import (
	"fmt"
	"strings"
	"time"

	"go.uber.org/zap"
	"gorm.io/gorm"
)

type Permission struct {
	Id          int64     `form:"id" json:"id,omitempty" gorm:"primaryKey;autoIncrement;column:id;comment:;"`
	Method      string    `form:"method" json:"method,omitempty" gorm:"column:method;type:varchar(16);size:16;index:method_path,unique;comment:请求方法，grpc为空;"`
	Path        string    `form:"path" json:"path,omitempty" gorm:"column:path;type:varchar(128);size:128;index:method_path,unique;comment:API路径;"`
	Title       string    `form:"title" json:"title,omitempty" gorm:"column:title;type:varchar(255);size:255;comment:中文名称;"`
	Description string    `form:"description" json:"description,omitempty" gorm:"column:description;type:varchar(255);size:255;comment:权限描述;"`
	CreatedAt   time.Time `form:"created_at" json:"created_at,omitempty" gorm:"column:created_at;type:datetime;comment:创建时间;"`
	UpdatedAt   time.Time `form:"updated_at" json:"updated_at,omitempty" gorm:"column:updated_at;type:datetime;comment:更新时间;"`
}

func (Permission) TableName() string {
	return tablePrefix + "permission"
}

// 这里是proto文件中的结构体，可以根据需要删除或者调整
//message Permission {
// int64 id = 1;
// string category = 2;
// string title = 3;
// string description = 4;
// string identifier = 5;
//   = 0;
//   = 0;
//}

// CreatePermission 创建Permission
func (m *DBModel) CreatePermission(permission *Permission) (err error) {
	err = m.db.Create(permission).Error
	if err != nil {
		m.logger.Error("CreatePermission", zap.Error(err))
		return
	}
	return
}

// UpdatePermission 更新Permission，如果需要更新指定字段，则请指定updateFields参数
func (m *DBModel) UpdatePermission(permission *Permission, updateFields ...string) (err error) {
	db := m.db.Model(permission)

	updateFields = m.FilterValidFields(Permission{}.TableName(), updateFields...)
	if len(updateFields) > 0 { // 更新指定字段
		db = db.Select(updateFields)
	}

	err = db.Where("id = ?", permission.Id).Updates(permission).Error
	if err != nil {
		m.logger.Error("UpdatePermission", zap.Error(err))
	}
	return
}

// GetPermission 根据id获取Permission
func (m *DBModel) GetPermission(id interface{}, fields ...string) (permission Permission, err error) {
	db := m.db

	fields = m.FilterValidFields(Permission{}.TableName(), fields...)
	if len(fields) > 0 {
		db = db.Select(fields)
	}

	err = db.Where("id = ?", id).First(&permission).Error
	return
}

// GetPermissionByMethodPath
func (m *DBModel) GetPermissionByMethodPath(method, path string, createIfNotExist bool, fields ...string) (permission Permission, err error) {
	db := m.db

	fields = m.FilterValidFields(Permission{}.TableName(), fields...)
	if len(fields) > 0 {
		db = db.Select(fields)
	}

	db = db.Where("path = ?", path)
	if method != "" {
		db = db.Where("method = ?", method)
	} else {
		db = db.Where("(method IS NULL or method = '')")
	}

	err = db.First(&permission).Error
	if err != nil && err != gorm.ErrRecordNotFound {
		m.logger.Error("GetPermissionByIdentifier", zap.Error(err))
		return
	}

	if permission.Id > 0 {
		return
	}

	if createIfNotExist {
		permission.Method = method
		permission.Path = path
		err = m.CreatePermission(&permission)
		if err != nil {
			m.logger.Error("GetPermissionByIdentifier", zap.Error(err))
			return
		}
	}
	return
}

// DeletePermission 删除数据
func (m *DBModel) DeletePermission(ids []interface{}) (err error) {
	err = m.db.Where("id in (?)", ids).Delete(&Permission{}).Error
	if err != nil {
		m.logger.Error("DeletePermission", zap.Error(err))
	}
	return
}

//  CheckPermissionByUserId 根据用户ID，检查用户是否有权限
func (m *DBModel) CheckPermissionByUserId(userId int64, method, path string) (yes bool) {
	var (
		userGroups []UserGroup
		groupId    []int64
	)

	// NOTE: ID为1的用户，拥有所有权限，可以理解为类似linux的root用户
	if userId == 1 {
		return true
	}

	if userId > 0 {
		m.db.Where("user_id = ?", userId).Find(&userGroups)
		for _, ug := range userGroups {
			groupId = append(groupId, ug.GroupId)
		}
	}

	return m.CheckPermissionByGroupId(groupId, method, path)
}

//  CheckPermissionByGroupId 根据用户所属用户组ID，检查用户是否有权限
func (m *DBModel) CheckPermissionByGroupId(groupId []int64, method, path string) (yes bool) {
	fields := []string{"id", "type", "method", "path"}
	permission, err := m.GetPermissionByMethodPath(method, path, true, fields...)
	if err != nil {
		m.logger.Error("CheckPermissionByGroupId", zap.Error(err))
	}

	if permission.Id == 0 { // 权限控制表里面不存在的记录，默认允许访问
		return true
	}

	// 校验当前登录了的用户所属用户组，是否有权限
	var groupPermission GroupPermission
	err = m.db.Where("group_id in (?) and permission_id = ?", groupId, permission.Id).First(&groupPermission).Error
	if err != nil {
		m.logger.Error("CheckPermissionByGroupId", zap.Error(err))
	}

	// 如果有权限，返回true
	return groupPermission.Id > 0
}

type OptionGetPermissionList struct {
	Page         int
	Size         int
	WithCount    bool                      // 是否返回总数
	Ids          []interface{}             // id列表
	SelectFields []string                  // 查询字段
	QueryRange   map[string][2]interface{} // map[field][]{min,max}
	QueryIn      map[string][]interface{}  // map[field][]{value1,value2,...}
	QueryLike    map[string][]interface{}  // map[field][]{value1,value2,...}
	Sort         []string
}

// GetPermissionList 获取Permission列表
func (m *DBModel) GetPermissionList(opt OptionGetPermissionList) (permissionList []Permission, total int64, err error) {
	db := m.db.Model(&Permission{})

	for field, rangeValue := range opt.QueryRange {
		fields := m.FilterValidFields(Permission{}.TableName(), field)
		if len(fields) == 0 {
			continue
		}
		if rangeValue[0] != nil {
			db = db.Where(fmt.Sprintf("%s >= ?", field), rangeValue[0])
		}
		if rangeValue[1] != nil {
			db = db.Where(fmt.Sprintf("%s <= ?", field), rangeValue[1])
		}
	}

	for field, values := range opt.QueryIn {
		fields := m.FilterValidFields(Permission{}.TableName(), field)
		if len(fields) == 0 {
			continue
		}
		db = db.Where(fmt.Sprintf("%s in (?)", field), values)
	}

	for field, values := range opt.QueryLike {
		fields := m.FilterValidFields(Permission{}.TableName(), field)
		if len(fields) == 0 {
			continue
		}
		db = db.Where(strings.TrimSuffix(fmt.Sprintf(strings.Join(make([]string, len(values)+1), "%s like ? or"), field), "or"), values...)
	}

	if len(opt.Ids) > 0 {
		db = db.Where("id in (?)", opt.Ids)
	}

	if opt.WithCount {
		err = db.Count(&total).Error
		if err != nil {
			m.logger.Error("GetPermissionList", zap.Error(err))
			return
		}
	}

	opt.SelectFields = m.FilterValidFields(Permission{}.TableName(), opt.SelectFields...)
	if len(opt.SelectFields) > 0 {
		db = db.Select(opt.SelectFields)
	}

	if len(opt.Sort) > 0 {
		var sorts []string
		for _, sort := range opt.Sort {
			slice := strings.Split(sort, " ")
			if len(m.FilterValidFields(Permission{}.TableName(), slice[0])) == 0 {
				continue
			}

			if len(slice) == 2 {
				sorts = append(sorts, fmt.Sprintf("%s %s", slice[0], slice[1]))
			} else {
				sorts = append(sorts, fmt.Sprintf("%s desc", slice[0]))
			}
		}
		if len(sorts) > 0 {
			db = db.Order(strings.Join(sorts, ","))
		}
	}

	db = db.Offset((opt.Page - 1) * opt.Size).Limit(opt.Size)

	err = db.Find(&permissionList).Error
	if err != nil && err != gorm.ErrRecordNotFound {
		m.logger.Error("GetPermissionList", zap.Error(err))
	}
	return
}