package middleware

import (
	"nixcn-cms/data"
	"nixcn-cms/utils"

	"github.com/gin-gonic/gin"
	"github.com/google/uuid"
)

func Permission(requiredLevel uint) gin.HandlerFunc {
	return func(c *gin.Context) {
		var permissionLevel uint
		permissionLevelPrev, ok := c.Get("permission_level")
		if !ok {
			userIdOrig, ok := c.Get("user_id")
			if !ok || userIdOrig.(string) == "" {
				utils.HttpAbort(c, 401, "", "missing user id")
				return
			}

			userId, err := uuid.Parse(userIdOrig.(string))
			if err != nil {
				utils.HttpAbort(c, 500, "", "error parsing user id")
				return
			}

			userData, err := new(data.User).GetByUserId(userId)
			if err != nil {
				utils.HttpAbort(c, 404, "", "user not found")
				return
			}

			permissionLevel = userData.PermissionLevel
			c.Set("permission_level", userData.PermissionLevel)
		} else {
			permissionLevel = permissionLevelPrev.(uint)
		}

		if permissionLevel < requiredLevel {
			utils.HttpAbort(c, 403, "", "permission denied")
			return
		}

		c.Next()
	}
}