package usecase

import (
	"context"
	"git.sch9.ru/new_gate/ms-tester/internal/models"
	"github.com/open-policy-agent/opa/rego"
)

type PermissionService struct {
	query *rego.PreparedEvalQuery
}

func NewPermissionService() *PermissionService {
	query, err := rego.New(
		rego.Query("allow = data.problem.rbac.allow"),
		rego.Load([]string{"./opa/problem.rego"}, nil),
	).PrepareForEval(context.TODO())

	if err != nil {
		panic(err)
	}

	return &PermissionService{
		query: &query,
	}
}

func (s *PermissionService) Allowed(ctx context.Context, user *models.User, action string) bool {
	input := map[string]interface{}{
		"user":   user,
		"action": action,
	}

	result, err := s.query.Eval(ctx, rego.EvalInput(input))
	if err != nil {
		panic(err)
	}
	return result[0].Bindings["allow"].(bool)
}

//func (service *ProblemUseCase) CanCreateProblem(ctx context.Context) error {
//	if !service.permissionService.Allowed(ctx, extractUser(ctx), "create") {
//		return utils.ServiceError(nil, utils.ErrNoPermission, "permission denied")
//	}
//	return nil
//}
//
//func (service *ProblemUseCase) CanReadProblemById(ctx context.Context) error {
//	if !service.permissionService.Allowed(ctx, extractUser(ctx), "read") {
//		return utils.ServiceError(nil, utils.ErrNoPermission, "permission denied")
//	}
//	return nil
//}
//
//func (service *ProblemUseCase) CanUpdateProblem(ctx context.Context) error {
//	if !service.permissionService.Allowed(ctx, extractUser(ctx), "update") {
//		return utils.ServiceError(nil, utils.ErrNoPermission, "permission denied")
//	}
//	return nil
//}
//
//func (service *ProblemUseCase) CanDeleteProblem(ctx context.Context) error {
//	if !service.permissionService.Allowed(ctx, extractUser(ctx), "delete") {
//		return utils.ServiceError(nil, utils.ErrNoPermission, "permission denied")
//	}
//	return nil
//}