package auth

import (
	"context"

	"perms-system-server/internal/consts"
	"perms-system-server/internal/model/productmember"
	"perms-system-server/internal/svc"
)

func GetUserPerms(ctx context.Context, svcCtx *svc.ServiceContext, userId int64, deptId int64, productCode string, isSuperAdmin bool) ([]string, string, error) {
	if isSuperAdmin {
		perms, err := svcCtx.SysPermModel.FindAllCodesByProductCode(ctx, productCode)
		if err != nil {
			return nil, "", err
		}
		return perms, consts.MemberTypeSuperAdmin, nil
	}

	member, err := svcCtx.SysProductMemberModel.FindOneByProductCodeUserId(ctx, productCode, userId)
	if err != nil {
		if err == productmember.ErrNotFound {
			return nil, "", nil
		}
		return nil, "", err
	}

	if member.MemberType == consts.MemberTypeDeveloper || member.MemberType == consts.MemberTypeAdmin {
		perms, err := svcCtx.SysPermModel.FindAllCodesByProductCode(ctx, productCode)
		if err != nil {
			return nil, member.MemberType, err
		}
		return perms, member.MemberType, nil
	}

	if deptId > 0 {
		deptInfo, err := svcCtx.SysDeptModel.FindOne(ctx, deptId)
		if err == nil && deptInfo.DeptType == consts.DeptTypeDev {
			perms, err := svcCtx.SysPermModel.FindAllCodesByProductCode(ctx, productCode)
			if err != nil {
				return nil, member.MemberType, err
			}
			return perms, member.MemberType, nil
		}
	}

	roleIds, err := svcCtx.SysUserRoleModel.FindRoleIdsByUserId(ctx, userId)
	if err != nil {
		return nil, member.MemberType, err
	}

	productRoleIds := make([]int64, 0)
	if len(roleIds) > 0 {
		roles, err := svcCtx.SysRoleModel.FindByIds(ctx, roleIds)
		if err != nil {
			return nil, member.MemberType, err
		}
		for _, r := range roles {
			if r.ProductCode == productCode && r.Status == consts.StatusEnabled {
				productRoleIds = append(productRoleIds, r.Id)
			}
		}
	}

	rolePermIds, err := svcCtx.SysRolePermModel.FindPermIdsByRoleIds(ctx, productRoleIds)
	if err != nil {
		return nil, member.MemberType, err
	}

	allowPermIds, err := svcCtx.SysUserPermModel.FindPermIdsByUserIdAndEffect(ctx, userId, consts.PermEffectAllow)
	if err != nil {
		return nil, member.MemberType, err
	}

	denyPermIds, err := svcCtx.SysUserPermModel.FindPermIdsByUserIdAndEffect(ctx, userId, consts.PermEffectDeny)
	if err != nil {
		return nil, member.MemberType, err
	}

	denySet := make(map[int64]bool)
	for _, id := range denyPermIds {
		denySet[id] = true
	}

	permIdSet := make(map[int64]bool)
	for _, id := range rolePermIds {
		if !denySet[id] {
			permIdSet[id] = true
		}
	}
	for _, id := range allowPermIds {
		if !denySet[id] {
			permIdSet[id] = true
		}
	}

	finalIds := make([]int64, 0, len(permIdSet))
	for id := range permIdSet {
		finalIds = append(finalIds, id)
	}

	permsResult, err := svcCtx.SysPermModel.FindByIds(ctx, finalIds)
	if err != nil {
		return nil, member.MemberType, err
	}

	codes := make([]string, 0, len(permsResult))
	for _, p := range permsResult {
		if p.Status == consts.StatusEnabled {
			codes = append(codes, p.Code)
		}
	}

	return codes, member.MemberType, nil
}