/*
 * @description: 访问权限认证
 * @Author: CP
 * @Date: 2020-10-09 10:43:39
 * @FilePath: \construction_management\web\middleware\accessAuth.go
 */
package middleware

import (
	"encoding/json"
	"errors"
	"fmt"
	"io/ioutil"
	"log"

	"github.com/kataras/iris/v12"
	"go.mod/models"
)

// 员工表权限解析
type permission struct {
	Add    int ` json:"add" `
	Delete int ` json:"delete" `
	Access int ` json:"access" `
}

// 权限JSON对象
type permissionPath struct {
	Contract       path     `json:"contract" `
	Safe           path     `json:"safe" `
	Quality        path     `json:"quality" `
	ProjectSetting []string `json:"projectSetting" `
}

// 对象中地址列表
type path struct {
	Add    []string `json:"add" `
	Access []string `json:"access" `
	Delete []string `json:"delete" `
}

// 权限验证中间件
func AccessAuth(ctx iris.Context) {
	// 1.获得成员信息
	account := ctx.Values().Get("account").(*models.CmProjectAccount)
	// 1-1.是管理员- 拥有所有权限
	if account.IsAdmin != 1 {
		// if account.IsAdmin == 1 {
		// 2.获得员工可访问的权限
		contractPermission := permission{}
		if account.ContractPermission != "" {
			err := json.Unmarshal([]byte(account.ContractPermission), &contractPermission)
			// 错误后 全部权限默认为0
			if err != nil {
				log.Println("合同权限解析错误:err=", err)
			}
		}
		safePermission := permission{}
		if account.SafePermission != "" {
			err := json.Unmarshal([]byte(account.SafePermission), &safePermission)
			if err != nil {
				log.Println("安全权限解析错误:err=", err)
			}
		}
		qualityPermission := permission{}
		if account.QualityPermission != "" {
			err := json.Unmarshal([]byte(account.QualityPermission), &qualityPermission)
			if err != nil {
				log.Println("质量权限解析错误:err=", err)
			}
		}

		// 2-1获得权限列表
		permissionPath := permissionPath{}
		permissionPathData, err := ioutil.ReadFile("../lib/permission.json")
		err = json.Unmarshal(permissionPathData, &permissionPath)
		if err != nil {
			log.Println("权限解析错误:err=", err)
			ctx.JSON(iris.Map{"code": 2, "msg": "权限解析错误"})
			return
		}
		// 2-2 不容许访问的权限--比对访问路径
		requestPath := ctx.Path()
		// 合同权限
		err = verifyAuth(contractPermission, permissionPath.Contract, requestPath)
		if err != nil {
			ctx.JSON(iris.Map{"code": 2, "msg": fmt.Sprintf("%s", err)})
			return
		}
		// 安全权限
		err = verifyAuth(contractPermission, permissionPath.Safe, requestPath)
		if err != nil {
			ctx.JSON(iris.Map{"code": 2, "msg": fmt.Sprintf("%s", err)})
			return
		}
		// 质量权限
		err = verifyAuth(contractPermission, permissionPath.Quality, requestPath)
		if err != nil {
			ctx.JSON(iris.Map{"code": 2, "msg": fmt.Sprintf("%s", err)})
			return
		}
		// 项目设置 -只有管理员才能访问
		for _, path := range permissionPath.ProjectSetting {
			if path == requestPath {
				ctx.JSON(iris.Map{"code": 2, "msg": "无权访问"})
				return
			}
		}

	}

	ctx.Next()
}

// 验证权限路径
func verifyAuth(permission permission, pathList path, requestPath string) error {
	if permission.Add == 0 {
		for _, path := range pathList.Add {
			if path == requestPath {
				return errors.New("无权访问")
			}
		}
	}
	if permission.Access == 0 {
		for _, path := range pathList.Access {
			if path == requestPath {
				return errors.New("无权访问")
			}
		}
	}
	if permission.Delete == 0 {
		for _, path := range pathList.Delete {
			if path == requestPath {
				return errors.New("无权访问")
			}
		}
	}
	return nil
}