package middleware

import (
	"fmt"
	"github.com/gin-gonic/gin"
	"iot_manager_service/app/file/dao"
	"iot_manager_service/util/cache"
	"iot_manager_service/util/common"
	"iot_manager_service/util/token"
	"net/http"
	"strings"
)

// 校验用户对文件的权限
func CheckAuth() gin.HandlerFunc {
	return func(c *gin.Context) {
		header := c.GetHeader("Authorization")
		claims, _ := token.JwtClaims.ParseJwtToken(header)
		user, _ := cache.GetNowUser(claims.ID)
		fileid := c.Query("fileid")

		filedao := &dao.File{}
		file, err := filedao.GetFile(fileid)
		if err != nil {
			c.JSON(http.StatusOK, err)
			c.Abort()
			return
		}
		userAuth := user.User.AuthId
		fileAuth := file.AuthId

		var permissionMap = map[string]struct {
			index   int
			message string
		}{
			"/viewfile":       {0, "查看"},
			"/downloadfile":   {1, "下载"},
			"/forwardingfile": {2, "转发"},
		}

		for url, obj := range permissionMap {
			if strings.Contains(c.Request.RequestURI, url) {
				if fileAuth[obj.index] != '1' {
					c.JSON(http.StatusForbidden, common.StatusForbidden(fmt.Sprintf("抱歉，该文件不支持【%s】操作，请联系管理员。", obj.message), nil))
					c.Abort()
					return
				}
				if userAuth[obj.index] != fileAuth[obj.index] || userAuth[obj.index] != '1' {
					c.JSON(http.StatusForbidden, common.StatusForbidden(fmt.Sprintf("抱歉，您没有【%s】该文件权限，请联系管理员。", obj.message), nil))
					c.Abort()
					return
				}
			}
		}
		c.Next()
	}
}