import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common';
import { Reflector } from '@nestjs/core';
import { PERMISSIONS_KEY } from './permissions.decorator';
import { Permission } from './permissions.enum';

@Injectable()
export class PermissionsGuard implements CanActivate {
  constructor(private reflector: Reflector) {}

  canActivate(context: ExecutionContext): boolean {
    const requiredPermissions = this.reflector.getAllAndOverride<Permission[]>(
      PERMISSIONS_KEY,
      [context.getHandler(), context.getClass()],
    );

    if (!requiredPermissions) {
      return true;
    }

    const request = context.switchToHttp().getRequest();
    const { user } = request;

    if (request.apiKeyMetadata) {
      return true;
    }

    if (!user || !user.permissions) {
      return false;
    }

    const userPermissions = user.permissions as Permission[];

    if (userPermissions.includes(Permission.MANAGE_ALL)) {
      return true;
    }

    return requiredPermissions.some((permission) =>
      userPermissions.includes(permission),
    );
  }
}