using EnumsNET;
using System.Collections.Generic;
using Sockeye.Biz;


namespace Sockeye.Api.ControllerHelpers
{

    //AUTHORIZATION ROLES: NOTE - this is only 'stage1' of generally checking rights, individual objects can also have business rules that affect access exactly as these roles do
    //Most objects won't need more than this but some specialized ones will have further checks depending on biz rules

    internal static class Authorized
    {

        /// <summary>
        /// User has any role restricted or full
        /// </summary>
        /// <param name="HttpContextItems"></param>   
        /// <param name="CheckRoles"></param>    
        /// <returns></returns>       
        internal static bool HasAnyRole(IDictionary<object, object> HttpContextItems, AuthorizationRoles CheckRoles)
        {
            AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
            return HasAnyRole(currentUserRoles, CheckRoles);
        }

        /// <summary>
        /// User has any role restricted or full
        /// </summary>
        /// <param name="currentUserRoles"></param>   
        /// <param name="CheckRoles"></param>    
        /// <returns></returns>       
        internal static bool HasAnyRole(AuthorizationRoles currentUserRoles, AuthorizationRoles CheckRoles)
        {
            if (currentUserRoles.HasAnyFlags(CheckRoles))
                return true;
            return false;
        }

        /// <summary>
        /// any access at all?
        /// </summary>
        /// <param name="HttpContextItems"></param>
        /// <param name="aType"></param>
        /// <returns></returns>
        internal static bool HasAnyRole(IDictionary<object, object> HttpContextItems, SockType aType)
        {
            AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
            return HasAnyRole(currentUserRoles, aType);
        }

        /// <summary>
        /// User has any access at all to this object?
        /// </summary>
        /// <param name="currentUserRoles"></param>
        /// <param name="aType"></param>
        /// <returns></returns>
        internal static bool HasAnyRole(AuthorizationRoles currentUserRoles, SockType aType)
        {
            var RoleSet = BizRoles.GetRoleSet(aType);
            if (RoleSet == null) return false;
            var AllowedRoles = RoleSet.ReadFullRecord | RoleSet.Change | RoleSet.Select;
            return currentUserRoles.HasAnyFlags(AllowedRoles);
        }

        /// <summary>
        /// READ FULL RECORD (not just name and id)
        /// </summary>
        /// <param name="HttpContextItems"></param>
        /// <param name="aType"></param>
        /// <returns></returns>
        internal static bool HasSelectRole(IDictionary<object, object> HttpContextItems, SockType aType)
        {
            AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
            return HasSelectRole(currentUserRoles, aType);
        }

        /// <summary>
        /// SELECT BY NAME
        /// </summary>
        /// <param name="currentUserRoles"></param>
        /// <param name="aType"></param>
        /// <returns></returns>
        internal static bool HasSelectRole(AuthorizationRoles currentUserRoles, SockType aType)
        {
            var RoleSet = BizRoles.GetRoleSet(aType);
            if (RoleSet == null) return false;

            //NOTE: this assumes that if you can change you can read
            if (currentUserRoles.HasAnyFlags(RoleSet.Change))
                return true;

            if (currentUserRoles.HasAnyFlags(RoleSet.ReadFullRecord))
                return true;

            if (currentUserRoles.HasAnyFlags(RoleSet.Select))
                return true;

            return false;
        }


        /// <summary>
        /// READ FULL RECORD (not just name and id)
        /// </summary>
        /// <param name="HttpContextItems"></param>
        /// <param name="aType"></param>
        /// <returns></returns>
        internal static bool HasReadFullRole(IDictionary<object, object> HttpContextItems, SockType aType)
        {
            AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
            return HasReadFullRole(currentUserRoles, aType);
        }

        /// <summary>
        /// READ FULL RECORD (not just name and id)
        /// </summary>
        /// <param name="currentUserRoles"></param>
        /// <param name="aType"></param>
        /// <returns></returns>
        internal static bool HasReadFullRole(AuthorizationRoles currentUserRoles, SockType aType)
        {
            //NOTE: this assumes that if you can change you can read
            var RoleSet = BizRoles.GetRoleSet(aType);
            if (RoleSet == null) return false;
            var AllowedRoles = RoleSet.ReadFullRecord | RoleSet.Change;
            return currentUserRoles.HasAnyFlags(AllowedRoles);
        }



        /// <summary>
        /// CREATE
        /// </summary>
        /// <param name="HttpContextItems"></param>
        /// <param name="aType"></param>
        /// <returns></returns>
        internal static bool HasCreateRole(IDictionary<object, object> HttpContextItems, SockType aType)
        {
            AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
            return HasCreateRole(currentUserRoles, aType);
        }

        /// <summary>
        /// CREATE
        /// </summary>
        /// <param name="currentUserRoles"></param>
        /// <param name="aType"></param>
        /// <returns></returns>
        internal static bool HasCreateRole(AuthorizationRoles currentUserRoles, SockType aType)
        {
            var RoleSet = BizRoles.GetRoleSet(aType);
            if (RoleSet == null) return false;
            if (currentUserRoles.HasAnyFlags(RoleSet.Change))
                return true;
            return false;
        }


        /// <summary>
        /// MODIFY
        /// </summary>
        /// <param name="HttpContextItems"></param>
        /// <param name="aType"></param>

        /// <returns></returns>
        internal static bool HasModifyRole(IDictionary<object, object> HttpContextItems, SockType aType)
        {
            AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
            return HasModifyRole(currentUserRoles, aType);
        }


        /// <summary>
        /// MODIFY
        /// </summary>
        /// <param name="currentUserRoles"></param>
        /// <param name="aType"></param>
        /// <returns></returns>
        internal static bool HasModifyRole(AuthorizationRoles currentUserRoles, SockType aType)
        {
            var RoleSet = BizRoles.GetRoleSet(aType);
            if (RoleSet == null) return false;
            if (currentUserRoles.HasAnyFlags(RoleSet.Change))
                return true;
            return false;
        }




        /// <summary>
        /// DELETE
        /// </summary>
        /// <param name="HttpContextItems"></param>
        /// <param name="aType"></param>
        /// <returns></returns>
        //For now just going to treat as a modify, but for maximum flexibility keeping this as a separate method in case we change our minds in future
        internal static bool HasDeleteRole(IDictionary<object, object> HttpContextItems, SockType aType)
        {
            AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
            long currentUserId = UserIdFromContext.Id(HttpContextItems);
            return HasDeleteRole(currentUserRoles, aType);
        }


        /// <summary>
        /// DELETE
        /// </summary>
        /// <param name="currentUserRoles"></param>       
        /// <param name="aType"></param>       
        /// <returns></returns>
        //For now just going to treat as a modify, but for maximum flexibility keeping this as a separate method in case we change our minds in future
        internal static bool HasDeleteRole(AuthorizationRoles currentUserRoles, SockType aType)
        {
            var RoleSet = BizRoles.GetRoleSet(aType);
            if (RoleSet == null) return false;
            if (currentUserRoles.HasAnyFlags(RoleSet.Change))
                return true;
            return false;
        }



    }


}//eons