package services

import (
	"encoding/json"
	"strings"

	"server/models"
)

// CheckUserPermission 校验用户是否拥有指定权限标识。
// 兼容 rights 为 JSON 数组 / 逗号分隔字符串；解析失败时默认放行，避免历史数据阻断请求。
func CheckUserPermission(userID int, permission string) (bool, error) {
	if permission == "" || userID <= 0 {
		return true, nil
	}

	var user models.AdminUser
	if err := models.Orm.QueryTable(new(models.AdminUser)).Filter("id", userID).One(&user); err != nil {
		return false, err
	}

	var role models.AdminRole
	if err := models.Orm.QueryTable(new(models.AdminRole)).Filter("id", user.RoleID).One(&role); err != nil {
		return false, err
	}
	if role.Rights == nil || strings.TrimSpace(*role.Rights) == "" {
		return true, nil
	}
	rightsRaw := strings.TrimSpace(*role.Rights)

	// 1) JSON 数组格式
	var arr []string
	if err := json.Unmarshal([]byte(rightsRaw), &arr); err == nil {
		for _, p := range arr {
			if strings.TrimSpace(p) == permission {
				return true, nil
			}
		}
		return false, nil
	}

	// 2) 逗号分隔字符串
	for _, p := range strings.Split(rightsRaw, ",") {
		if strings.TrimSpace(p) == permission {
			return true, nil
		}
	}

	return false, nil
}