package server

import (
	"net/http"

	"github.com/gin-gonic/gin"

	"edge-infra.dev/pkg/lib/fog"
	rulesengine "edge-infra.dev/pkg/sds/emergencyaccess/rules"
)

// identity, command, target

func (res RulesEngineService) validateCommand(c *gin.Context) {
	log := fog.FromContext(c).WithName("rulesengineservice")

	// Parse JSON
	var payload rulesengine.ValidateCommandPayload
	if err := c.BindJSON(&payload); err != nil {
		log.Error(err, "Failed to parse payload")
		c.Status(http.StatusBadRequest)
		return
	}
	if err := payload.Validate(); err != nil {
		log.Error(err, "Invalid payload")
		c.Status(http.StatusBadRequest)
		return
	}
	log = log.WithValues("userID", payload.Identity.UserID, "command", payload.Command, "bannerID", payload.Target.BannerID)
	c.Request = c.Request.Clone(fog.IntoContext(c.Request.Context(), log))

	var eaRoles []string
	var err error

	// if len eaRoles is nil we want to avoid checking the database unecessarily.
	if len(payload.Identity.EAroles) > 0 {
		eaRoles, err = res.RulesEngine.GetEARolesForCommand(c, payload.Command, payload.Target.BannerID)
	} else {
		log.Info("eaRoles was nil - returning false by default")
	}
	if err != nil {
		log.Error(err, "No corresponding EA roles returned")
		c.JSON(http.StatusInternalServerError, nil)
		return
	}

	valid := res.RulesEngine.UserHasRoles(payload.Identity.UserID, eaRoles, payload.Identity.EAroles)
	c.JSON(http.StatusOK, rulesengine.ValidateCommandResponse{Valid: valid})
}