using MediatR.Behaviors.Authorization;

namespace ExpenseTracker.Application.Common.Authorization;

public class MustBeInRolesRequirement : IAuthorizationRequirement
{
    public required ICollection<string> UserRoles { get; init; } = default!;
    public required ICollection<string> RequiredRoles { get; init; } = default!;

    class MustBeInAdministratorRoleRequirementHandler : IAuthorizationHandler<MustBeInRolesRequirement>
    {
        public async Task<AuthorizationResult> Handle(MustBeInRolesRequirement request, CancellationToken cancellationToken)
        {
            var isUserInRequiredRoles = request.UserRoles.Any(ur => request.RequiredRoles.Contains(ur));

            if (isUserInRequiredRoles)
            {
                return AuthorizationResult.Succeed();
            }

            return AuthorizationResult.Fail($"You must be in one of the following roles: '{String.Join("', ", request.RequiredRoles)}'.");
        }
    }
}