using MediatR.Behaviors.Authorization;
using cuqmbr.TravelGuide.Domain.Enums;

namespace cuqmbr.TravelGuide.Application.Common.Authorization;

public class MustBeObjectOwnerOrAdminRequirement : IAuthorizationRequirement
{
    public ICollection<IdentityRole>? UserRoles { get; init; }

    public Guid? UserGuid { get; init; }
    public Guid? RequiredGuid { get; init; }

    class MustBeObjectOwnerOrAdminRequirementHandler :
        IAuthorizationHandler<MustBeObjectOwnerOrAdminRequirement>
    {
        public Task<AuthorizationResult> Handle(
            MustBeObjectOwnerOrAdminRequirement request,
            CancellationToken cancellationToken)
        {
            var isAdmin = request?.UserRoles
                ?.Any(ur => ur.Equals(IdentityRole.Administrator)) ??
                false;

            if (isAdmin)
            {
                return Task.FromResult(AuthorizationResult.Succeed());
            }

            if (request?.UserGuid == null || request?.RequiredGuid == null)
            {
                return Task.FromResult(AuthorizationResult.Fail());
            }

            if (request.UserGuid == request.RequiredGuid)
            {
                return Task.FromResult(AuthorizationResult.Succeed());
            }

            return Task.FromResult(AuthorizationResult.Fail());
        }
    }
}