package model

import (
	"fmt"
	"strings"
)

// platform:module:class:action
// admin:*:*:*
// admin:audit:*:*
// admin:audit:flow:*
// admin:audit:flow:operate

type Privilege struct {
	CreatedAt int64  `json:"created_at" gorm:"column:created_at;autoCreateTime:milli"`
	UpdatedAt int64  `json:"updated_at" gorm:"column:updated_at;autoUpdateTime:milli"`
	DeletedAt int64  `json:"deleted_at" gorm:"index;column:deleted_at;default:0"`
	Code      string `json:"code" gorm:"column:code;primaryKey"`
	Label     string `json:"label" gorm:"column:label"`
	Parent    string `json:"parent" gorm:"column:parent"`
	Scope     string `json:"scope" gorm:"column:scope"`
}

func (p *Privilege) Validate() error {
	ss := strings.Split(p.Code, ":")

	if len(ss) != 4 {
		return fmt.Errorf("privilege must consist of four parts: (platform:module:class:action)")
	}

	for _, s := range ss {
		if len(s) == 0 {
			return fmt.Errorf("privilege code parts must not be empty")
		}
	}

	code := strings.Clone(p.Code)
	for strings.HasSuffix(code, ":*") {
		code = code[:len(code)-2]
	}

	if code != "*" && strings.Contains(code, "*") {
		return fmt.Errorf("privilege can only have trailing wildcard search")
	}

	return nil
}