using System.Threading.Tasks;
using ContactManagementAPI.Models;
using ContactManagementAPI.Services;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;

namespace ContactManagementAPI.Security
{
    public class RequireRightAttribute : TypeFilterAttribute
    {
        public RequireRightAttribute(string rightKey) : base(typeof(RequireRightFilter))
        {
            Arguments = new object[] { rightKey };
        }
    }

    public class RequireRightFilter : IAsyncActionFilter
    {
        private readonly string _rightKey;
        private readonly UserContextService _userContext;
        private readonly AuthorizationService _authorizationService;

        public RequireRightFilter(string rightKey, UserContextService userContext, AuthorizationService authorizationService)
        {
            _rightKey = rightKey;
            _userContext = userContext;
            _authorizationService = authorizationService;
        }

        public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
        {
            if (!_userContext.UserId.HasValue)
            {
                var returnUrl = context.HttpContext.Request.Path + context.HttpContext.Request.QueryString;
                context.Result = new RedirectToActionResult("Login", "Account", new { returnUrl });
                return;
            }

            var hasRight = _authorizationService.HasRight(_userContext.UserId.Value, _rightKey);
            if (!hasRight)
            {
                context.Result = new RedirectToActionResult("AccessDenied", "Account", null);
                return;
            }

            await next();
        }
    }
}