/**
 * Permission Store
 *
 * 管理用户权限和基于角色的访问控制（平台无关）
 */
import { defineStore } from 'pinia';
import { ref, computed } from 'vue';
import { useAuthStore } from './auth';

export const usePermissionStore = defineStore('permission', () => {
  // State
  const permissions = ref<string[]>([]);
  const roles = ref<string[]>([]);

  // Get auth store
  const authStore = useAuthStore();

  // Computed - User role
  const userRole = computed(() => authStore.userRole);

  // Computed - Role checks
  const isPlatformAdmin = computed(() => authStore.isPlatformAdmin);
  const hasPlatformAccess = computed(() => authStore.isPlatformAdmin);
  const hasAdminAccess = computed(() => authStore.isPlatformAdmin);

  /**
   * 检查用户是否有特定权限
   */
  const hasPermission = (resource: string, action: string): boolean => {
    // 平台管理员拥有所有权限
    if (isPlatformAdmin.value) {
      return true;
    }

    // 检查具体权限
    const permissionKey = `${resource}:${action}`;
    return permissions.value.includes(permissionKey) || permissions.value.includes('*:*');
  };

  /**
   * 检查是否可以读取资源
   */
  const canRead = (resource: string): boolean => {
    return hasPermission(resource, 'read');
  };

  /**
   * 检查是否可以创建资源
   */
  const canCreate = (resource: string): boolean => {
    return hasPermission(resource, 'create');
  };

  /**
   * 检查是否可以更新资源
   */
  const canUpdate = (resource: string): boolean => {
    return hasPermission(resource, 'update');
  };

  /**
   * 检查是否可以删除资源
   */
  const canDelete = (resource: string): boolean => {
    return hasPermission(resource, 'delete');
  };

  /**
   * 检查是否可以执行资源（如运行 Agent）
   */
  const canExecute = (resource: string): boolean => {
    return hasPermission(resource, 'execute');
  };

  /**
   * 检查是否可以管理用户
   */
  const canManageUsers = computed(() => {
    return isPlatformAdmin.value;
  });

  /**
   * 检查是否可以查看所有资源（跨租户）
   */
  const canViewAllResources = computed(() => {
    return isPlatformAdmin.value;
  });

  /**
   * 检查是否可以访问用户管理
   */
  const canAccessUserManagement = computed(() => {
    return isPlatformAdmin.value;
  });

  /**
   * 检查是否可以访问租户管理
   */
  const canAccessTenantManagement = computed(() => {
    return isPlatformAdmin.value;
  });

  /**
   * 加载用户权限
   */
  const loadPermissions = async (): Promise<void> => {
    // 根据角色设置默认权限
    if (isPlatformAdmin.value) {
      // 平台管理员拥有所有权限
      permissions.value = ['*:*'];
    } else {
      // 普通用户的基本权限
      permissions.value = ['agents:read', 'agents:execute', 'knowledge_bases:read'];
    }
  };

  /**
   * 清除权限
   */
  const clearPermissions = (): void => {
    permissions.value = [];
    roles.value = [];
  };

  return {
    // State
    permissions,
    roles,

    // Computed
    userRole,
    isPlatformAdmin,
    hasPlatformAccess,
    hasAdminAccess,
    canManageUsers,
    canViewAllResources,
    canAccessUserManagement,
    canAccessTenantManagement,

    // Actions
    hasPermission,
    canRead,
    canCreate,
    canUpdate,
    canDelete,
    canExecute,
    loadPermissions,
    clearPermissions,
  };
});