export const PermissionCodes = {
  dataManagementRead: "module:data-management:read",
  dataManagementWrite: "module:data-management:write",
  dataAnnotationRead: "module:data-annotation:read",
  dataAnnotationWrite: "module:data-annotation:write",
  dataCollectionRead: "module:data-collection:read",
  dataCollectionWrite: "module:data-collection:write",
  dataEvaluationRead: "module:data-evaluation:read",
  dataEvaluationWrite: "module:data-evaluation:write",
  dataSynthesisRead: "module:data-synthesis:read",
  dataSynthesisWrite: "module:data-synthesis:write",
  knowledgeManagementRead: "module:knowledge-management:read",
  knowledgeManagementWrite: "module:knowledge-management:write",
  knowledgeBaseRead: "module:knowledge-base:read",
  knowledgeBaseWrite: "module:knowledge-base:write",
  operatorMarketRead: "module:operator-market:read",
  operatorMarketWrite: "module:operator-market:write",
  orchestrationRead: "module:orchestration:read",
  orchestrationWrite: "module:orchestration:write",
  taskCoordinationRead: "module:task-coordination:read",
  taskCoordinationWrite: "module:task-coordination:write",
  taskCoordinationAssign: "module:task-coordination:assign",
  contentGenerationUse: "module:content-generation:use",
  agentUse: "module:agent:use",
  knowledgeGraphRead: "module:knowledge-graph:read",
  knowledgeGraphWrite: "module:knowledge-graph:write",
  userManage: "system:user:manage",
  roleManage: "system:role:manage",
  permissionManage: "system:permission:manage",
} as const;

const routePermissionRules: Array<{ prefix: string; permission: string }> = [
  { prefix: "/data/management", permission: PermissionCodes.dataManagementRead },
  { prefix: "/data/annotation", permission: PermissionCodes.dataAnnotationRead },
  { prefix: "/data/collection", permission: PermissionCodes.dataCollectionRead },
  { prefix: "/data/evaluation", permission: PermissionCodes.dataEvaluationRead },
  { prefix: "/data/synthesis", permission: PermissionCodes.dataSynthesisRead },
  { prefix: "/data/knowledge-management", permission: PermissionCodes.knowledgeManagementRead },
  { prefix: "/data/knowledge-base", permission: PermissionCodes.knowledgeBaseRead },
  { prefix: "/data/operator-market", permission: PermissionCodes.operatorMarketRead },
  { prefix: "/data/orchestration", permission: PermissionCodes.orchestrationRead },
  { prefix: "/data/task-coordination", permission: PermissionCodes.taskCoordinationRead },
  { prefix: "/data/content-generation", permission: PermissionCodes.contentGenerationUse },
  { prefix: "/data/knowledge-graph", permission: PermissionCodes.knowledgeGraphRead },
  { prefix: "/chat", permission: PermissionCodes.agentUse },
];

const defaultRouteCandidates: Array<{ path: string; permission: string }> = [
  { path: "/data/management", permission: PermissionCodes.dataManagementRead },
  { path: "/data/annotation", permission: PermissionCodes.dataAnnotationRead },
  { path: "/data/knowledge-management", permission: PermissionCodes.knowledgeManagementRead },
  { path: "/data/knowledge-base", permission: PermissionCodes.knowledgeBaseRead },
  { path: "/chat", permission: PermissionCodes.agentUse },
];

export function hasPermission(
  userPermissions: string[] | undefined,
  requiredPermission?: string | null
): boolean {
  if (!requiredPermission) {
    return true;
  }
  return (userPermissions ?? []).includes(requiredPermission);
}

export function resolveRequiredPermissionByPath(pathname: string): string | null {
  if (pathname === "/403") {
    return null;
  }
  const matchedRule = routePermissionRules.find((rule) =>
    pathname.startsWith(rule.prefix)
  );
  return matchedRule?.permission ?? null;
}

export function resolveDefaultAuthorizedPath(userPermissions: string[]): string {
  const matchedPath = defaultRouteCandidates.find((candidate) =>
    hasPermission(userPermissions, candidate.permission)
  )?.path;
  return matchedPath ?? "/403";
}