-module(admin_utils).
-include("records.hrl").

-export([is_admin/1, check_role/2, get_permissions/1]).
-export([client_ip/1]).

is_admin(UserId) ->
  case core_admin:get_by_id(UserId) of
    {ok, _Admin} -> true;
    _ -> false
  end.

%% Проверка конкретной роли (или одной из списка ролей)
-spec check_role(UserId :: binary(), RequiredRole :: atom() | [atom()]) -> boolean().
check_role(UserId, RequiredRoles) when is_list(RequiredRoles) ->
  case core_admin:get_by_id(UserId) of
    {ok, Admin} -> lists:member(Admin#admin.role, RequiredRoles);
    _ -> false
  end;
check_role(UserId, RequiredRole) when is_atom(RequiredRole) ->
  case core_admin:get_by_id(UserId) of
    {ok, Admin} -> Admin#admin.role =:= RequiredRole;
    _ -> false
  end.

%% Возвращает список прав для роли администратора
-spec get_permissions(Role :: atom()) -> [binary()].
get_permissions(superadmin) ->
  [<<"manage_admins">>, <<"manage_users">>, <<"manage_events">>,
    <<"manage_calendars">>, <<"manage_reviews">>, <<"manage_reports">>,
    <<"manage_tickets">>, <<"manage_banned_words">>, <<"view_stats">>,
    <<"view_audit">>];
get_permissions(admin) ->
  [<<"manage_users">>, <<"manage_events">>,
    <<"manage_calendars">>, <<"manage_reviews">>, <<"manage_reports">>,
    <<"manage_tickets">>, <<"manage_banned_words">>, <<"view_stats">>,
    <<"view_audit">>];
get_permissions(moderator) ->
  [<<"manage_events">>, <<"manage_calendars">>, <<"manage_reviews">>,
    <<"manage_reports">>, <<"manage_tickets">>, <<"manage_banned_words">>,
    <<"view_stats">>];
get_permissions(support) ->
  [<<"manage_tickets">>, <<"view_stats">>];
get_permissions(_) ->
  [].

client_ip(_Req) -> <<"127.0.0.1">>.