using System.Net;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Controllers;
using Microsoft.AspNetCore.Mvc.Filters;
using Volo.Abp.DependencyInjection;
using Volo.Abp.Http;

namespace NPin.Framework.Upms.Domain.Authorization;

/// <summary>
/// 权限处理器
/// </summary>
internal class PermissionGlobalAttribute : ActionFilterAttribute, ITransientDependency
{
    private readonly IPermissionHandler _permissionHandler;

    public PermissionGlobalAttribute(IPermissionHandler permissionHandler)
    {
        _permissionHandler = permissionHandler;
    }

    public override void OnActionExecuting(ActionExecutingContext context)
    {
        if (context.ActionDescriptor is not ControllerActionDescriptor controllerActionDescriptor) return;
        var perAttribute = controllerActionDescriptor.MethodInfo.GetCustomAttributes(inherit: true)
            .FirstOrDefault(a => a.GetType() == typeof(PermissionAttribute)) as PermissionAttribute;
        // 无权限标识，通过
        if (perAttribute is null) return;

        var passed = _permissionHandler.IsPass(perAttribute.Code);
        if (passed) return;
        
        var model = new RemoteServiceErrorInfo
        {
            Code = "403",
            Message = "您无权访问，请联系管理员",
            Details = $"您无权访问该接口-{context.HttpContext.Request.Path.Value}"
        };
        var content = new ObjectResult(new { error = model })
        {
            StatusCode = (int)HttpStatusCode.Forbidden
        };
        context.Result = content;
    }
}