package model

import "time"

// RolePermission stores menu/feature permissions per role.
type RolePermission struct {
	ID        uint      `gorm:"primaryKey;autoIncrement" json:"id"`
	Role      string    `gorm:"size:20;uniqueIndex;not null" json:"role"` // admin / operator / viewer / custom roles
	Menus     string    `gorm:"type:text" json:"menus"`                   // comma-separated menu keys: dashboard,merchants,tasks,...
	Actions   string    `gorm:"type:text" json:"actions"`                 // comma-separated action keys: task_start,merchant_edit,...
	CreatedAt time.Time `json:"created_at"`
	UpdatedAt time.Time `json:"updated_at"`
}

func (RolePermission) TableName() string { return "role_permissions" }

// AllMenuKeys returns all available menu keys in order.
func AllMenuKeys() []map[string]string {
	return []map[string]string{
		{"key": "dashboard", "label": "数据看板"},
		{"key": "merchants", "label": "商户列表"},
		{"key": "merchants-raw", "label": "原始数据"},
		{"key": "groups", "label": "群组分析"},
		{"key": "channels", "label": "频道管理"},
		{"key": "analytics", "label": "数据分析"},
		{"key": "tasks", "label": "任务管理"},
		{"key": "keywords", "label": "关键词管理"},
		{"key": "tg-accounts", "label": "TG账号"},
		{"key": "proxies", "label": "代理管理"},
		{"key": "settings", "label": "分级设置"},
		{"key": "schedules", "label": "定时任务"},
		{"key": "notifications", "label": "通知管理"},
		{"key": "audit-logs", "label": "审计日志"},
		{"key": "users", "label": "用户管理"},
	}
}

// AllActionKeys returns all available action permission keys.
func AllActionKeys() []map[string]string {
	return []map[string]string{
		{"key": "task_start", "label": "启动任务"},
		{"key": "task_stop", "label": "停止任务"},
		{"key": "merchant_edit", "label": "编辑商户"},
		{"key": "merchant_assign", "label": "分配商户"},
		{"key": "merchant_delete", "label": "删除商户"},
		{"key": "merchant_import", "label": "导入商户"},
		{"key": "merchant_export", "label": "导出商户"},
		{"key": "keyword_manage", "label": "管理关键词"},
		{"key": "schedule_manage", "label": "管理定时任务"},
		{"key": "user_manage", "label": "管理用户"},
		{"key": "setting_manage", "label": "管理设置"},
	}
}

// DefaultPermissions returns the default permission sets per built-in role.
func DefaultPermissions() map[string]struct{ Menus, Actions string } {
	return map[string]struct{ Menus, Actions string }{
		"admin": {
			Menus:   "dashboard,merchants,merchants-raw,groups,channels,analytics,tasks,keywords,tg-accounts,proxies,settings,schedules,notifications,audit-logs,users",
			Actions: "task_start,task_stop,merchant_edit,merchant_assign,merchant_delete,merchant_import,merchant_export,keyword_manage,schedule_manage,user_manage,setting_manage",
		},
		"operator": {
			Menus:   "dashboard,merchants,merchants-raw,groups,channels,analytics,tasks,keywords,tg-accounts,settings",
			Actions: "task_start,task_stop,merchant_edit,merchant_assign,merchant_import,merchant_export,keyword_manage",
		},
		"viewer": {
			Menus:   "dashboard,merchants,merchants-raw,groups,channels,analytics",
			Actions: "merchant_export",
		},
	}
}