import { Types } from 'mongoose';

import { IPermissionDoc } from '@/modules/permissions/permissions.interface';
import { Role } from '@/modules/roles/roles.model';

export const hasModuleAccess = async (
  roleIds: Types.ObjectId[],
  moduleName: string,
  requiredActions: string | string[],
  moduleId?: string,
): Promise<boolean> => {
  if (!roleIds.length) return false;

  const required = Array.isArray(requiredActions)
    ? requiredActions
    : [requiredActions];

  const rolesWithPermissions = await Role.find({
    _id: { $in: roleIds },
  }).populate<{ permissions: IPermissionDoc[] }>('permissions');

  const flattenedPermissions = rolesWithPermissions.flatMap((role) =>
    (role.permissions || []).flatMap((permGroup) =>
      permGroup.permissions.map((p) => ({
        id: p.id,
        moduleName: p.moduleName,
        access: Array.isArray(p.access)
          ? p.access
          : p.access === 'Full Access'
            ? ['create', 'read', 'update', 'delete']
            : [],
      })),
    ),
  );

  return flattenedPermissions.some((p) => {
    const moduleNameMatch = p.moduleName === moduleName;
    const idMatch = moduleId ? p.id === moduleId : true;

    return (
      moduleNameMatch &&
      idMatch &&
      required.every((action) => p.access.includes(action))
    );
  });
};