package CheckHandler

import (
	"context"
	"dsBaseWeb/Business/BaseRolePerson/BaseRolePersonProto"
	"dsBaseWeb/Utils/GRpcUtil"
	"github.com/gin-gonic/gin"
	"strings"
	"time"
)

/**
功能：检查当前人员是不是在限定的角色+数据域范围内
作者：黄海
时间：2020-03-17
*/
func roleIdLimitIsLegal(c *gin.Context, interName string, n int) (bool, ResultStruct) {
	//1、调用通用检查器
	success, resultStruct, httpType, arr := commonIsLegal(c, interName, n)
	if !success {
		return success, resultStruct
	}
	//准备用于rpc检查的对象
	var arg BaseRolePersonProto.CheckDataPrivilegeArg
	//操作人员ID
	actionPersonId, _ := c.Cookie("person_id")
	arg.ActionPersonId = actionPersonId

	//角色数组
	var RoleIds []string
	//区域数组
	var areaCodes []string
	//部门+单位+学校数组
	var orgIds []string
	//班级数组
	var classIds []string
	//人员数组
	var personIds []string

	if len(arr) == 0 {
		return true, resultStruct
	}

	//如果通过了常规检查，那么进行业务专用检查
	for i := 0; i < len(arr); i++ {
		paraStruct := arr[i]
		RoleIds = append(RoleIds, paraStruct.parameterName)
	}

	//两种方式
	var httpTypes = []string{"get", "post"}

	//添加areaCode
	for i := range httpTypes {
		areaCode := getInputParameter(c, httpTypes[i], "areaCode")
		if len(areaCode) > 0 {
			areaCodes = append(areaCodes, areaCode)
			break
		}
	}
	for i := range httpTypes {
		areaCode := getInputParameter(c, httpTypes[i], "areaCodes")
		if len(areaCode) > 0 {
			areaCodes = strings.Split(areaCode, ",")
			break
		}
	}

	//添加orgId
	for i := range httpTypes {
		orgId := getInputParameter(c, httpTypes[i], "orgId")
		if len(orgId) > 0 {
			orgIds = append(orgIds, orgId)
			break
		}
	}
	for i := range httpTypes {
		orgId := getInputParameter(c, httpTypes[i], "orgIds")
		if len(orgId) > 0 {
			orgIds = strings.Split(orgId, ",")
			break
		}
	}

	//添加classId
	for i := range httpTypes {
		classId := getInputParameter(c, httpTypes[i], "classId")
		if len(classId) > 0 {
			classIds = append(classIds, classId)
			break
		}
	}
	for i := range httpTypes {
		classId := getInputParameter(c, httpTypes[i], "classIds")
		if len(classId) > 0 {
			classIds = strings.Split(classId, ",")
			break
		}
	}
	//添加personId
	for i := range httpTypes {
		personId := getInputParameter(c, httpTypes[i], "personId")
		if len(personId) > 0 {
			personIds = append(personIds, personId)
			break
		}
	}
	for i := range httpTypes {
		personId := getInputParameter(c, httpTypes[i], "personIds")
		if len(personId) > 0 {
			personIds = strings.Split(personId, ",")
			break
		}
	}

	//向rpc参数赋值
	arg.AreaCode = areaCodes
	arg.OrgId = orgIds
	arg.ClassId = classIds
	arg.PersonId = personIds
	arg.RoleId = RoleIds

	//调用rpc层代码进行权限检查
	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
	defer cancel()
	conn := GRpcUtil.GetConnection()
	if conn == nil {
		resultStruct.HttpType = httpType
		resultStruct.Message = "RPC服务未启动！"
		return false, resultStruct
	}
	//2、业务传参
	c1 := BaseRolePersonProto.NewBaseRolePersonManageClient(conn)
	Reply, err := c1.CheckDataPrivilege(ctx, &arg)
	if err != nil {
		resultStruct.HttpType = httpType
		resultStruct.Message = "调用RPC层检查数据权限时失败！"
		return false, resultStruct
	}
	//如果没有权限
	if !Reply.Success {
		resultStruct.HttpType = httpType
		resultStruct.Message = Reply.Message

		//清cookie
		//c.SetCookie("person_id", "", -1, "/", "", false, true)
		//c.SetCookie("identity_id", "", -1, "/", "", false, true)
		//c.SetCookie("token", "", -1, "/", "", false, true)
		//c.SetCookie("ds_access_token", "", -1, "/", "", false, true)

		return false, resultStruct
	}
	return true, resultStruct
}