package middleware

import (
	"hr_receiver/models"
	"net/http"

	"github.com/gin-gonic/gin"
)

func RequireHeartRateOperatorOrHigher() gin.HandlerFunc {
	return func(c *gin.Context) {
		roleValue, exists := c.Get("role")
		if !exists {
			c.JSON(http.StatusForbidden, gin.H{"error": "missing user role"})
			c.Abort()
			return
		}
		role, ok := roleValue.(models.UserRole)
		if !ok {
			c.JSON(http.StatusForbidden, gin.H{"error": "invalid user role"})
			c.Abort()
			return
		}
		if role != models.UserRoleOperator &&
			role != models.UserRoleRegionAdmin &&
			role != models.UserRoleSuperAdmin {
			c.JSON(http.StatusForbidden, gin.H{"error": "insufficient role permissions"})
			c.Abort()
			return
		}

		flavorValue, exists := c.Get("flavorType")
		if !exists {
			c.JSON(http.StatusForbidden, gin.H{"error": "missing user flavor"})
			c.Abort()
			return
		}
		flavorType, ok := flavorValue.(models.UserFlavorType)
		if !ok {
			c.JSON(http.StatusForbidden, gin.H{"error": "invalid user flavor"})
			c.Abort()
			return
		}
		if flavorType != models.UserFlavorHeartRate && flavorType != models.UserFlavorAll {
			c.JSON(http.StatusForbidden, gin.H{"error": "insufficient flavor permissions"})
			c.Abort()
			return
		}

		c.Next()
	}
}