using Microsoft.AspNetCore.Authorization;

namespace TakeoutSaaS.Module.Authorization.Policies;

/// <summary>
/// 权限校验处理器
/// </summary>
public sealed class PermissionAuthorizationHandler : AuthorizationHandler<PermissionRequirement>
{
    public const string PermissionClaimType = "permission";

    protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, PermissionRequirement requirement)
    {
        if (context.User?.Identity?.IsAuthenticated != true)
        {
            return Task.CompletedTask;
        }

        var userPermissions = context.User
            .FindAll(PermissionClaimType)
            .Select(claim => claim.Value)
            .Where(value => !string.IsNullOrWhiteSpace(value))
            .Select(value => value.Trim())
            .ToHashSet(StringComparer.OrdinalIgnoreCase);

        if (userPermissions.Count == 0)
        {
            return Task.CompletedTask;
        }

        if (requirement.Permissions.Any(userPermissions.Contains))
        {
            context.Succeed(requirement);
        }

        return Task.CompletedTask;
    }
}