lablesys_backend/src/main/java/com/labelsys/backend/service/DataPermissionService.java

package com.labelsys.backend.service;

import com.labelsys.backend.context.LoginUser;
import com.labelsys.backend.entity.BizDataRecord;
import com.labelsys.backend.enums.UserRole;
import com.labelsys.backend.mapper.BizDataRecordMapper;
import java.util.List;
import java.util.function.Function;
import java.util.stream.Collectors;

import lombok.RequiredArgsConstructor;
import org.springframework.stereotype.Service;

@Service
@RequiredArgsConstructor
public class DataPermissionService {

    private final BizDataRecordMapper bizDataRecordMapper;

    public List<BizDataRecord> listVisibleRecords(LoginUser currentUser) {
        return switch (currentUser.role()) {
            case EMPLOYEE -> bizDataRecordMapper.listVisibleByEmployee(currentUser.companyId(), currentUser.userId());
            case MANAGER -> bizDataRecordMapper.listVisibleByManager(currentUser.companyId());
            case ENGINEER -> bizDataRecordMapper.listVisibleByEngineer(currentUser.companyId());
        };
    }

    public boolean canAccessCreator(LoginUser currentUser, Long creatorId, UserRole creatorRole) {
        return switch (currentUser.role()) {
            case EMPLOYEE -> currentUser.userId().equals(creatorId);
            case MANAGER -> creatorRole == UserRole.EMPLOYEE || creatorRole == UserRole.MANAGER;
            case ENGINEER -> true;
        };
    }

    /**
     * 通用数据过滤方法（内存过滤，适用于已加载的数据）
     *
     * @param currentUser 当前登录用户
     * @param allRecords 待过滤的全量数据列表
     * @param roleExtractor 从数据对象中提取"关联角色"或"创建者角色"的函数
     * @param ownerIdExtractor 从数据对象中提取"所有者ID"的函数（用于员工只能看自己的情况）
     * @param <T> 数据类型
     * @return 过滤后的数据列表
     */
    public <T> List<T> filterByRole(
            LoginUser currentUser,
            List<T> allRecords,
            Function<T, UserRole> roleExtractor,
            Function<T, Long> ownerIdExtractor) {
        
        if (allRecords == null || allRecords.isEmpty()) {
            return List.of();
        }

        UserRole currentRole = currentUser.role();
        Long currentUserId = currentUser.userId();

        return allRecords.stream()
                .filter(record -> {
                    UserRole recordRole = roleExtractor.apply(record);
                    Long recordOwnerId = ownerIdExtractor.apply(record);

                    return switch (currentRole) {
                        case EMPLOYEE -> 
                            currentUserId.equals(recordOwnerId);
                        
                        case MANAGER -> 
                            recordRole == UserRole.EMPLOYEE || recordRole == UserRole.MANAGER;
                        
                        case ENGINEER -> 
                            true;
                    };
                })
                .collect(Collectors.toList());
    }

    /**
     * 针对 BizDataRecord 的便捷调用方法
     */
    public List<BizDataRecord> listVisibleRecordsGeneric(LoginUser currentUser, List<BizDataRecord> allRecords) {
        return filterByRole(
                currentUser,
                allRecords,
                BizDataRecord::getCreatorRole,
                BizDataRecord::getCreatorId
        );
    }

    /**
     * 获取当前用户允许查看的角色列表（用于构建 SQL 查询条件）
     * 
     * @param currentUser 当前登录用户
     * @return 允许查看的角色列表
     */
    public List<String> getAllowedRoles(LoginUser currentUser) {
        return switch (currentUser.role()) {
            case EMPLOYEE -> List.of(); // 员工通过 userId 过滤，不需要角色列表
            case MANAGER -> List.of("EMPLOYEE", "MANAGER");
            case ENGINEER -> List.of("EMPLOYEE", "MANAGER", "ENGINEER");
        };
    }

    /**
     * 判断当前用户是否应该通过 userId 过滤（员工专属）
     */
    public boolean shouldFilterByUserId(LoginUser currentUser) {
        return currentUser.role() == UserRole.EMPLOYEE;
    }
}