TrisolarisServer/src/main/kotlin/com/android/trisolarisserver/component/PropertyAccess.kt

package com.android.trisolarisserver.component

import com.android.trisolarisserver.repo.AppUserRepo
import com.android.trisolarisserver.repo.PropertyUserRepo
import com.android.trisolarisserver.models.property.Role
import org.springframework.security.access.AccessDeniedException
import org.springframework.stereotype.Component
import java.util.UUID

@Component
class PropertyAccess(
    private val repo: PropertyUserRepo,
    private val appUserRepo: AppUserRepo
) {
    fun requireMember(propertyId: UUID, userId: UUID) {
        val user = appUserRepo.findById(userId).orElse(null)
        if (user == null) {
            throw AccessDeniedException("No access to property (user not found)")
        }
        if (user.superAdmin) {
            return
        }
        if (!repo.existsByIdPropertyIdAndIdUserId(propertyId, userId)) {
            throw AccessDeniedException("No access to property (not a member)")
        }
    }

    fun requireAnyRole(propertyId: UUID, userId: UUID, vararg roles: Role) {
        val user = appUserRepo.findById(userId).orElse(null)
        if (user == null) {
            throw AccessDeniedException("Missing role (user not found)")
        }
        if (user.superAdmin) return
        if (!repo.hasAnyRole(propertyId, userId, roles.toSet())) {
            throw AccessDeniedException("Missing role (no matching roles)")
        }
    }
}