import { ElasticsearchLoggerService }                from '@nestjs.pro/logger-elasticsearch/dist/ElasticsearchLoggerService';
import { CanActivate, ExecutionContext, Injectable } from '@nestjs/common';
import { Reflector }                                 from '@nestjs/core';
import { Request, Response }                         from 'express';

@Injectable()
export class PermissionsGuard implements CanActivate {

    public constructor(private readonly reflector: Reflector,
                       private readonly elasticsearchLoggerService: ElasticsearchLoggerService) {

    }

    public canActivate(context: ExecutionContext): boolean {

        const requiredPermissions = this.reflector.get<string[]>('permissions', context.getHandler());
        const ctx = context.switchToHttp();
        const request = ctx.getRequest<Request>();
        const response = ctx.getResponse<Response>();

        if (request[ 'principal' ] && requiredPermissions) {

            for (let i = 0; i < requiredPermissions.length; i++) {

                for (let j = 0; j < request[ 'principal' ].roles.length; j++) {

                    if (request[ 'principal' ].roles[ j ].permissions.find(permission => permission.name === requiredPermissions[ i ])) {

                        return true;

                    }

                }

            }

        }

        this.elasticsearchLoggerService.info({

            canActivate: 'permission',
            result: false,
            requiredPermissions,
            principal: request[ 'principal' ]

        });

        response.status(403).json({ message: 'Forbidden resource' });

    }

}