package hr

import (
	"WiiCITMS/process/common"
	"WiiGenerates/WiiCITMS/generates/v1/go/types"
	"WiiGoLibrary/apply/middle/process/v1"
	"errors"
)

// CheckWorkflowApprovalPermission 检查是否有工作流审批权限
// staffGuid: 员工GUID
// instanceGuid: 工作流实例GUID
func CheckWorkflowApprovalPermission(staffGuid string, instanceGuid string) *process.Process {
	// 首先检查是否有全局审批权限
	result := CheckAccessControl(staffGuid, common.OperationApprove, common.ResourceLeave, "")
	if result.HasPermission {
		return process.Success(200)
	}
	
	// 如果没有全局权限，则调用通用的权限检查
	return common.WorkflowSvc.CheckPermission(staffGuid, common.OperationApprove, instanceGuid)
}

// CanViewWorkflowInstance 检查是否可以查看工作流实例
// staffGuid: 员工GUID
// instanceGuid: 工作流实例GUID
func CanViewWorkflowInstance(staffGuid string, instanceGuid string) (bool, *process.Process) {
	// 首先检查是否有实例查看权限
	proc := common.WorkflowSvc.CheckPermission(staffGuid, common.OperationView, instanceGuid)
	
	// 如果通过权限检查，说明有查看权限
	if !proc.IsError() {
		return true, process.Success(200)
	}
	
	// 如果是权限错误以外的错误，直接返回错误
	if proc.Error != nil && proc.Error.Error() != "无权查看此工作流" {
		return false, proc
	}
	if proc.IsError() {
		return false, proc
	}
	
	
	// 否则检查是否有全局查看权限
	result := CheckAccessControl(staffGuid, common.OperationView, common.ResourceWorkflow, "")
	return result.HasPermission, process.Success(200)
}

// CheckWorkflowPermission 综合检查工作流权限
// staffGuid: 员工GUID
// operation: 操作类型（view, approve, create, update, delete）
// instanceGuid: 工作流实例GUID
func CheckWorkflowPermission(staffGuid string, operation string, instanceGuid string) *process.Process {
	switch operation {
	case common.OperationView:
		canView, proc := CanViewWorkflowInstance(staffGuid, instanceGuid)
		if proc.IsError() {
			return proc
		}
		if !canView {
			return process.FailError(types.NoPermissionError, errors.New("无权查看此工作流"))
		}
		return process.Success(200)
	case common.OperationApprove:
		return CheckWorkflowApprovalPermission(staffGuid, instanceGuid)
	case common.OperationCreate, common.OperationUpdate, common.OperationDelete:
		// 检查是否有工作流管理权限
		result := CheckAccessControl(staffGuid, operation, common.ResourceWorkflow, "")
		if !result.HasPermission {
			return process.FailError(types.NoPermissionError, errors.New(result.ErrorMessage))
		}
		return process.Success(200)
	default:
		return process.FailError(types.InvalidParamError, errors.New("无效的操作类型"))
	}
}