"use strict";
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
    return new (P || (P = Promise))(function (resolve, reject) {
        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
        step((generator = generator.apply(thisArg, _arguments || [])).next());
    });
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.PermManager = exports.PermQuery = exports.PermissionManager = void 0;
const role_acl_1 = require("role-acl");
const Query_1 = require("role-acl/lib/src/core/Query");
// see https://www.npmjs.com/package/role-acl
class PermissionManager extends role_acl_1.AccessControl {
    can(roleOrRequest) {
        return new PermQuery(this.getGrants(), roleOrRequest);
    }
    getRouter(resource, opts) {
        return (req, res, next) => __awaiter(this, void 0, void 0, function* () {
            let query = this.can(req);
            if (opts === null || opts === void 0 ? void 0 : opts.context)
                query = query.context(opts === null || opts === void 0 ? void 0 : opts.context);
            if (opts === null || opts === void 0 ? void 0 : opts.action)
                query = query.execute(opts === null || opts === void 0 ? void 0 : opts.action);
            if (opts === null || opts === void 0 ? void 0 : opts.skipConditions)
                query = query.skipConditions(opts === null || opts === void 0 ? void 0 : opts.skipConditions);
            const permission = yield query.on(resource);
            if (permission.granted) {
                req.permissionDetails = permission;
                next();
            }
            else {
                res.sendStatus(403);
            }
        });
    }
}
exports.PermissionManager = PermissionManager;
class PermQuery extends Query_1.Query {
    constructor(grants, roleOrRequest) {
        function isRequest(obj) {
            // eslint-disable-next-line no-prototype-builtins
            return typeof obj === 'object' && obj && obj.hasOwnProperty('res') || false;
        }
        if (isRequest(roleOrRequest)) {
            super(grants, []);
            this.resolveRequest = roleOrRequest;
        }
        else {
            super(grants, roleOrRequest);
        }
    }
    on(resource, skipConditions) {
        const _super = Object.create(null, {
            on: { get: () => super.on }
        });
        var _a;
        return __awaiter(this, void 0, void 0, function* () {
            if (this.resolveRequest) {
                const userInfo = yield this.resolveRequest.getUserInfo();
                const availableRoles = Object.keys(this._grants);
                const roles = ((_a = userInfo === null || userInfo === void 0 ? void 0 : userInfo.groups) !== null && _a !== void 0 ? _a : []).filter(x => availableRoles.includes(x));
                this.role(roles);
            }
            if (typeof this._.role === 'object' && this._.role.includes('noaccess') ||
                typeof this._.role === 'string' && this._.role === 'noaccess') {
                this.role([]);
            }
            return _super.on.call(this, resource, skipConditions);
        });
    }
    context(context) {
        super.context(context);
        return this;
    }
    skipConditions(value) {
        super.skipConditions(value);
        return this;
    }
    with(context) {
        super.with(context);
        return this;
    }
    execute(action) {
        super.execute(action);
        return this;
    }
    sync() {
        throw new role_acl_1.AccessControlError('Sync method is not allowed on PermissionManager!');
    }
}
exports.PermQuery = PermQuery;
exports.PermManager = new PermissionManager();