using Microsoft.AspNetCore.Mvc.Filters;
using Microsoft.AspNetCore.Mvc;

namespace Metrolog_API.Attributes
{
	public class PermissionAttribute : Attribute, IAuthorizationFilter
	{
		private readonly string _requiredPermission;

		public PermissionAttribute(string requiredPermission)
		{
			_requiredPermission = requiredPermission;
		}

		public void OnAuthorization(AuthorizationFilterContext context)
		{
			var user = context.HttpContext.User;
			if (!user.Identity.IsAuthenticated)
			{
				context.Result = new UnauthorizedResult();
				return;
			}

			var permissions = user.Claims.Where(c => c.Type == "permission").Select(c => c.Value).ToList();
			if (!permissions.Contains(_requiredPermission))
			{
				context.Result = new ForbidResult();
			}
		}
	}
}