export const PERMISSIONS = {
  USER_CREATE: 'user:create',
  USER_READ: 'user:read',
  USER_UPDATE: 'user:update',
  USER_DELETE: 'user:delete',
  
  EVENT_CREATE: 'event:create',
  EVENT_READ: 'event:read',
  EVENT_UPDATE: 'event:update',
  EVENT_DELETE: 'event:delete',
  
  RESULT_CREATE: 'result:create',
  RESULT_READ: 'result:read',
  RESULT_UPDATE: 'result:update',
  RESULT_DELETE: 'result:delete',
  
  TEAM_CREATE: 'team:create',
  TEAM_READ: 'team:read',
  TEAM_UPDATE: 'team:update',
  TEAM_DELETE: 'team:delete',
  
  ADMIN_ACCESS: 'admin:access',
  ROLE_MANAGE: 'role:manage',
  OAUTH_CLIENT_CREATE: 'oauth:client:create',
  OAUTH_CLIENT_READ: 'oauth:client:read',
  OAUTH_CLIENT_UPDATE: 'oauth:client:update',
  OAUTH_CLIENT_DELETE: 'oauth:client:delete'
} as const

export const DEFAULT_ROLES = {
  admin: {
    name: 'admin',
    description: '系统管理员',
    permissions: Object.values(PERMISSIONS),
    isSystem: true
  },
  user: {
    name: 'user',
    description: '普通用户',
    permissions: [
      PERMISSIONS.EVENT_READ,
      PERMISSIONS.RESULT_READ,
      PERMISSIONS.TEAM_READ
    ],
    isSystem: true
  },
  guest: {
    name: 'guest',
    description: '访客',
    permissions: [
      PERMISSIONS.EVENT_READ
    ],
    isSystem: true
  }
}

export function hasPermission(userPermissions: string[], requiredPermission: string): boolean {
  if (userPermissions.includes(PERMISSIONS.ADMIN_ACCESS)) {
    return true
  }
  return userPermissions.includes(requiredPermission)
}

export function hasAnyPermission(userPermissions: string[], requiredPermissions: string[]): boolean {
  if (userPermissions.includes(PERMISSIONS.ADMIN_ACCESS)) {
    return true
  }
  return requiredPermissions.some(p => userPermissions.includes(p))
}

export function hasAllPermissions(userPermissions: string[], requiredPermissions: string[]): boolean {
  if (userPermissions.includes(PERMISSIONS.ADMIN_ACCESS)) {
    return true
  }
  return requiredPermissions.every(p => userPermissions.includes(p))
}

export function getPermissionGroups(): Record<string, { name: string; permissions: string[] }> {
  return {
    user: {
      name: '用户管理',
      permissions: [
        PERMISSIONS.USER_CREATE,
        PERMISSIONS.USER_READ,
        PERMISSIONS.USER_UPDATE,
        PERMISSIONS.USER_DELETE
      ]
    },
    event: {
      name: '比赛管理',
      permissions: [
        PERMISSIONS.EVENT_CREATE,
        PERMISSIONS.EVENT_READ,
        PERMISSIONS.EVENT_UPDATE,
        PERMISSIONS.EVENT_DELETE
      ]
    },
    result: {
      name: '成绩管理',
      permissions: [
        PERMISSIONS.RESULT_CREATE,
        PERMISSIONS.RESULT_READ,
        PERMISSIONS.RESULT_UPDATE,
        PERMISSIONS.RESULT_DELETE
      ]
    },
    team: {
      name: '队伍管理',
      permissions: [
        PERMISSIONS.TEAM_CREATE,
        PERMISSIONS.TEAM_READ,
        PERMISSIONS.TEAM_UPDATE,
        PERMISSIONS.TEAM_DELETE
      ]
    },
    system: {
      name: '系统管理',
      permissions: [
        PERMISSIONS.ADMIN_ACCESS,
        PERMISSIONS.ROLE_MANAGE,
        PERMISSIONS.OAUTH_CLIENT_CREATE,
        PERMISSIONS.OAUTH_CLIENT_READ,
        PERMISSIONS.OAUTH_CLIENT_UPDATE,
        PERMISSIONS.OAUTH_CLIENT_DELETE
      ]
    }
  }
}