import { ROLES, type LegalRole } from '~/server/utils/permissions'

export function usePermissions() {
  const { organization, activeMember } = useAuth()

  const currentRole = computed((): LegalRole | null => {
    return (activeMember.value?.role as LegalRole) || null
  })

  const hasPermission = (permissions: Record<string, string[]>): boolean => {
    if (!currentRole.value) return false

    return organization.checkRolePermission({
      permissions,
      role: currentRole.value
    })
  }

  // Specific permission helpers
  const canCreateApplicationForm = computed(() =>
    hasPermission({ application_form: ["create"] })
  )

  const canApproveApplicationForm = computed(() =>
    hasPermission({ application_form: ["approve"] })
  )

  const canSignAgreement = computed(() =>
    hasPermission({ agreement: ["sign"] })
  )

  const canInviteMembers = computed(() =>
    hasPermission({ invitation: ["create"] })
  )

  const canManageOrganization = computed(() =>
    hasPermission({ organization: ["update"] })
  )

  // Role checks
  const isEmployer = computed(() => currentRole.value === ROLES.EMPLOYER)
  const isEmployee = computed(() => currentRole.value === ROLES.EMPLOYEE)
  const isWorksCouncilMember = computed(() => currentRole.value === ROLES.WORKS_COUNCIL_MEMBER)
  const isAdmin = computed(() => currentRole.value === ROLES.ADMIN)
  const isOwner = computed(() => currentRole.value === ROLES.OWNER)

  const getCurrentRoleInfo = () => {
    const roleInfo = {
      [ROLES.EMPLOYER]: {
        name: 'Arbeitgeber',
        description: 'Kann Anträge genehmigen und Vereinbarungen unterzeichnen',
        color: 'blue',
        icon: 'i-lucide-briefcase'
      },
      [ROLES.EMPLOYEE]: {
        name: 'Arbeitnehmer',
        description: 'Kann eigene Anträge einsehen und kommentieren',
        color: 'green',
        icon: 'i-lucide-user'
      },
      [ROLES.WORKS_COUNCIL_MEMBER]: {
        name: 'Betriebsrat',
        description: 'Kann Anträge prüfen und Vereinbarungen unterzeichnen',
        color: 'purple',
        icon: 'i-lucide-users'
      },
      [ROLES.ADMIN]: {
        name: 'Administrator',
        description: 'Vollzugriff auf Organisationsverwaltung',
        color: 'red',
        icon: 'i-lucide-settings'
      },
      [ROLES.OWNER]: {
        name: 'Eigentümer',
        description: 'Vollzugriff und Organisationsbesitz',
        color: 'yellow',
        icon: 'i-lucide-crown'
      }
    }

    return currentRole.value && currentRole.value in roleInfo ? roleInfo[currentRole.value as LegalRole] : null
  }

  return {
    // State
    currentRole,
    activeMember,

    // Permission checks
    hasPermission,

    // Role checks
    isEmployer,
    isEmployee,
    isWorksCouncilMember,
    isAdmin,
    isOwner,

    // Computed permissions
    canCreateApplicationForm,
    canApproveApplicationForm,
    canSignAgreement,
    canInviteMembers,
    canManageOrganization,

    // Utilities
    getCurrentRoleInfo,
    ROLES
  }
}