<?php
namespace app\admin\middleware;

use Webman\MiddlewareInterface;
use Webman\Http\Request;
use Webman\Http\Response;

class PermissionMiddleware implements MiddlewareInterface
{
    public function process(Request $request, callable $handler): Response
    {
        $admin = $request->admin ?? null;
        if (!$admin) {
            return jsonResponse(null, '未登录', 401);
        }
        if (intval($admin->is_super) === 1) {
            return $handler($request);
        }

        $route = $request->route;
        $permissionCode = $route ? $route->getName() : null;
        if (!$permissionCode) {
            return $handler($request);
        }

        $admin->loadMissing(['roles.permissions']);
        $codes = [];
        foreach ($admin->roles as $role) {
            foreach ($role->permissions as $permission) {
                $codes[$permission->code] = true;
            }
        }
        if (!isset($codes[$permissionCode])) {
            return jsonResponse(null, '无权限', 403);
        }
        return $handler($request);
    }
}