/** Feature keys — selaras dengan BE `internal/permissions`. */

export type WorkpulseFeatureKey =
  | "dashboard"
  | "report"
  | "calendar"
  | "team"
  | "analytics"
  | "notifications"
  | "chat";

export type WorkpulsePermissions = Record<WorkpulseFeatureKey, boolean>;

export const WORKPULSE_FEATURE_DEFS: {
  key: WorkpulseFeatureKey;
  label: string;
  path: string;
  description: string;
}[] = [
  { key: "dashboard", label: "Dasbor", path: "/", description: "Ringkasan & aktivitas" },
  { key: "report", label: "Daily Report", path: "/report", description: "Buat & kelola laporan harian" },
  { key: "calendar", label: "Kalender", path: "/calendar", description: "Agenda & sinkron laporan" },
  { key: "team", label: "Pemantauan tim", path: "/team", description: "Tim & laporan anggota" },
  { key: "analytics", label: "Analytics", path: "/analytics", description: "Statistik & tren" },
  { key: "notifications", label: "Notifikasi", path: "/notifications", description: "Pusat notifikasi" },
  { key: "chat", label: "Chat", path: "/chat", description: "Pesan tim & mention lintas divisi" }
];

const STORAGE_KEY = "workpulse:permissions";

export function defaultUserPermissions(): WorkpulsePermissions {
  return {
    dashboard: true,
    report: true,
    calendar: true,
    team: true,
    analytics: true,
    notifications: true,
    chat: true
  };
}

export function allPermissionsEnabled(): WorkpulsePermissions {
  return defaultUserPermissions();
}

export function normalizePermissions(
  role: string | null | undefined,
  raw?: Partial<WorkpulsePermissions> | null
): WorkpulsePermissions {
  if ((role || "").toLowerCase() === "superadmin") {
    return allPermissionsEnabled();
  }
  const base = defaultUserPermissions();
  if (!raw || typeof raw !== "object") {
    return base;
  }
  const out = { ...base };
  for (const def of WORKPULSE_FEATURE_DEFS) {
    if (typeof raw[def.key] === "boolean") {
      out[def.key] = raw[def.key]!;
    }
  }
  return out;
}

export function persistWorkpulsePermissions(perms: WorkpulsePermissions) {
  if (!import.meta.client) return;
  try {
    sessionStorage.setItem(STORAGE_KEY, JSON.stringify(perms));
  } catch {
    /* ignore */
  }
}

export function readWorkpulsePermissions(): WorkpulsePermissions | null {
  if (!import.meta.client) return null;
  try {
    const raw = sessionStorage.getItem(STORAGE_KEY);
    if (!raw) return null;
    return JSON.parse(raw) as WorkpulsePermissions;
  } catch {
    return null;
  }
}

export function clearWorkpulsePermissions() {
  if (!import.meta.client) return;
  try {
    sessionStorage.removeItem(STORAGE_KEY);
  } catch {
    /* ignore */
  }
}

export function canAccessFeature(
  role: string | null | undefined,
  perms: WorkpulsePermissions | null | undefined,
  key: WorkpulseFeatureKey
): boolean {
  if ((role || "").toLowerCase() === "superadmin") return true;
  const p = perms ?? readWorkpulsePermissions() ?? defaultUserPermissions();
  return !!p[key];
}

export function pathToFeatureKey(path: string): WorkpulseFeatureKey | null {
  const p = path.replace(/\/+$/, "") || "/";
  const def = WORKPULSE_FEATURE_DEFS.find((d) => d.path === p || (d.path !== "/" && p.startsWith(d.path + "/")));
  return def?.key ?? null;
}