package main

import (
	"context"
	"log"
	"os"

	"lune/talentscale/pkg/database"
	"github.com/google/uuid"
)

func main() {
	dbURL := os.Getenv("DATABASE_URL")
	if dbURL == "" {
		dbURL = "postgres://postgres:postgres@localhost:5432/db_talentscale?sslmode=disable"
	}

	db := database.NewPostgresDB(dbURL)
	defer db.Close()

	ctx := context.Background()

	// 1. Define Permissions
	permissions := []string{
		"user.create", "user.read", "user.update", "user.delete",
		"company.create", "company.read", "company.update", "company.delete",
		"package.create", "package.read", "package.update", "package.delete",
		"subscription.create", "subscription.read", "subscription.update", "subscription.delete",
		"candidate.create", "candidate.read", "candidate.update", "candidate.delete",
		"assessment.create", "assessment.read", "assessment.update", "assessment.delete",
		"job.create", "job.read", "job.update", "job.delete",
		"report.read", "dashboard.read",
		"test_session.create", "test_session.read",
	}

	permIDs := make(map[string]uuid.UUID)

	for _, pName := range permissions {
		var id uuid.UUID
		err := db.QueryRow(ctx, "INSERT INTO permissions (name) VALUES ($1) ON CONFLICT (name) DO UPDATE SET name = EXCLUDED.name RETURNING id", pName).Scan(&id)
		if err != nil {
			log.Fatalf("Failed to seed permission %s: %v", pName, err)
		}
		permIDs[pName] = id
	}

	log.Printf("✅ Seeded %d permissions", len(permissions))

	// 2. Define Roles
	roles := []struct {
		Name        string
		Permissions []string
	}{
		{
			Name: "super_admin",
			Permissions: permissions, // All permissions
		},
		{
			Name: "hr",
			Permissions: []string{
				"candidate.create", "candidate.read", "candidate.update", "candidate.delete",
				"assessment.create", "assessment.read", "assessment.update",
				"job.create", "job.read", "job.update", "job.delete",
				"report.read", "dashboard.read",
				"test_session.create", "test_session.read",
			},
		},
		{
			Name: "finance",
			Permissions: []string{
				"subscription.create", "subscription.read",
				"company.read", "dashboard.read",
			},
		},
		{
			Name: "candidate",
			Permissions: []string{
				"assessment.read", "assessment.update",
			},
		},
	}

	for _, r := range roles {
		var roleID uuid.UUID
		err := db.QueryRow(ctx, "INSERT INTO roles (name) VALUES ($1) ON CONFLICT (name) DO UPDATE SET name = EXCLUDED.name RETURNING id", r.Name).Scan(&roleID)
		if err != nil {
			log.Fatalf("Failed to seed role %s: %v", r.Name, err)
		}

		// Sync permissions
		_, err = db.Exec(ctx, "DELETE FROM role_permissions WHERE role_id = $1", roleID)
		if err != nil {
			log.Fatalf("Failed to clear permissions for role %s: %v", r.Name, err)
		}

		for _, pName := range r.Permissions {
			pID := permIDs[pName]
			_, err = db.Exec(ctx, "INSERT INTO role_permissions (role_id, permission_id) VALUES ($1, $2)", roleID, pID)
			if err != nil {
				log.Fatalf("Failed to link permission %s to role %s: %v", pName, r.Name, err)
			}
		}
		log.Printf("✅ Seeded role %s with %d permissions", r.Name, len(r.Permissions))
	}

	log.Println("🚀 RBAC Seeding completed successfully!")
}
