package incheon.com.security.tag;

import incheon.com.security.util.SecurityUtil;

import javax.servlet.jsp.JspException;
import javax.servlet.jsp.tagext.SimpleTagSupport;
import java.io.IOException;

/**
 * JSP 권한 체크 태그
 *
 * 사용법:
 * &lt;sec:hasPermission system="AGS" permission="PERM_FUNC_EDIT"&gt;...&lt;/sec:hasPermission&gt;
 * &lt;sec:hasPermission system="AGS" permissions="PERM_FUNC_EDIT,PERM_FUNC_DELETE"&gt;...&lt;/sec:hasPermission&gt; (AND 조건)
 */
public class HasPermissionTag extends SimpleTagSupport {

    private String system;
    private String permission;
    private String permissions;

    public void setSystem(String system) {
        this.system = system;
    }

    public void setPermission(String permission) {
        this.permission = permission;
    }

    public void setPermissions(String permissions) {
        this.permissions = permissions;
    }

    @Override
    public void doTag() throws JspException, IOException {
        boolean hasPermission = checkPermission();
        if (hasPermission && getJspBody() != null) {
            getJspBody().invoke(null);
        }
    }

    private boolean checkPermission() {
        // 시스템 코드 필수
        if (system == null || system.trim().isEmpty()) {
            return false;
        }

        // 단일 권한 체크
        if (permission != null && !permission.trim().isEmpty()) {
            return SecurityUtil.hasPermission(system, permission);
        }

        // 여러 권한 체크 (콤마로 구분, AND 조건)
        if (permissions != null && !permissions.trim().isEmpty()) {
            String[] permissionArray = permissions.split(",");
            for (int i = 0; i < permissionArray.length; i++) {
                permissionArray[i] = permissionArray[i].trim();
            }
            return SecurityUtil.hasAllPermissions(system, permissionArray);
        }

        // 권한 코드가 없으면 false
        return false;
    }
}