use uuid::Uuid;

use crate::{client::spice::SpiceError, Secd};

#[derive(Debug, thiserror::Error, derive_more::Display)]
pub enum AuthZError {
    SpiceClient(#[from] SpiceError),
    Todo,
}

pub type Namespace = String;
pub type Object = (Namespace, Uuid);
pub type Relation = String;

pub struct Relationship {
    pub subject: Subject,
    pub object: Object,
    pub relation: String,
}

#[derive(Clone)]
pub enum Subject {
    User(Object),
    UserSet { user: Object, relation: Relation },
}

impl Secd {
    pub async fn check(&self, r: &Relationship) -> Result<bool, AuthZError> {
        let spice = self
            .spice
            .clone()
            .expect("TODO: only supports postgres right now");

        Ok(spice.check_permission(r).await?)
    }
    pub async fn expand(&self) -> Result<(), AuthZError> {
        todo!()
    }
    pub async fn read(&self) -> Result<(), AuthZError> {
        todo!()
    }
    pub async fn watch(&self) -> Result<(), AuthZError> {
        unimplemented!()
    }
    pub async fn write(&self, ts: &[Relationship]) -> Result<(), AuthZError> {
        let spice = self
            .spice
            .clone()
            .expect("TODO: only supports postgres right now");

        spice.write_relationship(ts).await?;
        Ok(())
    }
}