import { computed } from 'vue'
import type { IvyFormsPermissions } from '@/types/global'
import { readCanAccessPermissionsSettings } from '@/composables/useIsAdministrator'

type PermissionKey = keyof IvyFormsPermissions

function readPermissions(): IvyFormsPermissions {
  return window.wpIvyApiSettings?.permissions ?? {}
}

/**
 * Read the current user's effective IvyForms permissions for UI gating.
 *
 * These mirror the backend PermissionCatalog and are provided via
 * wpIvyApiSettings.permissions. Backend permission checks remain the source of
 * truth; this only controls whether UI affordances (buttons, etc.) are shown.
 *
 * Site administrators (who can access permissions settings) always pass, so the
 * full UI stays available to them even though granular flags may be omitted.
 */
export function usePermissions() {
  const isAdministrator = computed(() => readCanAccessPermissionsSettings())

  const can = (permission: PermissionKey): boolean => {
    if (isAdministrator.value) {
      return true
    }
    return readPermissions()[permission] === true
  }

  const canEditForms = computed(() => can('add_edit_forms'))
  const canDeleteForms = computed(() => can('delete_forms'))
  const canViewForms = computed(() => can('view_forms_list'))
  const canViewEntries = computed(() => can('view_entries_admin'))
  const canDeleteEntries = computed(() => can('delete_entries_admin'))
  const canAccessSettings = computed(() => can('access_settings_page'))

  return {
    can,
    canEditForms,
    canDeleteForms,
    canViewForms,
    canViewEntries,
    canDeleteEntries,
    canAccessSettings,
  }
}