#!/usr/bin/env node

/**
 * 权限 Scope 控制 - 迁移脚本
 * 自动将旧的 @RequirePermissions 装饰器更新为新的 Scope 装饰器
 */

import { readFileSync, writeFileSync } from 'fs';
import { join } from 'path';
import { glob } from 'glob';

// 迁移规则
const migrationRules = {
  // 组织级权限（仅本组织）
  organization: [
    'user:read',
    'user:create', 
    'user:update',
    'user:delete',
    'organization:read',
    'organization:update',
    'department:read',
    'department:create',
    'department:update',
    'department:delete',
    'position:read',
    'position:create',
    'position:update',
    'position:delete',
    'role:read',
    'role:create',
    'role:update',
    'role:delete',
    'role:manage',
  ],
  
  // 全局权限（跨组织）
  global: [
    'organization:create',
    'organization:delete',
    'organization:sync',
    'region:create',
    'region:read',
    'region:update',
    'region:delete',
  ],
};

function migrateFile(filePath: string) {
  let content = readFileSync(filePath, 'utf-8');
  let changed = false;

  // 1. 更新 import 语句
  if (content.includes('import { RequirePermissions }') && 
      !content.includes('RequireOrganizationPermissions') &&
      !content.includes('RequireGlobalPermissions')) {
    
    const needsOrgPermissions = migrationRules.organization.some(
      perm => content.includes(`@RequirePermissions('${perm}')`)
    );
    const needsGlobalPermissions = migrationRules.global.some(
      perm => content.includes(`@RequirePermissions('${perm}')`)
    );

    if (needsOrgPermissions || needsGlobalPermissions) {
      const imports = [];
      if (content.includes('@RequirePermissions')) {
        imports.push('RequirePermissions');
      }
      if (needsOrgPermissions) {
        imports.push('RequireOrganizationPermissions');
      }
      if (needsGlobalPermissions) {
        imports.push('RequireGlobalPermissions');
      }

      content = content.replace(
        /import { RequirePermissions } from '@common\/decorators\/permissions.decorator';/,
        `import { ${imports.join(', ')} } from '@common/decorators/permissions.decorator';`
      );
      changed = true;
    }
  }

  // 2. 更新 @UseGuards - 添加 PermissionsGuard
  if (content.includes('@UseGuards(JwtAuthGuard)') && 
      !content.includes('@UseGuards(JwtAuthGuard, PermissionsGuard)') &&
      content.includes('@RequirePermissions')) {
    
    content = content.replace(
      /@UseGuards\(JwtAuthGuard\)/g,
      '@UseGuards(JwtAuthGuard, PermissionsGuard)'
    );
    changed = true;
  }

  // 3. 移除方法级别的 @UseGuards(PermissionsGuard)（因为已在类级别添加）
  content = content.replace(
    /\s+@UseGuards\(PermissionsGuard\)\n/g,
    '\n'
  );

  // 4. 更新装饰器
  migrationRules.organization.forEach(permission => {
    const regex = new RegExp(`@RequirePermissions\\('${permission}'\\)`, 'g');
    if (content.match(regex)) {
      content = content.replace(regex, `@RequireOrganizationPermissions('${permission}')`);
      changed = true;
    }
  });

  migrationRules.global.forEach(permission => {
    const regex = new RegExp(`@RequirePermissions\\('${permission}'\\)`, 'g');
    if (content.match(regex)) {
      content = content.replace(regex, `@RequireGlobalPermissions('${permission}')`);
      changed = true;
    }
  });

  if (changed) {
    writeFileSync(filePath, content, 'utf-8');
    console.log(`✅ Migrated: ${filePath}`);
    return true;
  }

  return false;
}

async function main() {
  const controllersPath = join(process.cwd(), 'src/modules/organization/**/*.controller.ts');
  const files = await glob(controllersPath);

  console.log(`🔍 Found ${files.length} controller files\n`);

  let migratedCount = 0;

  for (const file of files) {
    if (migrateFile(file)) {
      migratedCount++;
    }
  }

  console.log(`\n✨ Migration complete: ${migratedCount}/${files.length} files updated`);
}

main().catch(console.error);