from fastapi import Depends, HTTPException, Request
from sqlalchemy.orm import Session
from app.models import UserPermission, Permission
from app.database import get_db
from app.auth import get_current_user  # Your JWT-based current user function

def permission_required(permission_name: str):
    def _permission_dependency(
        current_user=Depends(get_current_user),
        db: Session = Depends(get_db)
    ):
        permission = (
            db.query(Permission)
            .filter(Permission.name == permission_name, Permission.status == 1)
            .first()
        )

        if not permission:
            raise HTTPException(status_code=403, detail=f"Permission '{permission_name}' not found or inactive")

        exists = (
            db.query(UserPermission)
            .filter_by(user_id=current_user.id, permission_id=permission.id)
            .first()
        )

        if not exists:
            raise HTTPException(status_code=403, detail=f"Access denied: missing '{permission_name}' permission")

        return True  # or simply pass

    return _permission_dependency
