import os
from typing import Optional

import casbin
from fastapi import HTTPException, status, Request, Header

from Utils.Authentication.TokenUtil import decode_token

e = casbin.Enforcer(
    os.getcwd() + r"\Utils\AccessControl\model.conf",
    os.getcwd() + r"\Utils\AccessControl\policy.csv"
)


def access_interseptor(request: Request, token: Optional[str] = Header(...)):

    sub = decode_token(token).get("role")
    obj = request.url.__str__().split(request.base_url.__str__()[:-1])[-1].split("?")[0]
    act = request.method

    if not e.enforce(sub, obj, act):
        credentials_exception = HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="No Access",
            headers={"WWW-Authenticate": "Bearer"},
        )
        raise credentials_exception