import { Injectable, CanActivate, ExecutionContext, ForbiddenException } from '@nestjs/common';
import { UsersService } from '../../users/services/users.service';

@Injectable()
export class MerchantGuard implements CanActivate {
  constructor(private readonly usersService: UsersService) {}

  async canActivate(context: ExecutionContext): Promise<boolean> {
    const request = context.switchToHttp().getRequest();
    const user = request.user;

    if (!user) {
      throw new ForbiddenException('User not authenticated');
    }

    try {
      const userRoles = await this.usersService.getUserClientRoles(user.sub);
      
      // Autoriser les admins et les marchands
      if (userRoles.includes('admin') || userRoles.includes('merchant')) {
        return true;
      }

      throw new ForbiddenException('Merchant access required');
    } catch (error) {
      throw new ForbiddenException('Failed to verify merchant permissions');
    }
  }
}