//! 角色权限查询处理函数

use axum::{
    extract::{Extension, Path, State},
    Json,
};
use crate::state::AppState;
use crate::error::{SaasError, SaasResult};
use crate::auth::types::AuthContext;
use crate::auth::handlers::check_permission;

/// GET /api/v1/roles/:id/permissions - 获取角色权限列表
pub async fn get_role_permissions(
    State(state): State<AppState>,
    Path(id): Path<String>,
    Extension(ctx): Extension<AuthContext>,
) -> SaasResult<Json<Vec<String>>> {
    check_permission(&ctx, "account:read")?;

    let row: Option<(String,)> = sqlx::query_as(
        "SELECT permissions FROM roles WHERE id = $1"
    )
    .bind(&id)
    .fetch_optional(&state.db)
    .await
    .map_err(|e| SaasError::Database(e))?;

    let permissions_str = row
        .ok_or_else(|| SaasError::NotFound(format!("角色 {} 不存在", id)))?
        .0;

    let permissions: Vec<String> = serde_json::from_str(&permissions_str)?;

    Ok(Json(permissions))
}