package ape

import (
	"fmt"

	aperequest "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/ape/request"
	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
	policyengine "git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine"
)

// ChainRouterError is returned when chain router validation prevents
// the APE request from being processed (no rule found, access denied, etc.).
type ChainRouterError struct {
	target  policyengine.RequestTarget
	request aperequest.Request
	status  apechain.Status
}

func (e *ChainRouterError) Error() string {
	return fmt.Sprintf("access to operation %s is denied by access policy engine: %s", e.Request().Operation(), e.Status())
}

func (e *ChainRouterError) Target() policyengine.RequestTarget {
	return e.target
}

func (e *ChainRouterError) Request() aperequest.Request {
	return e.request
}

func (e *ChainRouterError) Resource() aperequest.Resource {
	res, ok := e.request.Resource().(*aperequest.Resource)
	if !ok {
		return aperequest.Resource{}
	}
	return *res
}

func (e *ChainRouterError) Status() apechain.Status {
	return e.status
}

func newChainRouterError(target policyengine.RequestTarget, request aperequest.Request, status apechain.Status) *ChainRouterError {
	return &ChainRouterError{
		target:  target,
		request: request,
		status:  status,
	}
}