import { useEffect, useState } from "react";
import { supabase } from "@/integrations/supabase/client";

export type AppRole = "super_admin" | "salesman";

export function useRole() {
  const [role, setRole] = useState<AppRole | null>(null);
  const [loading, setLoading] = useState(true);

  useEffect(() => {
    let mounted = true;
    (async () => {
      const { data: u } = await supabase.auth.getUser();
      if (!u.user) { if (mounted) { setRole(null); setLoading(false); } return; }
      const { data } = await supabase
        .from("user_roles" as any)
        .select("role")
        .eq("user_id", u.user.id)
        .order("role", { ascending: true })
        .limit(1)
        .maybeSingle();
      if (mounted) {
        setRole(((data as any)?.role as AppRole) ?? "salesman");
        setLoading(false);
      }
    })();
    return () => { mounted = false; };
  }, []);

  const isAdmin = role === "super_admin";
  const isSalesman = role === "salesman";
  return { role, loading, isAdmin, isSalesman };
}

// Routes allowed for salesman role
export const SALESMAN_ALLOWED = ["/", "/pos", "/sales", "/customers", "/products"];

export function canAccess(role: AppRole | null, path: string): boolean {
  if (!role) return false;
  if (role === "super_admin") return true;
  return SALESMAN_ALLOWED.some((p) => (p === "/" ? path === "/" : path.startsWith(p)));
}