class OidcUserConsent < ApplicationRecord
  belongs_to :user
  belongs_to :application

  validates :user, :application, :scopes_granted, :granted_at, presence: true
  validates :user_id, uniqueness: { scope: :application_id }

  before_validation :set_granted_at, on: :create
  before_validation :set_sid, on: :create

  # Parse scopes_granted into an array
  def scopes
    scopes_granted.split(' ')
  end

  # Set scopes from an array
  def scopes=(scope_array)
    self.scopes_granted = Array(scope_array).uniq.join(' ')
  end

  # Check if this consent covers the requested scopes
  def covers_scopes?(requested_scopes)
    requested = Array(requested_scopes).map(&:to_s)
    granted = scopes

    # All requested scopes must be included in granted scopes
    (requested - granted).empty?
  end

  # Get a human-readable list of scopes
  def formatted_scopes
    scopes.map do |scope|
      case scope
      when 'openid'
        'Basic authentication'
      when 'profile'
        'Profile information'
      when 'email'
        'Email address'
      when 'groups'
        'Group membership'
      else
        scope.humanize
      end
    end.join(', ')
  end

  # Find consent by SID
  def self.find_by_sid(sid)
    find_by(sid: sid)
  end

  private

  def set_granted_at
    self.granted_at ||= Time.current
  end

  def set_sid
    self.sid ||= SecureRandom.uuid
  end
end