const ROLE_PERMISSIONS: Record<string, string[]> = {
  super_admin: ['kyc.request', 'kyc.view', 'kyc.doc_upload', 'kyc.doc_approve', 'kyc.doc_reject', 'kyc.make_valid_user', 'dashboard.view'],
  admin_manager: ['kyc.request', 'kyc.view', 'kyc.doc_upload', 'kyc.doc_approve', 'kyc.doc_reject', 'kyc.make_valid_user', 'dashboard.view'],
  staff: ['kyc.request', 'kyc.view', 'kyc.doc_upload', 'dashboard.view'],
  accountant: ['dashboard.view', 'accounting.view', 'accounting.create', 'accounting.edit', 'accounting.delete'],
  investor: ['dashboard.view', 'kyc.request', 'kyc.view'],
  biker: ['dashboard.view', 'kyc.request', 'kyc.view', 'rentals.view', 'rentals.create'],
  'swap-station': ['dashboard.view', 'kyc.request', 'kyc.view'],
  merchant: ['dashboard.view', 'kyc.request', 'kyc.view', 'merchants.view'],
};

export const isAuthenticated = (): boolean => {
  return typeof window !== 'undefined' && !!sessionStorage.getItem('authToken');
};

export const getUserRole = (): string | null => {
  return typeof window !== 'undefined' ? sessionStorage.getItem('userRole') : null;
};

export const getUserName = (): string | null => {
  return typeof window !== 'undefined' ? sessionStorage.getItem('userName') : null;
};

export const getUserPermissions = (): string[] => {
  if (typeof window === 'undefined') return [];
  const stored = sessionStorage.getItem('userPermissions');
  if (stored) return JSON.parse(stored);
  const role = getUserRole();
  return role ? (ROLE_PERMISSIONS[role] || []) : [];
};

export const hasPermission = (permission: string): boolean => {
  const permissions = getUserPermissions();
  return permissions.includes(permission);
};

export const canApproveKycDocument = (): boolean => {
  return hasPermission('kyc.doc_approve');
};

export const canRejectKycDocument = (): boolean => {
  return hasPermission('kyc.doc_reject');
};

export const canMakeValidUser = (): boolean => {
  return hasPermission('kyc.make_valid_user');
};

export const logout = () => {
  if (typeof window !== 'undefined') {
    sessionStorage.removeItem('authToken');
    sessionStorage.removeItem('userRole');
    sessionStorage.removeItem('userName');
    sessionStorage.removeItem('userPermissions');
  }
};