from portal.permissions import MODULE_KEYS, _get_module_perms


def admin_permissions(request):
    """
    Inject `admin_access` dict into every template context for admin/super_admin users.

    Template usage:  {% if admin_access.courses.view %} ... {% endif %}

    Shares the per-request permission cache populated by ModulePermissionMixin,
    so the DB is queried at most once per request regardless of call order.
    """
    user = getattr(request, 'user', None)
    if user is None or not getattr(user, 'is_authenticated', False):
        return {}

    from django.contrib.auth import get_user_model
    User = get_user_model()

    if not hasattr(user, 'role') or user.role not in (User.ADMIN, User.SUPER_ADMIN):
        return {}

    if user.role == User.SUPER_ADMIN:
        access = {m: {'view': True, 'edit': True, 'delete': True} for m in MODULE_KEYS}
    else:
        perms_list = _get_module_perms(user)
        if not perms_list:
            access = {m: {'view': True, 'edit': True, 'delete': True} for m in MODULE_KEYS}
        else:
            perm_map = {p.module: p for p in perms_list}
            access = {}
            for m in MODULE_KEYS:
                p = perm_map.get(m)
                if p is None:
                    access[m] = {'view': False, 'edit': False, 'delete': False}
                else:
                    access[m] = {
                        'view': p.can_view,
                        'edit': p.can_edit,
                        'delete': p.can_delete,
                    }

    return {'admin_access': access}