import '../../features/auth/domain/app_user.dart';
import '../../features/profile/domain/user_profile.dart';

/// Hardcoded admin allow-list for the MVP. Email match is the primary signal
/// because the hardcoded admin doesn't carry a Firestore role document.
const Set<String> _adminEmails = <String>{'philip@theguzmanfamily.com'};

/// Returns true if [user] is on the email allow-list. Primary entry point —
/// most callers only have an [AppUser] in hand.
bool isAdmin(AppUser? user) {
  if (user == null) return false;
  final email = user.email.trim().toLowerCase();
  if (email.isEmpty) return false;
  return _adminEmails.contains(email);
}

/// Returns true when admin status is established either by email allow-list
/// or by a Firestore profile document carrying [UserRole.admin]. Use this in
/// places where a profile is already loaded so a future Firestore-driven
/// admin grant works without a code change.
bool isAdminWithProfile(AppUser? user, UserProfile? profile) {
  if (isAdmin(user)) return true;
  return profile?.role == UserRole.admin;
}