import type { Role } from "@prisma/client";

// PII visibility rules for the crew profile (Crewing-Implementation-Spec §6/§8.8).
// Bank account / EPF identity numbers are full only for Accounts (and SuperUser);
// masked for everyone else. Salary is hidden from site staff (office-only).

export function canViewFullBankEpf(role: Role): boolean {
  return role === "ACCOUNTS" || role === "SUPERUSER";
}

export function canViewSalary(role: Role): boolean {
  // Office roles see salary; site staff see status only (§6, R7).
  return role !== "SITE_STAFF";
}

// "•••• 4471" — keep only the last `visible` chars; null/short values render "—".
export function maskTail(value: string | null | undefined, visible = 4): string {
  if (!value) return "—";
  const v = value.trim();
  if (v.length <= visible) return "••••";
  return `•••• ${v.slice(-visible)}`;
}

// Show the value in full only when allowed, else mask it.
export function bankEpfValue(value: string | null | undefined, role: Role): string {
  if (!value) return "—";
  return canViewFullBankEpf(role) ? value : maskTail(value);
}