<?php
require_once 'db/config.php';

function can($role_id, $resource, $action) {
    static $permissions = null;

    if ($permissions === null) {
        try {
            $pdo = db();
            $stmt = $pdo->query('SELECT * FROM role_permissions');
            $all_permissions = $stmt->fetchAll(PDO::FETCH_ASSOC);
            $permissions = [];
            foreach ($all_permissions as $p) {
                $permissions[$p['role_id']][$p['resource']][$p['action']] = $p['fields'] ?? '*';
            }
        } catch (PDOException $e) {
            // Handle database errors, maybe return false or log the error
            return false;
        }
    }

    if (isset($permissions[$role_id][$resource][$action])) {
        if (in_array($action, ['read', 'update', 'create'])) {
            return $permissions[$role_id][$resource][$action];
        }
        return true;
    }

    return false;
}