package api_acladmin

import (
	"encoding/json"
	"net/http"

	"git.oblat.lv/alex/triggerssmith/internal/acl"
	"git.oblat.lv/alex/triggerssmith/internal/auth"
	"git.oblat.lv/alex/triggerssmith/internal/config"
	"git.oblat.lv/alex/triggerssmith/internal/server"
	"github.com/go-chi/chi/v5"
)

type aclAdminHandler struct {
	cfg  *config.Config
	a    *acl.Service
	auth *auth.Service
}

func MustRoute(config *config.Config, aclService *acl.Service, authService *auth.Service) func(chi.Router) {
	if config == nil {
		panic("config is nil")
	}
	if aclService == nil {
		panic("aclService is nil")
	}
	if authService == nil {
		panic("authService is nil")
	}
	h := &aclAdminHandler{
		cfg:  config,
		a:    aclService,
		auth: authService,
	}
	return func(r chi.Router) {
		r.Get("/roles", h.getRoles)
		r.Post("/create-role", h.createRole)
		r.Post("/assign-role", h.assignRoleToUser)
		r.Get("/user-roles", h.getUserRoles)
		r.Post("/remove-role", h.removeRoleFromUser)

		r.Get("/resources", h.getResources)
		r.Post("/create-resource", h.createResource)
		r.Post("/assign-resource", h.assignResourceToRole)
		r.Get("/role-resources", h.getRoleResources)
		r.Post("/remove-resource", h.removeResourceFromRole)

		r.Get("/permissions", h.getResources)                   // legacy support
		r.Post("/create-permissions", h.createResource)         // legacy support
		r.Post("/assign-permissions", h.assignResourceToRole)   // legacy support
		r.Get("/role-permissions", h.getRoleResources)          // legacy support
		r.Post("/remove-permissions", h.removeResourceFromRole) // legacy support
	}
}

type rolesResponse []struct {
	ID        uint          `json:"id"`
	Name      string        `json:"name"`
}

func (h *aclAdminHandler) getRoles(w http.ResponseWriter, r *http.Request) {
	roles, err := h.a.GetRoles()
	if err != nil {
		http.Error(w, "Internal server error", http.StatusInternalServerError)
		return
	}
	w.Header().Set("Content-Type", "application/json")
	err = json.NewEncoder(w).Encode(func() rolesResponse {
		// Transform acl.Role to rolesResponse
		resp := make(rolesResponse, 0, len(roles))
		for _, role := range roles {
			resp = append(resp, struct {
				ID        uint          `json:"id"`
				Name      string        `json:"name"`
			}{
				ID:   role.ID,
				Name: role.Name,
			})
		}
		return resp
	}())
	if err != nil {
		http.Error(w, "Failed to encode response", http.StatusInternalServerError)
		return
	}
}

func (h *aclAdminHandler) createRole(w http.ResponseWriter, r *http.Request) {
	server.NotImplemented(w)
}

func (h *aclAdminHandler) assignRoleToUser(w http.ResponseWriter, r *http.Request) {
	server.NotImplemented(w)
}

func (h *aclAdminHandler) getUserRoles(w http.ResponseWriter, r *http.Request) {
	server.NotImplemented(w)
}

func (h *aclAdminHandler) removeRoleFromUser(w http.ResponseWriter, r *http.Request) {
	server.NotImplemented(w)
}

func (h *aclAdminHandler) getResources(w http.ResponseWriter, r *http.Request) {
	server.NotImplemented(w)
}

func (h *aclAdminHandler) createResource(w http.ResponseWriter, r *http.Request) {
	server.NotImplemented(w)
}

func (h *aclAdminHandler) assignResourceToRole(w http.ResponseWriter, r *http.Request) {
	server.NotImplemented(w)
}

func (h *aclAdminHandler) getRoleResources(w http.ResponseWriter, r *http.Request) {
	server.NotImplemented(w)
}

func (h *aclAdminHandler) removeResourceFromRole(w http.ResponseWriter, r *http.Request) {
	server.NotImplemented(w)
}