package handler

import (
	"strings"

	"spider/internal/model"
	"spider/internal/store"

	"github.com/gin-gonic/gin"
)

// PermissionHandler handles role permission configuration.
type PermissionHandler struct {
	store *store.Store
}

// ListAll handles GET /permissions — returns all role permissions + available keys
func (h *PermissionHandler) ListAll(c *gin.Context) {
	var perms []model.RolePermission
	h.store.DB.Order("role ASC").Find(&perms)

	OK(c, gin.H{
		"roles":        perms,
		"all_menus":    model.AllMenuKeys(),
		"all_actions":  model.AllActionKeys(),
	})
}

// Update handles PUT /permissions/:role — update permissions for a role
func (h *PermissionHandler) Update(c *gin.Context) {
	role := c.Param("role")
	if role == "" {
		Fail(c, 400, "role is required")
		return
	}

	var body struct {
		Menus   []string `json:"menus"`
		Actions []string `json:"actions"`
	}
	if err := c.ShouldBindJSON(&body); err != nil {
		Fail(c, 400, err.Error())
		return
	}

	menusStr := strings.Join(body.Menus, ",")
	actionsStr := strings.Join(body.Actions, ",")

	var perm model.RolePermission
	result := h.store.DB.Where("role = ?", role).First(&perm)
	if result.Error != nil {
		// Create new
		perm = model.RolePermission{
			Role:    role,
			Menus:   menusStr,
			Actions: actionsStr,
		}
		h.store.DB.Create(&perm)
	} else {
		h.store.DB.Model(&perm).Updates(map[string]any{
			"menus":   menusStr,
			"actions": actionsStr,
		})
		h.store.DB.First(&perm, perm.ID)
	}

	LogAudit(h.store, c, "update", "permission", role, gin.H{"menus": body.Menus, "actions": body.Actions})
	OK(c, perm)
}

// Reset handles POST /permissions/reset — restore default permissions for all built-in roles
func (h *PermissionHandler) Reset(c *gin.Context) {
	defaults := model.DefaultPermissions()
	for role, perm := range defaults {
		var existing model.RolePermission
		result := h.store.DB.Where("role = ?", role).First(&existing)
		if result.Error != nil {
			h.store.DB.Create(&model.RolePermission{
				Role:    role,
				Menus:   perm.Menus,
				Actions: perm.Actions,
			})
		} else {
			h.store.DB.Model(&existing).Updates(map[string]any{
				"menus":   perm.Menus,
				"actions": perm.Actions,
			})
		}
	}
	LogAudit(h.store, c, "update", "permission", "all", gin.H{"action": "reset"})

	var perms []model.RolePermission
	h.store.DB.Order("role ASC").Find(&perms)
	OK(c, perms)
}

// GetMyPermissions handles GET /auth/permissions — returns current user's permissions
func (h *PermissionHandler) GetMyPermissions(c *gin.Context) {
	role := c.GetString("role")

	var perm model.RolePermission
	if err := h.store.DB.Where("role = ?", role).First(&perm).Error; err != nil {
		// Fallback to defaults
		defaults := model.DefaultPermissions()
		if d, ok := defaults[role]; ok {
			OK(c, gin.H{
				"role":    role,
				"menus":   strings.Split(d.Menus, ","),
				"actions": strings.Split(d.Actions, ","),
			})
			return
		}
		// Unknown role, return empty
		OK(c, gin.H{"role": role, "menus": []string{}, "actions": []string{}})
		return
	}

	menus := []string{}
	if perm.Menus != "" {
		menus = strings.Split(perm.Menus, ",")
	}
	actions := []string{}
	if perm.Actions != "" {
		actions = strings.Split(perm.Actions, ",")
	}

	OK(c, gin.H{
		"role":    role,
		"menus":   menus,
		"actions": actions,
	})
}