package it.inaf.ia2.gms.manager;

import it.inaf.ia2.gms.exception.BadRequestException;
import it.inaf.ia2.gms.exception.UnauthorizedException;
import it.inaf.ia2.gms.model.Permission;
import it.inaf.ia2.gms.persistence.LoggingDAO;
import it.inaf.ia2.gms.persistence.model.GroupEntity;
import it.inaf.ia2.gms.service.GroupsService;
import org.springframework.stereotype.Service;

@Service
public class GroupsManager extends UserAwareComponent {

    private final GroupsService groupsService;
    private final PermissionsManager permissionsManager;
    private final LoggingDAO loggingDAO;

    public GroupsManager(GroupsService groupsService, PermissionsManager permissionsManager, LoggingDAO loggingDAO) {
        this.groupsService = groupsService;
        this.permissionsManager = permissionsManager;
        this.loggingDAO = loggingDAO;
    }

    public GroupEntity getRoot() {
        return getGroupById(GroupsService.ROOT);
    }

    public GroupEntity getGroupById(String groupId) {
        GroupEntity group = groupsService.getGroupById(groupId);
        verifyUserCanReadGroup(group);
        return group;
    }

    public GroupEntity getGroupByPath(String path) {
        GroupEntity group = groupsService.getGroupByPath(path);
        verifyUserCanReadGroup(group);
        return group;
    }

    public GroupEntity createGroup(GroupEntity parent, String childGroupName, boolean leaf) {

        if (parent.isLeaf()) {
            throw new BadRequestException("Unable to create a sub group inside a leaf group");
        }

        verifyUserCanManageGroup(parent);

        return groupsService.addGroup(parent, childGroupName, leaf, getCurrentUserId());
    }

    public GroupEntity updateGroup(String groupId, String newGroupName, boolean leaf) {

        GroupEntity group = groupsService.getGroupById(groupId);
        verifyUserCanManageGroup(group);

        return groupsService.updateGroup(group, newGroupName, leaf);
    }

    public GroupEntity deleteGroup(String groupId) {
        GroupEntity group = groupsService.getGroupById(groupId);
        verifyUserCanManageGroup(group);
        return groupsService.deleteGroup(group);
    }

    public void verifyUserCanReadGroup(GroupEntity group) {
        if (permissionsManager.getCurrentUserPermission(group) == null) {
            loggingDAO.logAction("Unauthorized group management request, group_id=" + group.getId());
            throw new UnauthorizedException("Missing permission to see this group");
        }
    }

    private void verifyUserCanManageGroup(GroupEntity group) {
        if (permissionsManager.getCurrentUserPermission(group) != Permission.ADMIN) {
            loggingDAO.logAction("Unauthorized group management request, group_id=" + group.getId());
            throw new UnauthorizedException("Missing admin permission");
        }
    }
}