package it.inaf.ia2.gms.manager;

import it.inaf.ia2.gms.exception.UnauthorizedException;
import it.inaf.ia2.gms.model.Permission;
import it.inaf.ia2.gms.model.RapUser;
import it.inaf.ia2.gms.model.UserPermission;
import it.inaf.ia2.gms.persistence.LoggingDAO;
import it.inaf.ia2.gms.persistence.model.GroupEntity;
import it.inaf.ia2.gms.persistence.model.PermissionEntity;
import it.inaf.ia2.gms.rap.RapClient;
import it.inaf.ia2.gms.service.PermissionUtils;
import it.inaf.ia2.gms.service.PermissionsService;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
public class PermissionsManager extends UserAwareComponent {

    private final PermissionsService permissionsService;
    private final RapClient rapClient;
    private final LoggingDAO loggingDAO;

    @Autowired
    public PermissionsManager(PermissionsService permissionsService, RapClient rapClient, LoggingDAO loggingDAO) {
        this.permissionsService = permissionsService;
        this.rapClient = rapClient;
        this.loggingDAO = loggingDAO;
    }

    public List<UserPermission> getAllPermissions(GroupEntity group) {

        verifyUserCanManagePermissions(group);

        List<PermissionEntity> permissions = permissionsService.getGroupPermissions(group);

        Set<String> userIdentifiers = permissions.stream()
                .map(p -> p.getUserId())
                .collect(Collectors.toSet());

        Map<String, RapUser> users = rapClient.getUsers(userIdentifiers).stream()
                .collect(Collectors.toMap(RapUser::getId, Function.identity()));

        List<UserPermission> result = new ArrayList<>();

        for (PermissionEntity p : permissions) {
            RapUser rapUser = users.get(p.getUserId());
            if (rapUser != null) {
                UserPermission permission = new UserPermission();
                permission.setPermission(p.getPermission());
                permission.setUser(rapUser);
                result.add(permission);
            }
        }

        return result;
    }

    public Permission getUserPermission(GroupEntity group, String userId) {
        verifyUserCanManagePermissions(group);
        List<PermissionEntity> permissions = permissionsService.findUserPermissions(group, getCurrentUserId());
        return PermissionUtils.getGroupPermission(group, permissions).orElse(null);
    }

    public PermissionEntity addPermission(GroupEntity group, String userId, Permission permission) {
        verifyUserCanManagePermissions(group);
        return permissionsService.addPermission(group, userId, permission);
    }

    public void removePermission(GroupEntity group, String userId) {
        verifyUserCanManagePermissions(group);
        permissionsService.removePermission(group, userId);
    }

    private void verifyUserCanManagePermissions(GroupEntity group) {
        Permission permission = getCurrentUserPermission(group);
        if (permission != Permission.ADMIN) {
            loggingDAO.logAction("Unauthorized attempt to manage permissions");
            throw new UnauthorizedException("Only admin users can handle permissions");
        }
    }

    public List<PermissionEntity> getCurrentUserPermissions(GroupEntity group) {
        return permissionsService.findUserPermissions(group, getCurrentUserId());
    }

    public Permission getCurrentUserPermission(GroupEntity group) {
        List<PermissionEntity> permissions = permissionsService.findUserPermissions(group, getCurrentUserId());
        return PermissionUtils.getGroupPermission(group, permissions).orElse(null);
    }
}