using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Routing;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.JsonPatch;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Logging;

using AyaNova.Models;
using AyaNova.Api.ControllerHelpers;
using AyaNova.Biz;


namespace AyaNova.Api.Controllers
{

    /// <summary>
    /// User
    /// </summary>
    [ApiVersion("8.0")]
    [Route("api/v{version:apiVersion}/[controller]")]
    [Produces("application/json")]
    [Authorize]
    public class UserController : Controller
    {
        private readonly AyContext ct;
        private readonly ILogger<UserController> log;
        private readonly ApiServerState serverState;


        /// <summary>
        /// ctor
        /// </summary>
        /// <param name="dbcontext"></param>
        /// <param name="logger"></param>
        /// <param name="apiServerState"></param>  
        public UserController(AyContext dbcontext, ILogger<UserController> logger, ApiServerState apiServerState)
        {
            ct = dbcontext;
            log = logger;
            serverState = apiServerState;
        }




        /// <summary>
        /// Get User
        /// 
        /// Required roles:
        /// BizAdminFull, BizAdminLimited
        /// </summary>
        /// <param name="id"></param>
        /// <returns>A single User</returns>
        [HttpGet("{id}")]
        public async Task<IActionResult> GetUser([FromRoute] long id)
        {
            if (serverState.IsClosed)
            {
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }

            //Instantiate the business object handler
            UserBiz biz = UserBiz.GetBiz(ct, HttpContext);

            if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
            {
                return StatusCode(401, new ApiNotAuthorizedResponse());
            }

            if (!ModelState.IsValid)
            {
                return BadRequest(new ApiErrorResponse(ModelState));
            }



            var o = await biz.GetAsync(id);
            if (o == null)
            {
                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
            }

            return Ok(new ApiOkResponse(o));
        }



        /// <summary>    
        /// Get filter and sort options
        /// 
        /// Required roles: 
        /// BizAdminFull, InventoryFull, BizAdminLimited, InventoryLimited, TechFull, TechLimited, Accounting
        /// 
        /// </summary>
        /// <returns>Filter options</returns>    
        [HttpGet("FilterOptions")]
        public ActionResult FilterOptions()
        {
            if (serverState.IsClosed)
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));

            //Instantiate the business object handler
            UserBiz biz = UserBiz.GetBiz(ct, HttpContext);

            if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
                return StatusCode(401, new ApiNotAuthorizedResponse());

            return Ok(new
            {
                data = UserBiz.FilterOptions(biz.UserLocaleId)
            });
        }


        /// <summary>
        /// Get paged list of Users
        /// 
        /// Required roles: 
        /// BizAdminFull, BizAdminLimited
        /// 
        /// </summary>
        /// <returns>Paged collection of Users with paging data</returns>            
        [HttpGet("ListUsers", Name = nameof(ListUsers))]//We MUST have a "Name" defined or we can't get the link for the pagination, non paged urls don't need a name
        public async Task<IActionResult> ListUsers([FromQuery] PagingOptions pagingOptions)
        {

            if (serverState.IsClosed)
            {
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }

            //Instantiate the business object handler
            UserBiz biz = UserBiz.GetBiz(ct, HttpContext);

            if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
            {
                return StatusCode(401, new ApiNotAuthorizedResponse());
            }

            if (!ModelState.IsValid)
            {
                return BadRequest(new ApiErrorResponse(ModelState));
            }



            ApiPagedResponse<System.Object> pr = await biz.GetManyAsync(Url, nameof(ListUsers), pagingOptions);
            return Ok(new ApiOkWithPagingResponse<System.Object>(pr));
        }



        /// <summary>
        ///  Get User pick list
        /// 
        /// Required roles: Any
        /// 
        /// </summary>
        /// <param name="pagingOptions">Paging, filtering and sorting options</param>
        /// <returns>Paged id/name collection with paging data</returns>  
        [HttpGet("PickList", Name = nameof(UserPickList))]
        public ActionResult UserPickList([FromQuery] PagingOptions pagingOptions)
        {
            if (serverState.IsClosed)
            {
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }

            if (!ModelState.IsValid)
            {
                return BadRequest(new ApiErrorResponse(ModelState));
            }

            //Instantiate the business object handler
            UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
            ApiPagedResponse<NameIdItem> pr = biz.GetPickList(Url, nameof(UserPickList), pagingOptions);
            return Ok(new ApiOkWithPagingResponse<NameIdItem>(pr));
        }


        /// <summary>
        /// Put (update) User
        /// 
        /// Required roles:
        /// BizAdminFull
        /// 
        /// </summary>
        /// <param name="id"></param>
        /// <param name="inObj"></param>
        /// <returns></returns>
        [HttpPut("{id}")]
        public async Task<IActionResult> PutUser([FromRoute] long id, [FromBody] User inObj)
        {
            if (!serverState.IsOpen)
            {
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }

            if (!ModelState.IsValid)
            {
                return BadRequest(new ApiErrorResponse(ModelState));
            }

            var o = await ct.User.SingleOrDefaultAsync(m => m.Id == id);

            if (o == null)
            {
                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
            }

            //Instantiate the business object handler       
            UserBiz biz = UserBiz.GetBiz(ct, HttpContext);

            if (!Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType, o.OwnerId))
            {
                return StatusCode(401, new ApiNotAuthorizedResponse());
            }



            try
            {
                if (!biz.Put(o, inObj))
                    return BadRequest(new ApiErrorResponse(biz.Errors));
            }
            catch (DbUpdateConcurrencyException)
            {
                if (!UserExists(id))
                {
                    return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
                }
                else
                {
                    //exists but was changed by another user
                    //I considered returning new and old record, but where would it end?
                    //Better to let the client decide what to do than to send extra data that is not required
                    return StatusCode(409, new ApiErrorResponse(ApiErrorCode.CONCURRENCY_CONFLICT));
                }
            }
            return Ok(new ApiOkResponse(new { ConcurrencyToken = o.ConcurrencyToken }));
        }



        /// <summary>
        /// Patch (update) User
        /// 
        /// Required roles:
        /// BizAdminFull
        /// 
        /// </summary>
        /// <param name="id"></param>
        /// <param name="concurrencyToken"></param>
        /// <param name="objectPatch"></param>
        /// <returns></returns>
        [HttpPatch("{id}/{concurrencyToken}")]
        public async Task<IActionResult> PatchUser([FromRoute] long id, [FromRoute] uint concurrencyToken, [FromBody]JsonPatchDocument<User> objectPatch)
        {
            if (!serverState.IsOpen)
            {
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }

            if (!ModelState.IsValid)
            {
                return BadRequest(new ApiErrorResponse(ModelState));
            }

            //Instantiate the business object handler
            UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
            var o = await ct.User.SingleOrDefaultAsync(m => m.Id == id);

            if (o == null)
            {
                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
            }

            if (!Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType, o.OwnerId))
            {
                return StatusCode(401, new ApiNotAuthorizedResponse());
            }

            try
            {
                //patch and validate
                if (!biz.Patch(o, objectPatch, concurrencyToken))
                {
                    return BadRequest(new ApiErrorResponse(biz.Errors));
                }
            }
            catch (DbUpdateConcurrencyException)
            {
                if (!UserExists(id))
                {
                    return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
                }
                else
                {
                    return StatusCode(409, new ApiErrorResponse(ApiErrorCode.CONCURRENCY_CONFLICT));
                }
            }

            return Ok(new ApiOkResponse(new { ConcurrencyToken = o.ConcurrencyToken }));
        }


        /// <summary>
        /// Post User
        /// 
        /// Required roles: 
        /// BizAdminFull
        /// 
        /// </summary>
        /// <param name="inObj"></param>
        /// <returns></returns>
        [HttpPost]
        public async Task<IActionResult> PostUser([FromBody] User inObj)
        {
            if (!serverState.IsOpen)
            {
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }

            //Instantiate the business object handler
            UserBiz biz = UserBiz.GetBiz(ct, HttpContext);

            //If a user has change roles, or editOwnRoles then they can create, true is passed for isOwner since they are creating so by definition the owner
            if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, biz.BizType))
            {
                return StatusCode(401, new ApiNotAuthorizedResponse());
            }

            if (!ModelState.IsValid)
            {
                return BadRequest(new ApiErrorResponse(ModelState));
            }



            //Create and validate
            User o = await biz.CreateAsync(inObj);

            if (o == null)
            {
                //error return
                return BadRequest(new ApiErrorResponse(biz.Errors));
            }
            else
            {

                //return success and link
                //NOTE: this is a USER object so we don't want to return some key fields for security reasons
                //which is why the object is "cleaned" before return
                return CreatedAtAction("GetUser", new { id = o.Id }, new ApiCreatedResponse(UserBiz.CleanUserForReturn(o)));
            }
        }




        /// <summary>
        /// Delete User
        /// 
        /// Required roles:
        /// BizAdminFull
        /// 
        /// </summary>
        /// <param name="id"></param>
        /// <returns>Ok</returns>
        [HttpDelete("{id}")]
        public async Task<IActionResult> DeleteUser([FromRoute] long id)
        {
            if (!serverState.IsOpen)
            {
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }

            if (!ModelState.IsValid)
            {
                return BadRequest(new ApiErrorResponse(ModelState));
            }

            //Instantiate the business object handler
            UserBiz biz = UserBiz.GetBiz(ct, HttpContext);

            var dbObj = await ct.User.SingleOrDefaultAsync(m => m.Id == id);
            if (dbObj == null)
            {
                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
            }

            if (!Authorized.IsAuthorizedToDelete(HttpContext.Items, biz.BizType, dbObj.OwnerId))
            {
                return StatusCode(401, new ApiNotAuthorizedResponse());
            }


            if (!biz.Delete(dbObj))
            {
                return BadRequest(new ApiErrorResponse(biz.Errors));
            }

            return NoContent();
        }


        private bool UserExists(long id)
        {
            return ct.User.Any(e => e.Id == id);
        }


        //------------

    }//eoc
}//eons