using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Routing;
using Microsoft.AspNetCore.Authorization;

using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Logging;

using AyaNova.Models;
using AyaNova.Api.ControllerHelpers;
using AyaNova.Biz;


namespace AyaNova.Api.Controllers
{

    /// <summary>
    /// User
    /// </summary>
    [ApiController]
    [ApiVersion("8.0")]
    [Route("api/v{version:apiVersion}/user")]
    [Produces("application/json")]
    [Authorize]
    public class UserController : ControllerBase
    {
        private readonly AyContext ct;
        private readonly ILogger<UserController> log;
        private readonly ApiServerState serverState;


        /// <summary>
        /// ctor
        /// </summary>
        /// <param name="dbcontext"></param>
        /// <param name="logger"></param>
        /// <param name="apiServerState"></param>  
        public UserController(AyContext dbcontext, ILogger<UserController> logger, ApiServerState apiServerState)
        {
            ct = dbcontext;
            log = logger;
            serverState = apiServerState;
        }




        /// <summary>
        /// Get User
        /// </summary>
        /// <param name="id"></param>
        /// <returns>A single User</returns>
        [HttpGet("{id}")]
        public async Task<IActionResult> GetUser([FromRoute] long id)
        {
            if (!serverState.IsOpen)
                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));

            //Instantiate the business object handler
            UserBiz biz = UserBiz.GetBiz(ct, HttpContext);

            if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
            {
                return StatusCode(403, new ApiNotAuthorizedResponse());
            }

            if (!ModelState.IsValid)
            {
                return BadRequest(new ApiErrorResponse(ModelState));
            }



            var o = await biz.GetAsync(id);
            if (o == null)
            {
                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
            }

            return Ok(ApiOkResponse.Response(o));
        }


        /// <summary>
        /// Put (update) User
        /// (Login and / or Password are not changed if set to null / omitted)
        /// </summary>        
        /// <param name="updatedObject"></param>
        /// <returns></returns>
        [HttpPut]
        public async Task<IActionResult> PutUser([FromBody] User updatedObject)
        {
            if (!serverState.IsOpen)
                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
            if (!ModelState.IsValid)
                return BadRequest(new ApiErrorResponse(ModelState));
            UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
            if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
                return StatusCode(403, new ApiNotAuthorizedResponse());
            var o = await biz.PutAsync(updatedObject);//In future may need to return entire object, for now just concurrency token 
            if (o == null)
            {
                if (biz.Errors.Exists(z => z.Code == ApiErrorCode.CONCURRENCY_CONFLICT))
                    return StatusCode(409, new ApiErrorResponse(biz.Errors));
                else
                    return BadRequest(new ApiErrorResponse(biz.Errors));
            }
            return Ok(ApiOkResponse.Response(new { Concurrency = o.Concurrency })); ;
        }


        /// <summary>
        /// Create User
        /// </summary>
        /// <param name="inObj"></param>
        /// <param name="apiVersion">From route path</param>
        /// <returns></returns>
        [HttpPost]
        public async Task<IActionResult> PostUser([FromBody] User inObj, ApiVersion apiVersion)
        {
            if (!serverState.IsOpen)
                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));

            //Instantiate the business object handler
            UserBiz biz = UserBiz.GetBiz(ct, HttpContext);

            //If a user has change roles
            if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
            {
                return StatusCode(403, new ApiNotAuthorizedResponse());
            }

            if (!ModelState.IsValid)
            {
                return BadRequest(new ApiErrorResponse(ModelState));
            }



            //Create and validate
            dtUser o = await biz.CreateAsync(inObj);

            if (o == null)
            {
                //error return
                return BadRequest(new ApiErrorResponse(biz.Errors));
            }
            else
            {

                //return success and link
                //NOTE: this is a USER object so we don't want to return some key fields for security reasons
                //which is why the object is "cleaned" before return
                return CreatedAtAction(nameof(UserController.GetUser), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));
            }
        }

        /// <summary>
        /// Duplicate User
        /// (Wiki and Attachments are not duplicated)
        /// </summary>
        /// <param name="id">Source object id</param>
        /// <param name="apiVersion">From route path</param>
        /// <returns>User</returns>
        [HttpPost("duplicate/{id}")]
        public async Task<IActionResult> DuplicateUser([FromRoute] long id, ApiVersion apiVersion)
        {
            if (!serverState.IsOpen)
                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
            UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
            if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
                return StatusCode(403, new ApiNotAuthorizedResponse());
            if (!ModelState.IsValid)
                return BadRequest(new ApiErrorResponse(ModelState));
            User o = await biz.DuplicateAsync(id);
            if (o == null)
                return BadRequest(new ApiErrorResponse(biz.Errors));
            else
                return CreatedAtAction(nameof(UserController.GetUser), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));
        }


        /// <summary>
        /// Delete User
        /// </summary>
        /// <param name="id"></param>
        /// <returns>NoContent</returns>
        [HttpDelete("{id}")]
        public async Task<IActionResult> DeleteUser([FromRoute] long id)
        {
            if (!serverState.IsOpen)
                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
            if (!ModelState.IsValid)
                return BadRequest(new ApiErrorResponse(ModelState));
            UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
            if (!Authorized.HasDeleteRole(HttpContext.Items, biz.BizType))
                return StatusCode(403, new ApiNotAuthorizedResponse());
            if (!await biz.DeleteAsync(id))
                return BadRequest(new ApiErrorResponse(biz.Errors));
            return NoContent();
        }


        /// <summary>
        /// Get list of Users
        /// (rights to User object required)
        /// </summary>     
        /// <returns>All "inside" Users (except Customer and HeadOffice type)</returns>
        [HttpGet("list")]
        public async Task<IActionResult> GetInsideUserList()
        {
            if (!serverState.IsOpen)
                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));

            if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.User))
                return StatusCode(403, new ApiNotAuthorizedResponse());


            var ret = await ct.User.Where(z => z.UserType != UserType.Customer && z.UserType != UserType.HeadOffice).Select(z => new dtUser
            {
                Id = z.Id,
                Active = z.Active,
                Name = z.Name,
                Roles = z.Roles,
                UserType = z.UserType,
                EmployeeNumber = z.EmployeeNumber,
                LastLogin = z.LastLogin

            }).ToListAsync();
            return Ok(ApiOkResponse.Response(ret));
        }



        /// <summary>
        /// Get list of Customer / Head office Users
        /// (Rights to Customer object required)
        /// </summary>     
        /// <returns>All "outside" Users (No staff or contractors)</returns>
        [HttpGet("outlist")]
        public async Task<IActionResult> GetOutsideUserList()
        {
            if (!serverState.IsOpen)
                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));

            if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.Customer))
                return StatusCode(403, new ApiNotAuthorizedResponse());

            var ret = await ct.User.Include(c => c.Customer).Include(h => h.HeadOffice).Include(o => o.UserOptions).Where(z => z.UserType == UserType.Customer || z.UserType == UserType.HeadOffice).Select(z => new
            {
                Id = z.Id,
                Active = z.Active,
                Name = z.Name,
                UserType = z.UserType,
                LastLogin = z.LastLogin,
                EmailAddress = z.UserOptions.EmailAddress,
                Phone1 = z.UserOptions.Phone1,
                Phone2 = z.UserOptions.Phone2,
                Phone3 = z.UserOptions.Phone3,
                Organization = z.HeadOffice.Name ?? z.Customer.Name

            }).ToListAsync();
            return Ok(ApiOkResponse.Response(ret));
        }

        /// <summary>
        /// Get list of Customer Contact Users
        /// (Rights to Customer object required)
        /// </summary>     
        /// <returns>Customer contact users</returns>
        [HttpGet("customer-contacts/{customerId}")]
        public async Task<IActionResult> GetCustomerContactList(long customerId)
        {
            if (!serverState.IsOpen)
                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));

            if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.Customer))
                return StatusCode(403, new ApiNotAuthorizedResponse());

            var ret = await ct.User.Include(o => o.UserOptions).Where(z => z.UserType == UserType.Customer && z.CustomerId == customerId).Select(z => new
            {
                Id = z.Id,
                Active = z.Active,
                Name = z.Name,
                UserType = z.UserType,
                LastLogin = z.LastLogin,
                EmailAddress = z.UserOptions.EmailAddress,
                Phone1 = z.UserOptions.Phone1,
                Phone2 = z.UserOptions.Phone2,
                Phone3 = z.UserOptions.Phone3

            }).ToListAsync();
            return Ok(ApiOkResponse.Response(ret));
        }

          /// <summary>
        /// Get list of HeadOffice Contact Users
        /// (Rights to HeadOffice object required)
        /// </summary>     
        /// <returns>HeadOffice contact users</returns>
        [HttpGet("head-office-contacts/{headofficeId}")]
        public async Task<IActionResult> GetHeadOfficeContactList(long headofficeId)
        {
            if (!serverState.IsOpen)
                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));

            if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.HeadOffice))
                return StatusCode(403, new ApiNotAuthorizedResponse());

            var ret = await ct.User.Include(o => o.UserOptions).Where(z => z.UserType == UserType.HeadOffice && z.HeadOfficeId == headofficeId).Select(z => new
            {
                Id = z.Id,
                Active = z.Active,
                Name = z.Name,
                UserType = z.UserType,
                LastLogin = z.LastLogin,
                EmailAddress = z.UserOptions.EmailAddress,
                Phone1 = z.UserOptions.Phone1,
                Phone2 = z.UserOptions.Phone2,
                Phone3 = z.UserOptions.Phone3

            }).ToListAsync();
            return Ok(ApiOkResponse.Response(ret));
        }



        /// <summary>
        /// Fetch user type (inside meaning staff or subcontractor or outside meaning customer or headoffice type user)
        /// 
        /// </summary>     
        /// <returns>All "inside" Users (except Customer and HeadOffice type)</returns>
        [HttpGet("inside-type/{id}")]
        public async Task<IActionResult> GetInsideStatus(long id)
        {
            //This method is used by the Client UI to determine the correct edit form to show
            if (serverState.IsClosed)
                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));

            if (!Authorized.HasSelectRole(HttpContext.Items, AyaType.User))
                return StatusCode(403, new ApiNotAuthorizedResponse());
            var u = await ct.User.FirstOrDefaultAsync(z => z.Id == id);
            if (u == null)
                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
            return Ok(ApiOkResponse.Response(u.UserType != UserType.Customer && u.UserType != UserType.HeadOffice));
        }

      

        //------------

    }//eoc
}//eons