using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Routing;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.JsonPatch;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Logging;

using AyaNova.Models;
using AyaNova.Api.ControllerHelpers;
using AyaNova.Biz;


namespace AyaNova.Api.Controllers
{

    /// <summary>
    /// User
    /// </summary>
    [ApiController]
    [ApiVersion("8.0")]
    [Route("api/v{version:apiVersion}/[controller]")]
    [Produces("application/json")]
    [Authorize]
    public class UserController : ControllerBase
    {
        private readonly AyContext ct;
        private readonly ILogger<UserController> log;
        private readonly ApiServerState serverState;


        /// <summary>
        /// ctor
        /// </summary>
        /// <param name="dbcontext"></param>
        /// <param name="logger"></param>
        /// <param name="apiServerState"></param>  
        public UserController(AyContext dbcontext, ILogger<UserController> logger, ApiServerState apiServerState)
        {
            ct = dbcontext;
            log = logger;
            serverState = apiServerState;
        }




        /// <summary>
        /// Get User
        /// </summary>
        /// <param name="id"></param>
        /// <returns>A single User</returns>
        [HttpGet("{id}")]
        public async Task<IActionResult> GetUser([FromRoute] long id)
        {
            if (serverState.IsClosed)
            {
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }

            //Instantiate the business object handler
            UserBiz biz = UserBiz.GetBiz(ct, HttpContext);

            if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
            {
                return StatusCode(403, new ApiNotAuthorizedResponse());
            }

            if (!ModelState.IsValid)
            {
                return BadRequest(new ApiErrorResponse(ModelState));
            }



            var o = await biz.GetAsync(id);
            if (o == null)
            {
                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
            }

            return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
        }



        /// <summary>
        /// Put (update) User
        /// </summary>
        /// <param name="id"></param>
        /// <param name="inObj"></param>
        /// <returns></returns>
        [HttpPut("{id}")]
        public async Task<IActionResult> PutUser([FromRoute] long id, [FromBody] User inObj)
        {
            if (!serverState.IsOpen)
            {
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }

            if (!ModelState.IsValid)
            {
                return BadRequest(new ApiErrorResponse(ModelState));
            }

            var o = await ct.User.SingleOrDefaultAsync(m => m.Id == id);

            if (o == null)
            {
                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
            }

            //Instantiate the business object handler       
            UserBiz biz = UserBiz.GetBiz(ct, HttpContext);

            if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
            {
                return StatusCode(403, new ApiNotAuthorizedResponse());
            }



            try
            {
                if (!await biz.PutAsync(o, inObj))
                    return BadRequest(new ApiErrorResponse(biz.Errors));
            }
            catch (DbUpdateConcurrencyException)
            {
                if (!UserExists(id))
                {
                    return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
                }
                else
                {
                    //exists but was changed by another user
                    //I considered returning new and old record, but where would it end?
                    //Better to let the client decide what to do than to send extra data that is not required
                    return StatusCode(409, new ApiErrorResponse(ApiErrorCode.CONCURRENCY_CONFLICT));
                }
            }
            return Ok(ApiOkResponse.Response(new { ConcurrencyToken = o.ConcurrencyToken }, true));
        }



        /// <summary>
        /// Patch (update) User
        /// </summary>
        /// <param name="id"></param>
        /// <param name="concurrencyToken"></param>
        /// <param name="objectPatch"></param>
        /// <returns></returns>
        [HttpPatch("{id}/{concurrencyToken}")]
        public async Task<IActionResult> PatchUser([FromRoute] long id, [FromRoute] uint concurrencyToken, [FromBody]JsonPatchDocument<User> objectPatch)
        {
            if (!serverState.IsOpen)
            {
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }

            if (!ModelState.IsValid)
            {
                return BadRequest(new ApiErrorResponse(ModelState));
            }

            //Instantiate the business object handler
            UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
            var o = await ct.User.SingleOrDefaultAsync(m => m.Id == id);

            if (o == null)
            {
                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
            }

            if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
            {
                return StatusCode(403, new ApiNotAuthorizedResponse());
            }

            try
            {
                //patch and validate
                if (!await biz.PatchAsync(o, objectPatch, concurrencyToken))
                {
                    return BadRequest(new ApiErrorResponse(biz.Errors));
                }
            }
            catch (DbUpdateConcurrencyException)
            {
                if (!UserExists(id))
                {
                    return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
                }
                else
                {
                    return StatusCode(409, new ApiErrorResponse(ApiErrorCode.CONCURRENCY_CONFLICT));
                }
            }

            return Ok(ApiOkResponse.Response(new { ConcurrencyToken = o.ConcurrencyToken }, true));
        }


        /// <summary>
        /// Post User
        /// </summary>
        /// <param name="inObj"></param>
        /// <param name="apiVersion">Automatically filled from route path, no need to specify in body</param>
        /// <returns></returns>
        [HttpPost]
        public async Task<IActionResult> PostUser([FromBody] User inObj, ApiVersion apiVersion)
        {
            if (!serverState.IsOpen)
            {
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }

            //Instantiate the business object handler
            UserBiz biz = UserBiz.GetBiz(ct, HttpContext);

            //If a user has change roles
            if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
            {
                return StatusCode(403, new ApiNotAuthorizedResponse());
            }

            if (!ModelState.IsValid)
            {
                return BadRequest(new ApiErrorResponse(ModelState));
            }



            //Create and validate
            User o = await biz.CreateAsync(inObj);

            if (o == null)
            {
                //error return
                return BadRequest(new ApiErrorResponse(biz.Errors));
            }
            else
            {

                //return success and link
                //NOTE: this is a USER object so we don't want to return some key fields for security reasons
                //which is why the object is "cleaned" before return
                return CreatedAtAction(nameof(UserController.GetUser), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(UserBiz.CleanUserForReturn(o)));
            }
        }




        /// <summary>
        /// Delete User
        /// </summary>
        /// <param name="id"></param>
        /// <returns>Ok</returns>
        [HttpDelete("{id}")]
        public async Task<IActionResult> DeleteUser([FromRoute] long id)
        {
            if (!serverState.IsOpen)
            {
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }

            if (!ModelState.IsValid)
            {
                return BadRequest(new ApiErrorResponse(ModelState));
            }

            //Instantiate the business object handler
            UserBiz biz = UserBiz.GetBiz(ct, HttpContext);

            var dbObj = await ct.User.SingleOrDefaultAsync(m => m.Id == id);
            if (dbObj == null)
            {
                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
            }

            if (!Authorized.HasDeleteRole(HttpContext.Items, biz.BizType))
            {
                return StatusCode(403, new ApiNotAuthorizedResponse());
            }


            if (!await biz.DeleteAsync(dbObj))
            {
                return BadRequest(new ApiErrorResponse(biz.Errors));
            }

            return NoContent();
        }


        private bool UserExists(long id)
        {
            return ct.User.Any(e => e.Id == id);
        }


        //------------

    }//eoc
}//eons