using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Routing;
using Microsoft.AspNetCore.Authorization;

using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Logging;

using AyaNova.Models;
using AyaNova.Api.ControllerHelpers;
using AyaNova.Biz;


namespace AyaNova.Api.Controllers
{

    /// <summary>
    /// User
    /// </summary>
    [ApiController]
    [ApiVersion("8.0")]
    [Route("api/v{version:apiVersion}/user")]
    [Produces("application/json")]
    [Authorize]
    public class UserController : ControllerBase
    {
        private readonly AyContext ct;
        private readonly ILogger<UserController> log;
        private readonly ApiServerState serverState;


        /// <summary>
        /// ctor
        /// </summary>
        /// <param name="dbcontext"></param>
        /// <param name="logger"></param>
        /// <param name="apiServerState"></param>  
        public UserController(AyContext dbcontext, ILogger<UserController> logger, ApiServerState apiServerState)
        {
            ct = dbcontext;
            log = logger;
            serverState = apiServerState;
        }




        /// <summary>
        /// Get User
        /// </summary>
        /// <param name="id"></param>
        /// <returns>A single User</returns>
        [HttpGet("{id}")]
        public async Task<IActionResult> GetUser([FromRoute] long id)
        {
            if (!serverState.IsOpen)
                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));

            //Instantiate the business object handler
            UserBiz biz = UserBiz.GetBiz(ct, HttpContext);

            if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
            {
                return StatusCode(403, new ApiNotAuthorizedResponse());
            }

            if (!ModelState.IsValid)
            {
                return BadRequest(new ApiErrorResponse(ModelState));
            }



            var o = await biz.GetAsync(id);
            if (o == null)
            {
                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
            }

            return Ok(ApiOkResponse.Response(o));
        }


        /// <summary>
        /// Put (update) User
        /// (Login and / or Password are not changed if set to null / omitted)
        /// </summary>        
        /// <param name="updatedObject"></param>
        /// <returns></returns>
        [HttpPut]
        public async Task<IActionResult> PutUser([FromBody] User updatedObject)
        {
            if (!serverState.IsOpen)
                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
            if (!ModelState.IsValid)
                return BadRequest(new ApiErrorResponse(ModelState));
            UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
            if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
                return StatusCode(403, new ApiNotAuthorizedResponse());
            var o = await biz.PutAsync(updatedObject);//In future may need to return entire object, for now just concurrency token 
            if (o == null)
            {
                if (biz.Errors.Exists(z => z.Code == ApiErrorCode.CONCURRENCY_CONFLICT))
                    return StatusCode(409, new ApiErrorResponse(biz.Errors));
                else
                    return BadRequest(new ApiErrorResponse(biz.Errors));
            }
            return Ok(ApiOkResponse.Response(new { Concurrency = o.Concurrency })); ;
        }


        // /// <summary>
        // /// Put (update) User
        // /// (Login and / or Password are not changed if set to null / omitted)
        // /// </summary>
        // /// <param name="id"></param>
        // /// <param name="inObj"></param>
        // /// <returns></returns>
        // [HttpPut("{id}")]
        // public async Task<IActionResult> PutUser([FromRoute] long id, [FromBody] User inObj)
        // {
        //     if (!serverState.IsOpen)
        //         return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));

        //     if (!ModelState.IsValid)
        //     {
        //         return BadRequest(new ApiErrorResponse(ModelState));
        //     }

        //     var o = await ct.User.SingleOrDefaultAsync(z => z.Id == id);

        //     if (o == null)
        //     {
        //         return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
        //     }

        //     //Instantiate the business object handler       
        //     UserBiz biz = UserBiz.GetBiz(ct, HttpContext);

        //     if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
        //     {
        //         return StatusCode(403, new ApiNotAuthorizedResponse());
        //     }



        //     try
        //     {
        //         if (!await biz.PutAsync(o, inObj))
        //             return BadRequest(new ApiErrorResponse(biz.Errors));
        //     }
        //     catch (DbUpdateConcurrencyException)
        //     {
        //         if (!UserExists(id))
        //         {
        //             return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
        //         }
        //         else
        //         {
        //             //exists but was changed by another user
        //             //I considered returning new and old record, but where would it end?
        //             //Better to let the client decide what to do than to send extra data that is not required
        //             return StatusCode(409, new ApiErrorResponse(ApiErrorCode.CONCURRENCY_CONFLICT));
        //         }
        //     }
        //     return Ok(ApiOkResponse.Response(new { Concurrency = o.Concurrency }));
        // }



        /// <summary>
        /// Create User
        /// </summary>
        /// <param name="inObj"></param>
        /// <param name="apiVersion">From route path</param>
        /// <returns></returns>
        [HttpPost]
        public async Task<IActionResult> PostUser([FromBody] User inObj, ApiVersion apiVersion)
        {
            if (!serverState.IsOpen)
                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));

            //Instantiate the business object handler
            UserBiz biz = UserBiz.GetBiz(ct, HttpContext);

            //If a user has change roles
            if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
            {
                return StatusCode(403, new ApiNotAuthorizedResponse());
            }

            if (!ModelState.IsValid)
            {
                return BadRequest(new ApiErrorResponse(ModelState));
            }



            //Create and validate
            dtUser o = await biz.CreateAsync(inObj);

            if (o == null)
            {
                //error return
                return BadRequest(new ApiErrorResponse(biz.Errors));
            }
            else
            {

                //return success and link
                //NOTE: this is a USER object so we don't want to return some key fields for security reasons
                //which is why the object is "cleaned" before return
                return CreatedAtAction(nameof(UserController.GetUser), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));
            }
        }

       /// <summary>
        /// Duplicate User
        /// (Wiki and Attachments are not duplicated)
        /// </summary>
        /// <param name="id">Source object id</param>
        /// <param name="apiVersion">From route path</param>
        /// <returns>User</returns>
        [HttpPost("duplicate/{id}")]
        public async Task<IActionResult> DuplicateUser([FromRoute] long id, ApiVersion apiVersion)
        {
            if (!serverState.IsOpen)
                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
            UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
            if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
                return StatusCode(403, new ApiNotAuthorizedResponse());
            if (!ModelState.IsValid)
                return BadRequest(new ApiErrorResponse(ModelState));
            User o = await biz.DuplicateAsync(id);
            if (o == null)
                return BadRequest(new ApiErrorResponse(biz.Errors));
            else
                return CreatedAtAction(nameof(UserController.GetUser), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));
        }


        /// <summary>
        /// Delete User
        /// </summary>
        /// <param name="id"></param>
        /// <returns>Ok</returns>
        [HttpDelete("{id}")]
        public async Task<IActionResult> DeleteUser([FromRoute] long id)
        {
            if (!serverState.IsOpen)
                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));

            if (!ModelState.IsValid)
            {
                return BadRequest(new ApiErrorResponse(ModelState));
            }

            //Instantiate the business object handler
            UserBiz biz = UserBiz.GetBiz(ct, HttpContext);

            var dbObj = await ct.User.SingleOrDefaultAsync(z => z.Id == id);
            if (dbObj == null)
            {
                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
            }

            if (!Authorized.HasDeleteRole(HttpContext.Items, biz.BizType))
            {
                return StatusCode(403, new ApiNotAuthorizedResponse());
            }


            if (!await biz.DeleteAsync(dbObj))
            {
                return BadRequest(new ApiErrorResponse(biz.Errors));
            }

            return NoContent();
        }


        private bool UserExists(long id)
        {
            return ct.User.Any(z => z.Id == id);
        }


        //------------

    }//eoc
}//eons