namespace GrossesMitainesAPI.Controllers;

#region Dependencies
using GrossesMitainesAPI.Data;
using GrossesMitainesAPI.Models;
using GrossesMitainesAPI.Services;
using Microsoft.AspNet.Identity;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Cors;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;

#endregion

[EnableCors("_myAllowSpecificOrigins"), ApiController, Route("api/[controller]"),
 Authorize(AuthenticationSchemes = "Identity.Application", Roles ="Client, Administrateur")]
public class AddressController : Controller {
    #region DI Fields
    private readonly ILogger<AddressController> _logger;
    private readonly InventoryContext _context;
    private readonly SignInManager<InventoryUser> _signInMan;
    private readonly Microsoft.AspNetCore.Identity.UserManager<InventoryUser> _userMan;

    #endregion

    #region Ctor
    public AddressController(ILogger<AddressController> logger,
                             InventoryContext context,
                             SignInManager<InventoryUser> signInMan,
                             Microsoft.AspNetCore.Identity.UserManager<InventoryUser> userMan) {
        _logger = logger;
        _context = context;
        _userMan = userMan;
        _signInMan = signInMan;
    }

    #endregion

    #region API Methods
    [EnableCors("_myAllowSpecificOrigins"), HttpGet]
    public async Task<ActionResult<List<AddressModel>>> GetList(bool? all) {
        IList<string> roles;
        InventoryUser user;
        string id;

        try {
            user = await _userMan.GetUserAsync(_signInMan.Context.User);
        } catch (Exception e) {
            _logger.LogError(10, e.Message);
            return BadRequest();
        }

        try { // Trouver les rôles de l'utilisateur, assumer non-admin si impossible à trouver.
            roles = await _userMan.GetRolesAsync(user);
        } catch (Exception e) {
            _logger.LogError(10, e.Message);
            roles = new List<string>();
        }

        try {
            id = _signInMan.Context.User.Identity.GetUserId();
            if (all is not null && all == true && roles.Contains("Administrateur"))
                return Ok(_context.Addresses.ToList());
            else return Ok(_context.Users.Where(x=>x.Id == id).Include("Adresses").First().Adresses);
        } catch (Exception e) {
            _logger.LogError(10, e.Message);
            return BadRequest();
        }
    }

    [EnableCors("_myAllowSpecificOrigins"), HttpGet("{id}")]
    public async Task<ActionResult<AddressModel>> Get(int id) {
        IList<string> roles;
        string userId;
        AddressModel ad;
        InventoryUser user;

        try {
            user = await _userMan.GetUserAsync(_signInMan.Context.User);
        } catch (Exception e) {
            _logger.LogError(10, e.Message);
            return BadRequest();
        }

        try {
            roles = await _userMan.GetRolesAsync(user);
        } catch (Exception e) {
            _logger.LogError(10, e.Message);
            roles = new List<string>();
        }

        try {
            ad = _context.Addresses.First(a => a.Id == id);
        } catch (Exception e) {
            _logger.LogError(10, e.Message);
            return BadRequest();
        }

        if (roles.Contains("Administrateur") ||
           (user.Adresses.Contains(ad)))
            return ad;
        else return Unauthorized();
    }

    [EnableCors("_myAllowSpecificOrigins"), HttpPost]
    public async Task<ActionResult<AddressModel>> Post([FromForm] AddressModel ad) {
        string id;

        try {
            var user = await _userMan.GetUserAsync(_signInMan.Context.User);
            id = _signInMan.Context.User.Identity.GetUserId();
            _context.Users.Where(x => x.Id == id).Include("Adresses").First().Adresses.Add(ad);
            _context.SaveChanges();
        } catch (Exception e) {
            _logger.LogError(10, e.Message);
            return BadRequest();
        }

        return ad;
    }

    [EnableCors("_myAllowSpecificOrigins"), HttpPatch]
    public async Task<ActionResult<AddressModel>> Patch(AddressModel ad) {
        IList<string> roles;
        InventoryUser user;

        try {
            user = await _userMan.GetUserAsync(_signInMan.Context.User);
        } catch (Exception e) {
            _logger.LogError(10, e.Message);
            return BadRequest();
        }

        try {
            roles = await _userMan.GetRolesAsync(user);
        } catch (Exception e) {
            _logger.LogError(10, e.Message);
            roles = new List<string>();
        }

        if (roles.Contains("Administrateur") ||
            user.Adresses.Contains(ad))
            try {
                _context.Addresses.Update(ad);
                _context.SaveChanges();
            } catch (Exception e) {
                _logger.LogError(10, e.Message);
                return BadRequest();
            }
        else return Unauthorized();
        return ad;
    }

    [EnableCors("_myAllowSpecificOrigins"), HttpDelete]
    public async Task<ActionResult<int>> Delete(int id) {
        IList<string> roles;
        AddressModel ad;
        InventoryUser user;
        int adId = 0;

        try {
            user = await _userMan.GetUserAsync(_signInMan.Context.User);
        } catch (Exception e) {
            _logger.LogError(10, e.Message);
            return BadRequest();
        }

        try {
            roles = await _userMan.GetRolesAsync(user);
        } catch (Exception e) {
            _logger.LogError(10, e.Message);
            roles = new List<string>();
        }

        try {
            ad = _context.Addresses.First(a => a.Id == id);
        } catch (Exception e) {
            _logger.LogError(10, e.Message);
            return BadRequest();
        }

        adId = ad.Id;
        if (roles.Contains("Administrateur") ||
            user.Adresses.Contains(ad))
            try {
                user.Adresses.Remove(ad);
                _context.SaveChanges();
            } catch (Exception e) {
                _logger.LogError(10, e.Message);
                return BadRequest();
            }
        else return Unauthorized();
        return adId;
    }

    #endregion
}