using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using LingAdmin.AuthorizationService.Services;
using LingAdmin.Shared.DTOs;
using System.Security.Claims;

namespace LingAdmin.AuthorizationService.Controllers;

/// <summary>
/// 授权控制器 - 处理权限验证和查询
/// </summary>
[ApiController]
[Route("api/[controller]")]
public class AuthorizationController : ControllerBase
{
    private readonly IRoleService _roleService;
    private readonly IPermissionService _permissionService;
    private readonly ILogger<AuthorizationController> _logger;

    public AuthorizationController(
        IRoleService roleService,
        IPermissionService permissionService,
        ILogger<AuthorizationController> logger)
    {
        _roleService = roleService;
        _permissionService = permissionService;
        _logger = logger;
    }

    /// <summary>
    /// 获取用户的角色和权限（用于服务间调用）
    /// </summary>
    [HttpGet("users/{userId}/permissions")]
    public async Task<ActionResult<ApiResponse<UserPermissionsDto>>> GetUserPermissions(int userId)
    {
        var result = await _permissionService.GetUserRolesAndPermissionsAsync(userId);
        return Ok(ApiResponse<UserPermissionsDto>.Ok(result));
    }

    /// <summary>
    /// 获取用户的角色列表
    /// </summary>
    [HttpGet("users/{userId}/roles")]
    public async Task<ActionResult<ApiResponse<IEnumerable<RoleDto>>>> GetUserRoles(int userId)
    {
        var roles = await _roleService.GetUserRoleDetailsAsync(userId);
        return Ok(ApiResponse<IEnumerable<RoleDto>>.Ok(roles));
    }

    /// <summary>
    /// 检查用户是否有指定权限
    /// </summary>
    [HttpGet("users/{userId}/check")]
    public async Task<ActionResult<object>> CheckPermission(int userId, [FromQuery] string permission)
    {
        var hasPermission = await _permissionService.HasPermissionAsync(userId, permission);
        return Ok(new { HasPermission = hasPermission });
    }

    /// <summary>
    /// 获取当前用户的权限
    /// </summary>
    [Authorize]
    [HttpGet("me/permissions")]
    public async Task<ActionResult<UserPermissionsDto>> GetMyPermissions()
    {
        var userId = GetCurrentUserId();
        if (userId == null)
        {
            return Unauthorized();
        }

        var result = await _permissionService.GetUserRolesAndPermissionsAsync(userId.Value);
        return Ok(result);
    }

    /// <summary>
    /// 获取所有权限列表
    /// </summary>
    [Authorize(Roles = "Admin,SuperAdmin")]
    [HttpGet("permissions")]
    public async Task<ActionResult<ApiResponse<IEnumerable<PermissionDto>>>> GetAllPermissions()
    {
        var permissions = await _permissionService.GetAllPermissionsAsync();
        return Ok(ApiResponse<IEnumerable<PermissionDto>>.Ok(permissions));
    }

    /// <summary>
    /// 按资源获取权限
    /// </summary>
    [Authorize(Roles = "Admin,SuperAdmin")]
    [HttpGet("permissions/resource/{resource}")]
    public async Task<ActionResult<ApiResponse<IEnumerable<PermissionDto>>>> GetPermissionsByResource(string resource)
    {
        var permissions = await _permissionService.GetPermissionsByResourceAsync(resource);
        return Ok(ApiResponse<IEnumerable<PermissionDto>>.Ok(permissions));
    }

    private int? GetCurrentUserId()
    {
        var userIdClaim = User.FindFirst(ClaimTypes.NameIdentifier)?.Value;
        if (int.TryParse(userIdClaim, out var userId))
        {
            return userId;
        }
        return null;
    }
}