// ***********************************************************************
// <copyright file="PermissionController.cs">
//     Heath
// </copyright>
// ***********************************************************************

using Asp.Versioning;
using Core.Cerberos.Adapters;
using Core.Cerberos.Adapters.Attributes;
using Core.Cerberos.Adapters.Common.Constants;
using Core.Cerberos.Adapters.Common.Enums;
using Core.Cerberos.Domain.Contexts.Onboarding.Request;
using Core.Cerberos.Provider.Contracts;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;

namespace LSA.Core.Kerberos.API.Controllers
{
    /// <summary>
    /// Handles all requests for permission authentication.
    /// </summary>
    [ApiVersion(MimeTypes.ApplicationVersion)]
    [Route("api/v{api-version:apiVersion}/[controller]")]
    [Produces(MimeTypes.ApplicationJson)]
    [Consumes(MimeTypes.ApplicationJson)]
    [ApiController]
    public class PermissionController(IPermissionService service, ILogger<PermissionController> logger) : ControllerBase
    {
        /// <summary>
        /// Gets all the permissions.
        /// </summary>
        /// <returns>The <see cref="IEnumerable{PermissionAdapter}"/> found entities.</returns>
        /// <response code="200">The roles found.</response>
        /// <response code="404">The roles not found error.</response>
        /// <response code="500">The service internal error.</response>
        [HttpGet]
        [Consumes(MimeTypes.ApplicationJson)]
        [Produces(MimeTypes.ApplicationJson)]
        [ProducesResponseType(typeof(IEnumerable<PermissionAdapter>), StatusCodes.Status200OK)]
        [Authorize(AuthenticationSchemes = Schemes.HeathScheme)]
        [Permission("PermissionManagement.Read, RoleManagement.Read")]
        public async Task<IActionResult> GetAllPermissionsAsync()
        {
            try
            {
                var result = await service.GetAllPermissionsService();

                return Ok(result);
            }
            catch (Exception ex)
            {
                logger.LogError(ex, "Error in GetAllPermissionsAsync");
                return StatusCode(500, $"Internal server error, ErrorMessage: {ex.Message}");
            }
        }

        /// <summary>
        /// Gets all the permissions by permission identifiers.
        /// </summary>
        /// <param name="permissions">The list of permission identifiers.</param>
        /// <returns>The <see cref="IEnumerable{PermissionAdapter}"/> found entities.</returns>
        /// <response code="200">The permissions found.</response>
        /// <response code="404">The permissions not found error.</response>
        /// <response code="500">The service internal error.</response>
        [HttpPost]
        [Route(Routes.GetPermissionList)]
        [Consumes(MimeTypes.ApplicationJson)]
        [Produces(MimeTypes.ApplicationJson)]
        [ProducesResponseType(typeof(IEnumerable<PermissionAdapter>), StatusCodes.Status200OK)]
        [Authorize(AuthenticationSchemes = Schemes.HeathScheme)]
        [Permission("PermissionManagement.Read")]
        public async Task<IActionResult> GetAllPermissionsByList([FromBody] string[] permissions)
        {
            if (permissions == null || !permissions.Any())
            {
                return BadRequest("Permission identifiers are required.");
            }

            try
            {
                var result = await service.GetAllPermissionsByListService(permissions);

                if (result == null || !result.Any())
                {
                    return NotFound("No permissions found for the given identifiers.");
                }

                return Ok(result);
            }
            catch (Exception ex)
            {
                logger.LogError(ex, "Error in GetAllPermissionsByList");
                return StatusCode(500, $"Internal server error, ErrorMessage: {ex.Message}");
            }
        }

        /// <summary>
        /// Gets the permission by identifier.
        /// </summary>
        /// <param name="id">The permission identifier.</param>
        /// <returns>The <see cref="PermissionAdapter"/> found entity.</returns>
        /// <response code="200">The permission found.</response>
        /// <response code="404">The permission not found error.</response>
        /// <response code="500">The service internal error.</response>
        [HttpGet]
        [Route(Routes.Id)]
        [Consumes(MimeTypes.ApplicationJson)]
        [Produces(MimeTypes.ApplicationJson)]
        [ProducesResponseType(typeof(PermissionAdapter), StatusCodes.Status200OK)]
        [Authorize(AuthenticationSchemes = Schemes.HeathScheme)]
        [Permission("PermissionManagement.Read")]
        public async Task<IActionResult> GetPermissionByIdAsync([FromRoute] string id)
        {
            try
            {
                var result = await service.GetPermissionByIdService(id);

                if (result is null) return NotFound($"permission with id: '{id}' not found");

                return Ok(result);
            }
            catch (Exception ex)
            {
                logger.LogError(ex, "Error in GetPermissionByIdAsync");
                return StatusCode(500, $"Internal server error, ErrorMessage: {ex.Message}");
            }
        }

        /// <summary>
        /// Creates a new permission.
        /// </summary>
        /// <param name="newPermission">The permission to be added.</param>
        /// <returns>The <see cref="PermissionAdapter"/> created entity.</returns>
        /// <response code="201">The permission created.</response>
        /// <response code="422">The permission could not be created.</response>
        /// <response code="500">The service internal e|ror.</response>
        [HttpPost]
        [ProducesResponseType(typeof(PermissionAdapter), StatusCodes.Status201Created)]
        [Authorize(AuthenticationSchemes = Schemes.HeathScheme)]
        [Permission("PermissionManagement.Write")]
        public async Task<IActionResult> CreatePermissionAsync([FromBody] PermissionRequest newPermission)
        {
            try
            {
                var result = await service.CreatePermissionService(newPermission).ConfigureAwait(false);
                return Created("CreatedWithIdService", result);
            }
            catch (Exception ex)
            {
                logger.LogError(ex, "Error in CreatePermissionAsync");
                return StatusCode(500, $"Internal server error, ErrorMessage: {ex.Message}");
            }
        }

        /// <summary>
        /// Updates a full permission by identifier.
        /// </summary>
        /// <param name="entity">The permission to update.</param>
        /// <param name="id">The permission identifier.</param>
        /// <returns>The <see cref="PermissionAdapter"/> updated entity.</returns>
        /// <response code="200">The permission updated.</response>
        /// <response code="404">The permission not found.</response>
        /// <response code="422">The permission could not be updated.</response>
        /// <response code="500">The service internal error.</response>
        [HttpPut]
        [Route(Routes.Id)]
        [Consumes(MimeTypes.ApplicationJson)]
        [Produces(MimeTypes.ApplicationJson)]
        [ProducesResponseType(typeof(PermissionAdapter), StatusCodes.Status200OK)]
        [Authorize(AuthenticationSchemes = Schemes.HeathScheme)]
        [Permission("PermissionManagement.Write")]
        public async Task<IActionResult> UpdatePermissionAsync(PermissionAdapter entity, string id)
        {
            try
            {
                var result = await service.UpdatePermissionService(entity, id);

                return Ok(result);
            }
            catch (Exception ex)
            {
                logger.LogError(ex, "Error in UpdatePermissionAsync");
                return StatusCode(500, $"Internal server error, ErrorMessage: {ex.Message}");
            }
        }

        /// <summary>
        /// Changes the status of the permission.
        /// </summary>
        /// <param name="id">The permission identifier.</param>
        /// <param name="newStatus">The new status of the permission.</param>
        /// <returns>The <see cref="PermissionAdapter"/> updated entity.</returns>
        /// <response code="200">The permission updates.</response>
        /// <response code="404">The permission not found.</response>
        /// <response code="422">The permission could not be deleted.</response>
        /// <response code="500">The service internal error.</response>
        [HttpPatch]
        [Route(Routes.ChangeStatus)]
        [Consumes(MimeTypes.ApplicationJson)]
        [Produces(MimeTypes.ApplicationJson)]
        [ProducesResponseType(typeof(PermissionAdapter), StatusCodes.Status200OK)]
        [Authorize(AuthenticationSchemes = Schemes.HeathScheme)]
        [Permission("PermissionManagement.Write")]
        public async Task<IActionResult> ChangePermissionStatus([FromRoute] string id, [FromRoute] StatusEnum newStatus)
        {
            try
            {
                var result = await service.ChangePermissionStatusService(id, newStatus);

                return Ok(result);
            }
            catch (Exception ex)
            {
                logger.LogError(ex, "Error in ChangePermissionStatus");
                return StatusCode(500, $"Internal server error, ErrorMessage: {ex.Message}");
            }
        }
    }
}