package repository

import (
	"context"

	"eslogad-be/internal/entities"

	"github.com/google/uuid"
	"gorm.io/gorm"
)

type RBACRepository struct {
	db *gorm.DB
}

func NewRBACRepository(db *gorm.DB) *RBACRepository { return &RBACRepository{db: db} }

// Permissions
func (r *RBACRepository) CreatePermission(ctx context.Context, p *entities.Permission) error {
	return r.db.WithContext(ctx).Create(p).Error
}
func (r *RBACRepository) UpdatePermission(ctx context.Context, p *entities.Permission) error {
	return r.db.WithContext(ctx).Model(&entities.Permission{}).Where("id = ?", p.ID).Updates(p).Error
}
func (r *RBACRepository) DeletePermission(ctx context.Context, id uuid.UUID) error {
	return r.db.WithContext(ctx).Delete(&entities.Permission{}, "id = ?", id).Error
}
func (r *RBACRepository) ListPermissions(ctx context.Context) ([]entities.Permission, error) {
	var perms []entities.Permission
	if err := r.db.WithContext(ctx).Order("code ASC").Find(&perms).Error; err != nil {
		return nil, err
	}
	return perms, nil
}
func (r *RBACRepository) GetPermissionByCode(ctx context.Context, code string) (*entities.Permission, error) {
	var p entities.Permission
	if err := r.db.WithContext(ctx).First(&p, "code = ?", code).Error; err != nil {
		return nil, err
	}
	return &p, nil
}

// Roles
func (r *RBACRepository) CreateRole(ctx context.Context, role *entities.Role) error {
	return r.db.WithContext(ctx).Create(role).Error
}
func (r *RBACRepository) UpdateRole(ctx context.Context, role *entities.Role) error {
	return r.db.WithContext(ctx).Model(&entities.Role{}).Where("id = ?", role.ID).Updates(role).Error
}
func (r *RBACRepository) DeleteRole(ctx context.Context, id uuid.UUID) error {
	return r.db.WithContext(ctx).Delete(&entities.Role{}, "id = ?", id).Error
}
func (r *RBACRepository) ListRoles(ctx context.Context) ([]entities.Role, error) {
	var roles []entities.Role
	if err := r.db.WithContext(ctx).Order("name ASC").Find(&roles).Error; err != nil {
		return nil, err
	}
	return roles, nil
}
func (r *RBACRepository) GetRoleByCode(ctx context.Context, code string) (*entities.Role, error) {
	var role entities.Role
	if err := r.db.WithContext(ctx).First(&role, "code = ?", code).Error; err != nil {
		return nil, err
	}
	return &role, nil
}

func (r *RBACRepository) SetRolePermissionsByCodes(ctx context.Context, roleID uuid.UUID, permCodes []string) error {
	if err := r.db.WithContext(ctx).Where("role_id = ?", roleID).Delete(&entities.RolePermission{}).Error; err != nil {
		return err
	}
	if len(permCodes) == 0 {
		return nil
	}
	var perms []entities.Permission
	if err := r.db.WithContext(ctx).Where("code IN ?", permCodes).Find(&perms).Error; err != nil {
		return err
	}
	pairs := make([]entities.RolePermission, 0, len(perms))
	for _, p := range perms {
		pairs = append(pairs, entities.RolePermission{RoleID: roleID, PermissionID: p.ID})
	}
	return r.db.WithContext(ctx).Create(&pairs).Error
}

func (r *RBACRepository) GetPermissionsByRoleID(ctx context.Context, roleID uuid.UUID) ([]entities.Permission, error) {
	var perms []entities.Permission
	if err := r.db.WithContext(ctx).
		Table("permissions p").
		Select("p.*").
		Joins("JOIN role_permissions rp ON rp.permission_id = p.id").
		Where("rp.role_id = ?", roleID).
		Find(&perms).Error; err != nil {
		return nil, err
	}
	return perms, nil
}