using Abp.Application.Services.Dto;
using Abp.Auditing;
using Abp.Authorization;
using Abp.Domain.Repositories;
using Abp.Extensions;
using Abp.Linq.Extensions;
using Abp.MultiTenancy;
using Abp.Runtime.Caching;

using Microsoft.EntityFrameworkCore;

using System.Security.Cryptography;

using VberZero.AppService.Base;
using VberZero.AppService.Base.Dto;
using VberZero.AppService.Roles.Dto;
using VberZero.Auditing;
using VberZero.Authorization.Roles;
using VberZero.Authorization.Users;
using VberZero.BaseSystem;
using VberZero.BaseSystem.Roles;
using VberZero.BaseSystem.Users;
using VberZero.Session;
using VberZero.Tools.StringModel;

namespace VberZero.AppService.Roles;

[AbpAuthorize, AuditLog("角色管理", "角色")]
public class RoleAppServiceBase : VzCrudAppServiceBase<Role, RoleDto, int, VzPagedRequestDto, CreateRoleDto, UpdateRoleDto>, IRoleAppServiceBase
{
    private readonly VzRoleManager _roleManager;
    private readonly VzUserManager _userManager;
    private readonly IRepository<SysFunction, int?> _funRepository;

    public RoleAppServiceBase(IRepository<Role> repository, VzRoleManager roleManager, VzUserManager userManager, IRepository<SysFunction, int?> funRepository)
        : base(repository)
    {
        _roleManager = roleManager;
        _userManager = userManager;
        _funRepository = funRepository;
    }

    #region CURD

    public override async Task Create(CreateRoleDto input)
    {
        CheckCreatePermission();
        input.Name = string.IsNullOrEmpty(input.Name) ? $"{AbpSession.TenantId ?? 0}{DateTime.Now:yyMMdd}{RandomNumberGenerator.GetInt32(100000, 999999)}" : input.Name;
        var role = MapToEntity(input);
        role.SetNormalizedName();

        CheckErrors(await _roleManager.CreateAsync(role));

        if (input.PermissionNames is { Count: > 0 })
        {
            var grantedPermissions = PermissionManager
                .GetAllPermissions()
                .Where(p => input.PermissionNames.Contains(p.Name))
                .ToList();
            await _roleManager.SetGrantedPermissionsAsync(role, grantedPermissions);
        }
    }

    [DisableAuditing]
    public async Task<ListResultDto<RoleListDto>> GetRolesAsync(GetRolesInput input)
    {
        var roles = await _roleManager
            .Roles
            .WhereIf(
                !input.Permission.IsNullOrWhiteSpace(),
                r => r.Permissions.Any(rp => rp.Name == input.Permission && rp.IsGranted)
            )
            .ToListAsync();

        return new ListResultDto<RoleListDto>(ObjectMapper.Map<List<RoleListDto>>(roles));
    }

    public override async Task Update(UpdateRoleDto input)

    {
        CheckUpdatePermission();

        var role = await _roleManager.GetRoleByIdAsync(input.Id);
        if (role.IsStatic && AbpSession.GetUserName() != User.AdminUserName)
        {
            CheckErrors("系统内置角色不能修改！");
        }
        ObjectMapper.Map(input, role);

        CheckErrors(await _roleManager.UpdateAsync(role));

        if (input.PermissionNames is { Count: > 0 })
        {
            var grantedPermissions = PermissionManager
                .GetAllPermissions()
                .Where(p => input.PermissionNames.Contains(p.Name))
                .ToList();
            await _roleManager.SetGrantedPermissionsAsync(role, grantedPermissions);
        }
    }

    public override async Task Delete(VzEntityDto<int> input)
    {
        CheckDeletePermission();

        var role = await _roleManager.FindByIdAsync(input.Id.ToString());
        var users = await _userManager.GetUsersInRoleAsync(role.NormalizedName);

        foreach (var user in users)
        {
            CheckErrors(await _userManager.RemoveFromRoleAsync(user, role.NormalizedName));
        }

        CheckErrors(await _roleManager.DeleteAsync(role));
    }

    [DisableAuditing]
    public override async Task<PagedResultDto<RoleDto>> GetAll(VzPagedRequestDto input)
    {
        var query = CreateFilteredQuery(input);
#pragma warning disable CS0162
        if (AbpSession.GetUserName() != User.AdminUserName && AbpSession.GetUserName() != User.SystemUserName && !(VzConsts.MultiTenancyEnabled && AbpSession.MultiTenancySide.HasFlag(MultiTenancySides.Host)))
#pragma warning restore CS0162
            query = query.Where(a => a.Name != User.AdminUserName && a.Name != User.SystemUserName &&
                                     (a.UserType > AbpSession.GetUserType()) &&
                                     (AbpSession.GetAccountType() == VzDefinition.AccountType.System || a.AccountType == AbpSession.GetAccountType()));
        var totalCount = await AsyncQueryableExecuter.CountAsync(query);
        query = ApplySorting(query, input);
        query = ApplyPaging(query, input);
        var entities = await AsyncQueryableExecuter.ToListAsync(query);
        return new PagedResultDto<RoleDto>(totalCount, entities.Select(MapToEntityDto).ToList());
    }

    protected override IQueryable<T> SelfSorting<T>(IQueryable<T> query, VzPagedRequestDto input)
    {
        if (query is IQueryable<Role> queryable)
            return (IQueryable<T>)queryable.OrderBy(r => r.DisplayName);
        return query;
    }

    protected override IQueryable<T> KeyWordFilter<T>(IQueryable<T> query, string keyword)
    {
        if (query is IQueryable<Role> queryable)
            return (IQueryable<T>)queryable.WhereIf(keyword.NotEmpty(), a =>
                a.Name.Contains(keyword) || a.DisplayName.Contains(keyword));
        return query;
    }

    #endregion CURD

    [DisableAuditing]
    public async Task<GetRoleForEditOutput> GetRoleForEdit(EntityDto input)
    {
        var permissions = PermissionManager.GetAllPermissions();
        var role = await _roleManager.GetRoleByIdAsync(input.Id);
        var grantedPermissions = (await _roleManager.GetGrantedPermissionsAsync(role)).ToArray();
        var roleEditDto = ObjectMapper.Map<RoleEditDto>(role);

        return new GetRoleForEditOutput
        {
            Role = roleEditDto,
            Permissions = ObjectMapper.Map<List<FlatPermissionDto>>(permissions).OrderBy(p => p.DisplayName).ToList(),
            GrantedPermissionNames = grantedPermissions.Select(p => p.Name).ToList()
        };
    }

    #region Permission

    [DisableAuditing]
    public Task<ListResultDto<PermissionDto>> GetAllPermissions()
    {
        var permissions = PermissionManager.GetAllPermissions();

        return Task.FromResult(new ListResultDto<PermissionDto>(
            ObjectMapper.Map<List<PermissionDto>>(permissions).OrderBy(p => p.DisplayName).ToList()
        ));
    }

    /// <summary>
    /// 角色权限
    /// </summary>
    /// <param name="roleId"></param>
    /// <returns></returns>
    [DisableAuditing]
    public async Task<PermissionDto> GetPermissions(int roleId)
    {
        var allPermissions = PermissionManager.GetAllPermissions();

        List<Permission> currentPerms = new List<Permission>();
        if (AbpSession.GetUserName() == User.AdminUserName || AbpSession.GetUserName() == User.SystemUserName)
        {
            currentPerms.AddRange(allPermissions);
        }
        else
        {
            foreach (var perm in allPermissions)
            {
                if (await PermissionChecker.IsGrantedAsync(perm.Name))
                    currentPerms.Add(perm);
            }
        }

        var rootFunc = await CacheManager.GetCache<string, SysFunction>(VzConsts.CacheFunction)
            .GetAsync(VzConsts.FunRootName, () => _funRepository.FirstOrDefaultAsync(a => a.Name == VzConsts.FunRootName));
        var dto = new PermissionDto();
        if (rootFunc != null)
        {
            dto.Name = rootFunc.Name;
            dto.IsAuth = roleId != 0 && await _roleManager.IsGrantedAsync(roleId, rootFunc.PermissionName);
            dto.DisplayName = rootFunc.DisplayName;
            dto.Sort = rootFunc.Sort;
            dto.Icon = rootFunc.Icon;
            dto.IsOpen = rootFunc.Depth < 2;
            dto.Children = await GetPermissionTree(rootFunc.PermissionName, currentPerms, roleId);
        }
        return dto;
    }

    /// <summary>
    /// 获取角色权限树
    /// </summary>
    /// <param name="parentName"></param>
    /// <param name="permissions"></param>
    /// <param name="roleId"></param>
    /// <returns></returns>
    private async Task<List<PermissionDto>> GetPermissionTree(string parentName, List<Permission> permissions, int roleId)
    {
        var parentPerms = permissions.Where(a => a.Parent?.Name == parentName).ToList();
        var list = new List<PermissionDto>();
        if (parentPerms.Any())
        {
            foreach (var permission in parentPerms)
            {
                var fun = await CacheManager.GetCache<string, SysFunction>(VzConsts.CacheFunction)
                    .GetAsync(permission.Name, () => _funRepository.FirstOrDefaultAsync(a => a.PermissionName == permission.Name));
                var model = new PermissionDto
                {
                    Name = permission.Name,
                    IsAuth = roleId != 0 && await _roleManager.IsGrantedAsync(roleId, permission.Name),
                    DisplayName = fun.DisplayName,
                    Sort = fun.Sort,
                    Icon = fun.Icon,
                    IsOpen = fun.Depth < 2,
                    Children = await GetPermissionTree(permission.Name, permissions, roleId)
                };
                list.Add(model);
            }
        }
        return list.OrderBy(a => a.Sort).ToList();
    }

    #endregion Permission
}