using Microsoft.AspNetCore.Authorization;

using DomainObjects.Documents;
using Core.Enumerations;

using DataProviders.Collections;

using WeatherForecast.Policies.Abstractions;
using Microsoft.Extensions.Options;
using DomainObjects.Documents.Users;

namespace WeatherForecast.Policies;

/// <summary>
/// 
/// </summary>
public class BlogAuthorizationHandler : AuthorizationHandlerBase<BlogAuthorizationRequirement, List<BlogDocument>> {

  /// <summary>
  /// 
  /// </summary>
  /// <param name="configuration"></param>
  /// <param name="contextAccessor"></param>
  /// <param name="siteDataProvider"></param>
  /// <param name="userDataProvider"></param>
  public BlogAuthorizationHandler(
    IOptions<Configuration> configuration,
    IHttpContextAccessor contextAccessor,
    ISiteDataProvider siteDataProvider,
    IUserDataProvider userDataProvider
  ) : base(configuration, contextAccessor, siteDataProvider, userDataProvider) { }

  /// <summary>
  /// 
  /// </summary>
  /// <param name="context"></param>
  /// <param name="requirement"></param>
  /// <param name="resource"></param>
  /// <returns></returns>
  protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, BlogAuthorizationRequirement requirement, List<BlogDocument> resource) {

    var (site, user) = GetUser(context);
    if (site == null || user == null)
      return Task.CompletedTask;

    var userRole = GetRole(site, user);

    // Can only Admin, Editor, Author, Contributor (cannot set publish date)
    if (requirement.Action == CrudActions.Create
      && (userRole != Roles.Admin
      && userRole != Roles.Editor
      && userRole != Roles.Author
      && userRole != Roles.Contributor
      && (userRole == Roles.Contributor && resource.Any(x => x.Published != null))))
      return Task.CompletedTask;

    // Can only Admin, Editor, Author, Contributor
    if (requirement.Action == CrudActions.Read
      && (userRole != Roles.Admin
      && userRole != Roles.Editor
      && userRole != Roles.Author
      && userRole != Roles.Contributor))
      return Task.CompletedTask;

    // Can only Admin, Editor, Author (own), Contributor (own, not yet pubblished)
    if ((requirement.Action == CrudActions.Update || requirement.Action == CrudActions.Delete)
      && (userRole != Roles.Admin
      && userRole != Roles.Editor
      && userRole != Roles.Author
      && userRole != Roles.Contributor
      && ((userRole == Roles.Author || userRole == Roles.Contributor) && resource.Any(x => x.Author != user.Id))
      && (userRole == Roles.Contributor && resource.Any(x => x.Published != null))))
      return Task.CompletedTask;

    context.Succeed(requirement);

    return Task.CompletedTask;
  }
}

/// <summary>
/// 
/// </summary>
public class BlogAuthorizationRequirement : AuthorizationRequirementBase { }