using Core.Enumerations;
using DataProviders.Buckets;
using DataProviders.Collections;
using DomainObjects.Documents.Users;
using FileSecurityService;
using Microsoft.AspNetCore.Authorization;
using Microsoft.Extensions.Options;
using WeatherForecast.Policies.Abstractions;

namespace WeatherForecast.Policies;

/// <summary>
/// 
/// </summary>
public class ImageAuthorisationHandler : AuthorizationHandlerBase<ImageAuthorisationRequirement, List<BucketFile>> {

  private readonly IFileSecurityService _fileSecurityService;

  /// <summary>
  /// 
  /// </summary>
  /// <param name="configuration"></param>
  /// <param name="contextAccessor"></param>
  /// <param name="siteDataProvider"></param>
  /// <param name="userDataProvider"></param>
  /// <param name="fileSecurityService"></param>
  public ImageAuthorisationHandler(
    IOptions<Configuration> configuration,
    IHttpContextAccessor contextAccessor,
    ISiteDataProvider siteDataProvider,
    IUserDataProvider userDataProvider,
    IFileSecurityService fileSecurityService
  ) : base(configuration, contextAccessor, siteDataProvider, userDataProvider) {
    _fileSecurityService = fileSecurityService;
  }

  /// <summary>
  /// 
  /// </summary>
  /// <param name="context"></param>
  /// <param name="requirement"></param>
  /// <param name="resource"></param>
  /// <returns></returns>
  /// <exception cref="NotImplementedException"></exception>
  protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, ImageAuthorisationRequirement requirement, List<BucketFile> resource) {

    var (site, user) = GetUser(context);
    if (site == null || user == null)
      return Task.CompletedTask;

    var userRole = GetRole(site, user);

    var req = requirement.Roles.SingleOrDefault(x => x.Role == userRole);
    if (req == null)
      return Task.CompletedTask;

    foreach (var res in resource) {
      var (fileCategory, signatureResult) = _fileSecurityService.CheckFileSignature(res.Name, res.Bytes, res.ContentType);
      if (!signatureResult.IsSuccess || fileCategory == null)
          return Task.CompletedTask;
 
      if (req.OwnOnly && res.UserId != user.Id)
        return Task.CompletedTask;

      if (req.DenyPublished && res.Published != null)
        return Task.CompletedTask;
    }

    context.Succeed(requirement);

    return Task.CompletedTask;
  }
}

/// <summary>
/// 
/// </summary>
public class ImageRole {

  /// <summary>
  /// 
  /// </summary>
  public Roles Role { get; private set; }

  /// <summary>
  /// 
  /// </summary>
  public bool DenyPublished { get; init; } = false;

  /// <summary>
  /// 
  /// </summary>
  public bool OwnOnly { get; init; } = false;

  /// <summary>
  /// 
  /// </summary>
  /// <param name="role"></param>
  public ImageRole(Roles role) {
    Role = role;
  }
}

/// <summary>
/// 
/// </summary>
public class ImageAuthorisationRequirement : AuthorizationRequirementBase {

  /// <summary>
  /// 
  /// </summary>
  public List<ImageRole> Roles { get; private set; }

  /// <summary>
  /// 
  /// </summary>
  /// <param name="action"></param>
  /// <param name="roles"></param>
  public ImageAuthorisationRequirement(CrudActions action, List<ImageRole> roles) : base(action) {
    Roles = roles;
  }
}