<?php

namespace App\Http\Controllers\Api;

use App\Http\Controllers\Controller;
use App\Models\AdminMenu;
use App\Models\AdminRole;
use App\Models\RoleMenuPermission;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\DB;

class RoleMenuPermissionController extends Controller
{
    public function index(Request $request): JsonResponse
    {
        $menus = AdminMenu::query()
            ->orderBy('sort')
            ->orderBy('id')
            ->get(['id', 'name', 'path', 'icon', 'parent_id', 'sort', 'is_visible']);

        $roleModels = AdminRole::query()->orderBy('sort')->orderBy('id')->get(['slug', 'name', 'is_system', 'full_access']);

        $slugs = $roleModels->pluck('slug')->map(fn ($s) => (string) $s)->values()->all();

        $permissionRows = RoleMenuPermission::query()
            ->whereIn('role', $slugs)
            ->get(['role', 'menu_id'])
            ->groupBy('role')
            ->map(fn ($group) => $group->pluck('menu_id')->map(fn ($id) => (int) $id)->values())
            ->toArray();

        $rolesPayload = $roleModels->map(function (AdminRole $r) use ($permissionRows) {
            return [
                'role' => $r->slug,
                'label' => $r->name,
                'menu_ids' => $permissionRows[$r->slug] ?? [],
                'is_system' => $r->is_system,
                'full_access' => $r->full_access,
            ];
        })->values()->all();

        return response()->json([
            'menus' => $menus,
            'roles' => $rolesPayload,
        ]);
    }

    public function update(Request $request, string $role): JsonResponse
    {
        $this->ensureSuperAdmin($request);

        abort_unless(
            AdminRole::query()->where('slug', $role)->exists(),
            422,
            '角色不存在'
        );

        $data = $request->validate([
            'menu_ids' => ['required', 'array'],
            'menu_ids.*' => ['integer', 'exists:admin_menus,id'],
        ]);

        $menuIds = collect($data['menu_ids'])->map(fn ($id) => (int) $id)->unique()->values();

        DB::transaction(function () use ($role, $menuIds) {
            RoleMenuPermission::query()->where('role', $role)->delete();
            foreach ($menuIds as $menuId) {
                RoleMenuPermission::create([
                    'role' => $role,
                    'menu_id' => $menuId,
                ]);
            }
        });

        return response()->json(['message' => '角色菜单权限已保存']);
    }

    private function ensureSuperAdmin(Request $request): void
    {
        abort_unless($request->user()?->isSuperAdmin(), 403, '仅超级管理员可操作');
    }
}