<?php

namespace App\Http\Controllers\Api;

use App\Http\Controllers\Controller;
use App\Models\AdminRole;
use App\Models\RoleMenuPermission;
use App\Models\User;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\DB;
use Illuminate\Validation\Rule;

class AdminRoleController extends Controller
{
    public function index(Request $request): JsonResponse
    {
        $this->ensureSuperAdmin($request);

        $roles = AdminRole::query()->orderBy('sort')->orderBy('id')->get(['id', 'slug', 'name', 'is_system', 'full_access', 'sort']);

        return response()->json($roles);
    }

    public function store(Request $request): JsonResponse
    {
        $this->ensureSuperAdmin($request);

        $data = $request->validate([
            'slug' => [
                'required',
                'string',
                'max:50',
                'regex:/^[a-z][a-z0-9_]{1,47}$/',
                Rule::unique('admin_roles', 'slug'),
                Rule::notIn(['super_admin', 'venue_admin']),
            ],
            'name' => ['required', 'string', 'max:100'],
            'full_access' => ['sometimes', 'boolean'],
        ]);

        $slug = strtolower(trim($data['slug']));

        $role = AdminRole::create([
            'slug' => $slug,
            'name' => trim($data['name']),
            'is_system' => false,
            'full_access' => (bool) ($data['full_access'] ?? false),
            'sort' => (int) (AdminRole::query()->max('sort') ?? 0) + 1,
        ]);

        return response()->json($role, 201);
    }

    public function update(Request $request, string $slug): JsonResponse
    {
        $this->ensureSuperAdmin($request);

        $role = AdminRole::query()->where('slug', $slug)->firstOrFail();

        $data = $request->validate([
            'name' => ['sometimes', 'string', 'max:100'],
            'full_access' => ['sometimes', 'boolean'],
        ]);

        if (isset($data['name'])) {
            $role->name = trim($data['name']);
        }

        if (array_key_exists('full_access', $data)) {
            if ($role->slug === 'venue_admin') {
                abort_if($data['full_access'], 422, '场馆管理员不可设为系统级全权限');
            }
            if ($role->slug === 'super_admin') {
                // 固定为全权限
                $role->full_access = true;
            } else {
                $role->full_access = (bool) $data['full_access'];
            }
        }

        $role->save();

        return response()->json($role->fresh());
    }

    public function destroy(Request $request, string $slug): JsonResponse
    {
        $this->ensureSuperAdmin($request);

        $role = AdminRole::query()->where('slug', $slug)->firstOrFail();

        abort_if($role->is_system, 422, '系统内置角色不可删除');

        abort_if(
            User::query()->where('role', $slug)->exists(),
            422,
            '仍有管理员使用该角色，无法删除'
        );

        DB::transaction(function () use ($slug) {
            RoleMenuPermission::query()->where('role', $slug)->delete();
            AdminRole::query()->where('slug', $slug)->delete();
        });

        return response()->json(['message' => '角色已删除']);
    }

    private function ensureSuperAdmin(Request $request): void
    {
        abort_unless($request->user()?->isSuperAdmin(), 403, '仅超级管理员可操作');
    }
}