@namespace Oqtane.Modules.Controls
@inherits ModuleControlBase
@inject IRoleService RoleService
@inject IUserService UserService
@inject IUserRoleService UserRoleService
@inject IStringLocalizer<PermissionGrid> Localizer
@inject IStringLocalizer<SharedResources> SharedLocalizer

@if (_permissions != null)
{
<div class="container">
    <div class="row">
        <div class="col">
            <table class="table table-borderless">
                <tbody>
                    <tr>
                        <th scope="col">@Localizer["Role"]</th>
                        @foreach (PermissionString permission in _permissions)
                        {
							<th style="text-align: center; width: 1px;">@((MarkupString)GetPermissionName(permission).Replace(" ", "<br />"))</th>
						}
                    </tr>
                    @foreach (Role role in _roles)
                    {
                        <tr>
                            <td>@role.Name</td>
                            @foreach (PermissionString permission in _permissions)
                            {
                                var p = permission;
                                <td style="text-align: center;">
									<TriStateCheckBox Value=@GetPermissionValue(p.Permissions, role.Name) Disabled="@GetPermissionDisabled(p.EntityName, p.PermissionName, role.Name)" OnChange="@(e => PermissionChanged(e, p.EntityName, p.PermissionName, role.Name))" />
                                </td>
                            }
                        </tr>
                    }
                </tbody>
            </table>
            <br />
        </div>
    </div>
    <div class="row">
        <div class="col">
            @if (_users.Count != 0)
            {
                <div class="row">
                    <div class="col">
                    </div>
                </div>
                <table class="table table-borderless">
                    <thead>
                        <tr>
                            <th scope="col">@Localizer["User"]</th>
                            @foreach (PermissionString permission in _permissions)
                            {
                                <th style="text-align: center; width: 1px;">@Localizer[permission.PermissionName]</th>
                            }
                        </tr>
                    </thead>
                    <tbody>
                        @foreach (User user in _users)
                        {
                            string userid = "[" + user.UserId.ToString() + "]";
                            <tr>
                                <td>@user.DisplayName</td>
                                @foreach (PermissionString permission in _permissions)
                                {
                                    var p = permission;
                                    <td style="text-align: center; width: 1px;">
										<TriStateCheckBox Value=@GetPermissionValue(p.Permissions, userid) Disabled="@GetPermissionDisabled(p.EntityName, p.PermissionName, "")" OnChange="@(e => PermissionChanged(e, p.EntityName, p.PermissionName, userid))" />
                                    </td>
                                }
                            </tr>
                        }
                    </tbody>
                </table>
                <br />
            }
        </div>
    </div>
    <div class="row">
        <div class="col-11">
			<AutoComplete OnSearch="GetUsers" Placeholder="@Localizer["Username.Enter"]" @ref="_user" />
		</div>
		<div class="col-1">
			<button type="button" class="btn btn-primary" @onclick="AddUser">@SharedLocalizer["Add"]</button>
        </div>
    </div>
    <div class="row">
        <div class="col">
            <ModuleMessage Type="MessageType.Warning" Message="@_message" />
        </div>
    </div>
</div>
}

@code {
	private string _permissionnames = string.Empty;
	private List<Role> _roles;
	private List<PermissionString> _permissions;
	private List<User> _users = new List<User>();
	private AutoComplete _user;
	private string _message = string.Empty;

	[Parameter]
	public string EntityName { get; set; }

	[Parameter]
	public string PermissionNames { get; set; }

	[Parameter]
	public string Permissions { get; set; }

	protected override async Task OnInitializedAsync()
	{
		if (string.IsNullOrEmpty(PermissionNames))
		{
			_permissionnames = Shared.PermissionNames.View + "," + Shared.PermissionNames.Edit;
		}
		else
		{
			_permissionnames = PermissionNames;
		}

		_roles = await RoleService.GetRolesAsync(ModuleState.SiteId, true);
		if (!UserSecurity.IsAuthorized(PageState.User, RoleNames.Host))
		{
			_roles.RemoveAll(item => item.Name == RoleNames.Host);
		}

		_permissions = new List<PermissionString>();

		foreach (string permissionname in _permissionnames.Split(',', StringSplitOptions.RemoveEmptyEntries))
		{
			// permission names can be in the form of "EntityName:PermissionName:Roles"
			if (permissionname.Contains(":"))
			{
				var segments = permissionname.Split(':');
				if (segments.Length == 3)
				{
					if (!segments[2].Contains(RoleNames.Admin))
					{
						segments[2] = RoleNames.Admin + ";" + segments[2]; // ensure admin access
					}
					_permissions.Add(new PermissionString { EntityName = segments[0], PermissionName = segments[1], Permissions = segments[2] });
				}
			}
			else
			{
				_permissions.Add(new PermissionString { EntityName = EntityName, PermissionName = permissionname, Permissions = RoleNames.Admin });
			}
		}

		if (!string.IsNullOrEmpty(Permissions))
		{
			// populate permissions
			foreach (PermissionString permissionstring in UserSecurity.GetPermissionStrings(Permissions))
			{
				int index = _permissions.FindIndex(item => item.EntityName == permissionstring.EntityName && item.PermissionName == permissionstring.PermissionName);
				if (index != -1)
				{
					_permissions[index].Permissions = permissionstring.Permissions;
				}

				if (permissionstring.Permissions.Contains("["))
				{
					foreach (string user in permissionstring.Permissions.Split('[', StringSplitOptions.RemoveEmptyEntries))
					{
						if (user.Contains("]"))
						{
							var userid = int.Parse(user.Substring(0, user.IndexOf("]")));
							if (_users.Where(item => item.UserId == userid).FirstOrDefault() == null)
							{
								_users.Add(await UserService.GetUserAsync(userid, ModuleState.SiteId));
							}
						}
					}
				}
			}
		}
	}

	private string GetPermissionName(PermissionString permission)
	{
		var permissionname = Localizer[permission.PermissionName].ToString();
		if (!string.IsNullOrEmpty(EntityName))
		{
			permissionname += " " + Localizer[permission.EntityName].ToString();
		}
		return permissionname;
	}

	private bool? GetPermissionValue(string permissions, string securityKey)
	{
		if ((";" + permissions + ";").Contains(";" + "!" + securityKey + ";"))
		{
			return false; // deny permission
		}
		else
		{
			if ((";" + permissions + ";").Contains(";" + securityKey + ";"))
			{
				return true; // grant permission
			}
			else
			{
				return null; // not specified
			}
		}
	}

	private bool GetPermissionDisabled(string entityName, string permissionName, string roleName)
	{
		if (roleName == RoleNames.Admin && !UserSecurity.IsAuthorized(PageState.User, RoleNames.Host))
		{
			return true;
		}
		else
		{
			if (entityName != EntityName && !UserSecurity.IsAuthorized(PageState.User, RoleNames.Admin))
			{
				return true;
			}
			else
			{
				return false;
			}
		}
	}

	private async Task<Dictionary<string, string>> GetUsers(string filter)
	{
		var users = await UserRoleService.GetUserRolesAsync(PageState.Site.SiteId, RoleNames.Registered);
		return users.Where(item => item.User.DisplayName.Contains(filter, StringComparison.OrdinalIgnoreCase))
			.ToDictionary(item => item.UserId.ToString(), item => item.User.DisplayName);
	}

	private async Task AddUser()
	{
		if (!string.IsNullOrEmpty(_user.Key))
		{
			var user = await UserService.GetUserAsync(int.Parse(_user.Key), ModuleState.SiteId);
			if (user != null && !_users.Any(item => item.UserId == user.UserId))
			{
				_users.Add(user);
			}
		}
		else
		{
			_message = Localizer["Message.Username.DontExist"];
		}
		_user.Clear();
	}

	private void PermissionChanged(bool? value, string entityName, string permissionName, string securityId)
	{
		var selected = value;
		int index = _permissions.FindIndex(item => item.EntityName == entityName && item.PermissionName == permissionName);
		if (index != -1)
		{
			var permission = _permissions[index];

			var ids = permission.Permissions.Split(';').ToList();
			ids.Remove(securityId); // remove grant permission
			ids.Remove("!" + securityId); // remove deny permission

			switch (selected)
			{
				case true:
					ids.Add(securityId); // add grant permission
					break;
				case false:
					ids.Add("!" + securityId); // add deny permission
					break;
				case null:
					break; // permission not specified
			}

			_permissions[index].Permissions = string.Join(";", ids.ToArray());
		}
	}

	public string GetPermissions()
	{
		ValidatePermissions();
		return UserSecurity.SetPermissionStrings(_permissions);
	}

	private void ValidatePermissions()
	{
		PermissionString permission;
		for (int index = 0; index < _permissions.Count; index++)
		{
			permission = _permissions[index];
			List<string> ids = permission.Permissions.Split(';', StringSplitOptions.RemoveEmptyEntries).ToList();
			ids.Remove("!" + RoleNames.Everyone); // remove deny all users
			ids.Remove("!" + RoleNames.Unauthenticated); // remove deny unauthenticated
			ids.Remove("!" + RoleNames.Registered); // remove deny registered users
			if (UserSecurity.IsAuthorized(PageState.User, RoleNames.Host))
			{
				ids.Remove("!" + RoleNames.Admin); // remove deny administrators
				ids.Remove("!" + RoleNames.Host); // remove deny host users
				if (!ids.Contains(RoleNames.Host) && !ids.Contains(RoleNames.Admin))
				{
					// add administrators role if host user role is not assigned
					ids.Add(RoleNames.Admin);				
				}
			}
			permission.Permissions = string.Join(";", ids.ToArray());
            _permissions[index] = permission;
        }
    }
}