using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using PlaylistShared.Api.Extensions;
using PlaylistShared.Api.Services;
using PlaylistShared.Shared.DTO;
using PlaylistShared.Shared.Models;

namespace PlaylistShared.Api.Controllers;

[ApiController]
[Route("api/[controller]")]
public class SharedPlaylistController : ControllerBase
{
    private readonly SharedPlaylistService _sharedService;
    private readonly YandexMusicService _yandexService;

    public SharedPlaylistController(SharedPlaylistService sharedService, YandexMusicService yandexService)
    {
        _sharedService = sharedService;
        _yandexService = yandexService;
    }

    [HttpPost]
    [Authorize]
    public async Task<ActionResult<ApiResponse<SharedPlaylistDto>>> Create([FromBody] SharePlaylistDto dto)
    {
        var userId = User.FindFirst(System.Security.Claims.ClaimTypes.NameIdentifier)?.Value;
        if (string.IsNullOrEmpty(userId) || !Guid.TryParse(userId, out var guid))
            return Unauthorized();

        var result = await _sharedService.CreateAsync(guid, dto);
        return Ok(ApiResponse<SharedPlaylistDto>.Ok(result));
    }

    [HttpGet("{token}")]
    public async Task<ActionResult<ApiResponse<SharedPlaylistDto>>> GetByToken(string token)
    {
        var playlist = await _sharedService.GetByTokenAsync(token);
        if (playlist == null)
            return NotFound(ApiResponse<SharedPlaylistDto>.Fail(new ErrorResponse { StatusCode = 404, Message = "Плейлист не найден" }));

        var currentUserId = User.FindFirst(System.Security.Claims.ClaimTypes.NameIdentifier)?.Value;
        var userIdGuid = !string.IsNullOrEmpty(currentUserId) ? Guid.Parse(currentUserId) : (Guid?)null;

        // Проверка прав просмотра (требует доступа к сущности)
        var entity = await _sharedService.GetEntityByTokenAsync(token);
        if (entity == null || !await _sharedService.CanViewAsync(entity, userIdGuid))
            return Unauthorized(ApiResponse<SharedPlaylistDto>.Fail(new ErrorResponse { StatusCode = 401, Message = "Недостаточно прав" }));

        return Ok(ApiResponse<SharedPlaylistDto>.Ok(playlist));
    }

    [HttpPut("{token}/permissions")]
    [Authorize]
    public async Task<ActionResult<ApiResponse<SharedPlaylistDto>>> UpdatePermissions(string token, [FromBody] UpdatePermissionsDto dto)
    {
        var userId = User.GetUserId();
        var playlist = await _sharedService.GetEntityByTokenAsync(token);
        if (playlist == null)
            return NotFound(ApiResponse<SharedPlaylistDto>.Fail(new ErrorResponse { StatusCode = 404, Message = "Плейлист не найден" }));

        if (playlist.CreatorUserId != userId)
            return Forbid();

        var updated = await _sharedService.UpdatePermissionsAsync(playlist.Id, dto);
        if (updated == null)
            return BadRequest(ApiResponse<SharedPlaylistDto>.Fail(new ErrorResponse { StatusCode = 400, Message = "Ошибка обновления прав" }));

        return Ok(ApiResponse<SharedPlaylistDto>.Ok(updated));
    }
}