package net.curisit.securis.services;

import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Set;

import javax.annotation.security.RolesAllowed;
import javax.enterprise.context.RequestScoped;
import javax.persistence.EntityManager;
import javax.persistence.TypedQuery;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.HeaderParam;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;

import net.curisit.integrity.commons.Utils;
import net.curisit.securis.DefaultExceptionHandler;
import net.curisit.securis.SeCurisException;
import net.curisit.securis.db.Organization;
import net.curisit.securis.db.User;
import net.curisit.securis.ioc.EnsureTransaction;
import net.curisit.securis.security.BasicSecurityContext;
import net.curisit.securis.security.Securable;
import net.curisit.securis.utils.TokenHelper;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/**
 * Organization resource, this service will provide methods to create, modify
 * and delete organizations
 * 
 * @author roberto <roberto.sanchez@curisit.net>
 */
@Path("/organization")
@RequestScoped
public class OrganizationResource {

    private static final Logger LOG = LogManager.getLogger(OrganizationResource.class);

    @Context
    EntityManager em;

    @Context
    BasicSecurityContext bsc;

    public OrganizationResource() {
    }

    /**
     * 
     * @return the server version in format majorVersion.minorVersion
     */
    @GET
    @Path("/")
    @Produces({
        MediaType.APPLICATION_JSON
    })
    @Securable
    public Response index() {
        LOG.info("Getting organizations list ");

        // EntityManager em = emProvider.get();
        em.clear();
        TypedQuery<Organization> q;
        if (bsc.isUserInRole(BasicSecurityContext.ROL_ADMIN)) {
            LOG.info("GEtting all orgs for user: " + bsc.getUserPrincipal());
            q = em.createNamedQuery("list-organizations", Organization.class);
        } else {
            q = em.createNamedQuery("list-organizations", Organization.class);
        }

        List<Organization> list = q.getResultList();

        return Response.ok(list).build();
    }

    /**
     * 
     * @return the server version in format majorVersion.minorVersion
     */
    @GET
    @Path("/{orgid}")
    @Produces({
        MediaType.APPLICATION_JSON
    })
    @Securable
    public Response get(@PathParam("orgid") String orgid, @HeaderParam(TokenHelper.TOKEN_HEADER_PÀRAM) String token) {
        LOG.info("Getting organization data for id: {}: ", orgid);
        if (orgid == null || "".equals(orgid)) {
            LOG.error("Organization ID is mandatory");
            return Response.status(Status.NOT_FOUND).build();
        }

        // EntityManager em = emProvider.get();
        em.clear();
        Organization org = em.find(Organization.class, Integer.parseInt(orgid));
        if (org == null) {
            LOG.error("Organization with id {} not found in DB", orgid);
            return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "Organization not found, id: " + orgid)
                    .build();
        }
        return Response.ok(org).build();
    }

    private boolean isCyclicalRelationship(int currentId, Organization parent) {
        while (parent != null) {
            if (parent.getId() == currentId) {
                return true;
            }
            parent = parent.getParentOrganization();
        }
        return false;
    }

    @POST
    @Path("/")
    @Consumes(MediaType.APPLICATION_JSON)
    @Produces({
        MediaType.APPLICATION_JSON
    })
    @EnsureTransaction
    @Securable
    @RolesAllowed(BasicSecurityContext.ROL_ADMIN)
    public Response create(Organization org) {
        LOG.info("Creating new organization");
        // EntityManager em = emProvider.get();

        try {
            this.setParentOrg(org, org.getParentOrgId(), em);
        } catch (SeCurisException e) {
            return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, e.getMessage()).build();
        }

        Set<User> users = null;
        Set<String> usersIds = org.getUsersIds();
        if (usersIds != null && !usersIds.isEmpty()) {
            users = new HashSet<>();
            for (String username : usersIds) {
                User user = em.find(User.class, username);
                if (user == null) {
                    LOG.error("Organization user with id {} not found in DB", username);
                    return Response.status(Status.NOT_FOUND)
                            .header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "Organization's user not found with ID: " + username).build();
                }
                users.add(user);
            }
        }

        org.setUsers(users);
        org.setCreationTimestamp(new Date());
        em.persist(org);
        return Response.ok(org).build();
    }

    private void setParentOrg(Organization org, Integer parentOrgId, EntityManager em) throws SeCurisException {
        Organization parentOrg = null;
        if (parentOrgId != null) {
            parentOrg = em.find(Organization.class, parentOrgId);
            if (parentOrg == null) {
                LOG.error("Organization parent with id {} not found in DB", org.getParentOrgId());
                throw new SecurityException("Organization's parent not found with ID: " + org.getParentOrgId());
            }
        }

        org.setParentOrganization(parentOrg);
    }

    private void setOrgUsers(Organization org, Set<String> usersIds, EntityManager em) throws SeCurisException {
        Set<User> users = null;
        if (usersIds != null && !usersIds.isEmpty()) {
            users = new HashSet<>();
            for (String username : usersIds) {
                User user = em.find(User.class, username);
                if (user == null) {
                    LOG.error("Organization user with id '{}' not found in DB", username);
                    throw new SecurityException("Organization's user not found with ID: " + username);
                }
                users.add(user);
            }
        }

        org.setUsers(users);
    }

    @PUT
    @POST
    @Path("/{orgid}")
    @Consumes(MediaType.APPLICATION_JSON)
    @Produces({
        MediaType.APPLICATION_JSON
    })
    @EnsureTransaction
    @Securable
    @RolesAllowed(BasicSecurityContext.ROL_ADMIN)
    public Response modify(Organization org, @PathParam("orgid") String orgid, @HeaderParam(TokenHelper.TOKEN_HEADER_PÀRAM) String token) {
        LOG.info("Modifying organization with id: {}", orgid);
        // EntityManager em = emProvider.get();
        Organization currentOrg = em.find(Organization.class, Integer.parseInt(orgid));
        if (currentOrg == null) {
            LOG.error("Organization with id {} not found in DB", orgid);
            return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "Organization not found with ID: " + orgid)
                    .build();
        }
        try {
            this.setParentOrg(currentOrg, org.getParentOrgId(), em);
        } catch (SeCurisException e) {
            return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, e.getMessage()).build();
        }
        if (org.getParentOrganization() != null && (isCyclicalRelationship(currentOrg.getId(), org.getParentOrganization()))) {
            LOG.error("Organization parent generate a cyclical relationship, parent id {}, current id: {}", org.getParentOrgId(), currentOrg.getId());
            return Response
                    .status(Status.FORBIDDEN)
                    .header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER,
                            "Cyclical relationships are not allowed, please change the parent organization, current Parent: "
                                    + org.getParentOrganization().getName()).build();
        }

        try {
            setOrgUsers(currentOrg, org.getUsersIds(), em);
        } catch (SeCurisException e) {
            return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, e.getMessage()).build();
        }

        currentOrg.setCode(org.getCode());
        currentOrg.setName(org.getName());
        currentOrg.setDescription(org.getDescription());
        em.persist(currentOrg);

        return Response.ok(currentOrg).build();
    }

    @DELETE
    @Path("/{orgid}")
    @EnsureTransaction
    @Produces({
        MediaType.APPLICATION_JSON
    })
    @Securable
    @RolesAllowed(BasicSecurityContext.ROL_ADMIN)
    public Response delete(@PathParam("orgid") String orgid, @Context HttpServletRequest request) {
        LOG.info("Deleting organization with id: {}", orgid);
        // EntityManager em = emProvider.get();
        Organization org = em.find(Organization.class, Integer.parseInt(orgid));
        if (org == null) {
            LOG.error("Organization with id {} can not be deleted, It was not found in DB", orgid);
            return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "Organization was not found, ID: " + orgid)
                    .build();
        }
        if (org.getChildOrganizations() != null && !org.getChildOrganizations().isEmpty()) {
            LOG.error("Organization has children and can not be deleted, ID: " + orgid);
            return Response.status(Status.FORBIDDEN)
                    .header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "Organization has children and can not be deleted, ID: " + orgid).build();
        }

        em.remove(org);
        return Response.ok(Utils.createMap("success", true, "id", orgid)).build();
    }

}