package org.activityinfo.server.command.handler;

/*
 * #%L
 * ActivityInfo Server
 * %%
 * Copyright (C) 2009 - 2013 UNICEF
 * %%
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as
 * published by the Free Software Foundation, either version 3 of the 
 * License, or (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public 
 * License along with this program.  If not, see
 * <http://www.gnu.org/licenses/gpl-3.0.html>.
 * #L%
 */

import com.extjs.gxt.ui.client.Style;
import com.google.inject.Inject;
import org.activityinfo.legacy.shared.command.GetUsers;
import org.activityinfo.legacy.shared.command.result.CommandResult;
import org.activityinfo.legacy.shared.command.result.UserResult;
import org.activityinfo.legacy.shared.exception.CommandException;
import org.activityinfo.legacy.shared.exception.IllegalAccessCommandException;
import org.activityinfo.legacy.shared.model.PartnerDTO;
import org.activityinfo.legacy.shared.model.UserPermissionDTO;
import org.activityinfo.server.database.hibernate.entity.User;
import org.activityinfo.server.database.hibernate.entity.UserDatabase;
import org.activityinfo.server.database.hibernate.entity.UserPermission;

import javax.persistence.EntityManager;
import javax.persistence.TypedQuery;
import java.util.ArrayList;
import java.util.List;

/**
 * @author Alex Bertram
 * @see org.activityinfo.legacy.shared.command.GetUsers
 */
public class GetUsersHandler implements CommandHandler<GetUsers> {

    private EntityManager em;

    @Inject
    public GetUsersHandler(EntityManager em) {
        this.em = em;
    }

    @Override
    public CommandResult execute(GetUsers cmd, User currentUser) throws CommandException {

        UserDatabase db = em.getReference(UserDatabase.class, cmd.getDatabaseId());

        UserPermission currentUserPermission = PermissionOracle.using(em).getPermissionByUser(db, currentUser);

        assertAuthorized(currentUserPermission);

        String whereClause = "up.database.id = :dbId and " +
                             "up.user.id <> :currentUserId and " +
                             "up.allowView = true";

        if (!currentUserPermission.isAllowManageAllUsers()) {
            whereClause += " and up.partner.id = " + currentUserPermission.getPartner().getId();
        }

        TypedQuery<UserPermission> query = em.createQuery("select up from UserPermission up where " +
                                                          whereClause + " " + composeOrderByClause(cmd),
                UserPermission.class)
                                             .setParameter("dbId", cmd.getDatabaseId())
                                             .setParameter("currentUserId", currentUser.getId());

        if (cmd.getOffset() > 0) {
            query.setFirstResult(cmd.getOffset());
        }
        if (cmd.getLimit() > 0) {
            query.setMaxResults(cmd.getLimit());
        }

        List<UserPermissionDTO> models = new ArrayList<>();
        for (UserPermission perm : query.getResultList()) {
            UserPermissionDTO dto = new UserPermissionDTO();
            dto.setEmail(perm.getUser().getEmail());
            dto.setName(perm.getUser().getName());
            dto.setOrganization(perm.getUser().getOrganization());
            dto.setJobtitle(perm.getUser().getJobtitle());
            dto.setAllowDesign(perm.isAllowDesign());
            dto.setAllowView(perm.isAllowView());
            dto.setAllowViewAll(perm.isAllowViewAll());
            dto.setAllowEdit(perm.isAllowEdit());
            dto.setAllowEditAll(perm.isAllowEditAll());
            dto.setAllowManageUsers(perm.isAllowManageUsers());
            dto.setAllowManageAllUsers(perm.isAllowManageAllUsers());
            dto.setPartner(new PartnerDTO(perm.getPartner().getId(), perm.getPartner().getName()));
            models.add(dto);
        }

        return new UserResult(models, cmd.getOffset(), queryTotalCount(cmd, currentUser, whereClause));
    }

    private void assertAuthorized(UserPermission currentUserPermission) {
        if (!currentUserPermission.isAllowManageUsers()) {
            throw new IllegalAccessCommandException(String.format(
                    "User %d does not have permission to view user permissions in database %d",
                    currentUserPermission.getUser().getId(),
                    currentUserPermission.getDatabase().getId()));
        }
    }

    private int queryTotalCount(GetUsers cmd, User currentUser, String whereClause) {
        return ((Number) em.createQuery("select count(up) from UserPermission up where " + whereClause)
                           .setParameter("dbId", cmd.getDatabaseId())
                           .setParameter("currentUserId", currentUser.getId())
                           .getSingleResult()).intValue();
    }

    private String composeOrderByClause(GetUsers cmd) {
        String orderByClause = " ";

        if (cmd.getSortInfo().getSortDir() != Style.SortDir.NONE) {
            String dir = cmd.getSortInfo().getSortDir() == Style.SortDir.ASC ? "asc" : "desc";
            String property = null;
            String field = cmd.getSortInfo().getSortField();

            if ("name".equals(field)) {
                property = "up.user.name";
            } else if ("email".equals(field)) {
                property = "up.user.email";
            } else if ("partner".equals(field)) {
                property = "up.partner.name";
            } else if (field != null && field.startsWith("allow")) {
                property = "up." + field;
            }

            if (property != null) {
                orderByClause = " order by " + property + " " + dir;
            }
        }
        return orderByClause;
    }
}