import {
  Controller,
  Get,
  Post,
  Patch,
  Delete,
  Body,
  Param,
  Query,
  UseGuards,
  ParseUUIDPipe,
} from '@nestjs/common';
import { RoleService } from './role.service';
import { CreateRoleDto, UpdateRoleDto, AssignPermissionsDto } from './dto';
import { JwtAuthGuard } from '../../auth/guards/jwt-auth.guard';
import { PermissionGuard } from '../../auth/guards/permission.guard';
import { Permissions } from '../../auth/decorators/permissions.decorator';
import { AccessLevel, ModuleName } from '../../entities/role-permission.entity';
import { paginatedResponse, successResponse } from '../../common/responses/api-response';
import { PaginationDto } from '../../common/dto/pagination.dto';

/**
 * RoleController — CRUD for roles + permission assignment.
 *
 * Per CLAUDE.md:
 * - Controller has ZERO tenant awareness
 * - No setTenantId() calls — CLS handles everything
 * - On permission update → always invalidate Redis cache (handled by service)
 */
@Controller('roles')
@UseGuards(JwtAuthGuard, PermissionGuard)
export class RoleController {
  constructor(private readonly roleService: RoleService) {}

  @Get()
  @Permissions({ module: ModuleName.USER_MANAGEMENT, accessLevel: AccessLevel.VIEW })
  async findAll(@Query() query: PaginationDto) {
    const { items, meta } = await this.roleService.findAll(query);
    return paginatedResponse(items, meta, 'Roles fetched successfully');
  }

  @Get(':id')
  @Permissions({ module: ModuleName.USER_MANAGEMENT, accessLevel: AccessLevel.VIEW })
  async findById(@Param('id', ParseUUIDPipe) id: string) {
    const data = await this.roleService.findById(id);
    return successResponse(data, 'Role fetched successfully');
  }

  @Get(':id/permissions')
  @Permissions({ module: ModuleName.USER_MANAGEMENT, accessLevel: AccessLevel.VIEW })
  async getPermissionsMatrix(@Param('id', ParseUUIDPipe) id: string) {
    const data = await this.roleService.getPermissionsMatrix(id);
    return successResponse(data, 'Permissions fetched successfully');
  }

  @Post()
  @Permissions({ module: ModuleName.USER_MANAGEMENT, accessLevel: AccessLevel.CREATE })
  async create(@Body() dto: CreateRoleDto) {
    const result = await this.roleService.create(dto);
    return successResponse(result, result.message);
  }

  @Patch(':id')
  @Permissions({ module: ModuleName.USER_MANAGEMENT, accessLevel: AccessLevel.EDIT })
  async update(@Param('id', ParseUUIDPipe) id: string, @Body() dto: UpdateRoleDto) {
    const result = await this.roleService.update(id, dto);
    return successResponse(result, result.message);
  }

  @Patch(':id/permissions')
  @Permissions({ module: ModuleName.USER_MANAGEMENT, accessLevel: AccessLevel.EDIT })
  async assignPermissions(@Param('id', ParseUUIDPipe) id: string, @Body() dto: AssignPermissionsDto) {
    const result = await this.roleService.assignPermissions(id, dto);
    return successResponse(result, result.message);
  }

  @Delete(':id')
  @Permissions({ module: ModuleName.USER_MANAGEMENT, accessLevel: AccessLevel.DELETE })
  async remove(@Param('id', ParseUUIDPipe) id: string) {
    const result = await this.roleService.remove(id);
    return successResponse(result, result.message);
  }
}