import {
  Controller,
  Get,
  Post,
  Patch,
  Delete,
  Body,
  Param,
  Query,
  UseGuards,
  ParseUUIDPipe,
} from '@nestjs/common';
import { UserService } from './user.service';
import { CreateUserDto, UpdateUserDto, ResetPasswordDto } from './dto';
import { JwtAuthGuard } from '../../auth/guards/jwt-auth.guard';
import { PermissionGuard } from '../../auth/guards/permission.guard';
import { Permissions } from '../../auth/decorators/permissions.decorator';
import { AccessLevel, ModuleName } from '../../entities/role-permission.entity';
import { paginatedResponse, successResponse } from '../../common/responses/api-response';
import { PaginationDto } from '../../common/dto/pagination.dto';

/**
 * UserController — CRUD for users within a tenant.
 *
 * Per CLAUDE.md:
 * - Controller has ZERO tenant awareness
 * - No setTenantId() calls — CLS handles everything
 * - Never hardcode role checks — always use dynamic permission guard
 */
@Controller('users')
@UseGuards(JwtAuthGuard, PermissionGuard)
export class UserController {
  constructor(private readonly userService: UserService) {}

  @Get()
  @Permissions({ module: ModuleName.USER_MANAGEMENT, accessLevel: AccessLevel.VIEW })
  async findAll(@Query() query: PaginationDto) {
    const { items, meta } = await this.userService.findAll(query);
    return paginatedResponse(items, meta, 'Users fetched successfully');
  }

  @Get(':id')
  @Permissions({ module: ModuleName.USER_MANAGEMENT, accessLevel: AccessLevel.VIEW })
  async findById(@Param('id', ParseUUIDPipe) id: string) {
    const data = await this.userService.findById(id);
    return successResponse(data, 'User fetched successfully');
  }

  @Post()
  @Permissions({ module: ModuleName.USER_MANAGEMENT, accessLevel: AccessLevel.CREATE })
  async create(@Body() dto: CreateUserDto) {
    const result = await this.userService.create(dto);
    return successResponse(result, result.message);
  }

  @Patch(':id')
  @Permissions({ module: ModuleName.USER_MANAGEMENT, accessLevel: AccessLevel.EDIT })
  async update(@Param('id', ParseUUIDPipe) id: string, @Body() dto: UpdateUserDto) {
    const result = await this.userService.update(id, dto);
    return successResponse(result, result.message);
  }

  @Patch(':id/toggle-status')
  @Permissions({ module: ModuleName.USER_MANAGEMENT, accessLevel: AccessLevel.EDIT })
  async toggleStatus(@Param('id', ParseUUIDPipe) id: string) {
    const result = await this.userService.toggleStatus(id);
    return successResponse(result, result.message);
  }

  @Patch(':id/reset-password')
  @Permissions({ module: ModuleName.USER_MANAGEMENT, accessLevel: AccessLevel.EDIT })
  async resetPassword(@Param('id', ParseUUIDPipe) id: string, @Body() dto: ResetPasswordDto) {
    const result = await this.userService.resetPassword(id, dto);
    return successResponse(result, result.message);
  }

  @Delete(':id')
  @Permissions({ module: ModuleName.USER_MANAGEMENT, accessLevel: AccessLevel.DELETE })
  async remove(@Param('id', ParseUUIDPipe) id: string) {
    const result = await this.userService.remove(id);
    return successResponse(result, result.message);
  }
}