package com.label.controller;

import java.util.Map;

import org.apache.shiro.authz.annotation.RequiresRoles;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.PutMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

import com.label.common.result.PageResult;
import com.label.common.result.Result;
import com.label.common.shiro.TokenPrincipal;
import com.label.entity.SysUser;
import com.label.service.UserService;

import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.tags.Tag;
import jakarta.servlet.http.HttpServletRequest;
import lombok.RequiredArgsConstructor;

/**
 * 用户管理接口（5 个端点，全部 ADMIN 权限）。
 */
@Tag(name = "用户管理", description = "管理员维护公司用户")
@RestController
@RequestMapping("/api/users")
@RequiredArgsConstructor
public class UserController {

    private final UserService userService;

    /** GET /api/users — 分页查询用户列表 */
    @Operation(summary = "分页查询用户列表")
    @GetMapping
    @RequiresRoles("ADMIN")
    public Result<PageResult<SysUser>> listUsers(
            @RequestParam(defaultValue = "1") int page,
            @RequestParam(defaultValue = "20") int pageSize,
            HttpServletRequest request) {
        return Result.success(userService.listUsers(page, pageSize, principal(request)));
    }

    /** POST /api/users — 创建用户 */
    @Operation(summary = "创建用户")
    @PostMapping
    @RequiresRoles("ADMIN")
    public Result<SysUser> createUser(@RequestBody Map<String, String> body,
            HttpServletRequest request) {
        return Result.success(userService.createUser(
                body.get("username"),
                body.get("password"),
                body.get("realName"),
                body.get("role"),
                principal(request)));
    }

    /** PUT /api/users/{id} — 更新用户基本信息 */
    @Operation(summary = "更新用户基本信息")
    @PutMapping("/{id}")
    @RequiresRoles("ADMIN")
    public Result<SysUser> updateUser(@PathVariable Long id,
            @RequestBody Map<String, String> body,
            HttpServletRequest request) {
        return Result.success(userService.updateUser(
                id,
                body.get("realName"),
                body.get("password"),
                principal(request)));
    }

    /** PUT /api/users/{id}/status — 变更用户状态 */
    @Operation(summary = "变更用户状态", description = "status：ACTIVE、DISABLED")
    @PutMapping("/{id}/status")
    @RequiresRoles("ADMIN")
    public Result<Void> updateStatus(@PathVariable Long id,
            @RequestBody Map<String, String> body,
            HttpServletRequest request) {
        userService.updateStatus(id, body.get("status"), principal(request));
        return Result.success(null);
    }

    /** PUT /api/users/{id}/role — 变更用户角色 */
    @Operation(summary = "变更用户角色", description = "role：ADMIN、UPLOADER、VIEWER")
    @PutMapping("/{id}/role")
    @RequiresRoles("ADMIN")
    public Result<Void> updateRole(@PathVariable Long id,
            @RequestBody Map<String, String> body,
            HttpServletRequest request) {
        userService.updateRole(id, body.get("role"), principal(request));
        return Result.success(null);
    }

    private TokenPrincipal principal(HttpServletRequest request) {
        return (TokenPrincipal) request.getAttribute("__token_principal__");
    }
}