<?php

namespace App\Command;

use App\Repository\UserRepository;
use Symfony\Component\Console\Attribute\AsCommand;
use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Input\InputArgument;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Output\OutputInterface;
use Symfony\Component\Console\Style\SymfonyStyle;

#[AsCommand(
    name: 'app:user:permissions',
    description: 'Zeigt die Berechtigungen eines Benutzers an',
)]
class UserPermissionsCommand extends Command
{
    public function __construct(
        private UserRepository $userRepository
    ) {
        parent::__construct();
    }

    protected function configure(): void
    {
        $this
            ->addArgument('email', InputArgument::REQUIRED, 'Email des Benutzers')
        ;
    }

    protected function execute(InputInterface $input, OutputInterface $output): int
    {
        $io = new SymfonyStyle($input, $output);
        $email = $input->getArgument('email');

        $user = $this->userRepository->findOneBy(['email' => $email]);

        if (!$user) {
            $io->error(sprintf('Benutzer mit Email "%s" nicht gefunden.', $email));
            return Command::FAILURE;
        }

        $io->title(sprintf('Berechtigungen für: %s (%s)', $user->getFullName(), $user->getEmail()));

        // Symfony Standard Roles
        $io->section('Symfony Roles');
        $io->listing($user->getRoles());

        // Zugewiesene Rollen
        $io->section('Zugewiesene Rollen');
        $roles = $user->getUserRoles();
        
        if ($roles->isEmpty()) {
            $io->note('Keine Rollen zugewiesen');
        } else {
            foreach ($roles as $role) {
                $io->text(sprintf('- %s (%s)', $role->getName(), $role->getDescription()));
            }
        }

        // Modul-Berechtigungen
        $io->section('Modul-Berechtigungen');
        
        $allPermissions = [];
        foreach ($roles as $role) {
            foreach ($role->getPermissions() as $permission) {
                $moduleCode = $permission->getModule()->getCode();
                $moduleName = $permission->getModule()->getName();
                
                if (!isset($allPermissions[$moduleCode])) {
                    $allPermissions[$moduleCode] = [
                        'name' => $moduleName,
                        'permissions' => []
                    ];
                }
                
                // Merge permissions (OR logic - wenn eine Rolle erlaubt, ist es erlaubt)
                if ($permission->canView()) $allPermissions[$moduleCode]['permissions']['view'] = true;
                if ($permission->canCreate()) $allPermissions[$moduleCode]['permissions']['create'] = true;
                if ($permission->canEdit()) $allPermissions[$moduleCode]['permissions']['edit'] = true;
                if ($permission->canDelete()) $allPermissions[$moduleCode]['permissions']['delete'] = true;
                if ($permission->canExport()) $allPermissions[$moduleCode]['permissions']['export'] = true;
                if ($permission->canManage()) $allPermissions[$moduleCode]['permissions']['manage'] = true;
            }
        }

        if (empty($allPermissions)) {
            $io->note('Keine Modul-Berechtigungen definiert');
        } else {
            $rows = [];
            foreach ($allPermissions as $moduleCode => $data) {
                $perms = [];
                if (isset($data['permissions']['view'])) $perms[] = '👁️ View';
                if (isset($data['permissions']['create'])) $perms[] = '➕ Create';
                if (isset($data['permissions']['edit'])) $perms[] = '✏️ Edit';
                if (isset($data['permissions']['delete'])) $perms[] = '🗑️ Delete';
                if (isset($data['permissions']['export'])) $perms[] = '📤 Export';
                if (isset($data['permissions']['manage'])) $perms[] = '⚙️ Manage';
                
                $rows[] = [
                    $data['name'],
                    $moduleCode,
                    implode(', ', $perms)
                ];
            }
            
            $io->table(['Modul', 'Code', 'Berechtigungen'], $rows);
        }

        $io->success('Berechtigungsübersicht erfolgreich angezeigt');

        return Command::SUCCESS;
    }
}