@page "/permissions"
@attribute [Authorize]
@inject IUserSessionService Session
@inject ISessionManager SessionMgr
@inject IElevationCoordinator Elevation
@inject IPermissionsService PermSvc
@inject CsvExportService CsvExport
@inject HtmlExportService HtmlExport
@inject WebExportService WebExport
@inject IAuditService Audit
@inject TranslationSource T
@rendermode InteractiveServer

<h1 class="page-title">@T["perm.title"]</h1>

@if (!Session.HasProfile) { <NoProfilePrompt /> return; }

<div class="card">
    <div class="card-title">@T["grp.scan.opts"]</div>
    <SitePicker Profile="Session.CurrentProfile!" @bind-SelectedSites="_sites" />
    <div class="form-row mt-8">
        <div class="form-group" style="flex:0 0 auto">
            <label class="form-label">@T["lbl.folder.depth"]</label>
            <input class="form-input" type="number" @bind="_folderDepth" min="0" max="999" style="width:80px" />
        </div>
        <div class="form-group" style="display:flex;align-items:center;gap:16px;padding-top:20px">
            <label><input type="checkbox" @bind="_includeInherited" /> @T["chk.inherited.perms"]<HelpTip Text="@T["help.inheritedPerms"]" /></label>
            <label><input type="checkbox" @bind="_scanFolders" /> @T["chk.scan.folders"]</label>
            <label><input type="checkbox" @bind="_includeSubsites" /> @T["chk.include.subsites"]<HelpTip Text="@T["help.subsites"]" /></label>
        </div>
    </div>
    <div class="flex-row mt-8">
        <button class="btn btn-primary" @onclick="RunScan" disabled="@_running">
            @(_running ? T["perm.btn.scanning"] : T["perm.btn.scan"])
        </button>
        @if (_running)
        {
            <button class="btn btn-secondary" @onclick="Cancel">@T["btn.cancel"]</button>
        }
    </div>
    <ProgressPanel IsRunning="_running" StatusMessage="@_status" Current="_current" Total="_total" />
</div>

@if (!string.IsNullOrEmpty(_error))
{
    <div class="alert alert-error">@_error</div>
}

@if (_results.Count > 0)
{
    <div class="card">
        <div class="flex-row">
            <div class="card-title">@T["perm.results"] <span class="count-badge">@_results.Count</span></div>
            <div class="spacer"></div>
            <MergeModeSelect Value="_mergeMode" ValueChanged="v => _mergeMode = v" Visible="_bySite.Count > 1" />
            <button class="btn btn-secondary btn-sm" @onclick="ExportCsv">@T["audit.btn.exportCsv"]</button>
            <button class="btn btn-secondary btn-sm" @onclick="ExportHtml">@T["audit.btn.exportHtml"]</button>
        </div>
        <div class="data-table-wrap">
            <table class="data-table">
                <thead>
                    <tr>
                        <th>@T["directory.col.type"]</th>
                        <th>@T["report.col.title"]</th>
                        <th>@T["perm.col.users"]</th>
                        <th>@T["perm.col.permission"]<HelpTip Text="@T["help.permissionLevel"]" /></th>
                        <th>@T["report.col.granted_through"]<HelpTip Text="@T["help.grantedThrough"]" /></th>
                    </tr>
                </thead>
                <tbody>
                    @foreach (var r in _results.Take(500))
                    {
                        <tr>
                            <td>@r.ObjectType</td>
                            <td title="@r.Url">@r.Title</td>
                            <td>@r.Users</td>
                            <td>@r.PermissionLevels</td>
                            <td>@r.GrantedThrough</td>
                        </tr>
                    }
                </tbody>
            </table>
        </div>
        @if (_results.Count > 500)
        {
            <div class="text-muted mt-8">@string.Format(T["perm.status.showing_first"], _results.Count)</div>
        }
    </div>
}

@code {
    private List<SiteInfo> _sites = new();
    private bool _includeInherited, _includeSubsites;
    private bool _scanFolders = true;
    private int _folderDepth = 1;
    private bool _running;
    private string _status = string.Empty;
    private string _error = string.Empty;
    private int _current, _total;
    private List<PermissionEntry> _results = new();
    private List<(string Label, IReadOnlyList<PermissionEntry> Results)> _bySite = new();
    private ReportMergeMode _mergeMode = ReportMergeMode.SingleMerged;
    private CancellationTokenSource? _cts;

    private async Task RunScan()
    {
        _error = string.Empty; _results = new(); _bySite = new(); _running = true;
        _cts = new CancellationTokenSource();
        if (_sites.Count == 0) { _error = T["err.no_sites_selected"]; _running = false; return; }
        var progress = new Progress<OperationProgress>(p => { _status = p.Message; _current = p.Current; _total = p.Total; InvokeAsync(StateHasChanged); });
        try
        {
            var opts = new ScanOptions(_includeInherited, _scanFolders, _folderDepth, _includeSubsites);
            var bySite = new List<(string, IReadOnlyList<PermissionEntry>)>();
            var flat = new List<PermissionEntry>();
            int i = 0;
            foreach (var site in _sites)
            {
                _cts.Token.ThrowIfCancellationRequested();
                _status = string.Format(T["perm.status.scanning_site"], site.Title, ++i, _sites.Count);
                await InvokeAsync(StateHasChanged);
                var entries = await Elevation.RunAsync(async c =>
                {
                    var ctx = await SessionMgr.GetOrCreateContextAsync(site.Url, Session.CurrentProfile!, c);
                    return await PermSvc.ScanSiteAsync(ctx, opts, progress, c);
                }, _cts.Token);
                bySite.Add((site.Title, entries));
                flat.AddRange(entries);
            }
            _bySite = bySite; _results = flat;
            _status = string.Format(T["perm.status.scan_complete"], _results.Count, _sites.Count);
            await Audit.LogAsync("PermissionsScan", Session.CurrentProfile?.Name ?? "", _sites.Select(s => s.Url),
                $"{_results.Count} entries; inherited={_includeInherited} folders={_scanFolders} depth={_folderDepth} subsites={_includeSubsites}");
        }
        catch (OperationCanceledException) { _status = T["status.cancelled"]; }
        catch (Exception ex) { _error = ex.Message; }
        finally { _running = false; await InvokeAsync(StateHasChanged); }
    }

    private void Cancel() => _cts?.Cancel();

    private async Task ExportCsv()
    {
        var ts = DateTime.Now.ToString("yyyyMMdd_HHmmss");
        var output = ReportMergeHelper.Build(_bySite, _mergeMode, "permissions", ts, ReportFormat.Csv,
            rs => CsvExport.BuildCsv(rs));
        await WebExport.DownloadBytesAsync(output.Bytes, output.FileName, output.Mime);
    }

    private async Task ExportHtml()
    {
        var ts = DateTime.Now.ToString("yyyyMMdd_HHmmss");
        var output = ReportMergeHelper.Build(_bySite, _mergeMode, "permissions", ts, ReportFormat.Html,
            rs => HtmlExport.BuildHtml(rs, Session.CurrentBranding));
        await WebExport.DownloadBytesAsync(output.Bytes, output.FileName, output.Mime);
    }
}