@page "/permissions"
@attribute [Authorize]
@inject IUserSessionService Session
@inject ISessionManager SessionMgr
@inject IElevationCoordinator Elevation
@inject IPermissionsService PermSvc
@inject CsvExportService CsvExport
@inject HtmlExportService HtmlExport
@inject WebExportService WebExport
@rendermode InteractiveServer

<h1 class="page-title">Permissions Audit</h1>

@if (!Session.HasProfile) { <NoProfilePrompt /> return; }

<div class="card">
    <div class="card-title">Scan Options</div>
    <div class="form-row">
        <div class="form-group">
            <label class="form-label">Site URL</label>
            <input class="form-input" @bind="_siteUrl" placeholder="@Session.CurrentProfile!.TenantUrl" />
        </div>
    </div>
    <div class="form-row">
        <div class="form-group" style="flex:0 0 auto">
            <label class="form-label">Folder Depth</label>
            <input class="form-input" type="number" @bind="_folderDepth" min="0" max="999" style="width:80px" />
        </div>
        <div class="form-group" style="display:flex;align-items:center;gap:16px;padding-top:20px">
            <label><input type="checkbox" @bind="_includeInherited" /> Include inherited</label>
            <label><input type="checkbox" @bind="_scanFolders" /> Scan folders</label>
            <label><input type="checkbox" @bind="_includeSubsites" /> Include subsites</label>
        </div>
    </div>
    <div class="flex-row mt-8">
        <button class="btn btn-primary" @onclick="RunScan" disabled="@_running">
            @(_running ? "Scanning…" : "Scan Site")
        </button>
        @if (_running)
        {
            <button class="btn btn-secondary" @onclick="Cancel">Cancel</button>
        }
    </div>
    <ProgressPanel IsRunning="_running" StatusMessage="_status" Current="_current" Total="_total" />
</div>

@if (!string.IsNullOrEmpty(_error))
{
    <div class="alert alert-error">@_error</div>
}

@if (_results.Count > 0)
{
    <div class="card">
        <div class="flex-row">
            <div class="card-title">Results <span class="count-badge">@_results.Count</span></div>
            <div class="spacer"></div>
            <button class="btn btn-secondary btn-sm" @onclick="ExportCsv">Export CSV</button>
            <button class="btn btn-secondary btn-sm" @onclick="ExportHtml">Export HTML</button>
        </div>
        <div class="data-table-wrap">
            <table class="data-table">
                <thead>
                    <tr>
                        <th>Type</th>
                        <th>Title</th>
                        <th>Users</th>
                        <th>Permission</th>
                        <th>Granted Through</th>
                    </tr>
                </thead>
                <tbody>
                    @foreach (var r in _results.Take(500))
                    {
                        <tr>
                            <td>@r.ObjectType</td>
                            <td title="@r.Url">@r.Title</td>
                            <td>@r.Users</td>
                            <td>@r.PermissionLevels</td>
                            <td>@r.GrantedThrough</td>
                        </tr>
                    }
                </tbody>
            </table>
        </div>
        @if (_results.Count > 500)
        {
            <div class="text-muted mt-8">Showing first 500 of @_results.Count rows. Export for full results.</div>
        }
    </div>
}

@code {
    private string _siteUrl = string.Empty;
    private bool _includeInherited, _includeSubsites;
    private bool _scanFolders = true;
    private int _folderDepth = 1;
    private bool _running;
    private string _status = string.Empty;
    private string _error = string.Empty;
    private int _current, _total;
    private List<PermissionEntry> _results = new();
    private CancellationTokenSource? _cts;

    private async Task RunScan()
    {
        _error = string.Empty; _results.Clear(); _running = true;
        _cts = new CancellationTokenSource();
        var siteUrl = string.IsNullOrWhiteSpace(_siteUrl) ? Session.CurrentProfile!.TenantUrl : _siteUrl.Trim();
        var progress = new Progress<OperationProgress>(p => { _status = p.Message; _current = p.Current; _total = p.Total; InvokeAsync(StateHasChanged); });
        try
        {
            var opts = new ScanOptions(_includeInherited, _scanFolders, _folderDepth, _includeSubsites);
            _results = (await Elevation.RunAsync(async c =>
            {
                var ctx = await SessionMgr.GetOrCreateContextAsync(siteUrl, Session.CurrentProfile!, c);
                return await PermSvc.ScanSiteAsync(ctx, opts, progress, c);
            }, _cts.Token)).ToList();
            _status = $"Scan complete: {_results.Count} entries found.";
        }
        catch (OperationCanceledException) { _status = "Cancelled."; }
        catch (Exception ex) { _error = ex.Message; }
        finally { _running = false; await InvokeAsync(StateHasChanged); }
    }

    private void Cancel() => _cts?.Cancel();

    private async Task ExportCsv()
    {
        var csv = CsvExport.BuildCsv(_results);
        await WebExport.DownloadCsvAsync(csv, $"permissions_{DateTime.Now:yyyyMMdd_HHmmss}.csv");
    }

    private async Task ExportHtml()
    {
        var html = HtmlExport.BuildHtml(_results);
        await WebExport.DownloadHtmlAsync(html, $"permissions_{DateTime.Now:yyyyMMdd_HHmmss}.html");
    }
}