@page "/permissions"
@attribute [Authorize]
@inject IUserSessionService Session
@inject ISessionManager SessionMgr
@inject IElevationCoordinator Elevation
@inject IPermissionsService PermSvc
@inject CsvExportService CsvExport
@inject HtmlExportService HtmlExport
@inject WebExportService WebExport
@inject IAuditService Audit
@rendermode InteractiveServer

<h1 class="page-title">Permissions Audit</h1>

@if (!Session.HasProfile) { <NoProfilePrompt /> return; }

<div class="card">
    <div class="card-title">Scan Options</div>
    <SitePicker Profile="Session.CurrentProfile!" @bind-SelectedSites="_sites" />
    <div class="form-row mt-8">
        <div class="form-group" style="flex:0 0 auto">
            <label class="form-label">Folder Depth</label>
            <input class="form-input" type="number" @bind="_folderDepth" min="0" max="999" style="width:80px" />
        </div>
        <div class="form-group" style="display:flex;align-items:center;gap:16px;padding-top:20px">
            <label><input type="checkbox" @bind="_includeInherited" /> Include inherited</label>
            <label><input type="checkbox" @bind="_scanFolders" /> Scan folders</label>
            <label><input type="checkbox" @bind="_includeSubsites" /> Include subsites</label>
        </div>
    </div>
    <div class="flex-row mt-8">
        <button class="btn btn-primary" @onclick="RunScan" disabled="@_running">
            @(_running ? "Scanning…" : "Scan Sites")
        </button>
        @if (_running)
        {
            <button class="btn btn-secondary" @onclick="Cancel">Cancel</button>
        }
    </div>
    <ProgressPanel IsRunning="_running" StatusMessage="@_status" Current="_current" Total="_total" />
</div>

@if (!string.IsNullOrEmpty(_error))
{
    <div class="alert alert-error">@_error</div>
}

@if (_results.Count > 0)
{
    <div class="card">
        <div class="flex-row">
            <div class="card-title">Results <span class="count-badge">@_results.Count</span></div>
            <div class="spacer"></div>
            <MergeModeSelect Value="_mergeMode" ValueChanged="v => _mergeMode = v" Visible="_bySite.Count > 1" />
            <button class="btn btn-secondary btn-sm" @onclick="ExportCsv">Export CSV</button>
            <button class="btn btn-secondary btn-sm" @onclick="ExportHtml">Export HTML</button>
        </div>
        <div class="data-table-wrap">
            <table class="data-table">
                <thead>
                    <tr>
                        <th>Type</th>
                        <th>Title</th>
                        <th>Users</th>
                        <th>Permission</th>
                        <th>Granted Through</th>
                    </tr>
                </thead>
                <tbody>
                    @foreach (var r in _results.Take(500))
                    {
                        <tr>
                            <td>@r.ObjectType</td>
                            <td title="@r.Url">@r.Title</td>
                            <td>@r.Users</td>
                            <td>@r.PermissionLevels</td>
                            <td>@r.GrantedThrough</td>
                        </tr>
                    }
                </tbody>
            </table>
        </div>
        @if (_results.Count > 500)
        {
            <div class="text-muted mt-8">Showing first 500 of @_results.Count rows. Export for full results.</div>
        }
    </div>
}

@code {
    private List<SiteInfo> _sites = new();
    private bool _includeInherited, _includeSubsites;
    private bool _scanFolders = true;
    private int _folderDepth = 1;
    private bool _running;
    private string _status = string.Empty;
    private string _error = string.Empty;
    private int _current, _total;
    private List<PermissionEntry> _results = new();
    private List<(string Label, IReadOnlyList<PermissionEntry> Results)> _bySite = new();
    private ReportMergeMode _mergeMode = ReportMergeMode.SingleMerged;
    private CancellationTokenSource? _cts;

    private async Task RunScan()
    {
        _error = string.Empty; _results = new(); _bySite = new(); _running = true;
        _cts = new CancellationTokenSource();
        if (_sites.Count == 0) { _error = "Please select at least one site."; _running = false; return; }
        var progress = new Progress<OperationProgress>(p => { _status = p.Message; _current = p.Current; _total = p.Total; InvokeAsync(StateHasChanged); });
        try
        {
            var opts = new ScanOptions(_includeInherited, _scanFolders, _folderDepth, _includeSubsites);
            var bySite = new List<(string, IReadOnlyList<PermissionEntry>)>();
            var flat = new List<PermissionEntry>();
            int i = 0;
            foreach (var site in _sites)
            {
                _cts.Token.ThrowIfCancellationRequested();
                _status = $"Scanning {site.Title} ({++i}/{_sites.Count})…";
                await InvokeAsync(StateHasChanged);
                var entries = await Elevation.RunAsync(async c =>
                {
                    var ctx = await SessionMgr.GetOrCreateContextAsync(site.Url, Session.CurrentProfile!, c);
                    return await PermSvc.ScanSiteAsync(ctx, opts, progress, c);
                }, _cts.Token);
                bySite.Add((site.Title, entries));
                flat.AddRange(entries);
            }
            _bySite = bySite; _results = flat;
            _status = $"Scan complete: {_results.Count} entries across {_sites.Count} site(s).";
            await Audit.LogAsync("PermissionsScan", Session.CurrentProfile?.Name ?? "", _sites.Select(s => s.Url),
                $"{_results.Count} entries; inherited={_includeInherited} folders={_scanFolders} depth={_folderDepth} subsites={_includeSubsites}");
        }
        catch (OperationCanceledException) { _status = "Cancelled."; }
        catch (Exception ex) { _error = ex.Message; }
        finally { _running = false; await InvokeAsync(StateHasChanged); }
    }

    private void Cancel() => _cts?.Cancel();

    private async Task ExportCsv()
    {
        var ts = DateTime.Now.ToString("yyyyMMdd_HHmmss");
        var output = ReportMergeHelper.Build(_bySite, _mergeMode, "permissions", ts, ReportFormat.Csv,
            rs => CsvExport.BuildCsv(rs));
        await WebExport.DownloadBytesAsync(output.Bytes, output.FileName, output.Mime);
    }

    private async Task ExportHtml()
    {
        var ts = DateTime.Now.ToString("yyyyMMdd_HHmmss");
        var output = ReportMergeHelper.Build(_bySite, _mergeMode, "permissions", ts, ReportFormat.Html,
            rs => HtmlExport.BuildHtml(rs, Session.CurrentBranding));
        await WebExport.DownloadBytesAsync(output.Bytes, output.FileName, output.Mime);
    }
}