@page "/user-audit"
@attribute [Authorize]
@inject IUserSessionService Session
@inject ISessionManager SessionMgr
@inject IUserAccessAuditService AuditSvc
@inject UserAccessCsvExportService CsvExport
@inject UserAccessHtmlExportService HtmlExport
@inject WebExportService WebExport
@rendermode InteractiveServer

<h1 class="page-title">User Access Audit</h1>
<p class="page-subtitle">Find all permissions for one or more users across multiple sites.</p>

@if (!Session.HasProfile) { <NoProfilePrompt /> return; }

<div class="card">
    <div class="form-row">
        <div class="form-group" style="flex:2">
            <label class="form-label">Users (emails, one per line)</label>
            <textarea class="form-textarea" @bind="_users" placeholder="alice@contoso.com&#10;bob@contoso.com" rows="3"></textarea>
        </div>
        <div class="form-group" style="flex:2">
            <label class="form-label">Site URLs (one per line)</label>
            <textarea class="form-textarea" @bind="_sites" placeholder="@Session.CurrentProfile!.TenantUrl" rows="3"></textarea>
        </div>
    </div>
    <div class="form-row">
        <div class="form-group" style="display:flex;align-items:center;gap:16px;padding-top:20px">
            <label><input type="checkbox" @bind="_includeInherited" /> Include inherited</label>
            <label><input type="checkbox" @bind="_scanFolders" /> Scan folders</label>
            <label><input type="checkbox" @bind="_includeSubsites" /> Include subsites</label>
        </div>
    </div>
    <div class="flex-row mt-8">
        <button class="btn btn-primary" @onclick="RunAudit" disabled="@_running">
            @(_running ? "Auditing…" : "Audit Users")
        </button>
        @if (_running) { <button class="btn btn-secondary" @onclick="Cancel">Cancel</button> }
    </div>
    <ProgressPanel IsRunning="_running" StatusMessage="@_status" Current="_current" Total="_total" />
</div>

@if (!string.IsNullOrEmpty(_error)) { <div class="alert alert-error">@_error</div> }

@if (_results.Count > 0)
{
    <div class="card">
        <div class="flex-row">
            <div class="card-title">Audit Results <span class="count-badge">@_results.Count</span></div>
            <div class="spacer"></div>
            <button class="btn btn-secondary btn-sm" @onclick="ExportCsv">Export CSV</button>
            <button class="btn btn-secondary btn-sm" @onclick="ExportHtml">Export HTML</button>
        </div>
        <div class="data-table-wrap">
            <table class="data-table">
                <thead><tr><th>User</th><th>Site</th><th>Object</th><th>Permission</th><th>Access Type</th><th>Granted Through</th></tr></thead>
                <tbody>
                    @foreach (var r in _results.Take(500))
                    {
                        <tr>
                            <td>@r.UserDisplayName</td>
                            <td>@r.SiteTitle</td>
                            <td>@r.ObjectTitle <span class="text-muted">(@r.ObjectType)</span></td>
                            <td>@r.PermissionLevel @if (r.IsHighPrivilege) { <span class="chip chip-red">High</span> }</td>
                            <td>@r.AccessType</td>
                            <td>@r.GrantedThrough</td>
                        </tr>
                    }
                </tbody>
            </table>
        </div>
        @if (_results.Count > 500) { <div class="text-muted mt-8">Showing first 500. Export for full results.</div> }
    </div>
}

@code {
    private string _users = string.Empty, _sites = string.Empty;
    private bool _includeInherited, _includeSubsites, _scanFolders = true;
    private bool _running; private string _status = string.Empty, _error = string.Empty;
    private int _current, _total;
    private List<UserAccessEntry> _results = new();
    private CancellationTokenSource? _cts;

    private async Task RunAudit()
    {
        _error = string.Empty; _results.Clear(); _running = true;
        _cts = new CancellationTokenSource();
        var userList = _users.Split('\n', StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries).ToList();
        var siteList = _sites.Split('\n', StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries)
            .Select(u => new SiteInfo(u, u.TrimEnd('/').Split('/').Last())).ToList();
        if (!siteList.Any()) siteList.Add(new SiteInfo(Session.CurrentProfile!.TenantUrl, Session.CurrentProfile.Name));
        var progress = new Progress<OperationProgress>(p => { _status = p.Message; _current = p.Current; _total = p.Total; InvokeAsync(StateHasChanged); });
        try
        {
            var opts = new ScanOptions(_includeInherited, _scanFolders, 1, _includeSubsites);
            _results = (await AuditSvc.AuditUsersAsync(SessionMgr, Session.CurrentProfile!, userList, siteList, opts, progress, _cts.Token)).ToList();
            _status = $"Found {_results.Count} access entries.";
        }
        catch (OperationCanceledException) { _status = "Cancelled."; }
        catch (Exception ex) { _error = ex.Message; }
        finally { _running = false; await InvokeAsync(StateHasChanged); }
    }

    private void Cancel() => _cts?.Cancel();
    private async Task ExportCsv() { await WebExport.DownloadCsvAsync(CsvExport.BuildCsv(_results.FirstOrDefault()?.UserDisplayName ?? "Users", _results.FirstOrDefault()?.UserLogin ?? "", _results), $"user_audit_{DateTime.Now:yyyyMMdd_HHmmss}.csv"); }
    private async Task ExportHtml() { await WebExport.DownloadHtmlAsync(HtmlExport.BuildHtml(_results, branding: Session.CurrentBranding), $"user_audit_{DateTime.Now:yyyyMMdd_HHmmss}.html"); }
}