using System.Data;
using Insight.Database;
using PlanTempus.Database.Common;
using PlanTempus.Database.Core;

namespace PlanTempus.Database.Core.DCL
{

    /// <summary>
    /// Only a superadmin or similar can create Application Users
    /// </summary>
    public class SetupApplicationUser : IDbConfigure<SetupApplicationUser.Command>
    {
        public class Command
        {
            public required string Schema { get; init; }
            public required string User { get; init; }
            public required string Password { get; init; }
        }


        IDbConnection _db;
        Command _command;

        public SetupApplicationUser(IDbConnection db)
        {
            _db = db;
        }

        public void With(Command command)
        {
            _command = command;

            if (!Validations.IsValidSchemaName(_command.Schema))
                throw new ArgumentException("Invalid schema name", _command.Schema);

            using (var transaction = _db.OpenWithTransaction())
            {
                try
                {
                    CreateSchema();
                    CreateRole();
                    GrantSchemaRights();

                    transaction.Commit();
                }
                catch (Exception ex)
                {
                    transaction.Rollback();
                    throw new InvalidOperationException("Failed to SetupApplicationUser in Database", ex);
                }
            }

        }
        private void ExecuteSql(string sql)
        {
            _db.ExecuteSql(sql);
        }

        private void CreateSchema()
        {
            var sql = $"CREATE SCHEMA IF NOT EXISTS {_command.Schema}";
            ExecuteSql(sql);
        }

        private void CreateRole()
        {
            var sql = $@"
							DO $$ 
							BEGIN
							   IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = '{_command.User}') THEN
								   CREATE ROLE {_command.User} WITH CREATEDB CREATEROLE LOGIN PASSWORD '{_command.Password}';
							   END IF;
							END $$;";
            ExecuteSql(sql);

            var sql1 = $"ALTER ROLE {_command.User} SET search_path='{_command.Schema}';";
            ExecuteSql(sql1);
        }

        private void GrantSchemaRights()
        {
            // Grant USAGE og alle CREATE rettigheder på schema niveau
            var sql = $@"
						GRANT USAGE ON SCHEMA {_command.Schema} TO {_command.User};
						GRANT ALL ON SCHEMA {_command.Schema} TO {_command.User};";
            ExecuteSql(sql);

            // Grant rettigheder på eksisterende og fremtidige tabeller
            var sql1 = $"GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA {_command.Schema} TO {_command.User};";
            ExecuteSql(sql1);

            var sql2 = $"ALTER DEFAULT PRIVILEGES IN SCHEMA {_command.Schema} GRANT ALL PRIVILEGES ON TABLES TO {_command.User};";
            ExecuteSql(sql2);

            // Grant sequence rettigheder
            var sql3 = $"GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA {_command.Schema} TO {_command.User};";
            ExecuteSql(sql3);

            // Grant execute på functions
            var sql4 = $"GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA {_command.Schema} TO {_command.User};";
            ExecuteSql(sql4);

            // Grant for fremtidige functions
            var sql5 = $"ALTER DEFAULT PRIVILEGES IN SCHEMA {_command.Schema} GRANT EXECUTE ON FUNCTIONS TO {_command.User};";
            ExecuteSql(sql5);

            // Grant for fremtidige sequences
            var sql6 = $"ALTER DEFAULT PRIVILEGES IN SCHEMA {_command.Schema} GRANT USAGE ON SEQUENCES TO {_command.User};";
            ExecuteSql(sql6);
        }

    }
}