package org.gcube.data.access.storagehub.services;

import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.function.Predicate;
import java.util.stream.Collectors;

import javax.inject.Inject;
import javax.jcr.Node;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import javax.servlet.ServletContext;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;

import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.Query;
import org.apache.jackrabbit.api.security.user.QueryBuilder;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
import org.gcube.common.authorization.control.annotations.AuthorizationControl;
import org.gcube.common.gxrest.response.outbound.GXOutboundErrorResponse;
import org.gcube.common.storagehub.model.Excludes;
import org.gcube.common.storagehub.model.exceptions.BackendGenericError;
import org.gcube.common.storagehub.model.exceptions.IdNotFoundException;
import org.gcube.common.storagehub.model.exceptions.StorageHubException;
import org.gcube.common.storagehub.model.exceptions.UserNotAuthorizedException;
import org.gcube.common.storagehub.model.items.Item;
import org.gcube.common.storagehub.model.items.SharedFolder;
import org.gcube.data.access.storagehub.AuthorizationChecker;
import org.gcube.data.access.storagehub.Constants;
import org.gcube.data.access.storagehub.PathUtil;
import org.gcube.data.access.storagehub.StorageHubAppllicationManager;
import org.gcube.data.access.storagehub.Utils;
import org.gcube.data.access.storagehub.exception.MyAuthException;
import org.gcube.data.access.storagehub.handlers.CredentialHandler;
import org.gcube.data.access.storagehub.handlers.GroupHandler;
import org.gcube.data.access.storagehub.handlers.TrashHandler;
import org.gcube.data.access.storagehub.handlers.UnshareHandler;
import org.gcube.data.access.storagehub.handlers.items.builders.FolderCreationParameters;
import org.gcube.smartgears.annotations.ManagedBy;
import org.gcube.smartgears.utils.InnerMethodName;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path("users")
@ManagedBy(StorageHubAppllicationManager.class)
public class UserManager {

	private static final String INFRASTRUCTURE_MANAGER_ROLE = "Infrastructure-Manager";

	@Context ServletContext context;

	private static final Logger log = LoggerFactory.getLogger(UserManager.class);

	RepositoryInitializer repository = StorageHubAppllicationManager.repository;

	@Inject
	UnshareHandler unshareHandler;

	@Inject
	AuthorizationChecker authChecker;
	
	@Inject
	TrashHandler trashHandler;
	
	@Inject
	GroupHandler groupHandler;
		
	@Inject
	PathUtil pathUtil;
	
	@GET
	@Path("")
	@Produces(MediaType.APPLICATION_JSON)
	public List<String> getUsers(){

		InnerMethodName.instance.set("getUsers");

		JackrabbitSession session = null;
		List<String> users = null;
		try {
			session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));

			
			Iterator<Authorizable> result = session.getUserManager().findAuthorizables(new Query() {

				@Override
				public <T> void build(QueryBuilder<T> builder) {
					builder.setSelector(User.class);
				}
			});
			
			Set<String> usersSet= new HashSet<>();
			String adminUser = context.getInitParameter(Constants.ADMIN_PARAM_NAME);
			
			while (result.hasNext()) {
				Authorizable user = result.next();
				log.debug("user {} found",user.getPrincipal().getName());
				if (user.getPrincipal().getName().equals(adminUser)) continue;
				usersSet.add(user.getPrincipal().getName());
			}
			
			users = new ArrayList<>(usersSet);
			Collections.sort(users);
			
		}catch(Exception e) {
			log.error("jcr error getting users", e);
			GXOutboundErrorResponse.throwException(new BackendGenericError(e));
		} finally {
			if (session!=null)
				session.logout();
		}
		return users;
	}

	@GET
	@Path("{user}")
	public String getUser(@PathParam("user") String user){

		InnerMethodName.instance.set("getUser");

		JackrabbitSession session = null;
		try {
			session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));

			org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager();
			Authorizable authorizable = usrManager.getAuthorizable(user);

			if (authorizable != null && !authorizable.isGroup())
				return authorizable.getPrincipal().getName();

			log.debug("user {} not found", user);

		}catch(Exception e) {
			log.error("jcr error getting user", e);
			GXOutboundErrorResponse.throwException(new BackendGenericError(e));
		} finally {
			if (session!=null)
				session.logout();
		}

		GXOutboundErrorResponse.throwException(new IdNotFoundException(user));

		return null;
	}

	@POST
	@Path("")
	@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
	@AuthorizationControl(allowedRoles={INFRASTRUCTURE_MANAGER_ROLE}, exception=MyAuthException.class)
	public String createUser(@FormParam("user") String user, @FormParam("password") String password){

		InnerMethodName.instance.set("createUser");

		JackrabbitSession session = null;
		String userId = null;
		try {
			session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));


			org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager();

			User createdUser = usrManager.createUser(user, password);
			
			userId = createdUser.getID();

			Node homeNode = session.getNode("/Home");
			Node userHome = homeNode.addNode(user, "nthl:home");
			
			userHome.setProperty(Constants.HOME_VERSION_PROP, 1l);
			
			//creating workspace folder
			FolderCreationParameters wsFolderParameters = FolderCreationParameters.builder().name(Constants.WORKSPACE_ROOT_FOLDER_NAME).description("workspace of "+user).author(user).on(userHome.getIdentifier()).with(session).build();
			Utils.createFolderInternally(wsFolderParameters, null);
			//creating thrash folder
			FolderCreationParameters trashFolderParameters = FolderCreationParameters.builder().name(Constants.TRASH_ROOT_FOLDER_NAME).description("trash of "+user).author(user).on(userHome.getIdentifier()).with(session).build();
			Utils.createFolderInternally(trashFolderParameters,  null);
			//creating Vre container folder
			FolderCreationParameters vreFolderParameters = FolderCreationParameters.builder().name(Constants.PERSONAL_VRES_FOLDER_PARENT_NAME).description("vre folder container of "+user).author(user).on(userHome.getIdentifier()).with(session).build();
			Utils.createFolderInternally(vreFolderParameters, null);
			
			//creating inbox folder
			FolderCreationParameters inboxFolderParameters = FolderCreationParameters.builder().name(Constants.INBOX_FOLDER_NAME).description("inbox of "+user).author(user).on(userHome.getIdentifier()).with(session).build();
			Utils.createFolderInternally(inboxFolderParameters, null);
			
			//creating outbox folder
			FolderCreationParameters outboxFolderParameters = FolderCreationParameters.builder().name(Constants.OUTBOX_FOLDER_NAME).description("outbox of "+user).author(user).on(userHome.getIdentifier()).with(session).build();
			Utils.createFolderInternally(outboxFolderParameters, null);
			
			session.save();
		}catch(StorageHubException she ){
			log.error(she.getErrorMessage(), she);
			GXOutboundErrorResponse.throwException(she, Response.Status.fromStatusCode(she.getStatus()));
		}catch(RepositoryException re ){
			log.error("jcr error creating item", re);
			GXOutboundErrorResponse.throwException(new BackendGenericError("jcr error creating item", re));
		} finally {
			if (session!=null)
				session.logout();
		}

		return userId;
	}


	@DELETE
	@Path("{user}")
	@AuthorizationControl(allowedRoles={INFRASTRUCTURE_MANAGER_ROLE}, exception=MyAuthException.class)
	public String deleteUser(@PathParam("user") final String user){

		InnerMethodName.instance.set("deleteUser");

		JackrabbitSession session = null;
		try {

			session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));

			org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager();

			User authorizable = (User) usrManager.getAuthorizable(new PrincipalImpl(user));
			
			if (authorizable!=null)
				removeUserFromBelongingGroup(session, authorizable, usrManager);
			else log.warn("user was already deleted from jackrabbit, trying to delete folders");
			
			unshareUsersFolders(session, user);

			removeUserHomeAndDeleteFiles(session, user);
			
			//FINALIZE user removal
			if (authorizable!=null && !authorizable.isGroup()) {
				log.info("removing user {}", user);
				authorizable.remove();
			} else log.warn("the user {} was already deleted, it should never happen", user);
			
			session.save();
		}catch(StorageHubException she ){
			log.error(she.getErrorMessage(), she);
			GXOutboundErrorResponse.throwException(she, Response.Status.fromStatusCode(she.getStatus()));
		}catch(RepositoryException re ){
			log.error("jcr error creating item", re);
			GXOutboundErrorResponse.throwException(new BackendGenericError("jcr error creating item", re));
		} finally {
			if (session!=null)
				session.logout();
		}

		return user;
	}

	private void removeUserFromBelongingGroup(JackrabbitSession session, User authorizable, org.apache.jackrabbit.api.security.user.UserManager usrManager) throws RepositoryException, StorageHubException {
		Iterator<Authorizable> groups = session.getUserManager().findAuthorizables(new Query() {

			@Override
			public <T> void build(QueryBuilder<T> builder) {
				builder.setSelector(Group.class);
			}
		});
		
		
		
		String user = authorizable.getPrincipal().getName();
		while(groups.hasNext()) {
			Authorizable group = groups.next();
			log.info("group found {}", group.getPrincipal().getName() );
			if (group.isGroup() && ((Group)group).isMember(authorizable)) {
				
				boolean success = groupHandler.removeUserFromGroup(group.getPrincipal().getName(), user, session);
				log.warn("user {} {} removed from vre {}",user,success?"":"not" ,group.getPrincipal().getName());
			}
		}
	}
	
	private void unshareUsersFolders(JackrabbitSession session, String user){
		try {

			Node sharedFolderNode = session.getNode(Constants.SHARED_FOLDER_PATH);
			
			Predicate<Node> sharedWithUserChecker = new Predicate<Node>() {

				@Override
				public boolean test(Node t) {
					try {
						authChecker.checkReadAuthorizationControl(t.getSession(), user, t.getIdentifier());
						return true;								
					} catch (UserNotAuthorizedException | BackendGenericError | RepositoryException e) {
						return false;
					}
				}
			};
			
			List<SharedFolder> items = Utils.getItemList(sharedWithUserChecker, sharedFolderNode, Excludes.ALL, null, false, SharedFolder.class);
			
			log.debug(" Shared folder to unshare found are {}", items.size());
			
			for (SharedFolder item: items) {
				String title = item.getTitle();
				log.debug("in list folder name {} with title {} and path {} ",item.getName(), title, item.getPath());
				if (item.isPublicItem() && !item.getUsers().getMap().containsKey(user)) continue;
				if (item.isVreFolder()) continue;
				
				log.info("removing sharing for folder name {} with title {} and path {} ",item.getName(), title, item.getPath());
				String owner = item.getOwner();
				
				Set<String> usersToUnshare= owner.equals(user)? Collections.emptySet():Collections.singleton(user);

				try {
					unshareHandler.unshareForRemoval(session, usersToUnshare, session.getNodeByIdentifier(item.getId()), user);
				}catch (Throwable e) {
					log.warn("error unsharing folder with title '{}' and id {} ", title, item.getId(), e);
				}
			}
		} catch (Throwable t) {
			log.warn("error getting folder shared with {}",user, t);
		}
	}

	private void removeUserHomeAndDeleteFiles(JackrabbitSession session, String user) throws RepositoryException, StorageHubException {
		org.gcube.common.storagehub.model.Path homePath = pathUtil.getHome(user);
		org.gcube.common.storagehub.model.Path workspacePath = pathUtil.getWorkspacePath(user);
		org.gcube.common.storagehub.model.Path trashPath = pathUtil.getTrashPath(user, session);
		
		try {
			Node workspaceNode = session.getNode(workspacePath.toPath());
			List<Item> workspaceItems = Utils.getItemList(workspaceNode, Excludes.GET_ONLY_CONTENT, null, true, null).stream().filter(i -> !i.isShared()).collect(Collectors.toList());
			trashHandler.removeOnlyNodesContent(session, workspaceItems);
		} catch (PathNotFoundException e) {
			log.warn("{} workspace dir {} was already deleted", user, homePath.toPath());
		}	
		
		try {
			Node trashNode = session.getNode(trashPath.toPath());
			List<Item> trashItems = Utils.getItemList(trashNode, Excludes.ALL, null, true, null);
			trashHandler.removeOnlyNodesContent(session, trashItems);
		} catch (PathNotFoundException e) {
			log.warn("{} trash dir {} was already deleted", user, homePath.toPath());
		}
		
		try {
			Node homeNode = session.getNode(homePath.toPath());
			homeNode.remove();
		} catch (PathNotFoundException e) {
			log.warn("{} home dir {} was already deleted", user, homePath.toPath());
		}
	}
	
}