<?php

namespace plugin\admin\app\controller;

use plugin\admin\app\common\Auth;
use plugin\admin\app\common\Tree;
use plugin\admin\app\model\AdminRole;
use plugin\admin\app\model\AdminRule;
use support\exception\BusinessException;
use support\Request;
use support\Response;
use Throwable;

/**
 * 角色管理
 */
class AdminRoleController extends Crud
{
    /**
     * 不需要鉴权的方法
     * @var array
     */
    protected $noNeedAuth = ['select'];

    /**
     * @var AdminRole
     */
    protected $model = null;

    /**
     * 构造函数
     */
    function __construct()
    {
        $this->model = new AdminRole;
    }

    /**
     * 浏览
     * @return Response
     * @throws Throwable
     */
    public function index(Request $request): Response
    {
        return view('admin_role/index');
    }

    /**
     * 查询
     * @param Request $request
     * @return Response
     * @throws BusinessException
     */
    public function select(Request $request): Response
    {
        $id = $request->get('id');
        [$where, $format, $limit, $field, $order] = $this->selectInput($request);
        $limit = 100000;
        $role_ids = Auth::getScopeRoleIds(true);
        if (!$id) {
            $where['id'] = ['symbol'=>'in', 'value1'=>$role_ids];
        } elseif (!in_array($id, $role_ids)) {
            throw new BusinessException('无权限');
        }
        $query = $this->doSelect($where, $field, $order);
        return $this->doFormat($query, $format, $limit);
    }

    /**
     * 插入
     * @param Request $request
     * @return Response
     * @throws BusinessException
     * @throws Throwable
     */
    public function insert(Request $request): Response
    {
        if ($request->method() === 'POST') {
            $data = $this->insertInput($request);
            $pid = $data['pid'] ?? "";
            // if (!$pid) {
            //     return $this->fail('请选择父级角色组');
            // }
            if($pid){
                if (!Auth::isSuperAdmin() && !in_array($pid, Auth::getScopeRoleIds(true))) {
                    return $this->fail('父级角色组超出权限范围');
                }
                $this->checkRules($pid, $data['rules'] ?? '');
            }
            $id = $this->doInsert($data);
            return $this->success("操作成功", ['id' => $id]);
        }
        return view('admin_role/update',[
            'rolelist'=>    $this->model->select()
        ]);
    }

    /**
     * 更新
     * @param Request $request
     * @return Response
     * @throws BusinessException|Throwable
     */
    public function update(Request $request): Response
    {
        if ($request->method() === 'GET') {
            $ids = Request()->get('ids');
            return view('admin_role/update',[
                'rolelist'=>    $this->model->where('id','<>',$ids)->select(),
                'row'   =>  $this->model->whereIn('id',$ids)->findOrEmpty()
            ]);
        }
        [$id, $data] = $this->updateInput($request);
        $is_supper_admin = Auth::isSuperAdmin();
        $descendant_role_ids = Auth::getScopeRoleIds();
        if (!$is_supper_admin && !in_array($id, $descendant_role_ids)) {
            return $this->fail('无数据权限');
        }

        $role = AdminRole::find($id);
        if (!$role) {
            return $this->fail('数据不存在');
        }
        $is_supper_role = $role->rules === '*';

        // 超级角色组不允许更改rules pid 字段
        if ($is_supper_role) {
            unset($data['rules'], $data['pid']);
        }

        if (key_exists('pid', $data) && $data['pid']>0) {
            $pid = $data['pid'];
            if (!$pid) {
                return $this->fail('请选择父级角色组');
            }
            if ($pid == $id) {
                return $this->fail('父级不能是自己');
            }
            if (!$is_supper_admin && !in_array($pid, Auth::getScopeRoleIds(true))) {
                return $this->fail('父级超出权限范围');
            }
        } else {
            $pid = $role->pid;
        }
        $data['rules'] = explode(',',$data['rules']);
        sort($data['rules']);
        if(count($data['rules'])>0 && $data['rules'][0] == 0){
            array_shift($data['rules']);
        }
        $data['rules'] = implode(',',$data['rules']);
        if (!$is_supper_role) {
            $this->checkRules($pid, $data['rules'] ?? '');
        }

        $this->doUpdate($id, $data);

        // 删除所有子角色组中已经不存在的权限
        if (!$is_supper_role) {
            $tree = new Tree(AdminRole::Field(['id', 'pid'])->select());
            $descendant_roles = $tree->getDescendant([$id]);
            $descendant_role_ids = array_column($descendant_roles, 'id');
            $rule_ids = $data['rules'] ? explode(',', $data['rules']) : [];
            foreach ($descendant_role_ids as $role_id) {
                $tmp_role = AdminRole::find($role_id);
                $tmp_rule_ids = $role->getRuleIds();
                $tmp_rule_ids = array_intersect(explode(',',$tmp_role->rules), $tmp_rule_ids);
                $tmp_role->rules = implode(',', $tmp_rule_ids);
                $tmp_role->save();
            }
        }

        return $this->success("操作成功");
    }

    /**
     * 删除
     * @param Request $request
     * @return Response
     * @throws BusinessException
     */
    public function delete(Request $request): Response
    {
        $ids = $this->deleteInput($request);
        if (in_array(1, $ids)) {
            return $this->fail('无法删除超级管理员角色');
        }
        if (!Auth::isSuperAdmin() && array_diff($ids, Auth::getScopeRoleIds())) {
            return $this->fail('无删除权限');
        }
        $tree = new Tree(AdminRole::select());
        $descendants = $tree->getDescendant($ids);
        if ($descendants) {
            $ids = array_merge($ids, array_column($descendants, 'id'));
        }
        $this->doDelete($ids);
        return $this->success("操作成功");
    }

    /**
     * 获取角色权限
     * @param Request $request
     * @return Response
     */
    public function rules(Request $request): Response
    {
        $role_id = $request->get('id');
        if (empty($role_id)) {
            return $this->success("操作成功", []);
        }
        if (!Auth::isSuperAdmin() && !in_array($role_id, Auth::getScopeRoleIds(true))) {
            return $this->fail('角色组超出权限范围');
        }
        $rule_id_string = AdminRole::where('id', $role_id)->value('rules');
        if ($rule_id_string === '') {
            return $this->success("操作成功", []);
        }
        $rules = AdminRule::select();
        $include = [];
        if ($rule_id_string !== '*') {
            $include = explode(',', $rule_id_string);
        }
        $items = [];
        foreach ($rules as $item) {
            $items[] = [
                'name' => $item->title ?? $item->name ?? $item->id,
                'value' => (string)$item->id,
                'id' => $item->id,
                'pid' => $item->pid,
            ];
        }
        $tree = new Tree($items);
        return $this->success("操作成功", $tree->getTree($include));
    }

    /**
     * 检查权限字典是否合法
     * @param int $role_id
     * @param $rule_ids
     * @return void
     * @throws BusinessException
     */
    protected function checkRules(int|string|null $role_id, $rule_ids)
    {
        if ($rule_ids && $role_id>0) {
            $rule_ids = explode(',', $rule_ids);
            if (in_array('*', $rule_ids)) {
                throw new BusinessException('非法数据');
            }
            $rule_exists = AdminRule::whereIn('id', $rule_ids)->column('id');
            $rule_ids = $rule_exists;
            // if (count($rule_exists) != count($rule_ids)) {
            //     throw new BusinessException('权限不存在');
            // }
            $rule_id_string = AdminRole::where('id', $role_id)->value('rules');
            if ($rule_id_string === '') {
                throw new BusinessException('数据超出权限范围');
            }
            if ($rule_id_string === '*') {
                return;
            }
            $legal_rule_ids = explode(',', $rule_id_string);
            if (array_diff($rule_ids, $legal_rule_ids)) {
                throw new BusinessException('数据超出权限范围');
            }
        }
    }
    public function tree(Request $request): Response
    {
        $id = $request->post('id');
        $pid = $request->post('pid');
        //$is_supper_admin = Auth::isSuperAdmin();
        $parent_rules = '*';
        if($pid){
            $parent_rules = AdminRole::where('id', $pid)->value('rules') ?:'*';
        }
        $m = AdminRule::where('status',1)
            ->Field('id,title as text,pid as parent,"menu" as type')
            ->order('parent asc ,id asc');
        if($parent_rules == '*'){
            $rules = $m->select();
        }else{
            $rules = $m->whereIn('id', $parent_rules)->select();
        }
        $selected_ids = '';
        if($id){
            $selected_ids = AdminRole::where('id', $id)->value('rules');
        }
        if($selected_ids == '*'){
            $rules->each(function($item){
                $item->state = ['selected'=>false];
                return $item;
            });
        }else{
            $selected_ids = explode(',',$selected_ids);
            $rules->each(function($item)use($selected_ids){
                $item->state = [
                    'selected'=>in_array($item->id, $selected_ids)
                ];
                return $item;
            });
        }
        $rules->push([
            'id'        =>  0,
            'parent'    => '#',
            'text'      => '全部',
            'type'      => 'menu',
        ]);

        return $this->success('ok',$rules);
    }

}