package handler

import (
	"encoding/json"
	"net/http"

	"github.com/drone/drone/server/database"
	"github.com/drone/drone/server/session"
	"github.com/drone/drone/shared/model"
	"github.com/gorilla/pat"
)

type UsersHandler struct {
	users database.UserManager
	sess  session.Session
}

func NewUsersHandler(users database.UserManager, sess session.Session) *UsersHandler {
	return &UsersHandler{users, sess}
}

// GetUsers gets all users.
// GET /api/users
func (h *UsersHandler) GetUsers(w http.ResponseWriter, r *http.Request) error {
	// get the user form the session
	user := h.sess.User(r)
	if user == nil || !user.Admin {
		return notAuthorized{}
	}
	// get all users
	users, err := h.users.List()
	if err != nil {
		return internalServerError{err}
	}

	return json.NewEncoder(w).Encode(users)
}

// GetUser gets a user by hostname and login.
// GET /api/users/:host/:login
func (h *UsersHandler) GetUser(w http.ResponseWriter, r *http.Request) error {
	remote := r.FormValue(":host")
	login := r.FormValue(":login")

	// get the user form the session
	user := h.sess.User(r)
	if user == nil || !user.Admin {
		return notAuthorized{}
	}
	user, err := h.users.FindLogin(remote, login)
	if err != nil {
		return notFound{err}
	}

	return json.NewEncoder(w).Encode(user)
}

// PostUser registers a new user account.
// POST /api/users/:host/:login
func (h *UsersHandler) PostUser(w http.ResponseWriter, r *http.Request) error {
	remote := r.FormValue(":host")
	login := r.FormValue(":login")

	// get the user form the session
	user := h.sess.User(r)
	if user == nil || !user.Admin {
		return notAuthorized{}
	}

	account := model.NewUser(remote, login, "")
	if err := h.users.Insert(account); err != nil {
		return badRequest{err}
	}

	return json.NewEncoder(w).Encode(account)
}

// DeleteUser gets a user by hostname and login and deletes
// from the system.
//
// DELETE /api/users/:host/:login
func (h *UsersHandler) DeleteUser(w http.ResponseWriter, r *http.Request) error {
	remote := r.FormValue(":host")
	login := r.FormValue(":login")

	// get the user form the session
	user := h.sess.User(r)
	if user == nil || !user.Admin {
		return notAuthorized{}
	}
	account, err := h.users.FindLogin(remote, login)
	if err != nil {
		return notFound{err}
	}

	// user cannot delete his / her own account
	if account.ID == user.ID {
		return badRequest{}
	}

	if err := h.users.Delete(account); err != nil {
		return badRequest{err}
	}

	// return a 200 indicating deletion complete
	w.WriteHeader(http.StatusOK)
	return nil
}

func (h *UsersHandler) Register(r *pat.Router) {
	r.Delete("/v1/users/{host}/{login}", errorHandler(h.DeleteUser))
	r.Post("/v1/users/{host}/{login}", errorHandler(h.PostUser))
	r.Get("/v1/users/{host}/{login}", errorHandler(h.GetUser))
	r.Get("/v1/users", errorHandler(h.GetUsers))
}