// this is basically a demo on roles
// level 0 can't access the users endpoint at all
// level 1 has read permissions
// level 2 has modify permissions

using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;

using agologumApi.Models;
using agologumApi.Services;

[ApiController]
[Route("api/[controller]")]
public class UsersController : ControllerBase {

    private readonly UserService service_;

    public UsersController(UserService service) {
        service_ = service;
    }

    [Authorize(Policy = "SensitiveDataRead")]
    [HttpGet]
    public async Task<ActionResult<List<User>>> getUsers() {
        List<User> rawArray = await service_.GetAll();

        List<UserDto> dtoArray = new List<UserDto>();

        foreach(User user in rawArray) {
            // TODO: can you operator overload a cast? if so cast<UserDto>(UserDto) would go hard
            // if not then just a new custom cast function that returns a dto type will do
            UserDto newDto = new UserDto{
                CreatedAt = user.CreatedAt,
                Email = user.Email,
                Id = user.Id,
                UserName = user.UserName
            };
            dtoArray.Add(newDto);
        }

        return Ok(dtoArray);
    }

    [Authorize(Policy = "SensitiveDataRead")]
    [HttpGet("{id:int}")]
    public async Task<ActionResult<User>> getUser(string id) {

        var user = await service_.GetById(id);

        if (user == null) return NotFound();

        UserDto newDto = new UserDto{
            CreatedAt = user.CreatedAt,
            Email = user.Email,
            Id = user.Id,
            UserName = user.UserName
        };

        return Ok(newDto);
    }

    [Authorize(Policy = "SensitiveDataModify")]
    [HttpDelete("{id}")]
    public async Task<ActionResult> deleteUser(string id) {

        var success = await service_.Delete(id);

        if (!success) return NotFound();

        return NoContent();
    }
}