package casbin

import (
	"encoding/json"
	"strconv"
	"strings"

	"dashoo.cn/backend/api/business/role"

	. "dashoo.cn/backend/api/controllers"
	"dashoo.cn/business2/district"
	"dashoo.cn/business2/module"
	"dashoo.cn/business2/organize"
	"dashoo.cn/business2/permission"
	"dashoo.cn/business2/userRole"
	"dashoo.cn/utils"
	"github.com/astaxie/beego"
)

type RoleController struct {
	BaseController
}

type RolePowerAjaxModel struct {
	Module        []module.ModuleSimplify
	Selectemodule []module.ModuleSimplify
}

type RolePerAjaxModel struct {
	Operation        []permission.Base_Permissionstrtree
	Selecteoperation []permission.Base_Permissionstrtree
}
type OrganizeAjaxModel struct {
	Organize         []organize.Base_Organizetree
	SelectedOrganize []organize.Base_Organizetree
}
type DistrictAjaxModel struct {
	District         []district.Base_Districttree
	SelectedDistrict []district.Base_Districttree
}

// @Title 角色列表
// @Description 获取角色列表
// @Success 200 {object} controllers.Request
// @router /list [get]
func (this *RoleController) RoleList() {
	svc := role.GetRoleService(utils.DBE)
	var roles []userRole.Base_Role
	page := this.GetPageInfoForm()
	searchkey := this.GetString("keyword")
	where := "IsVisible=1"
	if searchkey != "" {
		where = where + " and Realname like '%" + searchkey + "%'"
	}
	svrUser := userRole.GetUserService(utils.DBE)
	rids := svrUser.GetUserRoleIds(this.User.Id)
	permisvc := permission.GetPermissionService(utils.DBE)
	if permisvc.IsAdmin(this.User.Id) == false{
		var roleofrole string
		for i:=0; i<len(rids); i++ {
			roleofrole += permisvc.GetManRoleForRole(rids[i])+ ","
		}
		roleofrole = strings.Trim(roleofrole, ",")
		where = where + " and Id in (" + roleofrole + ")"
	}
	total := svc.GetRoleList(page.CurrentPage, page.Size, "CreateOn", utils.ToStr(this.User.Id), &roles, where)
	var datainfo DataInfo
	datainfo.Items = roles
	datainfo.CurrentItemCount = total
	this.Data["json"] = &datainfo
	this.ServeJSON()
}

// @Title 角色列表
// @Description 获取角色列表
// @Success 200 {object} controllers.Request
// @router /alllist [get]
func (this *RoleController) RoleAllList() {
	svc := role.GetRoleService(utils.DBE)
	var roles []userRole.Base_Role
	page := this.GetPageInfoForm()
	searchkey := this.GetString("keyword")
	where := "IsVisible=1"
	if searchkey != "" {
		where = where + " and Realname like '%" + searchkey + "%'"
	}
	total := svc.GetRoleList(page.CurrentPage, page.Size, "CreateOn", utils.ToStr(this.User.Id), &roles, where)
	var datainfo DataInfo
	datainfo.Items = roles
	datainfo.CurrentItemCount = total
	this.Data["json"] = &datainfo
	this.ServeJSON()
}

// @Title 获得用户角色id
// @Description 获得用户角色id
// @Success	200	{object} controllers.Request
// @router /getmanagerole/:id [get]
func (this *RoleController) GetManRole() {
	userid := this.Ctx.Input.Param(":id")
	svc := permission.GetPermissionService(utils.DBE)
	roleofrole := svc.GetManRoleForRole("rid_"+userid)
	roleid := strings.Split(roleofrole, ",")
	this.Data["json"] = &roleid
	this.ServeJSON()
}

// @Title 权限
// @Description 获取菜单操作权限
// @Success 200 {object} controllers.Request
// @router /getpower [get]
func (this *RoleController) GetRolePowerAjax() {
	id := this.GetString("id")
	svc := permission.GetPermissionService(utils.DBE)
	currentuser := this.User
	userid := utils.ToStr(currentuser.Id)

	ztreecurrentusernodesmodu := svc.GetModuleAll(userid, "30")
	ztreeselectedusernodesmodu := svc.GetModuleTreeAllByRole(id, "30")
	rest := RolePowerAjaxModel{ztreecurrentusernodesmodu, ztreeselectedusernodesmodu}
	this.Data["json"] = &rest
	this.ServeJSON()
}

// @Title 获得部门
// @Description 获得部门
// @Success	200	{object} controllers.Request
// @router /getdepartment [get]
func (this *RoleController) DepartmentListGet() {
	id := this.GetString("id") //roleid
	svc := permission.GetPermissionService(utils.DBE)
	currentuser := this.User
	userid := utils.ToStr(currentuser.Id)
	organizemodu := svc.GetOrganizeTree(userid)
	organizeselectedmodu := svc.GetOrganizeTreeByRole(id)
	rest := OrganizeAjaxModel{organizemodu, organizeselectedmodu}
	this.Data["json"] = &rest
	this.ServeJSON()
}

// @Title 获得区域
// @Description 获得区域
// @Success	200	{object} controllers.Request
// @router /getdistrict [get]
func (this *RoleController) DistrictListGet() {
	id := this.GetString("id") //roleid
	svc := permission.GetPermissionService(utils.DBE)
	currentuser := this.User
	userid := utils.ToStr(currentuser.Id)
	districtmodu := svc.GetDistrictTree(userid)
	districtselectedmodu := svc.GetDistrictTreeByRole(id)
	rest := DistrictAjaxModel{districtmodu, districtselectedmodu}
	this.Data["json"] = &rest
	this.ServeJSON()
}

// @Title 保存操作权限
// @Description 保存权限
// @Success	200	{object} controllers.Request
// @router /saveOperationPower [put]
func (this *RoleController) RoleOperationPowerPost() {
	//svc := permission.GetPermissionService(utils.DBE)
	roleid := this.GetString("id")
	var errinfo ErrorInfo
	if roleid == "" {
		errinfo.Message = utils.AlertProcess("操作失败！请求信息不完整！")
		errinfo.Code = -2
		this.Data["json"] = &errinfo
		this.ServeJSON()
		return
	}

	//utils.RBAC.DeletePermissionsForUser("rid_" + roleid) //撤销角色的操作访问权限
	utils.RBAC.RemoveFilteredNamedPolicy("p", 0, "rid_"+roleid, utils.DOMAIN)
	operationids := strings.Split(this.GetString("operids"), ",")
	if this.GetString("operids") != "" {
		for i := 0; i < len(operationids); i++ {
			if strings.HasPrefix(operationids[i], "self_") {
				_operationid := []byte(operationids[i])[5:]
				operationid, _ := utils.StrTo(_operationid).Int()
				ret := utils.RBAC.AddPermissionForUser("rid_"+roleid, utils.DOMAIN, "pid_"+strconv.Itoa(operationid))
				if ret == false {
					beego.Debug("insert error:", ret)
					continue
				}
			} else {
				operationid, _ := utils.StrTo(operationids[i]).Int()
				ret := utils.RBAC.AddPermissionForUser("rid_"+roleid, utils.DOMAIN, "pid_"+strconv.Itoa(operationid))
				if ret == false {
					beego.Debug("insert error:", ret)
					continue
				}
			}
		}
	}
	errinfo.Message = utils.AlertProcess("权限保存成功！")
	errinfo.Code = 0
	this.Data["json"] = &errinfo
	this.ServeJSON()
}

// @Title 用户角色设置
// @Description 用户角色设置
// @Success	200	{object} controllers.Request
// @router /setmanrole/:id [put]
func (this *RoleController) SetManRole() {
	inputstr := this.Ctx.Input.Param(":id")
	serial := strings.Split(inputstr, "_")
	roleid := serial[0]
	var errinfo ErrorInfo
	if roleid == "" || roleid == "0" {
		errinfo.Message = "操作失败！请求信息不完整"
		errinfo.Code = -2
		this.Data["json"] = &errinfo
		this.ServeJSON()
		return
	}
	roleids := strings.Split(serial[1], ",")
	utils.RBAC.RemoveFilteredNamedGroupingPolicy("g5", 0, "rid_"+roleid, utils.DOMAIN)
	if len(roleids) > 0 {
		for i := 0; i < len(roleids); i++ {
			roids := utils.ToStr(roleids[i])
			utils.RBAC.AddNamedGroupingPolicy("g5", "rid_"+roleid, utils.DOMAIN, "rid_"+roids)
		}
	}
	var err error = nil
	//utils.RBAC.DeleteRolesForUser("uid_" + userid)
	//var err error = nil
	//for i := 0; i < len(roleids); i++ {
	//	if roleids[i] != "0" && roleids[i] != "" {
	//		//err = svc.AddUserToRole(userid, roleids[i], entity[0])
	//		utils.RBAC.AddRoleForUserInDomain("uid_"+userid, "rid_"+roleids[i], utils.DOMAIN)
	//	}
	//}
	if err == nil {
		errinfo.Message = utils.AlertProcess("管理角色调整成功！")
		errinfo.Code = 0
		this.Data["json"] = &errinfo
		this.ServeJSON()
	} else {
		errinfo.Message = utils.AlertProcess("管理角色调整失败！" + err.Error())
		errinfo.Code = -1
		this.Data["json"] = &errinfo
		this.ServeJSON()
	}
}

// @Title 保存资源权限 ---部门
// @Description 保存权限
// @Success	200	{object} controllers.Request
// @router /savedepartmentmessageview [put]
func (this *RoleController) OrganizePost() {
	roleid := this.GetString("id")
	var errinfo ErrorInfo
	if roleid == "" {
		errinfo.Message = utils.AlertProcess("操作失败！请求信息不完整！")
		errinfo.Code = -2
		this.Data["json"] = &errinfo
		this.ServeJSON()
		return
	}
	organizeids := strings.Split(this.GetString("organizeids"), ",")
	utils.RBAC.RemoveFilteredNamedGroupingPolicy("g3", 0, "rid_"+roleid, utils.DOMAIN)
	if this.GetString("organizeids") != "" {
		for j := 0; j < len(organizeids); j++ {
			organizeids := utils.ToStr(organizeids[j])
			utils.RBAC.AddNamedGroupingPolicy("g3", "rid_"+roleid, utils.DOMAIN, "oid_"+organizeids)
		}
	}
	//if this.GetString("organizeids") != "" {
	//	for i := 0; i < len(organizeids); i++ {
	//		if strings.HasPrefix(organizeids[i], "self_") {
	//			_organizeids := []byte(organizeids[i])[5:]
	//			organizeids, _ := utils.StrTo(_organizeids).Int()
	//			ret := utils.RBAC.AddNamedGroupingPolicy("g3", "rid_"+roleid, utils.DOMAIN, "oid_"+strconv.Itoa(organizeids))
	//			if ret == false {
	//				beego.Debug("insert error:", ret)
	//				continue
	//			}
	//		} else {
	//			organizeids, _ := utils.StrTo(organizeids[i]).Int()
	//			ret := utils.RBAC.AddNamedGroupingPolicy("g3", "rid_"+roleid, utils.DOMAIN, "oid_"+strconv.Itoa(organizeids))
	//			if ret == false {
	//				beego.Debug("insert error:", ret)
	//				continue
	//			}
	//		}
	//	}
	//}
	errinfo.Message = utils.AlertProcess("权限保存成功！")
	errinfo.Code = 0
	this.Data["json"] = &errinfo
	this.ServeJSON()
}

// @Title 保存资源权限 ---区域
// @Description 保存权限
// @Success	200	{object} controllers.Request
// @router /savedistrict [put]
func (this *RoleController) DistrictPost() {
	roleid := this.GetString("id")
	var errinfo ErrorInfo
	if roleid == "" {
		errinfo.Message = utils.AlertProcess("操作失败！请求信息不完整！")
		errinfo.Code = -2
		this.Data["json"] = &errinfo
		this.ServeJSON()
		return
	}
	districtids := strings.Split(this.GetString("districtids"), ",")
	utils.RBAC.RemoveFilteredNamedGroupingPolicy("g4", 0, "rid_"+roleid, utils.DOMAIN)
	if this.GetString("districtids") != "" {
		for j := 0; j < len(districtids); j++ {
			districtids := utils.ToStr(districtids[j])
			utils.RBAC.AddNamedGroupingPolicy("g4", "rid_"+roleid, utils.DOMAIN, "did_"+districtids)
		}
	}
	//if this.GetString("districtids") != "" {
	//	for i := 0; i < len(districtids); i++ {
	//		if strings.HasPrefix(districtids[i], "self_") {
	//			_districtids := []byte(districtids[i])[5:]
	//			districtids, _ := utils.StrTo(_districtids).Int()
	//			ret := utils.RBAC.AddNamedGroupingPolicy("g4", "rid_"+roleid, utils.DOMAIN,"did_"+strconv.Itoa(districtids))
	//			if ret == false {
	//				beego.Debug("insert error:", ret)
	//				continue
	//			}
	//		} else {
	//			districtids, _ := utils.StrTo(districtids[i]).Int()
	//			ret := utils.RBAC.AddNamedGroupingPolicy("g4", "rid_"+roleid, utils.DOMAIN,"did_"+strconv.Itoa(districtids))
	//			if ret == false {
	//				beego.Debug("insert error:", ret)
	//				continue
	//			}
	//		}
	//	}
	//}
	errinfo.Message = utils.AlertProcess("权限保存成功！")
	errinfo.Code = 0
	this.Data["json"] = &errinfo
	this.ServeJSON()
}

// @Title 权限
// @Description 获取角色操作权限列表
// @Success 200 {object} controllers.Request
// @router /getItemPower [get]
func (this *RoleController) GetRoleItemPowerAjax() {
	id := this.GetString("id")
	svc := permission.GetPermissionService(utils.DBE)
	currentuser := this.User
	userid := utils.ToStr(currentuser.Id)
	ztreecurrentusernodesope := svc.GetPermissionItemsByUserV2(userid, "0")
	ztreeselectedusernodesope := svc.GetPermissionItemsByRoleV2(id, "0")

	rest := RolePerAjaxModel{ztreecurrentusernodesope, ztreeselectedusernodesope}
	this.Data["json"] = &rest
	this.ServeJSON()
}

// @Title 保存权限
// @Description 保存权限--菜单权限
// @Success	200	{object} controllers.Request
// @router /savepower [put]
func (this *RoleController) RolePowerPost() {
	//svc := casbin.GetPermissionService(utils.DBE)
	roleid := this.GetString("id")
	var errinfo ErrorInfo
	if roleid == "" {
		errinfo.Message = utils.AlertProcess("操作失败！请求信息不完整！")
		errinfo.Code = -2
		this.Data["json"] = &errinfo
		this.ServeJSON()
	}

	//svc.RevokeRolePermission(roleid)       //撤销角色的操作权限
	//svc.RevokeRoleModulePermission(roleid) //撤销角色的模块访问权限
	//	operationids := strings.Split(this.GetString("operids"), ",")
	moduleids := strings.Split(this.GetString("moduleids"), ",")
	//uid, _ := utils.StrTo(this.User.Id).Int()
	//	if this.GetString("operids") != "" {
	//		for i := 0; i < len(operationids); i++ {
	//			operationid, _ := utils.StrTo(operationids[i]).Int()
	//			svc.GrantRolePermission(roleid, operationid, userRole.Base_User{Id: uid, Realname: this.User.Realname})
	//		}
	//	}
	utils.RBAC.RemoveFilteredNamedGroupingPolicy("g2", 0, "rid_"+roleid, utils.DOMAIN)
	//utils.RBAC.RemovePolicy("g2", "rid_"+roleid, "", utils.DOMAIN)
	if this.GetString("moduleids") != "" {
		for j := 0; j < len(moduleids); j++ {
			moduleid := utils.ToStr(moduleids[j])
			//utils.RBAC.DeletePermissionForUser("rid_"+roleid, "mid_"+moduleid)
			utils.RBAC.AddNamedGroupingPolicy("g2", "rid_"+roleid, utils.DOMAIN, "mid_"+moduleid)
			//utils.RBAC.AddPermissionForUser("rid_"+roleid, "mid_"+moduleid)
			//svc.GrantRoleModulePermission(roleid, moduleid, userRole.Base_User{Id: uid, Realname: this.User.Realname})
		}
	}
	errinfo.Message = utils.AlertProcess("权限保存成功！")
	errinfo.Code = 0
	this.Data["json"] = &errinfo
	this.ServeJSON()
}

// @Title 获取角色容器权限
// @Description 获取角色容器权限
// @Success 200 {object} controllers.Request
// @router /getroleequidpower [get]
func (this *RoleController) GetRoleEquidPowerAjax() {
	id := this.GetString("id")
	svc := permission.GetPermissionService(utils.DBE)
	eids := svc.GetEquipmentIdByByRole(id)
	this.Data["json"] = &eids
	this.ServeJSON()
}

// @Title 保存容器权限
// @Description 保存容器权限
// @Success	200	{object} controllers.Request
// @router /saveequpipower [put]
func (this *RoleController) SaveequpiPower() {
	roleid := this.GetString("id")
	var errinfo ErrorInfo
	if roleid == "" {
		errinfo.Message = utils.AlertProcess("操作失败！请求信息不完整！")
		errinfo.Code = -2
		this.Data["json"] = &errinfo
		this.ServeJSON()
	}
	selectedids := strings.Split(this.GetString("selectedids"), ",")
	utils.RBAC.RemoveFilteredNamedGroupingPolicy("g5", 0, "rid_"+roleid, utils.DOMAIN)
	if this.GetString("selectedids") != "" {
		for j := 0; j < len(selectedids); j++ {
			selectedid := utils.ToStr(selectedids[j])
			utils.RBAC.AddNamedGroupingPolicy("g5", "rid_"+roleid, utils.DOMAIN, "eid_"+selectedid)
		}
	}
	errinfo.Message = utils.AlertProcess("权限保存成功！")
	errinfo.Code = 0
	this.Data["json"] = &errinfo
	this.ServeJSON()
}

// @Title 权限
// @Description 获取角色操作列表
// @Success 200 {object} controllers.Request
// @router /getusersforrole/:rid [get]
func (this *RoleController) GetUsersForRole() {

	page := this.GetPageInfoForm()
	keyword := this.GetString("keyword")
	roleid := this.Ctx.Input.Param(":rid")
	svc := permission.GetPermissionService(utils.DBE)
	var users []userRole.Base_User

	where := "IsVisible=1"
	if keyword != "" {
		where = where + " and Realname like '%" + keyword + "%'"
	}
	total, users := svc.GetUserListForRole(page.CurrentPage, page.Size, roleid, "Id", where)

	var datainfo DataInfo
	datainfo.Items = users
	datainfo.CurrentItemCount = total
	this.Data["json"] = &datainfo
	this.ServeJSON()
}

// @Title 用户角色设置
// @Description 用户角色设置
// @Success	200	{object} controllers.Request
// @router /setuserrole/:id [put]
func (this *RoleController) UserRoleAddUser() {
	inputstr := this.Ctx.Input.Param(":id")
	serial := strings.Split(inputstr, "_")
	userids := strings.Split(serial[0], ",")
	var errinfo ErrorInfo
	roleid := serial[1]
	var err error = nil
	for i := 0; i < len(userids); i++ {
		if userids[i] != "0" && userids[i] != "" {
			//err = svc.AddUserToRole(userid, roleids[i], entity[0])
			utils.RBAC.DeleteRoleForUserInDomain("uid_"+userids[i], "rid_"+roleid, utils.DOMAIN)
			utils.RBAC.AddRoleForUserInDomain("uid_"+userids[i], "rid_"+roleid, utils.DOMAIN)
		}
	}
	if err == nil {
		errinfo.Message = utils.AlertProcess("用户角色调整成功！")
		errinfo.Code = 0
		this.Data["json"] = &errinfo
		this.ServeJSON()
	} else {
		errinfo.Message = utils.AlertProcess("用户角色调整失败！" + err.Error())
		errinfo.Code = -1
		this.Data["json"] = &errinfo
		this.ServeJSON()
	}
}

// @Description 删除用户
// @Success 200 {object} controllers.Request
// @router /deleteuser/:id [delete]
func (this *RoleController) UserDelete() {
	inputstr := this.Ctx.Input.Param(":id")
	serial := strings.Split(inputstr, "_")
	id := serial[0]
	roleid := serial[1]
	utils.RBAC.DeleteRoleForUserInDomain("uid_"+id, "rid_"+roleid, utils.DOMAIN)
	var errinfo ErrorInfo
	var err error = nil
	if err == nil {
		errinfo.Message = utils.AlertProcess("删除用户成功！")
		errinfo.Code = 0
		this.Data["json"] = &errinfo
		this.ServeJSON()
	} else {
		errinfo.Message = utils.AlertProcess("删除用户失败！" + err.Error())
		errinfo.Code = -1
		this.Data["json"] = &errinfo
		this.ServeJSON()
	}
}

// @Description 删除所有用户
// @Success 200 {object} controllers.Request
// @router /deletealluser/:id [delete]
func (this *RoleController) DeleteUserAll() {
	roleid := this.Ctx.Input.Param(":id")
	svc := permission.GetPermissionService(utils.DBE)
	var users []userRole.Base_User
	where := "IsVisible=1"
	_, users = svc.GetUserListForRole(0, 0, roleid, "Id", where)
	for i := 0; i < len(users); i++ {
		utils.RBAC.DeleteRoleForUserInDomain("uid_"+utils.ToStr(users[i].Id), "rid_"+roleid, utils.DOMAIN)
	}
	var errinfo ErrorInfo
	var err error = nil
	if err == nil {
		errinfo.Message = utils.AlertProcess("删除用户成功！")
		errinfo.Code = 0
		this.Data["json"] = &errinfo
		this.ServeJSON()
	} else {
		errinfo.Message = utils.AlertProcess("删除用户失败！" + err.Error())
		errinfo.Code = -1
		this.Data["json"] = &errinfo
		this.ServeJSON()
	}
}

//@Description 删除角色
//@Success 200 {object} controllers.Request
//@router /deleterole/:id [delete]
func (this *RoleController) DeleteRole() {
	id := this.Ctx.Input.Param(":id")
	svc := userRole.GetRoleService(utils.DBE)
	err := svc.DeleteRole(id)
	var errinfo ErrorInfo
	if err == nil {
		errinfo.Message = utils.AlertProcess("删除角色成功！")
		errinfo.Code = 0
		this.Data["json"] = &errinfo
		this.ServeJSON()
	} else {
		errinfo.Message = utils.AlertProcess("删除角色失败！" + err.Error())
		errinfo.Code = -1
		this.Data["json"] = &errinfo
		this.ServeJSON()
	}
}

// @Title 创建角色
// @Description 创建角色
// @Success	200	{object} controllers.Request
// @router / [post]
func (this *RoleController) RoleAddPost() {
	var roleentity userRole.Base_Role
	var jsonblob = this.Ctx.Input.RequestBody
	json.Unmarshal(jsonblob, &roleentity)
	roleentity.CreateUserId, _ = utils.StrTo(this.User.Id).Int()
	roleentity.CreateBy = this.User.Realname
	svc := userRole.GetRoleService(utils.DBE)
	err := svc.AddRole(&roleentity)
	var errinfo ErrorInfo
	if err == nil {
		errinfo.Message = utils.AlertProcess("创建角色成功！")
		errinfo.Code = 0
		this.Data["json"] = &errinfo
		this.ServeJSON()
	} else {
		errinfo.Message = utils.AlertProcess("创建角色失败！" + err.Error())
		errinfo.Code = -1
		this.Data["json"] = &errinfo
		this.ServeJSON()
	}
}

// @Title 编辑角色
// @Description 编辑角色
// @Success	200	{object} controllers.Request
// @router /:id [put]
func (this *RoleController) RoleEditPost() {
	id := this.Ctx.Input.Param(":id")
	var roleentity userRole.Base_Role
	var jsonblob = this.Ctx.Input.RequestBody
	json.Unmarshal(jsonblob, &roleentity)
	roleentity.ModifiedUserId, _ = utils.StrTo(this.User.Id).Int()
	roleentity.ModifiedBy = this.User.Realname
	svc := userRole.GetRoleService(utils.DBE)
	var cols []string = []string{"Realname", "Category", "Description", "ModifiedUserId", "ModifiedBy"}
	_, err := svc.UpdateEntityByIdCols(id, &roleentity, cols)
	var errinfo ErrorInfo
	if err == nil {
		errinfo.Message = utils.AlertProcess("编辑角色成功！")
		errinfo.Code = 0
		this.Data["json"] = &errinfo
		this.ServeJSON()
	} else {
		errinfo.Message = utils.AlertProcess("编辑角色失败！" + err.Error())
		errinfo.Code = -1
		this.Data["json"] = &errinfo
		this.ServeJSON()
	}
}