use actix_web::{post, web::Data, HttpRequest, HttpResponse};
use enumflags2::BitFlags;
use serde::Deserialize;

use crate::{
    ctx::Ctx, db::models::Account, error::NekrochanError, perms::Permissions, qsform::QsForm,
    web::tcx::account_from_auth,
};

#[derive(Deserialize)]
pub struct UpdatePermissionsForm {
    account: String,
    edit_posts: Option<String>,
    manage_posts: Option<String>,
    capcodes: Option<String>,
    custom_capcodes: Option<String>,
    staff_log: Option<String>,
    reports: Option<String>,
    bans: Option<String>,
    banners: Option<String>,
    board_config: Option<String>,
    news: Option<String>,
    jannytext: Option<String>,
    view_ips: Option<String>,
    bypass_bans: Option<String>,
    bypass_board_lock: Option<String>,
    bypass_thread_lock: Option<String>,
    bypass_captcha: Option<String>,
    bypass_antispam: Option<String>,
}

#[post("/staff/actions/update-permissions")]
pub async fn update_permissions(
    ctx: Data<Ctx>,
    req: HttpRequest,
    QsForm(form): QsForm<UpdatePermissionsForm>,
) -> Result<HttpResponse, NekrochanError> {
    let account = account_from_auth(&ctx, &req).await?;

    if !account.perms().owner() {
        return Err(NekrochanError::InsufficientPermissionError);
    }

    let updated_account = form.account;
    let updated_account = Account::read(&ctx, updated_account.clone())
        .await?
        .ok_or(NekrochanError::AccountNotFound(updated_account))?;

    let mut permissions = BitFlags::empty();

    if form.edit_posts.is_some() {
        permissions |= Permissions::EditPosts;
    }

    if form.manage_posts.is_some() {
        permissions |= Permissions::ManagePosts;
    }

    if form.capcodes.is_some() {
        permissions |= Permissions::Capcodes;
    }

    if form.custom_capcodes.is_some() {
        permissions |= Permissions::CustomCapcodes;
    }

    if form.staff_log.is_some() {
        permissions |= Permissions::StaffLog;
    }

    if form.reports.is_some() {
        permissions |= Permissions::Reports;
    }

    if form.bans.is_some() {
        permissions |= Permissions::Bans;
    }

    if form.banners.is_some() {
        permissions |= Permissions::BoardBanners;
    }

    if form.board_config.is_some() {
        permissions |= Permissions::BoardConfig;
    }

    if form.news.is_some() {
        permissions |= Permissions::News;
    }

    if form.jannytext.is_some() {
        permissions |= Permissions::Jannytext;
    }

    if form.view_ips.is_some() {
        permissions |= Permissions::ViewIPs;
    }

    if form.bypass_bans.is_some() {
        permissions |= Permissions::BypassBans;
    }

    if form.bypass_board_lock.is_some() {
        permissions |= Permissions::BypassBoardLock;
    }

    if form.bypass_thread_lock.is_some() {
        permissions |= Permissions::BypassThreadLock;
    }

    if form.bypass_captcha.is_some() {
        permissions |= Permissions::BypassCaptcha;
    }

    if form.bypass_antispam.is_some() {
        permissions |= Permissions::BypassAntispam;
    }

    updated_account
        .update_permissions(&ctx, permissions.bits())
        .await?;

    let res = HttpResponse::SeeOther()
        .append_header(("Location", "/staff/accounts"))
        .finish();

    Ok(res)
}