package database

import (
	"context"
	"database/sql"
	"fmt"

	rulesengine "edge-infra.dev/pkg/sds/emergencyaccess/rules"
	datasql "edge-infra.dev/pkg/sds/emergencyaccess/rules/storage/database/sql"
)

// AddPrivileges takes a list of privs and stores them. Returns an error. Conflicts are not returned.
func (ds Dataset) AddPrivileges(ctx context.Context, names []string) (rulesengine.AddNameResult, error) {
	return ds.addNames(ctx, names, datasql.InsertPrivilege)
}

// DeletePrivilege takes a name for a privilege and removes it from a given row.
// returns the number of rows affected by the deletion or an error on exec.
func (ds Dataset) DeletePrivilege(ctx context.Context, name string) (rulesengine.DeleteResult, error) {
	res, err := ds.deleteValue(ctx, datasql.DeletePrivilege, name)
	if err != nil {
		return rulesengine.DeleteResult{}, err
	}
	if len(res.Errors) == 0 && res.RowsAffected == 0 {
		res.Errors = append(res.Errors, rulesengine.Error{Type: rulesengine.UnknownPrivilege, Privilege: name})
	}
	return res, err
}

// Returns all privileges in the database
func (ds Dataset) ReadAllPrivileges(ctx context.Context) ([]rulesengine.Privilege, error) {
	return ds.readAllPrivileges(ctx)
}

// Returns list of privileges with their IDs stored in the database or
// an error on exec. Takes in an optional names parameter that filters the
// results by name. If filter is nil or empty, all privileges are returned.
func (ds Dataset) ReadPrivilegesWithFilter(ctx context.Context, names []string) ([]rulesengine.Privilege, error) {
	if len(names) != 0 {
		return ds.readPrivileges(ctx, names)
	}
	return ds.readAllPrivileges(ctx)
}

func (ds Dataset) readPrivileges(ctx context.Context, names []string) ([]rulesengine.Privilege, error) {
	results, err := ds.readNames(ctx, names, datasql.SelectPrivilegesByName)
	if err != nil {
		return nil, fmt.Errorf("error in data:ReadPrivileges: %v", err)
	}
	var privileges []rulesengine.Privilege
	for _, result := range results {
		privileges = append(privileges, rulesengine.Privilege{
			ID:   result.id,
			Name: result.name,
		})
	}
	return privileges, nil
}

func (ds Dataset) readAllPrivileges(ctx context.Context) ([]rulesengine.Privilege, error) {
	rows, err := ds.db.QueryContext(ctx, datasql.SelectAllPrivileges)
	if err != nil {
		return nil, fmt.Errorf("error in data:ReadPrivileges: %v", err)
	}
	defer rows.Close()
	return scanPrivilegeRows(rows)
}

func scanPrivilegeRows(rows *sql.Rows) ([]rulesengine.Privilege, error) {
	defer rows.Close()
	res := []rulesengine.Privilege{}
	for rows.Next() {
		var name string
		var privid string
		err := rows.Scan(&privid, &name)
		if err != nil {
			return nil, fmt.Errorf("error in data:scanPrivilegeRows: %v", err)
		}
		res = append(res, rulesengine.Privilege{Name: name, ID: privid})
	}
	err := rows.Err()
	if err != nil {
		err = fmt.Errorf("error data:scanPrivilegeRows on rows.Err: %v", err)
	}
	return res, err
}

func (ds Dataset) ReadPrivilege(ctx context.Context, name string) (rulesengine.Privilege, error) {
	var namedb string
	var privid string
	row := ds.db.QueryRowContext(ctx, datasql.SelectPrivilegeByName, name)

	err := row.Scan(&privid, &namedb)
	if err != nil {
		if err != sql.ErrNoRows {
			return rulesengine.Privilege{}, fmt.Errorf("error in data:ReadPrivilege: %v", err) // returns 500
		}
	}
	return rulesengine.Privilege{Name: namedb, ID: privid}, nil
}