using System.Security.Claims;
using Socialize.Api.Modules.Identity.Contracts;
using Socialize.Api.Modules.Organizations.Services;

namespace Socialize.Api.Infrastructure.Security;

public sealed class AccessScopeService(
    OrganizationAccessService organizationAccessService)
{
    public bool IsManager(ClaimsPrincipal user)
    {
        return user.IsInRole(KnownRoles.Administrator) || user.IsInRole(KnownRoles.Manager);
    }

    public bool IsProvider(ClaimsPrincipal user)
    {
        return user.IsInRole(KnownRoles.Provider);
    }

    public bool IsClient(ClaimsPrincipal user)
    {
        return user.IsInRole(KnownRoles.Client);
    }

    public bool CanAccessWorkspace(ClaimsPrincipal user, Guid workspaceId)
    {
        return IsManager(user) || user.GetWorkspaceScopeIds().Contains(workspaceId);
    }

    public bool CanManageWorkspace(ClaimsPrincipal user, Guid workspaceId)
    {
        return IsManager(user) && CanAccessWorkspace(user, workspaceId);
    }

    public bool CanAccessClient(ClaimsPrincipal user, Guid workspaceId, Guid clientId)
    {
        return IsManager(user)
               || (CanAccessWorkspace(user, workspaceId) && user.GetClientScopeIds().Contains(clientId));
    }

    public bool CanAccessCampaign(ClaimsPrincipal user, Guid workspaceId, Guid clientId, Guid campaignId)
    {
        return IsManager(user)
               || (CanAccessClient(user, workspaceId, clientId) && user.GetCampaignScopeIds().Contains(campaignId));
    }

    public bool CanContributeToCampaign(ClaimsPrincipal user, Guid workspaceId, Guid clientId, Guid campaignId)
    {
        return IsManager(user) || (IsProvider(user) && CanAccessCampaign(user, workspaceId, clientId, campaignId));
    }

    public bool CanReviewContent(ClaimsPrincipal user, Guid workspaceId, Guid clientId, Guid campaignId)
    {
        return IsManager(user)
               || IsProvider(user) && CanAccessCampaign(user, workspaceId, clientId, campaignId)
               || IsClient(user) && CanAccessClient(user, workspaceId, clientId);
    }

    public Task<IReadOnlyCollection<Guid>> GetAccessibleWorkspaceIdsAsync(
        ClaimsPrincipal user,
        CancellationToken ct)
    {
        return organizationAccessService.GetAccessibleWorkspaceIdsAsync(user, ct);
    }

    public async Task<bool> CanAccessWorkspaceAsync(
        ClaimsPrincipal user,
        Guid workspaceId,
        CancellationToken ct)
    {
        return CanAccessWorkspace(user, workspaceId)
               || await organizationAccessService.HasInheritedWorkspacePermissionAsync(
                   user,
                   workspaceId,
                   OrganizationPermissions.AccessOwnedWorkspaces,
                   ct);
    }

    public async Task<bool> CanManageWorkspaceAsync(
        ClaimsPrincipal user,
        Guid workspaceId,
        CancellationToken ct)
    {
        return IsManager(user)
               || await organizationAccessService.HasInheritedWorkspacePermissionAsync(
                   user,
                   workspaceId,
                   OrganizationPermissions.ManageWorkspaces,
                   ct);
    }

    public async Task<bool> CanCreateWorkspaceAsync(
        ClaimsPrincipal user,
        Guid organizationId,
        CancellationToken ct)
    {
        return IsManager(user)
               || await organizationAccessService.HasOrganizationPermissionAsync(
                   user,
                   organizationId,
                   OrganizationPermissions.CreateWorkspaces,
                   ct);
    }

    public async Task<bool> CanAccessClientAsync(
        ClaimsPrincipal user,
        Guid workspaceId,
        Guid clientId,
        CancellationToken ct)
    {
        if (IsManager(user) ||
            await organizationAccessService.HasInheritedWorkspacePermissionAsync(
                user,
                workspaceId,
                OrganizationPermissions.AccessOwnedWorkspaces,
                ct))
        {
            return true;
        }

        return user.GetWorkspaceScopeIds().Contains(workspaceId) && user.GetClientScopeIds().Contains(clientId);
    }

    public async Task<bool> CanAccessCampaignAsync(
        ClaimsPrincipal user,
        Guid workspaceId,
        Guid clientId,
        Guid campaignId,
        CancellationToken ct)
    {
        if (IsManager(user) ||
            await organizationAccessService.HasInheritedWorkspacePermissionAsync(
                user,
                workspaceId,
                OrganizationPermissions.AccessOwnedWorkspaces,
                ct))
        {
            return true;
        }

        return await CanAccessClientAsync(user, workspaceId, clientId, ct) &&
               user.GetCampaignScopeIds().Contains(campaignId);
    }

    public async Task<bool> CanContributeToCampaignAsync(
        ClaimsPrincipal user,
        Guid workspaceId,
        Guid clientId,
        Guid campaignId,
        CancellationToken ct)
    {
        return IsManager(user)
               || await organizationAccessService.HasInheritedWorkspacePermissionAsync(
                   user,
                   workspaceId,
                   OrganizationPermissions.ManageWorkspaces,
                   ct)
               || IsProvider(user) && await CanAccessCampaignAsync(user, workspaceId, clientId, campaignId, ct);
    }

    public async Task<bool> CanReviewContentAsync(
        ClaimsPrincipal user,
        Guid workspaceId,
        Guid clientId,
        Guid campaignId,
        CancellationToken ct)
    {
        return IsManager(user)
               || await organizationAccessService.HasInheritedWorkspacePermissionAsync(
                   user,
                   workspaceId,
                   OrganizationPermissions.AccessOwnedWorkspaces,
                   ct)
               || IsProvider(user) && await CanAccessCampaignAsync(user, workspaceId, clientId, campaignId, ct)
               || IsClient(user) && await CanAccessClientAsync(user, workspaceId, clientId, ct);
    }
}