import {makeT} from 'app/client/lib/localization';
import {GristDoc} from 'app/client/components/GristDoc';
import {AppModel} from 'app/client/models/AppModel';
import {DocPageModel} from 'app/client/models/DocPageModel';
import {ShareAnnotations, ShareAnnotator} from 'app/common/ShareAnnotator';
import {normalizeEmail} from 'app/common/emails';
import {GristLoadConfig} from 'app/common/gristUrls';
import * as roles from 'app/common/roles';
import {getGristConfig} from 'app/common/urlUtils';
import {ANONYMOUS_USER_EMAIL, Document, EVERYONE_EMAIL, FullUser, getRealAccess, Organization,
        PermissionData, PermissionDelta, UserAPI, Workspace} from 'app/common/UserAPI';
import {computed, Computed, Disposable, obsArray, ObsArray, observable, Observable} from 'grainjs';
import some = require('lodash/some');

const t = makeT('UserManagerModel');

export interface UserManagerModel {
  initData: PermissionData;                    // PermissionData used to initialize the UserManager
  resource: Resource|null;                     // The access resource.
  resourceType: ResourceType;                  // String representing the access resource type.
  userSelectOptions: IMemberSelectOption[];    // Select options for each user's role dropdown
  orgUserSelectOptions: IOrgMemberSelectOption[];  // Select options for each user's role dropdown on the org
  inheritSelectOptions: IMemberSelectOption[]; // Select options for the maxInheritedRole dropdown
  publicUserSelectOptions: IMemberSelectOption[]; // Select options for the public member's role dropdown
  maxInheritedRole: Observable<roles.BasicRole|null>;  // Current unsaved maxInheritedRole setting
  membersEdited: ObsArray<IEditableMember>;    // Current unsaved editable array of members
  publicMember: IEditableMember|null;          // Member whose access (VIEWER or null) represents that of
                                               // anon@ or everyone@ (depending on the settings and resource).
  isAnythingChanged: Computed<boolean>;        // Indicates whether there are unsaved changes
  isSelfRemoved: Computed<boolean>;            // Indicates whether current user is removed
  isOrg: boolean;                              // Indicates if the UserManager is for an org
  annotations: Observable<ShareAnnotations>;   // More information about shares, keyed by email.
  isPersonal: boolean;                         // If user access info/control is restricted to self.
  isPublicMember: boolean;                     // Indicates if current user is a public member.

  activeUser: FullUser|null;                   // Populated if current user is logged in.
  gristDoc: GristDoc|null;                     // Populated if there is an open document.

  // Analyze the relation that users have to the resource or site.
  annotate(): void;
  // Resets all unsaved changes
  reset(): void;
  // Recreate annotations, factoring in any changes on the back-end.
  reloadAnnotations(): Promise<void>;
  // Writes all unsaved changes to the server.
  save(userApi: UserAPI, resourceId: number|string): Promise<void>;
  // Adds a member to membersEdited
  add(email: string, role: roles.Role|null): void;
  // Removes a member from membersEdited
  remove(member: IEditableMember): void;
  // Returns a boolean indicating if the member is the currently active user.
  isActiveUser(member: IEditableMember): boolean;
  // Returns the PermissionDelta reflecting the current unsaved changes in the model.
  getDelta(): PermissionDelta;
}

export type ResourceType = 'organization'|'workspace'|'document';

export type Resource = Organization|Workspace|Document;

export interface IEditableMember {
  id: number;    // Newly invited members do not have ids and are represented by -1
  name: string;
  email: string;
  picture?: string|null;
  locale?: string|null;
  access: Observable<roles.Role|null>;
  parentAccess: roles.BasicRole|null;
  inheritedAccess: Computed<roles.BasicRole|null>;
  effectiveAccess: Computed<roles.Role|null>;
  origAccess: roles.Role|null;
  isNew: boolean;
  isRemoved: boolean;
  isTeamMember?: boolean;
}

// An option for the select elements used in the UserManager.
export interface IMemberSelectOption {
  value: roles.BasicRole|null;
  label: string;
}

// An option for the organization select elements used in the UserManager.
export interface IOrgMemberSelectOption {
  value: roles.NonGuestRole|null;
  label: string;
}

interface IBuildMemberOptions {
  id: number;
  name: string;
  email: string;
  picture?: string|null;
  access: roles.Role|null;
  parentAccess: roles.BasicRole|null;
  isTeamMember?: boolean;
}

/**
 *
 */
export class UserManagerModelImpl extends Disposable implements UserManagerModel {
  // Select options for each individual user's role dropdown.
  public readonly userSelectOptions: IMemberSelectOption[] = [
    { value: roles.OWNER,  label: t("Owner")  },
    { value: roles.EDITOR, label: t("Editor") },
    { value: roles.VIEWER, label: t("Viewer") }
  ];
  // Select options for each individual user's role dropdown in the org.
  public readonly orgUserSelectOptions: IOrgMemberSelectOption[] = [
    { value: roles.OWNER,  label: t("Owner")  },
    { value: roles.EDITOR, label: t("Editor") },
    { value: roles.VIEWER, label: t("Viewer") },
    { value: roles.MEMBER, label: t("No Default Access") },
  ];
  // Select options for the resource's maxInheritedRole dropdown.
  public readonly inheritSelectOptions: IMemberSelectOption[] = [
    { value: roles.OWNER,  label: t("In Full")     },
    { value: roles.EDITOR, label: t("View & Edit") },
    { value: roles.VIEWER, label: t("View Only")   },
    { value: null,         label: t("None")        }
  ];
  // Select options for the public member's role dropdown.
  public readonly publicUserSelectOptions: IMemberSelectOption[] = [
    { value: roles.EDITOR, label: t("Editor") },
    { value: roles.VIEWER, label: t("Viewer") },
  ];

  public activeUser: FullUser|null = this._options.activeUser ?? null;

  public resource: Resource|null = this._options.resource ?? null;

  public maxInheritedRole: Observable<roles.BasicRole|null> =
    observable(this.initData.maxInheritedRole || null);

  // The public member's access settings reflect either those of anonymous users (when
  // shouldSupportAnon() is true) or those of everyone@ (i.e. access granted to all users,
  // supported for docs only). The member is null when public access is not supported.
  public publicMember: IEditableMember|null = this._buildPublicMember();

  public membersEdited = this.autoDispose(obsArray<IEditableMember>(this._buildAllMembers()));

  public annotations = this.autoDispose(observable({users: new Map()}));

  public isPersonal = this.initData.personal ?? false;

  public isPublicMember = this.initData.public ?? false;

  public isOrg: boolean = this.resourceType === 'organization';

  public gristDoc: GristDoc|null = this._options.docPageModel?.gristDoc.get() ?? null;

  // Checks if any members were added/removed/changed, if the max inherited role changed or if the
  // anonymous access setting changed to enable the confirm button to write changes to the server.
  public readonly isAnythingChanged: Computed<boolean> = this.autoDispose(computed<boolean>((use) => {
    const isMemberChangedFn = (m: IEditableMember) => m.isNew || m.isRemoved ||
      use(m.access) !== m.origAccess;
    const isInheritanceChanged = !this.isOrg && use(this.maxInheritedRole) !== this.initData.maxInheritedRole;
    return some(use(this.membersEdited), isMemberChangedFn) || isInheritanceChanged ||
      (this.publicMember ? isMemberChangedFn(this.publicMember) : false);
  }));

  // Check if the current user is being removed.
  public readonly isSelfRemoved: Computed<boolean> = this.autoDispose(computed<boolean>((use) => {
    return some(use(this.membersEdited), m => m.isRemoved && m.email === this.activeUser?.email);
  }));

  private _shareAnnotator?: ShareAnnotator;

  constructor(
    public initData: PermissionData,
    public resourceType: ResourceType,
    private _options: {
      activeUser?: FullUser|null,
      reload?: () => Promise<PermissionData>,
      docPageModel?: DocPageModel,
      appModel?: AppModel,
      resource?: Resource,
    }
  ) {
    super();
    if (this._options.appModel) {
      const features = this._options.appModel.currentFeatures;
      const {supportEmail} = getGristConfig();
      this._shareAnnotator = new ShareAnnotator(features, initData, {supportEmail});
    }
    this.annotate();
  }

  public reset(): void {
    this.membersEdited.set(this._buildAllMembers());
    this.annotate();
  }

  public async reloadAnnotations(): Promise<void> {
    if (!this._options.reload || !this._shareAnnotator) { return; }
    const data = await this._options.reload();
    // Update the permission data backing the annotations. We don't update the full model
    // itself - that would be nice, but tricky since the user may have made changes to it.
    // But at least we can easily update annotations. This is good for the potentially
    // common flow of opening a doc, starting to add a user, following the suggestion of
    // adding that user as a member of the site, then returning to finish off adding
    // them to the doc.
    this._shareAnnotator.updateState(data);
    this.annotate();
  }

  public async save(userApi: UserAPI, resourceId: number|string): Promise<void> {
    if (this.resourceType === 'organization') {
      await userApi.updateOrgPermissions(resourceId as number, this.getDelta());
    } else if (this.resourceType === 'workspace') {
      await userApi.updateWorkspacePermissions(resourceId as number, this.getDelta());
    } else if (this.resourceType === 'document') {
      await userApi.updateDocPermissions(resourceId as string, this.getDelta());
    }
  }

  public add(email: string, role: roles.Role|null): void {
    email = normalizeEmail(email);
    const members = this.membersEdited.get();
    const index = members.findIndex((m) => m.email === email);
    const existing = index > -1 ? members[index] : null;
    if (existing && existing.isRemoved) {
      // The member is replaced with the isRemoved set to false to trigger an
      // update to the membersEdited observable array.
      this.membersEdited.splice(index, 1, {...existing, isRemoved: false});
    } else if (existing) {
      const effective = existing.effectiveAccess.get();
      if (effective && effective !== roles.GUEST) {
        // If the member is visible, throw to inform the user.
        throw new Error("This user is already in the list");
      }
      // If the member exists but is not visible, update their access to make them visible.
      // They should be treated as a new user - removing them should make them invisible again.
      existing.access.set(role);
      existing.isNew = true;
    } else {
      const newMember = this._buildEditableMember({
        id: -1, // Use a placeholder for the unknown userId
        email,
        name: "",
        access: role,
        parentAccess: null
      });
      newMember.isNew = true;
      this.membersEdited.push(newMember);
    }
    this.annotate();
  }

  public remove(member: IEditableMember): void {
    const index = this.membersEdited.get().indexOf(member);
    if (member.isNew) {
      this.membersEdited.splice(index, 1);
    } else {
      // Keep it in the array with a flag, to simplify comparing "before" and "after" arrays.
      this.membersEdited.splice(index, 1, {...member, isRemoved: true});
    }
    this.annotate();
  }

  public isActiveUser(member: IEditableMember): boolean {
    return member.email === this.activeUser?.email;
  }

  public annotate() {
    // Only attempt for documents for now.
    // TODO: extend to workspaces.
    if (!this._shareAnnotator) { return; }
    this.annotations.set(this._shareAnnotator.annotateChanges(this.getDelta({silent: true})));
  }

  // Construct the permission delta from the changed users/maxInheritedRole.
  // Give warnings or errors as appropriate (these are suppressed if silent is set).
  public getDelta(options?: {silent: boolean}): PermissionDelta {
    const delta: PermissionDelta = { users: {} };
    if (this.resourceType !== 'organization') {
      const maxInheritedRole = this.maxInheritedRole.get();
      if (this.initData.maxInheritedRole !== maxInheritedRole) {
        delta.maxInheritedRole = maxInheritedRole;
      }
    }
    const members = [...this.membersEdited.get()];
    if (this.publicMember) {
      members.push(this.publicMember);
    }
    // Loop through the members and update the delta.
    for (const m of members) {
      const access = m.access.get();
      if (!roles.isValidRole(access)) {
        if (!options?.silent) {
          throw new Error(`Cannot update user to invalid role ${access}`);
        }
        continue;
      }
      if (m.isNew || m.isRemoved || m.origAccess !== access) {
        // Add users whose access changed.
        delta.users![m.email] = m.isRemoved ? null : access as roles.NonGuestRole;
      }
    }
    return delta;
  }

  private _buildAllMembers(): IEditableMember[] {
    // If the UI supports some public access, strip the supported public user (anon@ or
    // everyone@). Otherwise, keep it, to allow the non-fancy way of adding/removing public access.
    let users = this.initData.users;
    const publicMember = this.publicMember;
    if (publicMember) {
      users = users.filter(m => m.email !== publicMember.email);
    }
    return users.map(m =>
      this._buildEditableMember({
        id: m.id,
        email: m.email,
        name: m.name,
        picture: m.picture,
        access: m.access,
        parentAccess: m.parentAccess || null,
        isTeamMember: m.isMember,
      })
    );
  }

  private _buildPublicMember(): IEditableMember|null {
    // shouldSupportAnon() changes "public" access to "anonymous" access, and enables it for
    // workspaces and org level. It's currently used for on-premise installs only.
    // TODO Think through proper public sharing or workspaces/orgs, and get rid of
    // shouldSupportAnon() exceptions.
    const email =
      shouldSupportAnon() ? ANONYMOUS_USER_EMAIL :
      (this.resourceType === 'document') ? EVERYONE_EMAIL : null;
    if (!email) { return null; }
    const user = this.initData.users.find(m => m.email === email);
    return this._buildEditableMember({
      id: user ? user.id : -1,
      email,
      name: "",
      access: user ? user.access : null,
      parentAccess: user ? (user.parentAccess || null) : null,
    });
  }

  private _buildEditableMember(member: IBuildMemberOptions): IEditableMember {
    // Represents the member's access set specifically on the resource of interest.
    const access = Observable.create(this, member.access);
    let inheritedAccess: Computed<roles.BasicRole|null>;

    if (member.email === this.activeUser?.email) {
      // Note that we currently prevent the active user's role from changing to prevent users from
      // locking themselves out of resources. We ensure that by setting inheritedAccess to the
      // active user's initial access level, which is OWNER normally. (It's sometimes possible to
      // open UserManager by a less-privileged user, e.g. if access was just lowered, in which
      // case any attempted changes will fail on saving.)
      const initialAccessBasicRole = roles.getEffectiveRole(getRealAccess(member, this.initData));
      // This pretends to be a computed to match the other case, but is really a constant.
      inheritedAccess = Computed.create(this, (use) => initialAccessBasicRole);
    } else {
      // Gives the role inherited from parent taking the maxInheritedRole into account.
      inheritedAccess = Computed.create(this, this.maxInheritedRole, (use, maxInherited) =>
        roles.getWeakestRole(member.parentAccess, maxInherited));
    }
    // Gives the effective role of the member on the resource, taking everything into account.
    const effectiveAccess = Computed.create(this, (use) =>
      roles.getStrongestRole(use(access), use(inheritedAccess)));
    effectiveAccess.onWrite((value) => {
      // For UI simplicity, we use a single dropdown to represent the effective access level of
      // the user AND to allow changing it. As a result, we do NOT allow using the dropdown to
      // write/show values that provide less direct access than what the user already inherits.
      // It is confusing to show and results in no change in the effective access.
      const inherited = inheritedAccess.get();
      const isAboveInherit = roles.getStrongestRole(value, inherited) !== inherited;
      access.set(isAboveInherit ? value : null);
    });
    return {
      id: member.id,
      email: member.email,
      name: member.name,
      picture: member.picture,
      access,
      parentAccess: member.parentAccess || null,
      inheritedAccess,
      effectiveAccess,
      origAccess: member.access,
      isNew: false,
      isRemoved: false,
      isTeamMember: member.isTeamMember,
    };
  }
}

export function getResourceParent(resource: ResourceType): ResourceType|null {
  if (resource === 'workspace') {
    return 'organization';
  } else if (resource === 'document') {
    return 'workspace';
  } else {
    return null;
  }
}

// Check whether anon should be supported in the UI
export function shouldSupportAnon(): boolean {
  const gristConfig: GristLoadConfig = (window as any).gristConfig || {};
  return gristConfig.supportAnon || false;
}