using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using PowderCoating.Application.Interfaces;
using PowderCoating.Shared.Constants;

namespace PowderCoating.Web.Controllers;

[Authorize(Policy = AppConstants.Policies.SuperAdminOnly)]
public class PlatformSettingsController : Controller
{
    private readonly IPlatformSettingsService _settings;
    private readonly ILogger<PlatformSettingsController> _logger;

    public PlatformSettingsController(
        IPlatformSettingsService settings,
        ILogger<PlatformSettingsController> logger)
    {
        _settings = settings;
        _logger = logger;
    }

    /// <summary>
    /// Displays all platform-level key/value settings stored in the database. These settings are DB-backed (not appsettings.json) so they can be changed at runtime by a SuperAdmin without a deployment; they are scoped to the platform, not per company.
    /// </summary>
    public async Task<IActionResult> Index()
    {
        var settings = await _settings.GetAllAsync();
        return View(settings);
    }

    /// <summary>
    /// Upserts a single platform setting by key. Value is trimmed before storage to prevent accidental whitespace-only values. The acting user's identity is recorded by IPlatformSettingsService for audit purposes.
    /// </summary>
    [HttpPost]
    [ValidateAntiForgeryToken]
    public async Task<IActionResult> Save(string key, string? value)
    {
        if (string.IsNullOrWhiteSpace(key))
            return BadRequest();

        await _settings.SetAsync(key, value?.Trim(), User.Identity?.Name);
        _logger.LogInformation("Platform setting '{Key}' updated by {User}", key, User.Identity?.Name);

        TempData["SuccessMessage"] = "Setting saved.";
        return RedirectToAction(nameof(Index));
    }
}