const express = require("express");
const { User } = require("../models");
const { logActivity } = require("./activityLogs");
const {
  authenticate,
  authorizeAdmin,
  authorizeManager,
} = require("../middleware/auth");

const router = express.Router();

// Get all users (admin and manager)
router.get("/", authenticate, authorizeManager, async (req, res) => {
  try {
    const users = await User.findAll({
      attributes: ["id", "username", "role"],
    });
    res.json(users);
  } catch (error) {
    res.status(500).json({ message: "Server error" });
  }
});

// Create user (admin and manager)
router.post("/", authenticate, authorizeManager, async (req, res) => {
  try {
    const { username, password, role } = req.body;
    let userRole = role || "user";

    // Managers cannot create admins
    if (userRole === "admin" && req.user.role !== "admin") {
      return res
        .status(403)
        .json({ message: "Managers cannot create admin users" });
    }

    // Managers can only create users or managers
    if (
      req.user.role === "manager" &&
      !["user", "manager"].includes(userRole)
    ) {
      return res
        .status(403)
        .json({ message: "Managers can only create users or managers" });
    }

    // Check if user already exists
    const existingUser = await User.findOne({ where: { username } });
    if (existingUser) {
      console.log(
        `Попытка создания сотрудника с существующим именем: ${username}`
      );
      return res
        .status(400)
        .json({ message: "Такой сотрудник уже существует" });
    }

    const user = await User.create({
      username,
      password,
      role: userRole,
    });

    // Log the creation action
    await logActivity(
      req.user.id,
      "Создание сотрудника",
      `Создан новый сотрудник: ${username} с ролью ${userRole}`
    );

    res
      .status(201)
      .json({ id: user.id, username: user.username, role: user.role });
  } catch (error) {
    console.error(`Ошибка при создании сотрудника: ${error.message}`);
    res.status(500).json({ message: "Server error" });
  }
});

// Update user password (admin and manager)
router.put(
  "/:id/password",
  authenticate,
  authorizeManager,
  async (req, res) => {
    try {
      const { password } = req.body;
      const user = await User.findByPk(req.params.id);
      if (!user) {
        return res.status(404).json({ message: "User not found" });
      }
      user.password = password;
      await user.save();

      // Log the password reset action
      await logActivity(
        req.user.id,
        "Сброс пароля",
        `Сброшен пароль для сотрудника: ${user.username}`
      );

      res.json({ message: "Password updated" });
    } catch (error) {
      res.status(500).json({ message: "Server error" });
    }
  }
);

// Delete user (admin and manager)
router.delete("/:id", authenticate, authorizeManager, async (req, res) => {
  try {
    const user = await User.findByPk(req.params.id);
    if (!user) {
      return res.status(404).json({ message: "User not found" });
    }
    await user.destroy();

    // Log the deletion action
    await logActivity(
      req.user.id,
      "Удаление сотрудника",
      `Удален сотрудник: ${user.username}`
    );

    res.json({ message: "User deleted" });
  } catch (error) {
    res.status(500).json({ message: "Server error" });
  }
});

module.exports = router;