<?php

namespace App\Http\Controllers;

use App\Models\User;
use App\Models\Tenant;
use Illuminate\Http\Request;
use Illuminate\Validation\Rule;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Str;
use Inertia\Inertia;

class UserController extends Controller
{
    public function index()
    {
        if (!auth()->user()->isSuperAdmin()) {
            abort(403, 'Unauthorized action.');
        }

        $users = User::whereIn('role', ['admin', 'super_admin'])
            ->with('tenant')
            ->orderBy('name')
            ->get();

        $tenants = Tenant::orderBy('name')->get();

        return Inertia::render('Admin/Users/Index', [
            'users' => $users,
            'tenants' => $tenants
        ]);
    }

    public function store(Request $request)
    {
        if (!auth()->user()->isSuperAdmin()) {
            abort(403, 'Unauthorized action.');
        }

        $request->validate([
            'name' => 'required|string|max:255',
            'email' => 'required|string|email|max:255|unique:users',
            'role' => ['required', Rule::in(['admin', 'super_admin'])],
            'tenant_id' => 'nullable|exists:tenants,id',
        ]);

        $password = Str::random(10);

        User::create([
            'name' => $request->name,
            'email' => $request->email,
            'password' => Hash::make($password),
            'role' => $request->role,
            'tenant_id' => $request->role === 'super_admin' ? null : $request->tenant_id,
        ]);

        return back()->with('success', 'Administrateur créé avec succès. Mot de passe généré : ' . $password);
    }

    public function update(Request $request, User $user)
    {
        if (!auth()->user()->isSuperAdmin()) {
            abort(403, 'Unauthorized action.');
        }

        $request->validate([
            'name' => 'required|string|max:255',
            'email' => 'required|string|email|max:255|unique:users,email,' . $user->id,
            'role' => ['required', Rule::in(['admin', 'super_admin'])],
            'tenant_id' => 'nullable|exists:tenants,id',
        ]);

        $user->update([
            'name' => $request->name,
            'email' => $request->email,
            'role' => $request->role,
            'tenant_id' => $request->role === 'super_admin' ? null : $request->tenant_id,
        ]);

        return back()->with('success', 'Administrateur mis à jour.');
    }

    public function destroy(User $user)
    {
        if (!auth()->user()->isSuperAdmin()) {
            abort(403, 'Unauthorized action.');
        }

        if ($user->id === auth()->id()) {
            return back()->with('error', 'Vous ne pouvez pas supprimer votre propre compte.');
        }

        $user->delete();

        return back()->with('success', 'Administrateur supprimé.');
    }

    public function resetPassword(User $user)
    {
        if (!auth()->user()->isSuperAdmin()) {
            abort(403, 'Unauthorized action.');
        }

        $password = Str::random(10);
        $user->update([
            'password' => Hash::make($password)
        ]);

        return back()->with('success', 'Nouveau mot de passe généré pour ' . $user->name . ' : ' . $password);
    }
}