<?php

namespace App\Console\Commands;

use Illuminate\Support\Carbon;
use Illuminate\Console\Command;
use Illuminate\Support\Facades\DB;
use App\Support\AdminAgentLineSettlementPermissionMenuActionSync;
use App\Support\AdminAgentPermissionMenuActionSync;
use App\Support\AdminAuthorizationRegistry;
use App\Support\AdminDrawPermissionMenuActionSync;
use App\Support\PlatformSystemRoles;

final class SyncAdminAuthorizationCommand extends Command
{
    protected $signature = 'lottery:admin-auth-sync
        {--audit : 同步完成后立即执行后台权限体检}';

    protected $description = '根据后台统一注册表同步 admin_api_resources 与 resource_bindings';

    public function handle(): int
    {
        $now = Carbon::now();
        $agentCreated = AdminAgentPermissionMenuActionSync::syncMissing();
        if ($agentCreated > 0) {
            $this->info(sprintf('Created %d missing agent menu_action row(s).', $agentCreated));
        }

        $lineSettlementCreated = AdminAgentLineSettlementPermissionMenuActionSync::syncMissing();
        if ($lineSettlementCreated > 0) {
            $this->info(sprintf('Created %d missing agent line/settlement menu_action row(s).', $lineSettlementCreated));
        }

        $drawCreated = AdminDrawPermissionMenuActionSync::syncMissing();
        if ($drawCreated > 0) {
            $this->info(sprintf('Created %d missing draw menu_action row(s).', $drawCreated));
        }

        $menuActionIds = DB::table('admin_menu_actions')->pluck('id', 'permission_code');

        foreach (AdminAuthorizationRegistry::resources() as $resource) {
            $resourceId = DB::table('admin_api_resources')
                ->where('code', $resource['code'])
                ->value('id');

            $payload = [
                'module_code' => $resource['module_code'],
                'name' => $resource['name'],
                'http_method' => $resource['http_method'],
                'uri_pattern' => $resource['uri_pattern'],
                'route_name' => $resource['route_name'],
                'auth_mode' => $resource['auth_mode'],
                'is_audit_required' => $resource['is_audit_required'],
                'status' => 1,
                'meta_json' => null,
                'updated_at' => $now,
            ];

            if ($resourceId === null) {
                $resourceId = DB::table('admin_api_resources')->insertGetId($payload + [
                    'code' => $resource['code'],
                    'created_at' => $now,
                ]);
            } else {
                DB::table('admin_api_resources')
                    ->where('id', (int) $resourceId)
                    ->update($payload);
            }

            DB::table('admin_api_resource_bindings')
                ->where('api_resource_id', (int) $resourceId)
                ->delete();

            foreach ($resource['permission_codes'] as $permissionCode) {
                $menuActionId = $menuActionIds[$permissionCode] ?? null;
                if ($menuActionId === null) {
                    $this->warn(sprintf('跳过未找到的 permission_code: %s', $permissionCode));

                    continue;
                }

                DB::table('admin_api_resource_bindings')->insert([
                    'api_resource_id' => (int) $resourceId,
                    'menu_action_id' => (int) $menuActionId,
                    'created_at' => $now,
                    'updated_at' => $now,
                ]);
            }
        }

        $this->info(sprintf(
            'Admin authorization synced: %d resources.',
            count(AdminAuthorizationRegistry::resources()),
        ));

        PlatformSystemRoles::ensureAll();
        $super = PlatformSystemRoles::ensureSuperAdminRole();
        $this->info(sprintf(
            'Platform system roles synced (super_admin permissions: %d).',
            count($super->legacyPermissionSlugs()),
        ));

        if ((bool) $this->option('audit')) {
            return $this->call('lottery:admin-auth-audit');
        }

        return self::SUCCESS;
    }
}