<?php

namespace App\Controller;

use App\Entity\PlatformPlan;
use App\Entity\Reseller;
use App\Entity\User;
use Doctrine\DBAL\Exception\UniqueConstraintViolationException;
use Doctrine\ORM\EntityManagerInterface;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
use Symfony\Component\Routing\Attribute\Route;
use Symfony\Component\Security\Http\Attribute\IsGranted;

/**
 * Legt einen Reseller an – optional zusammen mit seinem Admin-Benutzer,
 * damit sich der Reseller direkt einloggen kann. Nur für Plattform-Admins.
 */
#[IsGranted('ROLE_PLATFORM_ADMIN')]
final class ResellerProvisioningController
{
    public function __construct(
        private readonly EntityManagerInterface $em,
        private readonly UserPasswordHasherInterface $hasher,
    ) {
    }

    #[Route('/api/platform/provision-reseller', name: 'platform_provision_reseller', methods: ['POST'])]
    public function __invoke(Request $request): JsonResponse
    {
        $d = json_decode($request->getContent(), true) ?? [];

        $name = trim((string) ($d['name'] ?? ''));
        $slug = trim((string) ($d['slug'] ?? ''));
        if ('' === $name || '' === $slug) {
            return new JsonResponse(['error' => 'name und slug sind erforderlich.'], 422);
        }

        $reseller = (new Reseller())->setName($name)->setSlug($slug);
        if (!empty($d['primaryDomain'])) {
            $reseller->setPrimaryDomain((string) $d['primaryDomain']);
        }
        if (!empty($d['planId'])) {
            $plan = $this->em->getRepository(PlatformPlan::class)->find($d['planId']);
            if ($plan instanceof PlatformPlan) {
                $reseller->setPlatformPlan($plan);
            }
        }

        $adminEmail = trim((string) ($d['adminEmail'] ?? ''));
        $adminPassword = (string) ($d['adminPassword'] ?? '');
        $admin = null;
        if ('' !== $adminEmail && '' !== $adminPassword) {
            $admin = (new User())
                ->setEmail($adminEmail)
                ->setRoles([User::ROLE_RESELLER_ADMIN])
                ->setReseller($reseller);
            $admin->setPassword($this->hasher->hashPassword($admin, $adminPassword));
        }

        try {
            $this->em->persist($reseller);
            if ($admin) {
                $this->em->persist($admin);
            }
            $this->em->flush();
        } catch (UniqueConstraintViolationException) {
            return new JsonResponse(['error' => 'Slug oder Admin-E-Mail bereits vergeben.'], 422);
        }

        return new JsonResponse([
            'id' => (string) $reseller->getId(),
            'name' => $reseller->getName(),
            'slug' => $reseller->getSlug(),
            'adminCreated' => null !== $admin,
        ], 201);
    }
}