// NAC资产一键上链系统 - 管理API处理器

use actix_web::{web, HttpResponse};
use serde::Serialize;

use crate::database::DbPool;
use crate::error::Result;
use crate::models::{Asset, OnboardingRecord, User};
use crate::middleware::Claims;
use crate::response::ApiResponse;

/// 系统统计信息
#[derive(Debug, Serialize)]
pub struct SystemStats {
    pub total_users: i64,
    pub total_assets: i64,
    pub total_onboarding: i64,
    pub success_count: i64,
    pub failed_count: i64,
    pub pending_count: i64,
}

/// 获取系统统计信息
pub async fn get_stats(
    pool: web::Data<DbPool>,
    claims: web::ReqData<Claims>,
) -> Result<HttpResponse> {
    // 检查管理员权限
    if claims.role != "admin" {
        return Ok(HttpResponse::Forbidden().json(ApiResponse::<()>::error("需要管理员权限")));
    }

    // 统计用户数
    let total_users = User::count(&pool).await?;

    // 统计资产数
    let total_assets = Asset::count(&pool).await?;

    // 统计上链记录数
    let total_onboarding = OnboardingRecord::count(&pool).await?;

    // 统计成功、失败、待处理数量
    let success_count = OnboardingRecord::count_by_state(&pool, "Listed").await?;
    let failed_count = OnboardingRecord::count_by_state(&pool, "Failed").await?;
    let pending_count = OnboardingRecord::count_by_state(&pool, "Pending").await?;

    Ok(HttpResponse::Ok().json(ApiResponse::success(SystemStats {
        total_users,
        total_assets,
        total_onboarding,
        success_count,
        failed_count,
        pending_count,
    })))
}

/// 获取所有用户列表
pub async fn list_all_users(
    pool: web::Data<DbPool>,
    claims: web::ReqData<Claims>,
) -> Result<HttpResponse> {
    // 检查管理员权限
    if claims.role != "admin" {
        return Ok(HttpResponse::Forbidden().json(ApiResponse::<()>::error("需要管理员权限")));
    }

    let users = User::find_all(&pool).await?;

    Ok(HttpResponse::Ok().json(ApiResponse::success(users)))
}

/// 获取所有资产列表
pub async fn list_all_assets(
    pool: web::Data<DbPool>,
    claims: web::ReqData<Claims>,
) -> Result<HttpResponse> {
    // 检查管理员权限
    if claims.role != "admin" {
        return Ok(HttpResponse::Forbidden().json(ApiResponse::<()>::error("需要管理员权限")));
    }

    let assets = Asset::find_all(&pool).await?;

    Ok(HttpResponse::Ok().json(ApiResponse::success(assets)))
}

/// 获取所有上链记录列表
pub async fn list_all_records(
    pool: web::Data<DbPool>,
    claims: web::ReqData<Claims>,
) -> Result<HttpResponse> {
    // 检查管理员权限
    if claims.role != "admin" {
        return Ok(HttpResponse::Forbidden().json(ApiResponse::<()>::error("需要管理员权限")));
    }

    let records = OnboardingRecord::find_all(&pool).await?;

    Ok(HttpResponse::Ok().json(ApiResponse::success(records)))
}