design-system/src/pages/Admin/UserManagement/UsersTab.tsx

import { useState, useMemo } from 'react'
import { Avatar } from '../../../design-system/primitives/Avatar/Avatar'
import { Badge } from '../../../design-system/primitives/Badge/Badge'
import { Button } from '../../../design-system/primitives/Button/Button'
import { Input } from '../../../design-system/primitives/Input/Input'
import { MonoText } from '../../../design-system/primitives/MonoText/MonoText'
import { SectionHeader } from '../../../design-system/primitives/SectionHeader/SectionHeader'
import { Tag } from '../../../design-system/primitives/Tag/Tag'
import { InlineEdit } from '../../../design-system/primitives/InlineEdit/InlineEdit'
import { RadioGroup, RadioItem } from '../../../design-system/primitives/Radio/Radio'
import { InfoCallout } from '../../../design-system/primitives/InfoCallout/InfoCallout'
import { MultiSelect } from '../../../design-system/composites/MultiSelect/MultiSelect'
import { ConfirmDialog } from '../../../design-system/composites/ConfirmDialog/ConfirmDialog'
import { AlertDialog } from '../../../design-system/composites/AlertDialog/AlertDialog'
import { useToast } from '../../../design-system/composites/Toast/Toast'
import { MOCK_USERS, MOCK_GROUPS, MOCK_ROLES, getEffectiveRoles, type MockUser } from './rbacMocks'
import styles from './UserManagement.module.css'

export function UsersTab() {
  const { toast } = useToast()
  const [users, setUsers] = useState(MOCK_USERS)
  const [search, setSearch] = useState('')
  const [selectedId, setSelectedId] = useState<string | null>(null)
  const [creating, setCreating] = useState(false)
  const [deleteTarget, setDeleteTarget] = useState<MockUser | null>(null)
  const [removeGroupTarget, setRemoveGroupTarget] = useState<string | null>(null)

  // Create form state
  const [newUsername, setNewUsername] = useState('')
  const [newDisplay, setNewDisplay] = useState('')
  const [newEmail, setNewEmail] = useState('')
  const [newPassword, setNewPassword] = useState('')
  const [newProvider, setNewProvider] = useState<'local' | 'oidc'>('local')
  const [resettingPassword, setResettingPassword] = useState(false)
  const [newPw, setNewPw] = useState('')

  const filtered = useMemo(() => {
    if (!search) return users
    const q = search.toLowerCase()
    return users.filter((u) =>
      u.displayName.toLowerCase().includes(q) ||
      u.email.toLowerCase().includes(q) ||
      u.username.toLowerCase().includes(q)
    )
  }, [users, search])

  const selected = users.find((u) => u.id === selectedId) ?? null

  function handleCreate() {
    if (!newUsername.trim()) return
    if (newProvider === 'local' && !newPassword.trim()) return
    const newUser: MockUser = {
      id: `usr-${Date.now()}`,
      username: newUsername.trim(),
      displayName: newDisplay.trim() || newUsername.trim(),
      email: newEmail.trim(),
      provider: newProvider,
      createdAt: new Date().toISOString(),
      directRoles: [],
      directGroups: [],
    }
    setUsers((prev) => [...prev, newUser])
    setCreating(false)
    setNewUsername(''); setNewDisplay(''); setNewEmail(''); setNewPassword(''); setNewProvider('local')
    setSelectedId(newUser.id)
    setResettingPassword(false)
    toast({ title: 'User created', description: newUser.displayName, variant: 'success' })
  }

  function handleDelete() {
    if (!deleteTarget) return
    setUsers((prev) => prev.filter((u) => u.id !== deleteTarget.id))
    if (selectedId === deleteTarget.id) setSelectedId(null)
    setDeleteTarget(null)
    toast({ title: 'User deleted', description: deleteTarget.username, variant: 'warning' })
  }

  function updateUser(id: string, patch: Partial<MockUser>) {
    setUsers((prev) => prev.map((u) => u.id === id ? { ...u, ...patch } : u))
  }

  const duplicateUsername = newUsername.trim() !== '' && users.some((u) => u.username.toLowerCase() === newUsername.trim().toLowerCase())

  const effectiveRoles = selected ? getEffectiveRoles(selected) : []
  const availableGroups = MOCK_GROUPS.filter((g) => !selected?.directGroups.includes(g.id))
    .map((g) => ({ value: g.id, label: g.name }))
  const availableRoles = MOCK_ROLES.filter((r) => !selected?.directRoles.includes(r.name))
    .map((r) => ({ value: r.name, label: r.name }))

  function getUserGroupPath(user: MockUser): string {
    if (user.directGroups.length === 0) return 'no groups'
    const group = MOCK_GROUPS.find((g) => g.id === user.directGroups[0])
    if (!group) return 'no groups'
    const parent = group.parentId ? MOCK_GROUPS.find((g) => g.id === group.parentId) : null
    return parent ? `${parent.name} > ${group.name}` : group.name
  }

  return (
    <>
      <div className={styles.splitPane}>
        <div className={styles.listPane}>
          <div className={styles.listHeader}>
            <Input
              placeholder="Search users..."
              value={search}
              onChange={(e) => setSearch(e.target.value)}
              onClear={() => setSearch('')}
              className={styles.listHeaderSearch}
            />
            <Button size="sm" variant="secondary" onClick={() => setCreating(true)}>
              + Add user
            </Button>
          </div>

          {creating && (
            <div className={styles.createForm}>
              <RadioGroup name="provider" value={newProvider} onChange={(v) => setNewProvider(v as 'local' | 'oidc')} orientation="horizontal">
                <RadioItem value="local" label="Local" />
                <RadioItem value="oidc" label="OIDC" />
              </RadioGroup>
              <div className={styles.createFormRow}>
                <Input placeholder="Username *" value={newUsername} onChange={(e) => setNewUsername(e.target.value)} />
                <Input placeholder="Display name" value={newDisplay} onChange={(e) => setNewDisplay(e.target.value)} />
              </div>
              {duplicateUsername && <span style={{ color: 'var(--error)', fontSize: 11 }}>Username already exists</span>}
              <Input placeholder="Email" value={newEmail} onChange={(e) => setNewEmail(e.target.value)} />
              {newProvider === 'local' && (
                <Input placeholder="Password *" type="password" value={newPassword} onChange={(e) => setNewPassword(e.target.value)} />
              )}
              {newProvider === 'oidc' && (
                <InfoCallout variant="amber">
                  OIDC users authenticate via the configured identity provider. Pre-register to assign roles/groups before their first login.
                </InfoCallout>
              )}
              <div className={styles.createFormActions}>
                <Button size="sm" variant="ghost" onClick={() => setCreating(false)}>Cancel</Button>
                <Button
                  size="sm"
                  variant="primary"
                  onClick={handleCreate}
                  disabled={!newUsername.trim() || (newProvider === 'local' && !newPassword.trim()) || duplicateUsername}
                >
                  Create
                </Button>
              </div>
            </div>
          )}

          <div className={styles.entityList} role="listbox" aria-label="Users">
            {filtered.map((user) => (
              <div
                key={user.id}
                className={`${styles.entityItem} ${selectedId === user.id ? styles.entityItemSelected : ''}`}
                onClick={() => { setSelectedId(user.id); setResettingPassword(false) }}
                role="option"
                tabIndex={0}
                aria-selected={selectedId === user.id}
                onKeyDown={(e) => { if (e.key === 'Enter' || e.key === ' ') { e.preventDefault(); setSelectedId(user.id); setResettingPassword(false) } }}
              >
                <Avatar name={user.displayName} size="sm" />
                <div className={styles.entityInfo}>
                  <div className={styles.entityName}>
                    {user.displayName}
                    {user.provider !== 'local' && (
                      <Badge label={user.provider} color="running" variant="outlined" className={styles.providerBadge} />
                    )}
                  </div>
                  <div className={styles.entityMeta}>
                    {user.email} &middot; {getUserGroupPath(user)}
                  </div>
                  <div className={styles.entityTags}>
                    {user.directRoles.map((r) => <Badge key={r} label={r} color="warning" />)}
                    {user.directGroups.map((gId) => {
                      const g = MOCK_GROUPS.find((gr) => gr.id === gId)
                      return g ? <Badge key={gId} label={g.name} color="success" /> : null
                    })}
                  </div>
                </div>
              </div>
            ))}
            {filtered.length === 0 && (
              <div className={styles.emptySearch}>No users match your search</div>
            )}
          </div>
        </div>

        <div className={styles.detailPane}>
          {selected ? (
            <>
              <div className={styles.detailHeader}>
                <Avatar name={selected.displayName} size="lg" />
                <div className={styles.detailHeaderInfo}>
                  <div className={styles.detailName}>
                    <InlineEdit
                      value={selected.displayName}
                      onSave={(v) => updateUser(selected.id, { displayName: v })}
                    />
                  </div>
                  <div className={styles.detailEmail}>{selected.email}</div>
                </div>
                <Button
                  size="sm"
                  variant="danger"
                  onClick={() => setDeleteTarget(selected)}
                  disabled={selected.username === 'hendrik'}
                >
                  Delete
                </Button>
              </div>

              <SectionHeader>Status</SectionHeader>
              <div className={styles.sectionTags}>
                <Tag label="Active" color="success" />
              </div>

              <div className={styles.metaGrid}>
                <span className={styles.metaLabel}>ID</span>
                <MonoText size="xs">{selected.id}</MonoText>
                <span className={styles.metaLabel}>Created</span>
                <span className={styles.metaValue}>{new Date(selected.createdAt).toLocaleDateString()}</span>
                <span className={styles.metaLabel}>Provider</span>
                <span className={styles.metaValue}>{selected.provider}</span>
              </div>

              <SectionHeader>Security</SectionHeader>
              <div className={styles.securitySection}>
                {selected.provider === 'local' ? (
                  <>
                    <div className={styles.securityRow}>
                      <span className={styles.metaLabel}>Password</span>
                      <span className={styles.passwordDots}>••••••••</span>
                      {!resettingPassword && (
                        <Button size="sm" variant="ghost" onClick={() => { setResettingPassword(true); setNewPw('') }}>
                          Reset password
                        </Button>
                      )}
                    </div>
                    {resettingPassword && (
                      <div className={styles.resetForm}>
                        <Input
                          placeholder="New password"
                          type="password"
                          value={newPw}
                          onChange={(e) => setNewPw(e.target.value)}
                          className={styles.resetInput}
                        />
                        <Button size="sm" variant="ghost" onClick={() => setResettingPassword(false)}>Cancel</Button>
                        <Button
                          size="sm"
                          variant="primary"
                          onClick={() => { setResettingPassword(false); toast({ title: 'Password updated', description: selected.username, variant: 'success' }) }}
                          disabled={!newPw.trim()}
                        >
                          Set
                        </Button>
                      </div>
                    )}
                  </>
                ) : (
                  <>
                    <div className={styles.securityRow}>
                      <span className={styles.metaLabel}>Authentication</span>
                      <span className={styles.metaValue}>OIDC ({selected.provider})</span>
                    </div>
                    <InfoCallout variant="amber">
                      Password managed by the identity provider.
                    </InfoCallout>
                  </>
                )}
              </div>

              <SectionHeader>Group membership (direct only)</SectionHeader>
              <div className={styles.sectionTags}>
                {selected.directGroups.map((gId) => {
                  const g = MOCK_GROUPS.find((gr) => gr.id === gId)
                  return g ? (
                    <Tag
                      key={gId}
                      label={g.name}
                      color="success"
                      onRemove={() => {
                        const group = MOCK_GROUPS.find((gr) => gr.id === gId)
                        if (group && group.directRoles.length > 0) {
                          setRemoveGroupTarget(gId)
                        } else {
                          updateUser(selected.id, { directGroups: selected.directGroups.filter((id) => id !== gId) })
                          toast({ title: 'Group removed', variant: 'success' })
                        }
                      }}
                    />
                  ) : null
                })}
                {selected.directGroups.length === 0 && (
                  <span className={styles.inheritedNote}>(no groups)</span>
                )}
                <MultiSelect
                  options={availableGroups}
                  value={[]}
                  onChange={(ids) => {
                    updateUser(selected.id, { directGroups: [...selected.directGroups, ...ids] })
                    toast({ title: `${ids.length} group(s) added`, variant: 'success' })
                  }}
                  placeholder="+ Add"
                />
              </div>

              <SectionHeader>Effective roles (direct + inherited)</SectionHeader>
              <div className={styles.sectionTags}>
                {effectiveRoles.map(({ role, source }) =>
                  source === 'direct' ? (
                    <Tag
                      key={role}
                      label={role}
                      color="warning"
                      onRemove={() => {
                        updateUser(selected.id, { directRoles: selected.directRoles.filter((r) => r !== role) })
                        toast({ title: 'Role removed', description: role, variant: 'success' })
                      }}
                    />
                  ) : (
                    <Badge
                      key={role}
                      label={`${role} ↑ ${source}`}
                      color="warning"
                      variant="dashed"
                      className={styles.inherited}
                    />
                  )
                )}
                {effectiveRoles.length === 0 && (
                  <span className={styles.inheritedNote}>(no roles)</span>
                )}
                <MultiSelect
                  options={availableRoles}
                  value={[]}
                  onChange={(roles) => {
                    updateUser(selected.id, { directRoles: [...selected.directRoles, ...roles] })
                    toast({ title: `${roles.length} role(s) added`, variant: 'success' })
                  }}
                  placeholder="+ Add"
                />
              </div>
              {effectiveRoles.some((r) => r.source !== 'direct') && (
                <span className={styles.inheritedNote}>
                  Roles with ↑ are inherited through group membership
                </span>
              )}
            </>
          ) : (
            <div className={styles.emptyDetail}>Select a user to view details</div>
          )}
        </div>
      </div>

      <ConfirmDialog
        open={deleteTarget !== null}
        onClose={() => setDeleteTarget(null)}
        onConfirm={handleDelete}
        message={`Delete user "${deleteTarget?.username}"? This cannot be undone.`}
        confirmText={deleteTarget?.username ?? ''}
      />
      <AlertDialog
        open={removeGroupTarget !== null}
        onClose={() => setRemoveGroupTarget(null)}
        onConfirm={() => {
          if (removeGroupTarget && selected) {
            updateUser(selected.id, { directGroups: selected.directGroups.filter((id) => id !== removeGroupTarget) })
            toast({ title: 'Group removed', variant: 'success' })
          }
          setRemoveGroupTarget(null)
        }}
        title="Remove group membership"
        description={`Removing this group will also revoke inherited roles: ${MOCK_GROUPS.find((g) => g.id === removeGroupTarget)?.directRoles.join(', ') ?? ''}. Continue?`}
        confirmLabel="Remove"
        variant="warning"
      />
    </>
  )
}