<?php

namespace App\Http\Controllers;

use App\Enums\EventStatus;
use App\Enums\EventType;
use App\Enums\ParticipantStatus;
use App\Models\ActivityLog;
use App\Models\Event;
use App\Models\EventParticipant;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\DB;

class ParticipantController extends Controller
{
    public function update(Request $request, Event $event): RedirectResponse
    {
        $user = auth()->user();

        if ($event->status === EventStatus::Cancelled) {
            abort(403);
        }

        if (!$user->canAccessAdminPanel() && $event->status === EventStatus::Draft) {
            abort(403);
        }

        // Team-Zugriffspruefung: User muss Zugang zum Event-Team haben
        if (!$user->canAccessAdminPanel()) {
            if (!$user->accessibleTeamIds()->contains($event->team_id)) {
                abort(403);
            }
        }

        if ($event->type === EventType::Meeting) {
            return $this->updateMeetingParticipant($request, $event);
        }

        return $this->updatePlayerParticipant($request, $event);
    }

    private function updatePlayerParticipant(Request $request, Event $event): RedirectResponse
    {
        $user = auth()->user();

        $request->validate([
            'player_id' => 'required|integer',
            'status' => 'required|in:yes,no,unknown',
        ]);

        $participant = EventParticipant::where('event_id', $event->id)
            ->where('player_id', $request->player_id)
            ->firstOrFail();

        // Policy-Check: nur eigene Kinder oder Admin
        if (!$user->canAccessAdminPanel()) {
            $isParent = DB::table('parent_player')
                ->where('parent_id', $user->id)
                ->where('player_id', $request->player_id)
                ->exists();

            if (!$isParent) {
                abort(403);
            }
        }

        $oldStatus = $participant->status->value;

        $participant->status = ParticipantStatus::from($request->status);
        $participant->set_by_user_id = $user->id;
        $participant->responded_at = now();
        $participant->save();

        ActivityLog::logWithChanges('participant_status_changed', __('admin.log_participant_changed', ['event' => $event->title, 'status' => $request->status]), 'Event', $event->id, ['status' => $oldStatus, 'player' => $participant->player?->full_name ?? ''], ['status' => $request->status]);

        return redirect(route('events.show', $event) . '#participants');
    }

    private function updateMeetingParticipant(Request $request, Event $event): RedirectResponse
    {
        $user = auth()->user();

        $request->validate([
            'user_id' => 'required|integer',
            'status' => 'required|in:yes,no,unknown',
        ]);

        $participant = EventParticipant::where('event_id', $event->id)
            ->where('user_id', $request->user_id)
            ->firstOrFail();

        // Policy-Check: nur eigener Eintrag oder Admin
        if (!$user->canAccessAdminPanel() && (int) $participant->user_id !== $user->id) {
            abort(403);
        }

        $oldStatus = $participant->status->value;

        $participant->status = ParticipantStatus::from($request->status);
        $participant->set_by_user_id = $user->id;
        $participant->responded_at = now();
        $participant->save();

        ActivityLog::logWithChanges('participant_status_changed', __('admin.log_participant_changed', ['event' => $event->title, 'status' => $request->status]), 'Event', $event->id, ['status' => $oldStatus, 'player' => $participant->user?->name ?? ''], ['status' => $request->status]);

        return redirect(route('events.show', $event) . '#participants');
    }
}