mitgliederverwaltung/lib/mv_web/live/role_live/show.ex

defmodule MvWeb.RoleLive.Show do
  @moduledoc """
  LiveView for displaying a single role's details.

  ## Features
  - Display role information (name, description, permission_set_name, is_system_role)
  - Navigate to edit form
  - Return to role list

  ## Security
  Only admins can access this page (enforced by authorization).
  """
  use MvWeb, :live_view

  alias Mv.Accounts

  require Ash.Query

  @impl true
  def mount(%{"id" => id}, _session, socket) do
    # Ensure current_user has role loaded for authorization checks
    socket =
      if socket.assigns[:current_user] do
        user = socket.assigns.current_user

        user_with_role =
          case Map.get(user, :role) do
            %Ash.NotLoaded{} -> Ash.load!(user, :role, domain: Mv.Accounts)
            nil -> Ash.load!(user, :role, domain: Mv.Accounts)
            role when not is_nil(role) -> user
          end

        assign(socket, :current_user, user_with_role)
      else
        socket
      end

    role = Ash.get!(Mv.Authorization.Role, id, domain: Mv.Authorization)
    user_count = load_user_count(role)

    {:ok,
     socket
     |> assign(:page_title, gettext("Show Role"))
     |> assign(:role, role)
     |> assign(:user_count, user_count)}
  end

  @impl true
  def handle_event("delete", %{"id" => id}, socket) do
    {:ok, role} = Mv.Authorization.get_role(id)
    user_count = socket.assigns.user_count

    if user_count > 0 do
      {:noreply,
       put_flash(
         socket,
         :error,
         gettext(
           "Cannot delete role. %{count} user(s) are still assigned to this role. Please assign them to another role first.",
           count: user_count
         )
       )}
    else
      case Mv.Authorization.destroy_role(role) do
        :ok ->
          {:noreply,
           socket
           |> put_flash(:info, gettext("Role deleted successfully."))
           |> push_navigate(to: ~p"/admin/roles")}

        {:error, error} ->
          error_message = format_error(error)

          {:noreply,
           put_flash(
             socket,
             :error,
             gettext("Failed to delete role: %{error}", error: error_message)
           )}
      end
    end
  end

  defp load_user_count(role) do
    case Ash.count(Accounts.User |> Ash.Query.filter(role_id == ^role.id)) do
      {:ok, count} -> count
      _ -> 0
    end
  end

  @impl true
  def render(assigns) do
    ~H"""
    <Layouts.app flash={@flash} current_user={@current_user}>
      <.header>
        {gettext("Role")} {@role.name}
        <:subtitle>{gettext("Role details and permissions.")}</:subtitle>

        <:actions>
          <.button navigate={~p"/admin/roles"} aria-label={gettext("Back to roles list")}>
            <.icon name="hero-arrow-left" />
            <span class="sr-only">{gettext("Back to roles list")}</span>
          </.button>
          <%= if can?(@current_user, :update, Mv.Authorization.Role) do %>
            <.button variant="primary" navigate={~p"/admin/roles/#{@role}/edit"}>
              <.icon name="hero-pencil-square" /> {gettext("Edit Role")}
            </.button>
          <% end %>
          <%= if can?(@current_user, :destroy, Mv.Authorization.Role) and not @role.is_system_role do %>
            <.link
              phx-click={JS.push("delete", value: %{id: @role.id})}
              data-confirm={gettext("Are you sure?")}
              class="btn btn-error"
            >
              <.icon name="hero-trash" /> {gettext("Delete Role")}
            </.link>
          <% end %>
        </:actions>
      </.header>

      <.list>
        <:item title={gettext("Name")}>{@role.name}</:item>
        <:item title={gettext("Description")}>
          <%= if @role.description do %>
            {@role.description}
          <% else %>
            <span class="text-base-content/70 italic">{gettext("No description")}</span>
          <% end %>
        </:item>
        <:item title={gettext("Permission Set")}>
          <span class={permission_set_badge_class(@role.permission_set_name)}>
            {@role.permission_set_name}
          </span>
        </:item>
        <:item title={gettext("System Role")}>
          <%= if @role.is_system_role do %>
            <span class="badge badge-warning">{gettext("Yes")}</span>
          <% else %>
            <span class="badge badge-ghost">{gettext("No")}</span>
          <% end %>
        </:item>
      </.list>
    </Layouts.app>
    """
  end

  defp format_error(%Ash.Error.Invalid{} = error) do
    Enum.map_join(error.errors, ", ", fn e -> e.message end)
  end

  defp format_error(error) when is_binary(error), do: error
  defp format_error(_error), do: gettext("An error occurred")

  defp permission_set_badge_class("own_data"), do: "badge badge-neutral badge-sm"
  defp permission_set_badge_class("read_only"), do: "badge badge-info badge-sm"
  defp permission_set_badge_class("normal_user"), do: "badge badge-success badge-sm"
  defp permission_set_badge_class("admin"), do: "badge badge-error badge-sm"
  defp permission_set_badge_class(_), do: "badge badge-ghost badge-sm"
end