mitgliederverwaltung/lib/mv_web/live/user_live/form.ex

defmodule MvWeb.UserLive.Form do
  use MvWeb, :live_view

  @impl true
  def render(assigns) do
    ~H"""
    <Layouts.app flash={@flash} current_user={@current_user}>
      <.header>
        {@page_title}
        <:subtitle>{gettext("Use this form to manage user records in your database.")}</:subtitle>
      </.header>

      <.form for={@form} id="user-form" phx-change="validate" phx-submit="save">
        <.input field={@form[:email]} label={gettext("Email")} required type="email" />
        
    <!-- Password Section -->
        <div class="mt-6">
          <label class="flex items-center space-x-2">
            <input
              type="checkbox"
              name="set_password"
              phx-click="toggle_password_section"
              checked={@show_password_fields}
              class="checkbox checkbox-sm"
            />
            <span class="text-sm font-medium">
              {if @user, do: gettext("Change Password"), else: gettext("Set Password")}
            </span>
          </label>

          <%= if @show_password_fields do %>
            <div class="mt-4 space-y-4 p-4 bg-gray-50 rounded-lg">
              <.input
                field={@form[:password]}
                label={gettext("Password")}
                type="password"
                required
                autocomplete="new-password"
              />
              
    <!-- Only show password confirmation for new users (register_with_password) -->
              <%= if !@user do %>
                <.input
                  field={@form[:password_confirmation]}
                  label={gettext("Confirm Password")}
                  type="password"
                  required
                  autocomplete="new-password"
                />
              <% end %>

              <div class="text-sm text-gray-600">
                <p><strong>{gettext("Password requirements")}:</strong></p>
                <ul class="list-disc list-inside text-xs mt-1 space-y-1">
                  <li>{gettext("At least 8 characters")}</li>
                  <li>{gettext("Include both letters and numbers")}</li>
                  <li>{gettext("Consider using special characters")}</li>
                </ul>
              </div>

              <%= if @user do %>
                <div class="mt-3 p-3 bg-orange-50 border border-orange-200 rounded">
                  <p class="text-sm text-orange-800">
                    <strong>{gettext("Admin Note")}:</strong> {gettext(
                      "As an administrator, you can directly set a new password for this user using the same secure Ash Authentication system."
                    )}
                  </p>
                </div>
              <% end %>
            </div>
          <% else %>
            <%= if @user do %>
              <div class="mt-4 p-4 bg-blue-50 rounded-lg">
                <p class="text-sm text-blue-800">
                  <strong>{gettext("Note")}:</strong> {gettext(
                    "Check 'Change Password' above to set a new password for this user."
                  )}
                </p>
              </div>
            <% else %>
              <div class="mt-4 p-4 bg-yellow-50 rounded-lg">
                <p class="text-sm text-yellow-800">
                  <strong>{gettext("Note")}:</strong> {gettext(
                    "User will be created without a password. Check 'Set Password' to add one."
                  )}
                </p>
              </div>
            <% end %>
          <% end %>
        </div>

        <.button phx-disable-with={gettext("Saving...")} variant="primary">
          {gettext("Save User")}
        </.button>
        <.button navigate={return_path(@return_to, @user)}>{gettext("Cancel")}</.button>
      </.form>
    </Layouts.app>
    """
  end

  @impl true
  def mount(params, _session, socket) do
    user =
      case params["id"] do
        nil -> nil
        id -> Ash.get!(Mv.Accounts.User, id, domain: Mv.Accounts)
      end

    action = if is_nil(user), do: gettext("New"), else: gettext("Edit")
    page_title = action <> " " <> gettext("User")

    {:ok,
     socket
     |> assign(:return_to, return_to(params["return_to"]))
     |> assign(user: user)
     |> assign(:page_title, page_title)
     |> assign(:show_password_fields, false)
     |> assign_form()}
  end

  defp return_to("show"), do: "show"
  defp return_to(_), do: "index"

  @impl true
  def handle_event("toggle_password_section", _params, socket) do
    show_password_fields = !socket.assigns.show_password_fields

    socket =
      socket
      |> assign(:show_password_fields, show_password_fields)
      |> assign_form()

    {:noreply, socket}
  end

  def handle_event("validate", %{"user" => user_params}, socket) do
    {:noreply, assign(socket, form: AshPhoenix.Form.validate(socket.assigns.form, user_params))}
  end

  def handle_event("save", %{"user" => user_params}, socket) do
    case AshPhoenix.Form.submit(socket.assigns.form, params: user_params) do
      {:ok, user} ->
        notify_parent({:saved, user})

        socket =
          socket
          |> put_flash(:info, "User #{socket.assigns.form.source.type}d successfully")
          |> push_navigate(to: return_path(socket.assigns.return_to, user))

        {:noreply, socket}

      {:error, form} ->
        {:noreply, assign(socket, form: form)}
    end
  end

  defp notify_parent(msg), do: send(self(), {__MODULE__, msg})

  defp assign_form(%{assigns: %{user: user, show_password_fields: show_password_fields}} = socket) do
    form =
      if user do
        # For existing users, use admin password action if password fields are shown
        action = if show_password_fields, do: :admin_set_password, else: :update_user
        AshPhoenix.Form.for_update(user, action, domain: Mv.Accounts, as: "user")
      else
        # For new users, use password registration if password fields are shown
        action = if show_password_fields, do: :register_with_password, else: :create_user

        AshPhoenix.Form.for_create(Mv.Accounts.User, action,
          domain: Mv.Accounts,
          as: "user"
        )
      end

    assign(socket, form: to_form(form))
  end

  defp return_path("index", _user), do: ~p"/users"
  defp return_path("show", user), do: ~p"/users/#{user.id}"
end