<?php

namespace App\Filament\Resources\TenantResource\Pages;

use App\Filament\Resources\TenantResource;
use App\Models\Tenant;
use App\Services\Intune\AuditLogger;
use App\Services\Intune\RbacHealthService;
use App\Services\Intune\TenantConfigService;
use App\Services\Intune\TenantPermissionService;
use Filament\Actions;
use Filament\Notifications\Notification;
use Filament\Resources\Pages\ViewRecord;

class ViewTenant extends ViewRecord
{
    protected static string $resource = TenantResource::class;

    protected function getHeaderActions(): array
    {
        return [
            Actions\ActionGroup::make([
                Actions\EditAction::make(),
                Actions\Action::make('admin_consent')
                    ->label('Admin consent')
                    ->icon('heroicon-o-clipboard-document')
                    ->url(fn (Tenant $record) => TenantResource::adminConsentUrl($record))
                    ->visible(fn (Tenant $record) => TenantResource::adminConsentUrl($record) !== null)
                    ->openUrlInNewTab(),
                Actions\Action::make('open_in_entra')
                    ->label('Open in Entra')
                    ->icon('heroicon-o-arrow-top-right-on-square')
                    ->url(fn (Tenant $record) => TenantResource::entraUrl($record))
                    ->visible(fn (Tenant $record) => TenantResource::entraUrl($record) !== null)
                    ->openUrlInNewTab(),
                Actions\Action::make('verify')
                    ->label('Verify configuration')
                    ->icon('heroicon-o-check-badge')
                    ->color('primary')
                    ->requiresConfirmation()
                    ->action(function (
                        Tenant $record,
                        TenantConfigService $configService,
                        TenantPermissionService $permissionService,
                        RbacHealthService $rbacHealthService,
                        AuditLogger $auditLogger
                    ) {
                        TenantResource::verifyTenant($record, $configService, $permissionService, $rbacHealthService, $auditLogger);
                    }),
                TenantResource::rbacAction(),
                Actions\Action::make('archive')
                    ->label('Deactivate')
                    ->color('danger')
                    ->icon('heroicon-o-archive-box-x-mark')
                    ->requiresConfirmation()
                    ->visible(fn (Tenant $record) => ! $record->trashed())
                    ->action(function (Tenant $record, AuditLogger $auditLogger) {
                        $record->delete();

                        $auditLogger->log(
                            tenant: $record,
                            action: 'tenant.archived',
                            resourceType: 'tenant',
                            resourceId: (string) $record->id,
                            status: 'success',
                            context: ['metadata' => ['tenant_id' => $record->tenant_id]]
                        );

                        Notification::make()
                            ->title('Tenant deactivated')
                            ->body('The tenant has been archived and hidden from lists.')
                            ->success()
                            ->send();
                    }),
            ])
                ->label('Actions')
                ->icon('heroicon-o-ellipsis-vertical')
                ->color('gray'),
        ];
    }
}