package MyApp::Controller::Admin;
use Mojo::Base 'Mojolicious::Controller';
use Mojo::Util qw(trim);

sub user_list {
    my $c = shift;
    return $c->redirect_to('/login') unless $c->is_logged_in;
    return $c->render(text => 'Access denied.', status => 403) unless $c->is_admin;

    my $users = $c->db->get_all_users();
    $c->stash(users => $users);
    $c->render('users_admin');
}

sub delete_user {
    my $c = shift;

    return $c->redirect_to('/noperm') unless $c->is_admin;

    my $id = $c->param('id');
    unless (defined $id && $id =~ /^\d+$/) {
        return $c->render_error('Invalid user ID');
    }
    $c->db->delete_user($id);

    return $c->redirect_to('/users');
}

sub approve_user {
    my $c = shift;
     return $c->redirect_to('/noperm') unless $c->is_admin;
    
    my $id = $c->param('id');
     unless (defined $id && $id =~ /^\d+$/) {
        return $c->render_error('Invalid user ID');
    }

    $c->db->approve_user($id);

    return $c->redirect_to('/users');
}

sub edit_user_form {
    my $c = shift;
     return $c->redirect_to('/noperm') unless $c->is_admin;
    my $id = $c->param('id');

    unless (defined $id && $id =~ /^\d+$/) {
        return $c->render_error('Invalid user ID');
    }

    my $user = $c->db->get_user_by_id($id);

    unless ($user) {
        return $c->render_error('User not found', 404);
    }

    $c->stash(user => $user);
    $c->render('user_edit');
}

sub edit_user {
    my $c = shift;

     return $c->redirect_to('/noperm') unless $c->is_admin;

    my $id = $c->param('id');
    my $username = trim($c->param('username') // '');
    my $email = trim($c->param('email') // '');
    my $is_admin = $c->param('is_admin') ? 1 : 0;
    my $password = $c->param('password');

    unless (defined $id && $id =~ /^\d+$/) {
        return $c->render_error('Invalid user ID');
    }

    return $c->render_error('Invalid username') unless $username =~ /^[a-zA-Z0-9_]{3,20}$/;
    return $c->render_error('Invalid email')
      unless $email =~ /^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/;
    
    if (defined $password && length $password > 0) {
        return $c->render_error('Password too short') if length($password) < 8;
        $c->db->update_user_password($id, $password);
    }
    
    $c->db->update_user($id, $username, $email, $is_admin);
    return $c->redirect_to('/users');
}

1;