# frozen_string_literal: true

module ReleaseTools
  module ReleaseManagers
    class Client
      include ::SemanticLogger::Loggable

      SyncError = Class.new(StandardError)
      UserNotFoundError = Class.new(SyncError)
      UnauthorizedError = Class.new(SyncError)

      GITLAB_API_ENDPOINT = 'https://gitlab.com/api/v4'
      DEV_API_ENDPOINT = 'https://dev.gitlab.org/api/v4'
      OPS_API_ENDPOINT = 'https://ops.gitlab.net/api/v4'

      MASTER_ACCESS = 40

      attr_reader :sync_errors, :target

      # Initialize a GitLab API client specific to Release Manager tasks
      #
      # target - Target :production, :dev or :ops environment (default: :production)
      def initialize(target = :production)
        @sync_errors = []
        @target = target

        case target
        when :dev
          @group = 'gitlab/release/managers'
          @client = Gitlab.client(
            endpoint: DEV_API_ENDPOINT,
            private_token: ENV.fetch('RELEASE_BOT_DEV_TOKEN', nil)
          )
        when :ops
          @group = 'gitlab-org/release/managers'
          @client = Gitlab.client(
            endpoint: OPS_API_ENDPOINT,
            private_token: ENV.fetch('RELEASE_BOT_OPS_TOKEN', nil)
          )
        else
          @target = :production
          @group = 'gitlab-org/release/managers'
          @client = Gitlab.client(
            endpoint: GITLAB_API_ENDPOINT,
            private_token: ENV.fetch('RELEASE_BOT_PRODUCTION_TOKEN', nil)
          )
        end
      end

      def members
        client.group_members(group)
      end

      def sync_membership(usernames)
        logger.info('Syncing membership', target: target)

        usernames.map!(&:downcase)
        existing = member_usernames

        to_add = usernames - existing
        to_remove = existing - usernames

        to_add.each do |username|
          track_sync_errors { add_member(username) }
        end
        to_remove.each do |username|
          track_sync_errors { remove_member(username) }
        end
      rescue Gitlab::Error::Unauthorized
        sync_errors << UnauthorizedError.new("Unauthorized")
      rescue Gitlab::Error::Forbidden
        sync_errors << UnauthorizedError.new('Insufficient permissions')
      end

      def join(username)
        track_sync_errors do
          if member_usernames.include?(username)
            logger.warn('User is already part of the group', username: username)
            return
          end

          add_member(username)
        end
      end

      def leave(username)
        track_sync_errors do
          unless member_usernames.include?(username)
            logger.warn('User is not part of the group', username: username)
            return
          end

          remove_member(username)
        end
      end

      def get_user(username)
        user = client
          .users(username: username)
          .first

        user || raise(UserNotFoundError, "#{username} not found")
      end

      private

      attr_reader :client, :group

      def member_usernames
        members.collect { |member| member.username.downcase }
      end

      def add_member(username)
        user = get_user(username)

        logger.info('Adding user to group', user: user.username, group: group)
        client.add_group_member(group, user.id, MASTER_ACCESS)
      rescue Gitlab::Error::Conflict => ex
        raise SyncError.new(ex) unless ex.message.include?('Member already exists')
      rescue Gitlab::Error::BadRequest => ex
        # Ignore when a new member has greater permissions via group inheritance
        raise SyncError.new(ex) unless ex.message.include?('should be greater than or equal to')
      end

      def remove_member(username)
        user = get_user(username)

        logger.info('Removing user from group', user: username, group: group)
        client.remove_group_member(group, user.id)
      end

      def track_sync_errors
        yield
      rescue SyncError => ex
        sync_errors << ex
      end
    end
  end
end