{# =========================================================================
   Shared permission-matrix macros.

   These render the three-page admin UX used by every onboarded app:
     1. perm_matrix_checkbox \u2014 dept \u00d7 value grid (baseline per dept).
     2. perm_matrix_tristate \u2014 role \u00d7 value grid with grant/revoke/Inherit per cell.
     3. perm_simulate_panel  \u2014 one role's effective list with source badges.

   The tri-state grid renders a live "Effective" column by delegating to
   /ui/js/permissions.js (initPermMatrix). The Python-side equivalent is
   coffeehouse_ui.permissions.compute_effective.
   ========================================================================= #}

{# -------------------------------------------------------------------------
   perm_matrix_checkbox
   rows    : list[{slug, display_name}]  \u2014 departments
   cols    : list[{slug, display_name}]  \u2014 dimension values (permissions /
             branch_types / branch_brands / categories etc.)
   values  : set[(row_slug, col_slug)]   \u2014 currently-true cells
   save_url: form POST target
   labels  : optional {empty: str, save: str, row_header: str, col_header: str}
   ------------------------------------------------------------------------- #}
{% macro perm_matrix_checkbox(rows, cols, values, save_url, labels=None) %}
{% set lbl = labels or {} %}
<form method="post" action="{{ save_url }}" class="perm-matrix-checkbox">
    <input type="hidden" name="csrftoken" value="{{ request.cookies.get('csrftoken', '') }}">
    {% if rows and cols %}
    {# Same cap-height + dual-axis scroll pattern as perm_matrix_tristate, so
       the horizontal scrollbar stays in viewport on tall matrices. #}
    <div class="overflow-x-auto overflow-y-auto max-h-[75vh] card bg-base-100 shadow-sm card-table">
        <table class="table table-zebra text-sm">
            <thead class="sticky top-0 z-30 bg-base-100">
                <tr class="bg-base-200">
                    <th scope="col" class="sticky left-0 bg-base-200 z-10">
                        {{ lbl.row_header or "Department" }}
                    </th>
                    {% for c in cols %}
                    <th scope="col" class="text-center whitespace-nowrap font-semibold bg-base-200"
                        title="{{ c.slug }}">
                        {{ c.display_name }}
                    </th>
                    {% endfor %}
                </tr>
            </thead>
            <tbody>
                {% for r in rows %}
                <tr>
                    <th scope="row" class="sticky left-0 bg-base-100 z-10 whitespace-nowrap font-semibold"
                        title="{{ r.slug }}">
                        {{ r.display_name }}
                    </th>
                    {% for c in cols %}
                    <td class="text-center">
                        <input type="checkbox"
                               name="cell__{{ r.slug }}__{{ c.slug }}"
                               value="1"
                               class="checkbox checkbox-sm"
                               {% if (r.slug, c.slug) in values %}checked{% endif %}>
                    </td>
                    {% endfor %}
                </tr>
                {% endfor %}
            </tbody>
        </table>
    </div>
    <div class="flex gap-2 mt-4">
        <button type="submit" class="btn btn-primary btn-sm">{{ lbl.save or "Save" }}</button>
    </div>
    {% else %}
    <div class="text-sm text-base-content/60 italic">{{ lbl.empty or "Nothing to configure." }}</div>
    {% endif %}
</form>
{% endmacro %}


{# -------------------------------------------------------------------------
   perm_matrix_tristate
   rows       : list[{slug, display_name, dept_slug}]
                role rows; dept_slug is used to look up the dept's baseline.
   cols       : list[{slug, display_name}]
                dimension values. The display_name is what the live "Effective"
                column renders for each badge; the slug is preserved as the
                badge `title=` tooltip so admins can still see the underlying
                identifier on hover.
   groupings  : optional list[{dept_slug, display_name}]
                when set, column header shows "grouped by dept" headings.
                (cols stay flat; groupings is just the legend).
   dept_values: dict[dept_slug -> list[str]]  \u2014 baseline per dept.
   role_modes : dict[(role_slug, value) -> "grant"|"revoke"]
   save_url   : form POST target
   labels     : optional {save: str, empty: str, effective: str}
   ------------------------------------------------------------------------- #}
{% macro perm_matrix_tristate(rows, cols, dept_values, role_modes, save_url, labels=None, groupings=None) %}
{% set lbl = labels or {} %}
{# Build slug -> display_name map. Jinja has no dict comprehensions, so we
   use the standard side-effect `update` idiom: `update` returns None
   (falsy), so the empty `{% if %}` body never renders -- only the side
   effect lands. #}
{% set _col_display = {} %}
{%- for _c in cols -%}
{%- if _col_display.update({_c.slug: _c.display_name}) -%}{%- endif -%}
{%- endfor -%}
<form method="post"
      action="{{ save_url }}"
      class="perm-matrix-tristate"
      data-perm-matrix
      data-dept-values='{{ dept_values | tojson }}'
      data-col-display='{{ _col_display | tojson }}'>
    <input type="hidden" name="csrftoken" value="{{ request.cookies.get('csrftoken', '') }}">
    {% if rows and cols %}
    {# Cap viewport height + scroll both axes inside the container so the
       horizontal scrollbar stays visible regardless of which row you're
       viewing -- otherwise on a tall matrix the scrollbar lives below the
       fold and admins have to scroll the page just to find it. #}
    <div class="overflow-x-auto overflow-y-auto max-h-[75vh] card bg-base-100 shadow-sm card-table">
        <table class="table table-zebra text-sm">
            <thead class="sticky top-0 z-30 bg-base-100">
                {% if groupings %}
                <tr class="text-xs text-base-content/60 bg-base-100">
                    <th scope="col" class="bg-base-100" aria-hidden="true"></th>
                    {% for c in cols %}
                    <th scope="col" class="text-center whitespace-nowrap bg-base-100">
                        {{ c.get('group_display_name') or '' }}
                    </th>
                    {% endfor %}
                    <th scope="col" class="bg-base-100" aria-hidden="true"></th>
                </tr>
                {% endif %}
                <tr class="bg-base-200">
                    <th scope="col" class="sticky left-0 bg-base-200 z-10">Role</th>
                    {% for c in cols %}
                    <th scope="col" class="text-center whitespace-nowrap font-semibold bg-base-200"
                        title="{{ c.slug }}">
                        {{ c.display_name }}
                    </th>
                    {% endfor %}
                    <th scope="col" class="whitespace-nowrap bg-base-200">{{ lbl.effective or "Effective" }}</th>
                </tr>
            </thead>
            <tbody>
                {% for r in rows %}
                <tr data-role-slug="{{ r.slug }}" data-dept-slug="{{ r.dept_slug or '' }}">
                    <th scope="row" class="sticky left-0 bg-base-100 z-10 whitespace-nowrap font-semibold"
                        title="{{ r.slug }}{% if r.dept_slug %} \u00b7 dept: {{ r.dept_slug }}{% endif %}">
                        {{ r.display_name }}
                    </th>
                    {% for c in cols %}
                    {% set mode = role_modes.get((r.slug, c.slug)) %}
                    <td class="text-center">
                        <select name="cell__{{ r.slug }}__{{ c.slug }}"
                                class="select select-bordered select-sm w-20"
                                data-cell data-col="{{ c.slug }}">
                            <option value="" {% if not mode %}selected{% endif %}>Inherit</option>
                            <option value="grant" {% if mode == 'grant' %}selected{% endif %}>grant</option>
                            <option value="revoke" {% if mode == 'revoke' %}selected{% endif %}>revoke</option>
                        </select>
                    </td>
                    {% endfor %}
                    <td class="min-w-48 align-top">
                        <div class="text-xs max-h-32 overflow-y-auto space-y-0.5" data-effective></div>
                    </td>
                </tr>
                {% endfor %}
            </tbody>
        </table>
    </div>
    <div class="flex gap-2 mt-4">
        <button type="submit" class="btn btn-primary btn-sm" data-save-disabled>{{ lbl.save or "Save" }}</button>
        <span class="text-xs text-base-content/50 self-center" data-dirty-note hidden>Unsaved changes</span>
    </div>
    {% else %}
    <div class="text-sm text-base-content/60 italic">{{ lbl.empty or "Nothing to configure." }}</div>
    {% endif %}
</form>
<script src="/ui/js/permissions.js?v={{ static_v|default('') }}" defer></script>
{% endmacro %}


{# -------------------------------------------------------------------------
   perm_simulate_panel
   role          : {slug, display_name, dept_slug}
   rows          : list[{value, source: "dept"|"grant"|"revoke", dept_slug?}]
                   already sorted. "dept" rows come from the baseline; "grant"
                   rows come from the role's grants; "revoke" rows are the
                   struck-through values that would otherwise apply.
   display_lookup: optional dict[str, str] mapping value-slug -> display_name.
                   When omitted (or missing a key) the raw slug renders. The
                   slug is always set as a `title=` tooltip for hover lookup.
   ------------------------------------------------------------------------- #}
{% macro perm_simulate_panel(role, rows, display_lookup=None) %}
{% set _disp = display_lookup or {} %}
<div class="card bg-base-100 shadow-sm">
    <div class="card-body">
        <h3 class="card-title text-base">
            {{ role.display_name }}
            <span class="text-xs text-base-content/60">({{ role.slug }})</span>
            {% if role.dept_slug %}
            <span class="badge badge-ghost badge-sm ml-2">{{ role.dept_slug }}</span>
            {% endif %}
        </h3>
        {% if rows %}
        <ul class="space-y-1 text-sm">
            {% for r in rows %}
            <li class="flex items-center gap-2">
                {% if r.source == 'revoke' %}
                <span class="badge badge-error badge-sm">revoke</span>
                <span class="line-through text-base-content/50" title="{{ r.value }}">{{ _disp.get(r.value) or r.value }}</span>
                {% elif r.source == 'grant' %}
                <span class="badge badge-success badge-sm">role grant</span>
                <span title="{{ r.value }}">{{ _disp.get(r.value) or r.value }}</span>
                {% else %}
                <span class="badge badge-ghost badge-sm">from dept: {{ r.dept_slug or role.dept_slug or '-' }}</span>
                <span title="{{ r.value }}">{{ _disp.get(r.value) or r.value }}</span>
                {% endif %}
            </li>
            {% endfor %}
        </ul>
        {% else %}
        <p class="text-sm text-base-content/60 italic">No effective values.</p>
        {% endif %}
    </div>
</div>
{% endmacro %}