{% extends "base.html" %}
{% block title %}Security Audit - {{ conn.name }}{% endblock %}

{% block content %}
<div class="page-header">
    <h1 class="icon" id="databases">Security Audit</h1>
    <p class="subtitle">{{ conn.name }} - {{ audit.audited_at.strftime('%Y-%m-%d %H:%M') }}</p>
    <div class="header-actions">
        <a href="{{ url_for('databases.detail', connection_id=conn.id) }}" class="btn btn-secondary">← Back</a>
        <form action="{{ url_for('databases.run_audit', connection_id=conn.id) }}" method="POST" style="display: inline;">
            <button type="submit" class="btn btn-primary">🔄 Run New Audit</button>
        </form>
    </div>
</div>

<div class="stats-grid">
    <div class="stat-card">
        <div class="stat-label">Status</div>
        <div class="stat-value">
            <span class="badge badge-{{ 'success' if audit.status == 'success' else 'danger' }}">
                {{ audit.status|upper }}
            </span>
        </div>
    </div>
    <div class="stat-card">
        <div class="stat-label">Users</div>
        <div class="stat-value">{{ audit.user_count }}</div>
    </div>
    <div class="stat-card">
        <div class="stat-label">Issues Found</div>
        <div class="stat-value {% if audit.issue_count > 0 %}text-warning{% endif %}">
            {{ audit.issue_count }}
        </div>
    </div>
    <div class="stat-card">
        <div class="stat-label">Critical Issues</div>
        <div class="stat-value {% if audit.critical_issues > 0 %}text-danger{% endif %}">
            {{ audit.critical_issues }}
        </div>
    </div>
</div>

{% if audit.results and audit.results.issues %}
<div class="card">
    <div class="card-header">
        <h2>🚨 Security Issues</h2>
    </div>
    <div class="card-body">
        <table class="table">
            <thead>
                <tr>
                    <th style="width: 120px;">Severity</th>
                    <th style="width: 150px;">Type</th>
                    <th>Message</th>
                </tr>
            </thead>
            <tbody>
                {% for issue in audit.results.issues %}
                <tr>
                    <td>
                        <span class="badge badge-{{ 'critical' if issue.severity == 'critical' else 'warning' if issue.severity == 'warning' else 'info' }}">
                            {{ issue.severity|upper }}
                        </span>
                    </td>
                    <td><code>{{ issue.type }}</code></td>
                    <td>{{ issue.message }}</td>
                </tr>
                {% endfor %}
            </tbody>
        </table>
    </div>
</div>
{% endif %}

{% if audit.results and audit.results.users %}
<div class="card">
    <div class="card-header">
        <h2>👤 Database Users</h2>
    </div>
    <div class="card-body">
        <table class="table">
            <thead>
                <tr>
                    <th>User</th>
                    <th>Can Login</th>
                    <th>Superuser/Admin</th>
                    <th>Has Password</th>
                    <th>Other Info</th>
                </tr>
            </thead>
            <tbody>
                {% for user in audit.results.users %}
                <tr>
                    <td><strong>{{ user.name }}</strong></td>
                    <td>
                        {% if user.can_login %}
                        <span class="badge badge-success">Yes</span>
                        {% else %}
                        <span class="badge badge-secondary">No</span>
                        {% endif %}
                    </td>
                    <td>
                        {% if user.is_superuser or user.is_sysadmin %}
                        <span class="badge badge-warning">Yes</span>
                        {% else %}
                        <span class="badge badge-secondary">No</span>
                        {% endif %}
                    </td>
                    <td>
                        {% if user.has_password %}
                        <span class="badge badge-success">Yes</span>
                        {% else %}
                        <span class="badge badge-danger">No</span>
                        {% endif %}
                    </td>
                    <td>
                        {% if user.host %}<code>@{{ user.host }}</code>{% endif %}
                        {% if user.can_create_db %}<span class="badge badge-info">CREATE DB</span>{% endif %}
                        {% if user.can_create_role %}<span class="badge badge-info">CREATE ROLE</span>{% endif %}
                        {% if user.is_replication %}<span class="badge badge-info">REPLICATION</span>{% endif %}
                    </td>
                </tr>
                {% endfor %}
            </tbody>
        </table>
    </div>
</div>
{% endif %}

{% if audit.results and audit.results.permissions %}
<div class="card">
    <div class="card-header">
        <h2>🔑 Permissions</h2>
    </div>
    <div class="card-body">
        <table class="table">
            <thead>
                <tr>
                    <th>User</th>
                    {% if audit.results.permissions[0].grant is defined %}
                    <th>Grant</th>
                    {% else %}
                    <th>Database/Object</th>
                    <th>Privilege</th>
                    {% endif %}
                </tr>
            </thead>
            <tbody>
                {% for perm in audit.results.permissions[:50] %}
                <tr>
                    <td>
                        <strong>{{ perm.user or perm.user_name or perm.grantee }}</strong>
                        {% if perm.host %}@{{ perm.host }}{% endif %}
                    </td>
                    {% if perm.grant is defined %}
                    <td><code style="font-size: 0.8rem;">{{ perm.grant }}</code></td>
                    {% else %}
                    <td>{{ perm.database or perm.table_catalog or '-' }}</td>
                    <td>{{ perm.privilege_type or perm.permission_name or '-' }}</td>
                    {% endif %}
                </tr>
                {% endfor %}
            </tbody>
        </table>
        {% if audit.results.permissions|length > 50 %}
        <p class="text-muted" style="margin-top: 0.5rem;">Showing 50 of {{ audit.results.permissions|length }} permission entries.</p>
        {% endif %}
    </div>
</div>
{% endif %}

{% if audit.error_message %}
<div class="card">
    <div class="card-header">
        <h2>Error</h2>
    </div>
    <div class="card-body">
        <div class="alert alert-danger">
            {{ audit.error_message }}
        </div>
    </div>
</div>
{% endif %}

<style>
.stats-grid {
    display: grid;
    grid-template-columns: repeat(auto-fit, minmax(150px, 1fr));
    gap: 1rem;
    margin-bottom: 1.5rem;
}

.stat-card {
    background: var(--bg-secondary);
    padding: 1rem;
    border-radius: 8px;
    text-align: center;
}

.stat-label {
    font-size: 0.75rem;
    color: var(--text-secondary);
    text-transform: uppercase;
    margin-bottom: 0.5rem;
}

.stat-value {
    font-size: 1.25rem;
    font-weight: 700;
}

.text-warning {
    color: var(--warning) !important;
}

.text-danger {
    color: var(--danger) !important;
}

.alert-danger {
    background: rgba(220, 53, 69, 0.1);
    border: 1px solid var(--danger);
    padding: 0.75rem 1rem;
    border-radius: 4px;
}
</style>
{% endblock %}