from django.core.management.base import BaseCommand
from apps.authentication.models import Permission


class Command(BaseCommand):
    help = 'Setup default permissions'

    def handle(self, *args, **kwargs):
        permissions = [
            # Dashboard
            {'resource': 'dashboard', 'action': 'view', 'description': 'View dashboard'},
            
            # Inventory
            {'resource': 'inventory', 'action': 'view', 'description': 'View inventory'},
            {'resource': 'inventory', 'action': 'create', 'description': 'Create inventory items'},
            {'resource': 'inventory', 'action': 'edit', 'description': 'Edit inventory items'},
            {'resource': 'inventory', 'action': 'delete', 'description': 'Delete inventory items'},
            
            # Sales
            {'resource': 'sales', 'action': 'view', 'description': 'View sales'},
            {'resource': 'sales', 'action': 'create', 'description': 'Create sales'},
            {'resource': 'sales', 'action': 'edit', 'description': 'Edit sales'},
            {'resource': 'sales', 'action': 'delete', 'description': 'Delete sales'},
            
            # Customers
            {'resource': 'customers', 'action': 'view', 'description': 'View customers'},
            {'resource': 'customers', 'action': 'create', 'description': 'Create customers'},
            {'resource': 'customers', 'action': 'edit', 'description': 'Edit customers'},
            {'resource': 'customers', 'action': 'delete', 'description': 'Delete customers'},
            
            # Warranty
            {'resource': 'warranty', 'action': 'view', 'description': 'View warranty'},
            {'resource': 'warranty', 'action': 'create', 'description': 'Create warranty'},
            {'resource': 'warranty', 'action': 'edit', 'description': 'Edit warranty'},
            
            # Transfers
            {'resource': 'transfers', 'action': 'view', 'description': 'View transfers'},
            {'resource': 'transfers', 'action': 'create', 'description': 'Create transfers'},
            
            # Reports
            {'resource': 'reports', 'action': 'view', 'description': 'View reports'},
            {'resource': 'reports', 'action': 'create', 'description': 'Generate reports'},
            
            # Settings
            {'resource': 'settings', 'action': 'view', 'description': 'View settings'},
            {'resource': 'settings', 'action': 'edit', 'description': 'Edit settings'},
        ]
        
        created_count = 0
        for perm_data in permissions:
            permission, created = Permission.objects.get_or_create(
                resource=perm_data['resource'],
                action=perm_data['action'],
                defaults={'description': perm_data['description']}
            )
            if created:
                created_count += 1
                self.stdout.write(
                    self.style.SUCCESS(
                        f"Created permission: {perm_data['resource']}.{perm_data['action']}"
                    )
                )
        
        self.stdout.write(
            self.style.SUCCESS(
                f"\nSuccessfully created {created_count} new permissions"
            )
        )


# Helper function to check permissions in views
def user_has_permission(user, business_id, resource, action):
    """
    Check if user has specific permission for a business
    
    Args:
        user: User instance
        business_id: UUID of the business
        resource: Permission resource (e.g., 'inventory')
        action: Permission action (e.g., 'view', 'create')
    
    Returns:
        bool: True if user has permission, False otherwise
    """
    from apps.authentication.models import BusinessMembership, RolePermission
    
    # Admin/superuser has all permissions
    if user.is_staff or user.is_superuser:
        return True
    
    # Get user's membership in the business
    try:
        membership = BusinessMembership.objects.select_related('role').get(
            user=user,
            business_id=business_id,
            status='ACTIVE'
        )
    except BusinessMembership.DoesNotExist:
        return False
    
    # Check if role has the permission
    has_perm = RolePermission.objects.filter(
        role=membership.role,
        permission__resource=resource,
        permission__action=action
    ).exists()
    
    return has_perm


def get_user_permissions(user, business_id):
    """
    Get all permissions for a user in a specific business
    
    Args:
        user: User instance
        business_id: UUID of the business
    
    Returns:
        list: List of permission strings in format "resource.action"
    """
    from apps.authentication.models import BusinessMembership, RolePermission
    
    # Admin/superuser has all permissions
    if user.is_staff or user.is_superuser:
        return [
            'dashboard.view',
            'inventory.view', 'inventory.create', 'inventory.edit', 'inventory.delete',
            'sales.view', 'sales.create', 'sales.edit', 'sales.delete',
            'customers.view', 'customers.create', 'customers.edit', 'customers.delete',
            'warranty.view', 'warranty.create', 'warranty.edit',
            'transfers.view', 'transfers.create',
            'reports.view', 'reports.create',
            'settings.view', 'settings.edit',
        ]
    
    try:
        membership = BusinessMembership.objects.select_related('role').get(
            user=user,
            business_id=business_id,
            status='ACTIVE'
        )
    except BusinessMembership.DoesNotExist:
        return []
    
    # Get all permissions for the role
    role_permissions = RolePermission.objects.filter(
        role=membership.role
    ).select_related('permission')
    
    permissions = [
        f"{rp.permission.resource}.{rp.permission.action}"
        for rp in role_permissions
    ]
    
    return permissions