"""
Django management command to verify role setup and permissions.

Usage:
    python manage.py verify_roles
    python manage.py verify_roles --business-id=<uuid>
    python manage.py verify_roles --detailed
"""

from django.core.management.base import BaseCommand
from apps.authentication.models import Permission, Role, RolePermission
from apps.business.models import Business
import logging

logger = logging.getLogger(__name__)


class Command(BaseCommand):
    help = 'Verify role setup and permissions for businesses'

    def add_arguments(self, parser):
        parser.add_argument(
            '--business-id',
            type=str,
            help='Specific business ID to verify',
        )
        parser.add_argument(
            '--detailed',
            action='store_true',
            help='Show detailed permission breakdown',
        )

    def handle(self, *args, **options):
        business_id = options.get('business_id')
        detailed = options.get('detailed')

        self.stdout.write(self.style.SUCCESS('=== Role Verification ==='))

        # Get total permissions
        total_permissions = Permission.objects.count()
        self.stdout.write(f'Total permissions in system: {total_permissions}')

        # Get businesses
        if business_id:
            businesses = Business.objects.filter(id=business_id)
        else:
            businesses = Business.objects.all()

        self.stdout.write(f'Checking {businesses.count()} business(es)...\n')

        # Standard roles to check
        standard_roles = ['OWNER', 'ADMIN', 'MANAGER', 'SALES_AGENT', 
                         'INVENTORY_CLERK', 'ACCOUNTANT', 'VIEWER']

        # Verify each business
        for business in businesses:
            self.stdout.write(self.style.SUCCESS(f'{business.name}:'))
            
            business_roles = Role.objects.filter(business=business)
            
            if not business_roles.exists():
                self.stdout.write(self.style.ERROR(
                    '  ✗ NO ROLES FOUND - Run setup_roles command'
                ))
                continue

            for role_name in standard_roles:
                role = business_roles.filter(name=role_name).first()
                
                if not role:
                    self.stdout.write(self.style.WARNING(
                        f'  ⚠ {role_name}: Role not found'
                    ))
                    continue

                # Count permissions
                perm_count = RolePermission.objects.filter(role=role).count()
                
                if perm_count == 0:
                    self.stdout.write(self.style.ERROR(
                        f'  ✗ {role_name}: NO PERMISSIONS'
                    ))
                elif role_name in ['OWNER', 'ADMIN'] and perm_count != total_permissions:
                    self.stdout.write(self.style.WARNING(
                        f'  ⚠ {role_name}: {perm_count}/{total_permissions} permissions '
                        f'(should have all permissions)'
                    ))
                else:
                    self.stdout.write(self.style.SUCCESS(
                        f'  ✓ {role_name}: {perm_count} permissions'
                    ))

                # Show detailed breakdown if requested
                if detailed and perm_count > 0:
                    self._show_permission_breakdown(role)

            self.stdout.write('')  # Blank line between businesses

    def _show_permission_breakdown(self, role):
        """Show detailed permission breakdown by resource"""
        role_permissions = RolePermission.objects.filter(
            role=role
        ).select_related('permission').order_by('permission__resource', 'permission__action')

        # Group by resource
        resources = {}
        for rp in role_permissions:
            resource = rp.permission.resource
            action = rp.permission.action
            
            if resource not in resources:
                resources[resource] = []
            resources[resource].append(action)

        for resource, actions in sorted(resources.items()):
            self.stdout.write(f'      {resource}: {", ".join(sorted(actions))}')