from fastapi import APIRouter, Depends, HTTPException
from psycopg import AsyncConnection
from mm_api.db import get_conn
from mm_api.dependencies import current_user
from mm_api.models.permission import PermissionGroupCreate, GroupPermissionAssign, UserGroupAssign
import mm_api.services.permission as svc

router = APIRouter(tags=["permissions"])


@router.get("/permissions")
async def list_permissions(conn: AsyncConnection = Depends(get_conn)):
    return await svc.list_permissions(conn)


@router.get("/permission-groups")
async def list_groups(conn: AsyncConnection = Depends(get_conn)):
    return await svc.list_groups(conn)


@router.get("/permission-groups/{group_id}")
async def get_group(group_id: int, conn: AsyncConnection = Depends(get_conn)):
    group = await svc.get_group(conn, group_id)
    if not group:
        raise HTTPException(404, "Grup bulunamadı")
    return group


@router.post("/permission-groups", status_code=201)
async def create_group(
    data: PermissionGroupCreate,
    user: dict = Depends(current_user),
    conn: AsyncConnection = Depends(get_conn),
):
    if not await svc.can(conn, user["id"], "create", "user"):
        raise HTTPException(403, "Yetersiz yetki")
    return await svc.create_group(conn, data)


@router.put("/permission-groups/{group_id}/permissions")
async def set_group_permissions(
    group_id: int,
    data: GroupPermissionAssign,
    user: dict = Depends(current_user),
    conn: AsyncConnection = Depends(get_conn),
):
    if not await svc.can(conn, user["id"], "assign_group", "user"):
        raise HTTPException(403, "Yetersiz yetki")
    group = await svc.get_group(conn, group_id)
    if not group:
        raise HTTPException(404, "Grup bulunamadı")
    await svc.set_group_permissions(conn, group_id, data)
    return await svc.group_permissions(conn, group_id)


@router.get("/permission-groups/{group_id}/permissions")
async def get_group_permissions(group_id: int, conn: AsyncConnection = Depends(get_conn)):
    return await svc.group_permissions(conn, group_id)


@router.post("/user-groups")
async def assign_user_to_group(
    data: UserGroupAssign,
    user: dict = Depends(current_user),
    conn: AsyncConnection = Depends(get_conn),
):
    if not await svc.can(conn, user["id"], "assign_group", "user"):
        raise HTTPException(403, "Yetersiz yetki")
    await svc.assign_user_to_group(conn, data, granted_by=user["id"])
    return {"ok": True}


@router.delete("/user-groups/{user_id}/{group_id}")
async def remove_user_from_group(
    user_id: int,
    group_id: int,
    user: dict = Depends(current_user),
    conn: AsyncConnection = Depends(get_conn),
):
    if not await svc.can(conn, user["id"], "assign_group", "user"):
        raise HTTPException(403, "Yetersiz yetki")
    await svc.remove_user_from_group(conn, user_id, group_id)
    return {"ok": True}


@router.get("/users/{user_id}/groups")
async def get_user_groups(
    user_id: int,
    user: dict = Depends(current_user),
    conn: AsyncConnection = Depends(get_conn),
):
    return await svc.user_groups(conn, user_id)


@router.get("/users/{user_id}/permissions")
async def get_user_permissions(
    user_id: int,
    user: dict = Depends(current_user),
    conn: AsyncConnection = Depends(get_conn),
):
    return await svc.user_permissions(conn, user_id)