##############################################################################
# ScoDoc
# Copyright (c) 1999 - 2022 Emmanuel Viennet.  All rights reserved.
# See LICENSE
##############################################################################

"""
  ScoDoc 9 API : accès aux utilisateurs
"""


from flask import g, jsonify, request
from flask_login import current_user, login_required

import app
from app import db, log
from app.api import api_bp as bp, api_web_bp
from app.api.errors import error_response
from app.auth.models import User, Role, UserRole
from app.decorators import scodoc, permission_required
from app.models import Departement
from app.scodoc.sco_exceptions import ScoValueError
from app.scodoc.sco_permissions import Permission


@bp.route("/user/<int:uid>")
@api_web_bp.route("/user/<int:uid>")
@login_required
@scodoc
@permission_required(Permission.ScoUsersView)
def user_info(uid: int):
    """
    Info sur un compte utilisateur scodoc
    """
    user: User = User.query.get(uid)
    if user is None:
        return error_response(404, "user not found")
    if g.scodoc_dept:
        allowed_depts = current_user.get_depts_with_permission(Permission.ScoUsersView)
        if user.dept not in allowed_depts:
            return error_response(404, "user not found")

    return jsonify(user.to_dict())


@bp.route("/users/query")
@api_web_bp.route("/users/query")
@login_required
@scodoc
@permission_required(Permission.ScoView)
def users_info_query():
    """Utilisateurs, filtrés par dept, active ou début nom
    /users/query?departement=dept_acronym&active=1&starts_with=<str:nom>

    Si accès via API web, seuls les utilisateurs "accessibles" (selon les
    permissions) sont retournés: le département de l'URL est ignoré, seules
    les permissions de l'utilisateur sont prises en compte.
    """
    query = User.query
    active = request.args.get("active")
    if active is not None:
        active = bool(str(active))
        query = query.filter_by(active=active)
    departement = request.args.get("departement")
    if departement is not None:
        query = query.filter_by(dept=departement or None)
    starts_with = request.args.get("starts_with")
    if starts_with is not None:
        # remove % and _ for security
        starts_with = starts_with.translate({ord(c): None for c in "%_"})
        query = query.filter(User.nom.ilike(starts_with + "%"))
    # Filtre selon permissions:
    query = (
        query.join(UserRole, (UserRole.dept == User.dept) | (UserRole.dept == None))
        .filter(UserRole.user == current_user)
        .join(Role, UserRole.role_id == Role.id)
        .filter(Role.permissions.op("&")(Permission.ScoUsersView) != 0)
    )

    query = query.order_by(User.user_name)
    return jsonify([u.to_dict() for u in query])