from typing import List

from fastapi import APIRouter, Depends, HTTPException, Request, status
from sqlalchemy.ext.asyncio import AsyncSession

from backend.api.deps import AuthUser, get_current_user, require_roles
from backend.db.session import get_session
from backend.modules.users.models import RoleName
from backend.modules.users.schemas import UserCreate, UserOut, UserUpdate
from backend.modules.users.service import create_user, list_users, update_user, delete_user

router = APIRouter(prefix="/api/v1/users", tags=["users"])


@router.get("", response_model=List[UserOut])
async def get_users(
    session: AsyncSession = Depends(get_session),
    auth_user: AuthUser = Depends(require_roles([RoleName.ADMIN, RoleName.CUSTOMER_ADMIN])),
) -> List[UserOut]:
    users = await list_users(session, None if auth_user.role_name == RoleName.ADMIN.value else auth_user.customer_id)
    return [UserOut.model_validate(u) for u in users]


@router.post("", response_model=UserOut, status_code=status.HTTP_201_CREATED)
async def create_user_endpoint(
    payload: UserCreate,
    session: AsyncSession = Depends(get_session),
    auth_user: AuthUser = Depends(require_roles([RoleName.ADMIN, RoleName.CUSTOMER_ADMIN])),
) -> UserOut:
    customer_id = payload.customer_id if auth_user.role_name == RoleName.ADMIN.value else auth_user.customer_id
    user = await create_user(
        session,
        username=payload.username,
        email=payload.email,
        password=payload.password,
        role_id=payload.role_id,
        customer_id=customer_id,
        actor=auth_user.user,
    )
    return UserOut.model_validate(user)


@router.put("/{user_id}", response_model=UserOut)
async def update_user_endpoint(
    user_id: int,
    payload: UserUpdate,
    session: AsyncSession = Depends(get_session),
    auth_user: AuthUser = Depends(require_roles([RoleName.ADMIN, RoleName.CUSTOMER_ADMIN])),
) -> UserOut:
    update_data = payload.model_dump(exclude_unset=True)
    user = await update_user(session, user_id, update_data, auth_user.user)
    return UserOut.model_validate(user)


@router.delete("/{user_id}", status_code=status.HTTP_204_NO_CONTENT)
async def delete_user_endpoint(
    user_id: int,
    session: AsyncSession = Depends(get_session),
    auth_user: AuthUser = Depends(require_roles([RoleName.ADMIN, RoleName.CUSTOMER_ADMIN])),
):
    await delete_user(session, user_id, auth_user.user)