from typing import List, Optional

from fastapi import Depends, HTTPException, status
from fastapi.security import OAuth2PasswordBearer
from sqlalchemy.orm import Session

from src.apps.role_permission.services.permission_service import get_user_permissions
from src.apps.role_permission.services.role_service import get_user_role_slugs
from src.apps.user.schemas.user_schemas import UserReturnSchema
from src.core.dependencies import get_db
from src.utils.enums import UserAccessLevel
from src.utils.guard import get_current_user

oauth2_scheme = OAuth2PasswordBearer(tokenUrl="auth/token")


class PermissionGuard:
    """
    Permission based authorization middleware for FastAPI
    """

    def __init__(self, permissions: List[str]):
        self.permissions = permissions

    async def __call__(
        self,
        db: Session = Depends(get_db),
        current_user: UserReturnSchema = Depends(get_current_user),
    ) -> bool:
        user_roles = await get_user_role_slugs(db=db, user_id=current_user.user_id)
        print(f"User roles: {user_roles}")
        if UserAccessLevel.SUPER_ADMIN.value in user_roles:
            return True

        user_permissions = await get_user_permissions(db=db, user_id=current_user.user_id)

        for permission in self.permissions:
            if permission in user_permissions:
                return True
        raise HTTPException(
            status_code=status.HTTP_403_FORBIDDEN,
            detail="Insufficient permissions",
        )