from uuid import UUID
from fastapi import APIRouter, Depends, HTTPException
from sqlalchemy import select, delete
from sqlalchemy.ext.asyncio import AsyncSession
from sqlalchemy.orm import selectinload
from backend.app.core.dependencies import require_permissions
from backend.app.db.session import get_db
from backend.app.models import Role, RolePermission
from backend.app.schemas.role import RoleResponse, RoleUpdate


router = APIRouter(prefix="/roles", tags=["roles"])


@router.get("", response_model=list[RoleResponse], dependencies=[Depends(require_permissions(["users.view"]))])
async def list_roles(db: AsyncSession = Depends(get_db)):
    result = await db.execute(select(Role).options(selectinload(Role.permissions)))
    roles = result.scalars().all()
    response = []
    for role in roles:
        permissions = [perm.permission_code for perm in role.permissions]
        response.append(RoleResponse(
            id=role.id,
            name=role.name,
            description=role.description,
            permissions=permissions
        ))
    return response


@router.put("/{role_id}", response_model=RoleResponse, dependencies=[Depends(require_permissions(["users.assignRole"]))])
async def update_role(role_id: UUID, payload: RoleUpdate, db: AsyncSession = Depends(get_db)):
    result = await db.execute(select(Role).where(Role.id == role_id))
    role = result.scalar_one_or_none()
    if not role:
        raise HTTPException(status_code=404, detail="角色不存在")

    await db.execute(delete(RolePermission).where(RolePermission.role_id == role_id))
    for code in payload.permissions:
        db.add(RolePermission(role_id=role_id, permission_code=code))
    await db.commit()
    await db.refresh(role)
    return RoleResponse(
        id=role.id,
        name=role.name,
        description=role.description,
        permissions=payload.permissions
    )