# apps/accounts/models.py
from django.contrib.auth.models import AbstractUser
from django.db import models
from django.utils import timezone
from django.core.exceptions import ValidationError
import uuid
import logging

logger = logging.getLogger(__name__)

class User(AbstractUser):
    """自定义用户模型"""
    id = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=False)
    
    ROLE_CHOICES = (
        ('admin', '管理员'),
        ('leader', '组长'),
        ('member', '组员'),
    )

    name = models.CharField(max_length=150, verbose_name='真实姓名', default='未设置')
    role = models.CharField(max_length=20, choices=ROLE_CHOICES, verbose_name='角色', default='member')
    department = models.CharField(max_length=100, verbose_name='部门', default='未分配')
    group = models.CharField(max_length=100, null=True, blank=True, verbose_name='小组')
    
    class Meta:
        db_table = 'users'
        verbose_name = '用户'
        verbose_name_plural = '用户'

    def __str__(self):
        return f"{self.username}({self.name})"

    def can_manage_department(self):
        """检查是否可以管理部门"""
        return self.role in ['admin', 'leader']

    def can_manage_knowledge_base(self, knowledge_base):
        """检查是否可以管理知识库"""
        if self.role == 'admin':
            return knowledge_base.type != 'private'  # 管理员不能管理私人知识库
        if self.role == 'leader' and self.department == knowledge_base.department:
            return knowledge_base.type == 'member'  # 组长只能管理本部门的成员知识库
        return knowledge_base.user_id == str(self.id)  # 用户可以管理自己创建的知识库

    def has_access_permission(self, knowledge_base):
        """检查用户是否有权限访问知识库"""
        from apps.permissions.models import Permission
        
        # 1. 如果是私人知识库
        if knowledge_base.type == 'private':
            # 创建者直接允许
            if str(knowledge_base.user_id) == str(self.id):
                return True
            # 其他人需要申请权限
            return Permission.objects.filter(
                resource_type='knowledge',
                resource_id=str(knowledge_base.id),
                applicant=self,
                status='approved',
                expires_at__gt=timezone.now()
            ).exists()
        
        # 2. 如果是管理级知识库
        if knowledge_base.type == 'admin':
            # 管理员直接允许
            if self.role == 'admin':
                return True
            # 其他人需要申请权限
            return Permission.objects.filter(
                resource_type='knowledge',
                resource_id=str(knowledge_base.id),
                applicant=self,
                status='approved'
            ).exists()
        
        # 3. 如果是部门级知识库
        if knowledge_base.type == 'leader':
            # 同部门的管理员和组长可以访问
            if self.department == knowledge_base.department:
                return self.role in ['admin', 'leader']
            return False
        
        # 4. 如果是成员级知识库
        if knowledge_base.type == 'member':
            # 同部门的所有人可以访问
            return self.department == knowledge_base.department

class UserProfile(models.Model):
    """用户档案模型"""
    user = models.OneToOneField(User, on_delete=models.CASCADE, related_name='profile')
    department = models.CharField(max_length=100, blank=True, help_text="部门")
    group = models.CharField(max_length=100, blank=True, help_text="小组")
    auto_recommend_reply = models.BooleanField(default=False, help_text="是否启用自动推荐回复功能")
    
    class Meta:
        db_table = 'user_profiles'
        
    def __str__(self):
        return f"{self.user.username}的个人资料"