# apps/permissions/models.py
from django.db import models
from django.utils import timezone
from django.core.exceptions import ValidationError
import uuid
import logging
from apps.accounts.models import User
from apps.knowledge_base.models import KnowledgeBase
from apps.notification.models import Notification

logger = logging.getLogger(__name__)

class Permission(models.Model):
    """权限申请模型"""
    STATUS_CHOICES = (
        ('pending', '待审批'),
        ('approved', '已批准'),
        ('rejected', '已拒绝'),
    )

    knowledge_base = models.ForeignKey(
        KnowledgeBase,
        on_delete=models.CASCADE,
        related_name='permissions',
        verbose_name='知识库'
    )
    applicant = models.ForeignKey(
        User,
        on_delete=models.CASCADE,
        related_name='permission_applications',
        verbose_name='申请人'
    )
    approver = models.ForeignKey(
        User,
        on_delete=models.SET_NULL,
        null=True,
        blank=True,
        related_name='permission_approvals',
        verbose_name='审批人'
    )
    
    permissions = models.JSONField(default=dict, verbose_name='权限配置')  # {"can_read": true, "can_edit": false, "can_delete": false}
    status = models.CharField(max_length=20, choices=STATUS_CHOICES, default='pending', verbose_name='状态')
    reason = models.TextField(verbose_name='申请原因')
    response_message = models.TextField(null=True, blank=True, verbose_name='审批意见')
    expires_at = models.DateTimeField(null=True, blank=True, verbose_name='过期时间')  # 修改为可空
    
    created_at = models.DateTimeField(auto_now_add=True, verbose_name='创建时间')
    updated_at = models.DateTimeField(auto_now=True, verbose_name='更新时间')

    class Meta:
        verbose_name = '权限申请'
        verbose_name_plural = '权限申请'
        ordering = ['-created_at']

    def __str__(self):
        return f"{self.applicant} 申请 {self.knowledge_base} 的权限"

    def clean(self):
        """验证权限申请的合法性"""
        try:
            # 检查是否是自己的知识库
            if str(self.knowledge_base.user_id) == str(self.applicant.id):
                raise ValidationError('不能申请访问自己的知识库')
        except KnowledgeBase.DoesNotExist:
            raise ValidationError('知识库不存在')

    def save(self, *args, **kwargs):
        self.clean()
        super().save(*args, **kwargs)

    def approve(self, approver, response_message=''):
        """批准权限申请"""
        if self.status == 'pending':
            self.status = 'approved'
            self.approver = approver
            self.response_message = response_message
            self.save()

    def reject(self, approver, response_message=''):
        """拒绝权限申请"""
        if self.status == 'pending':
            self.status = 'rejected'
            self.approver = approver
            self.response_message = response_message
            self.save()

    def check_expiration(self):
        """检查权限是否过期"""
        if self.status == 'approved' and self.expires_at and self.expires_at < timezone.now():
            self.status = 'expired'
            self.save()
            logger.info(f"Permission {self.id} expired")

    def send_notification(self, notification_type, title, content):
        """发送通知"""
        Notification.objects.create(
            type=notification_type,
            title=title,
            content=content,
            sender=self.applicant,
            receiver=self.approver if notification_type == 'permission_request' else self.applicant,
            related_resource=str(self.id)
        )

    def notify_approver(self):
        """通知审批人"""
        self.send_notification(
            'permission_request',
            f'新的权限申请 - {self.get_resource_type_display()}',
            f'用户 {self.applicant.username} 申请访问 {self.get_resource_type_display()} 的权限'
        )

    def notify_applicant(self, status):
        """通知申请人审批结果"""
        notification_type = 'permission_approved' if status == 'approved' else 'permission_rejected'
        title = f'权限申请{self.get_status_display()} - {self.get_resource_type_display()}'
        content = f'您申请的 {self.get_resource_type_display()} 权限已{self.get_status_display()}'
        self.send_notification(notification_type, title, content)

class KnowledgeBasePermission(models.Model):
    """知识库权限模型 - 实现知识库和用户的多对多关系"""
    STATUS_CHOICES = (
        ('active', '生效中'),
        ('expired', '已过期'),
        ('revoked', '已撤销'),
    )

    knowledge_base = models.ForeignKey(
        KnowledgeBase, 
        on_delete=models.CASCADE,
        related_name='user_permissions',
        verbose_name='知识库'
    )
    user = models.ForeignKey(
        User, 
        on_delete=models.CASCADE,
        related_name='knowledge_base_permissions',
        verbose_name='用户'
    )
    
    # 基础权限
    can_read = models.BooleanField(default=False, verbose_name='查看权限')
    can_edit = models.BooleanField(default=False, verbose_name='修改权限')
    can_delete = models.BooleanField(default=False, verbose_name='删除权限')
    
    # 权限状态
    status = models.CharField(
        max_length=10, 
        choices=STATUS_CHOICES, 
        default='active',
        verbose_name='状态'
    )
    
    # 授权信息
    granted_by = models.ForeignKey(
        User,
        on_delete=models.SET_NULL,
        null=True,
        related_name='granted_permissions',
        verbose_name='授权人'
    )
    granted_at = models.DateTimeField(auto_now_add=True, verbose_name='授权时间')
    expires_at = models.DateTimeField(null=True, blank=True, verbose_name='过期时间')

    class Meta:
        unique_together = ['knowledge_base', 'user']
        indexes = [
            models.Index(fields=['knowledge_base', 'user', 'status']),
        ]
        verbose_name = '知识库权限'
        verbose_name_plural = '知识库权限'

    def __str__(self):
        return f"{self.user.username} - {self.knowledge_base.name}"

    def is_valid(self):
        """检查权限是否有效"""
        if self.status != 'active':
            return False
        if self.expires_at and self.expires_at < timezone.now():
            self.status = 'expired'
            self.save()
            return False
        return True