from fastapi import Depends, HTTPException
from sqlalchemy.orm import Session
from starlette.requests import Request

from web.auth.session import get_current_user
from web.database import get_db
from web.models.rbac import Permission, UserRole, role_permissions
from web.models.user import User, UserRoleEnum


def require_role(*roles: str):
    def dep(request: Request, db: Session = Depends(get_db)) -> User:
        user = get_current_user(request, db)
        if user.role.value not in roles:
            raise HTTPException(status_code=403, detail="Недостаточно прав")
        return user
    return Depends(dep)


def require_permission(permission_name: str):
    def dep(request: Request, db: Session = Depends(get_db)) -> User:
        user = get_current_user(request, db)
        if user.role == UserRoleEnum.system:
            return user
        has = (
            db.query(Permission)
            .join(role_permissions, Permission.id == role_permissions.c.permission_id)
            .join(UserRole, UserRole.role_id == role_permissions.c.role_id)
            .filter(UserRole.user_id == user.id, Permission.name == permission_name)
            .first()
        )
        if not has:
            raise HTTPException(status_code=403, detail="Недостаточно прав")
        return user
    return Depends(dep)