import logging
from apps.permissions.models import Permission, Role

logger = logging.getLogger(__name__)


class CompanyRoleService:
    """Service for managing company roles and permissions"""

    DEFAULT_ROLES = [
        {
            'name': 'Chief Admin',
            'description': 'Company administrator with full permissions',
            'permissions': [
                'view_roles', 'create_roles', 'edit_roles', 'delete_roles', 'view_customers',
                'view_users', 'create_users', 'edit_users', 'delete_users', 'manage_users',
                'view_company', 'edit_company', 'delete_company',
                'view_reports', 'view_analytics', 'view_profile', 'edit_profile',
                'view_other_profiles', 'view_permissions', 'assign_roles', 'view_bdc_dashboard',
                'view_service_dashboard', 'view_holidays', 'edit_holidays', 'view_company_bots',
                'edit_company_bots',
                'view_service_calls',
                'view_officehours', 'edit_officehours', 'view_salestime', 'edit_salestime', 'view_catchphrase',
                'edit_catchphrase',
                'view_calendar', 'update_password', 'view_bdc_calls', 'view_audit_log'
            ]
        },
        {
            'name': 'BDC Manager',
            'description': 'BDC Manager with user and company management access',
            'permissions': [
                'view_users', 'view_bdc_dashboard', 'update_password',
                'view_bdc_calls',
            ]
        },
        {
            'name': 'Service Manager',
            'description': 'Basic employee with limited access',
            'permissions': [
                'view_users', 'view_service_dashboard',
                'view_service_calls', 'view_customers',
                'view_reports', 'update_password', 'view_audit_log',
            ]
        },
        {
            'name': 'BDC Advisor',
            'description': 'Read-only access to company data',
            'permissions': [
                'view_bdc_dashboard', 'view_officehours', 'view_bdc_calls',
            ]
        },
        {
            'name': 'Service Advisor',
            'description': 'Read-only access to company data',
            'permissions': [
                'view_advisor_dashboard', 'view_officehours', 'view_self_service_calls',
            ]
        }
    ]

    @staticmethod
    def create_default_roles(company):
        """Create default roles for a company when it's first created"""

        for role_data in CompanyRoleService.DEFAULT_ROLES:
            try:
                requested_perms = role_data['permissions']

                permissions = Permission.objects.filter(
                    codename__in=requested_perms,
                    is_active=True
                )

                missing = set(requested_perms) - set(permissions.values_list('codename', flat=True))
                if missing:
                    logger.warning(
                        f'Missing permissions for role"{role_data["name"]}": {missing}'
                    )

                # Use get_or_create to prevent duplicates
                role, created = Role.objects.get_or_create(
                    name=role_data['name'],
                    company=company,
                    defaults={
                        'description': role_data['description'],
                        'is_active': True
                    }
                )

                # Only assign permissions if role was just created
                if created:
                    role.permissions.set(permissions)
                    logger.info(f"Created role '{role.name}' for company '{company.name}'")
                else:
                    logger.info(f"Role '{role.name}' already exists for company '{company.name}'")

            except Exception as e:
                logger.error(
                    f"Failed to create role '{role_data['name']}' "
                    f"for company '{company.name}': {str(e)}"
                )