from rest_framework.response import Response
from rest_framework.views import APIView
from django.contrib.auth import get_user_model
from rest_framework import status
from apps.permissions.permissions import CompanyPermission
from rest_framework.permissions import IsAuthenticated


User = get_user_model()


class UserStatusView(APIView):
    """Simple endpoint to set user is_active status"""
    permission_classes = []

    def get_permissions(self):
        request = self.request
        user = request.user

        user_id = request.data.get("user_id") or request.query_params.get("user_id")

        try:
            user_id = int(user_id)
        except:
            user_id = None

        if user_id and user.id == user_id:
            return []

        return [CompanyPermission("edit_users")]

    def post(self, request):
        """Set user is_active and/or is_available status"""
        user_id = request.data.get('user_id') or request.query_params.get('user_id')

        def get_bool(value):
            if value in [True, False]:
                return value
            if value in ['true', 'True', '1', 1]:
                return True
            if value in ['false', 'False', '0', 0]:
                return False
            return None

        is_active = get_bool(request.data.get('is_active', request.query_params.get('is_active')))
        is_available = get_bool(request.data.get('is_available', request.query_params.get('is_available')))

        if not user_id:
            return Response({
                'error': 'user_id is required'
            }, status=status.HTTP_400_BAD_REQUEST)

        if is_active is None and is_available is None:
            return Response({
                'error': 'At least one of is_active or is_available is required (true/false)'
            }, status=status.HTTP_400_BAD_REQUEST)

        try:
            user = User.objects.get(id=user_id)
        except User.DoesNotExist:
            return Response({
                'error': 'User not found'
            }, status=status.HTTP_404_NOT_FOUND)

        if not request.user.is_superuser:
            active_company = getattr(request.user, 'active_company', None)

            if not active_company:
                return Response({
                    'error': 'Your user has no active company set'},
                    status=status.HTTP_403_FORBIDDEN
                )
            if not user.belongs_to_company(request.user.active_company):
                return Response({
                    'error': 'You can only manage users from your company'
                }, status=status.HTTP_403_FORBIDDEN)

        if is_active is False and user.is_superuser:
            return Response({
                'error': 'Cannot deactivate superuser accounts'
            }, status=status.HTTP_403_FORBIDDEN)

        if is_active is False and user.id == request.user.id:
            return Response({
                'error': 'You cannot deactivate your own account'
            }, status=status.HTTP_403_FORBIDDEN)

        status_changes = []

        if is_active is not None:
            user.is_active = bool(is_active)
            status_changes.append("activated" if is_active else "deactivated")

        if is_available is not None:
            user.is_available = bool(is_available)
            status_changes.append("made available" if is_available else "made unavailable")

        user.save()

        return Response({
            'message': f"User {', '.join(status_changes)} successfully",
            'user_id': user.id,
            'is_active': user.is_active,
            'is_available': user.is_available
        }, status=status.HTTP_200_OK)