# -*- mode: python -*-
# -*- coding: utf-8 -*-

"""Functions checking permissions for some common operations
"""
from flask import g
from flask_login import current_user

from app import db
from app.auth.models import User
import app.scodoc.notesdb as ndb
from app.scodoc.sco_permissions import Permission
from app.scodoc import html_sco_header
from app.scodoc import sco_etud
from app.scodoc import sco_exceptions


def can_suppress_annotation(annotation_id):
    """True if current user can suppress this annotation
    Seuls l'auteur de l'annotation et le chef de dept peuvent supprimer
    une annotation.
    """
    cnx = ndb.GetDBConnexion()
    annos = sco_etud.etud_annotations_list(cnx, args={"id": annotation_id})
    if len(annos) != 1:
        raise sco_exceptions.ScoValueError("annotation inexistante !")
    anno = annos[0]
    return (current_user.user_name == anno["author"]) or current_user.has_permission(
        Permission.EtudAddAnnotations
    )


def can_edit_suivi():
    """Vrai si l'utilisateur peut modifier les informations de suivi sur la page etud" """
    return current_user.has_permission(Permission.EtudChangeAdr)


def is_chef_or_diretud(sem):  # remplacé par formsemestre.est_chef_or_diretud
    "Vrai si utilisateur est admin, chef dept ou responsable du semestre"
    if (
        current_user.has_permission(Permission.EditFormSemestre)
        or current_user.id in sem["responsables"]
    ):
        return True
    return False


def check_access_diretud(
    formsemestre_id, required_permission=Permission.EditFormSemestre
):
    """Check if access granted: responsable or EditFormSemestre
    Return True|False, HTML_error_page
    """
    from app.scodoc import sco_formsemestre

    sem = sco_formsemestre.get_formsemestre(formsemestre_id)
    header = html_sco_header.sco_header(page_title="Accès interdit")
    footer = html_sco_header.sco_footer()
    if (current_user.id not in sem["responsables"]) and not current_user.has_permission(
        required_permission
    ):
        return (
            False,
            "\n".join(
                [
                    header,
                    "<h2>Opération non autorisée pour %s</h2>" % current_user,
                    "<p>Responsable de ce semestre : <b>%s</b></p>"
                    % ", ".join(
                        [
                            db.session.get(User, i).get_prenomnom()
                            for i in sem["responsables"]
                        ]
                    ),
                    footer,
                ]
            ),
        )
    else:
        return True, ""


def can_handle_passwd(user: User, allow_admindepts=False) -> bool:
    """True if the current user can see or change passwd info of user.
    If allow_admindepts, allow Admin from all depts (so they can view users from other depts
    and add roles to them).
    user is a User instance.
    """
    if not user:
        return False
    if current_user.is_administrator():
        return True  # super admin
    # Anyone can change his own passwd (or see his informations)
    if user.user_name == current_user.user_name:
        return True
    # If don't have permission in the current dept, abort
    if not current_user.has_permission(Permission.UsersAdmin, g.scodoc_dept):
        return False
    # Now check that current_user can manage users from this departement
    if not current_user.dept:
        return True  # if no dept, can access users from all depts !
    if (current_user.dept == user.dept) or allow_admindepts:
        return True
    return False