from flask import Blueprint, render_template, redirect, url_for, flash, request
from flask_login import login_required, current_user
from functools import wraps
from app import db
from app.models import User

users_bp = Blueprint('users', __name__, url_prefix='/users')


def admin_required(f):
    @wraps(f)
    def decorated(*args, **kwargs):
        if not current_user.is_authenticated or current_user.role != 'admin':
            flash('Akses ditolak. Hanya admin yang dapat mengakses halaman ini.', 'danger')
            return redirect(url_for('dashboard.index'))
        return f(*args, **kwargs)
    return decorated


@users_bp.route('/')
@login_required
@admin_required
def index():
    users = User.query.order_by(User.created_at.desc()).all()
    return render_template('users/index.html', users=users)


@users_bp.route('/tambah', methods=['GET', 'POST'])
@login_required
@admin_required
def tambah():
    if request.method == 'POST':
        username = request.form.get('username', '').strip()
        email = request.form.get('email', '').strip()
        nama = request.form.get('nama', '').strip()
        password = request.form.get('password', '')
        role = request.form.get('role', 'operator')

        # Validasi
        if User.query.filter_by(username=username).first():
            flash('Username sudah digunakan.', 'danger')
        elif User.query.filter_by(email=email).first():
            flash('Email sudah digunakan.', 'danger')
        elif len(password) < 6:
            flash('Password minimal 6 karakter.', 'danger')
        else:
            user = User(nama=nama, username=username, email=email, role=role)
            user.set_password(password)
            db.session.add(user)
            db.session.commit()
            flash(f'Pengguna {username} berhasil ditambahkan.', 'success')
            return redirect(url_for('users.index'))

    return render_template('users/form.html', action='tambah', data=None)


@users_bp.route('/edit/<int:id>', methods=['GET', 'POST'])
@login_required
@admin_required
def edit(id):
    user = User.query.get_or_404(id)

    if request.method == 'POST':
        nama = request.form.get('nama', '').strip()
        email = request.form.get('email', '').strip()
        role = request.form.get('role', 'operator')
        is_active = request.form.get('is_active') == 'on'
        new_password = request.form.get('password', '').strip()

        existing_email = User.query.filter_by(email=email).first()
        if existing_email and existing_email.id != id:
            flash('Email sudah digunakan pengguna lain.', 'danger')
        else:
            user.nama = nama
            user.email = email
            user.role = role
            user.is_active = is_active
            if new_password:
                if len(new_password) < 6:
                    flash('Password minimal 6 karakter.', 'danger')
                    return render_template('users/form.html', action='edit', data=user)
                user.set_password(new_password)
            db.session.commit()
            flash('Data pengguna berhasil diperbarui.', 'success')
            return redirect(url_for('users.index'))

    return render_template('users/form.html', action='edit', data=user)


@users_bp.route('/hapus/<int:id>', methods=['POST'])
@login_required
@admin_required
def hapus(id):
    user = User.query.get_or_404(id)
    if user.id == current_user.id:
        flash('Tidak dapat menghapus akun sendiri.', 'danger')
    else:
        db.session.delete(user)
        db.session.commit()
        flash('Pengguna berhasil dihapus.', 'success')
    return redirect(url_for('users.index'))
