from datetime import datetime
from app.extensions import db


class AuditLog(db.Model):
    """Immutable audit trail for all sensitive operations."""
    __tablename__ = 'audit_log'

    id = db.Column(db.Integer, primary_key=True)

    table_name = db.Column(db.String(100), nullable=False)
    record_id = db.Column(db.Integer, nullable=True)
    action = db.Column(db.String(50), nullable=False)   # create | update | delete | mask | assign | return | import

    # JSON snapshots
    old_values = db.Column(db.Text, nullable=True)
    new_values = db.Column(db.Text, nullable=True)

    performed_by_id = db.Column(db.Integer, db.ForeignKey('admin_users.id'), nullable=True)
    performed_at = db.Column(db.DateTime, default=datetime.utcnow, nullable=False)
    ip_address = db.Column(db.String(50), nullable=True)
    description = db.Column(db.String(500), nullable=True)

    performed_by = db.relationship('AdminUser', foreign_keys=[performed_by_id])

    def __repr__(self):
        return f'<AuditLog {self.action} on {self.table_name}#{self.record_id}>'