from datetime import datetime
from app.extensions import db

CHECK_TYPES = [
    ('encryption', 'Encryption Verified'),
    ('backup',     'Backup Configured'),
    ('hr',         'HR Notified'),
]


class ComplianceCheck(db.Model):
    """
    Audit log for every compliance check/uncheck event on an asset.

    One row is created each time a check field changes state, recording
    who changed it, when, the new state, and an optional note explaining
    the action (e.g. "Unverified – BitLocker disabled by user").
    """
    __tablename__ = 'compliance_checks'

    id = db.Column(db.Integer, primary_key=True)

    asset_id = db.Column(
        db.Integer, db.ForeignKey('assets.id', ondelete='CASCADE'),
        nullable=False, index=True
    )
    # 'encryption' | 'backup' | 'hr'
    check_type = db.Column(db.String(30), nullable=False)

    # True = checked/verified, False = unchecked/cleared
    checked = db.Column(db.Boolean, nullable=False)

    performed_by_id = db.Column(
        db.Integer, db.ForeignKey('admin_users.id'),
        nullable=True
    )
    performed_at = db.Column(
        db.DateTime, default=datetime.utcnow, nullable=False
    )

    # Free-text reason / note supplied at the time of check or uncheck
    notes = db.Column(db.Text, nullable=True)

    # Relationships
    asset = db.relationship('Asset', back_populates='compliance_checks')
    performed_by = db.relationship('AdminUser', foreign_keys=[performed_by_id])

    @property
    def check_type_label(self):
        return dict(CHECK_TYPES).get(self.check_type, self.check_type)

    def __repr__(self):
        return (
            f'<ComplianceCheck asset={self.asset_id} type={self.check_type} '
            f'checked={self.checked} by={self.performed_by_id}>'
        )