"""
User model for authentication and authorization
"""

from flask_login import UserMixin
from app.extensions import db, bcrypt

class User(db.Model, UserMixin):
    """User model for authentication and role management"""
    
    id = db.Column(db.Integer, primary_key=True)
    username = db.Column(db.String(80), unique=True, nullable=False, index=True)
    password = db.Column(db.String(255), nullable=False)
    role = db.Column(db.String(80), nullable=False, default='user')
    theme = db.Column(db.String(80), default='light')
    created_at = db.Column(db.DateTime, default=db.func.current_timestamp())
    last_login = db.Column(db.DateTime)
    is_active_user = db.Column(db.Boolean, default=True)

    def set_password(self, password):
        """Hash and set user password"""
        self.password = bcrypt.generate_password_hash(password).decode('utf-8')

    def check_password(self, password):
        """Check if provided password matches user's password"""
        return bcrypt.check_password_hash(self.password, password)

    @property
    def is_admin(self):
        """Check if user has admin role"""
        return self.role == 'admin'

    @property
    def is_super_admin(self):
        """Check if user has super admin role"""
        return self.role == 'sadmin'

    @property
    def has_admin_access(self):
        """Check if user has any admin access (admin or super admin)"""
        return self.role in ['admin', 'sadmin']

    @property
    def is_active(self):
        """Required by Flask-Login"""
        return self.is_active_user

    @property
    def is_authenticated(self):
        """Required by Flask-Login"""
        return True

    @property
    def is_anonymous(self):
        """Required by Flask-Login"""
        return False

    def get_id(self):
        """Required by Flask-Login"""
        return str(self.id)

    def __repr__(self):
        return f'<User {self.username}>'