from datetime import datetime
from flask_login import UserMixin
from app.extensions import db, login_manager


class PortalUser(UserMixin, db.Model):
    __tablename__ = 'portal_users'

    id = db.Column(db.Integer, primary_key=True)
    username = db.Column(db.String(80), unique=True, nullable=False, index=True)
    email = db.Column(db.String(200), unique=True, nullable=False)
    password_hash = db.Column(db.String(256), nullable=False)
    is_admin = db.Column(db.Boolean, default=False)
    is_active = db.Column(db.Boolean, default=True)
    created_at = db.Column(db.DateTime, default=datetime.utcnow)
    last_login = db.Column(db.DateTime, nullable=True)

    app_accesses = db.relationship('AppAccess', backref='user', lazy='dynamic', cascade='all, delete-orphan')
    api_keys = db.relationship('ApiKey', backref='user', lazy='dynamic', cascade='all, delete-orphan')

    def get_accessible_apps(self):
        return [a.app_name for a in self.app_accesses.filter_by(is_active=True).all()]

    def can_access(self, app_name):
        return self.app_accesses.filter_by(app_name=app_name, is_active=True).first() is not None

    def app_role(self, app_name):
        """Return the per-app role override ('admin'|'user'), or None if not set."""
        access = self.app_accesses.filter_by(app_name=app_name, is_active=True).first()
        return access.app_role if access else None

    def __repr__(self):
        return f'<PortalUser {self.username}>'


@login_manager.user_loader
def load_user(user_id):
    return PortalUser.query.get(int(user_id))