#!/usr/bin/env python3

import mariadb
import os
import sys

def get_external_db_connection():
    """Reads the external_server.conf file and returns a MariaDB database connection."""
    # Get the instance folder path
    current_dir = os.path.dirname(os.path.abspath(__file__))
    instance_folder = os.path.join(current_dir, '../../instance')
    settings_file = os.path.join(instance_folder, 'external_server.conf')
    
    if not os.path.exists(settings_file):
        raise FileNotFoundError(f"The external_server.conf file is missing: {settings_file}")

    # Read settings from the configuration file
    settings = {}
    with open(settings_file, 'r') as f:
        for line in f:
            line = line.strip()
            if line and '=' in line:
                key, value = line.split('=', 1)
                settings[key] = value

    return mariadb.connect(
        user=settings['username'],
        password=settings['password'],
        host=settings['server_domain'],
        port=int(settings['port']),
        database=settings['database_name']
    )

def main():
    try:
        print("=== Creating Permission Management Tables ===")
        conn = get_external_db_connection()
        cursor = conn.cursor()
        
        # 1. Create permissions table
        print("\n1. Creating permissions table...")
        cursor.execute('''
            CREATE TABLE IF NOT EXISTS permissions (
                id INT AUTO_INCREMENT PRIMARY KEY,
                permission_key VARCHAR(255) UNIQUE NOT NULL,
                page VARCHAR(100) NOT NULL,
                page_name VARCHAR(255) NOT NULL,
                section VARCHAR(100) NOT NULL,
                section_name VARCHAR(255) NOT NULL,
                action VARCHAR(50) NOT NULL,
                action_name VARCHAR(255) NOT NULL,
                description TEXT,
                created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
                updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
            )
        ''')
        print("   ✓ Permissions table created/verified")
        
        # 2. Create role_permissions table
        print("\n2. Creating role_permissions table...")
        cursor.execute('''
            CREATE TABLE IF NOT EXISTS role_permissions (
                id INT AUTO_INCREMENT PRIMARY KEY,
                role VARCHAR(50) NOT NULL,
                permission_key VARCHAR(255) NOT NULL,
                granted BOOLEAN DEFAULT TRUE,
                granted_by VARCHAR(50),
                granted_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
                updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
                UNIQUE KEY unique_role_permission (role, permission_key),
                FOREIGN KEY (permission_key) REFERENCES permissions(permission_key) ON DELETE CASCADE
            )
        ''')
        print("   ✓ Role permissions table created/verified")
        
        # 3. Create role_hierarchy table for role management
        print("\n3. Creating role_hierarchy table...")
        cursor.execute('''
            CREATE TABLE IF NOT EXISTS role_hierarchy (
                id INT AUTO_INCREMENT PRIMARY KEY,
                role_name VARCHAR(50) UNIQUE NOT NULL,
                display_name VARCHAR(255) NOT NULL,
                description TEXT,
                level INT DEFAULT 0,
                is_active BOOLEAN DEFAULT TRUE,
                created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
                updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
            )
        ''')
        print("   ✓ Role hierarchy table created/verified")
        
        # 4. Create permission_audit_log table for tracking changes
        print("\n4. Creating permission_audit_log table...")
        cursor.execute('''
            CREATE TABLE IF NOT EXISTS permission_audit_log (
                id INT AUTO_INCREMENT PRIMARY KEY,
                role VARCHAR(50) NOT NULL,
                permission_key VARCHAR(255) NOT NULL,
                action ENUM('granted', 'revoked') NOT NULL,
                changed_by VARCHAR(50) NOT NULL,
                changed_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
                reason TEXT,
                ip_address VARCHAR(45)
            )
        ''')
        print("   ✓ Permission audit log table created/verified")
        
        conn.commit()
        
        # 5. Check if we need to populate initial data
        print("\n5. Checking for existing data...")
        cursor.execute("SELECT COUNT(*) FROM permissions")
        permission_count = cursor.fetchone()[0]
        
        if permission_count == 0:
            print("   No permissions found - will need to populate with default data")
            print("   Run 'populate_permissions.py' to initialize the permission system")
        else:
            print(f"   Found {permission_count} existing permissions")
        
        cursor.execute("SELECT COUNT(*) FROM role_hierarchy")
        role_count = cursor.fetchone()[0]
        
        if role_count == 0:
            print("   No roles found - will need to populate with default roles")
        else:
            print(f"   Found {role_count} existing roles")
        
        conn.close()
        print("\n=== Permission Database Schema Created Successfully ===")
        
    except Exception as e:
        print(f"❌ Error: {e}")
        import traceback
        traceback.print_exc()
        return 1
    
    return 0

if __name__ == "__main__":
    sys.exit(main())