"""
Simple access control decorators for the 4-tier system
"""
from functools import wraps
from flask import session, redirect, url_for, flash, request
from .permissions_simple import check_access, ROLES

def requires_role(min_role_level=None, required_modules=None, page=None):
    """
    Simple role-based access decorator
    
    Args:
        min_role_level (int): Minimum role level required (50, 70, 90, 100)
        required_modules (list): Required modules for access
        page (str): Page name for automatic access checking
    """
    def decorator(f):
        @wraps(f)
        def decorated_function(*args, **kwargs):
            # Check if user is logged in
            if 'user' not in session:
                flash('Please log in to access this page.')
                return redirect(url_for('main.login'))
            
            user_role = session.get('role')
            user_modules = session.get('modules', [])
            
            # If page is specified, use automatic access checking
            if page:
                if not check_access(user_role, user_modules, page):
                    flash('Access denied: You do not have permission to access this page.')
                    return redirect(url_for('main.dashboard'))
                return f(*args, **kwargs)
            
            # Manual role level checking
            if min_role_level:
                user_level = ROLES.get(user_role, {}).get('level', 0)
                if user_level < min_role_level:
                    flash('Access denied: Insufficient privileges.')
                    return redirect(url_for('main.dashboard'))
            
            # Module requirement checking
            if required_modules:
                if user_role in ['superadmin', 'admin']:
                    # Superadmin and admin have access to all modules
                    pass
                else:
                    if not any(module in user_modules for module in required_modules):
                        flash('Access denied: You do not have access to this module.')
                        return redirect(url_for('main.dashboard'))
            
            return f(*args, **kwargs)
        return decorated_function
    return decorator

def superadmin_only(f):
    """Decorator for superadmin-only pages"""
    return requires_role(min_role_level=100)(f)

def admin_plus(f):
    """Decorator for admin and superadmin access"""
    return requires_role(min_role_level=90)(f)

def manager_plus(f):
    """Decorator for manager, admin, and superadmin access"""
    return requires_role(min_role_level=70)(f)

def requires_quality_module(f):
    """Decorator for quality module access"""
    return requires_role(required_modules=['quality'])(f)

def requires_warehouse_module(f):
    """Decorator for warehouse module access"""
    return requires_role(required_modules=['warehouse'])(f)

def requires_labels_module(f):
    """Decorator for labels module access"""
    return requires_role(required_modules=['labels'])(f)

def requires_daily_mirror_module(f):
    """Decorator for daily mirror module access"""
    return requires_role(required_modules=['daily_mirror'])(f)

def quality_manager_plus(f):
    """Decorator for quality module manager+ access"""
    return requires_role(min_role_level=70, required_modules=['quality'])(f)

def warehouse_manager_plus(f):
    """Decorator for warehouse module manager+ access"""
    return requires_role(min_role_level=70, required_modules=['warehouse'])(f)

def labels_manager_plus(f):
    """Decorator for labels module manager+ access"""
    return requires_role(min_role_level=70, required_modules=['labels'])(f)

def daily_mirror_manager_plus(f):
    """Decorator for daily mirror module manager+ access"""
    return requires_role(min_role_level=70, required_modules=['daily_mirror'])(f)