from fastapi import APIRouter, Depends, HTTPException, status
from sqlalchemy.orm import Session
from app.core.database import get_db
from app.core.security_admin import get_current_admin, hash_password
from app.models.admin_user import AdminUser
from app.schemas.admin_user import AdminUserCreate, AdminUserUpdate, AdminUserOut

router = APIRouter()

@router.get("", response_model=list[AdminUserOut])
def list_admin_users(db: Session = Depends(get_db), _: AdminUser = Depends(get_current_admin)):
    return db.query(AdminUser).order_by(AdminUser.id.desc()).all()

@router.post("", response_model=AdminUserOut, status_code=201)
def create_admin_user(payload: AdminUserCreate, db: Session = Depends(get_db), me: AdminUser = Depends(get_current_admin)):
    # 슈퍼관리자만 생성 허용
    if not me.is_superadmin:
        raise HTTPException(status_code=403, detail="Superadmin required")
    if db.query(AdminUser).filter(AdminUser.username == payload.username).first():
        raise HTTPException(status_code=409, detail="Username already exists")
    user = AdminUser(
        username=payload.username,
        password_hash=hash_password(payload.password),
        name=payload.name,
        email=payload.email,
        is_superadmin=payload.is_superadmin,
        is_active=payload.is_active,
    )
    db.add(user); db.commit(); db.refresh(user)
    return user

@router.patch("/{user_id}", response_model=AdminUserOut)
def update_admin_user(user_id: int, payload: AdminUserUpdate, db: Session = Depends(get_db), me: AdminUser = Depends(get_current_admin)):
    user = db.query(AdminUser).get(user_id)
    if not user: raise HTTPException(404, "Not found")
    if payload.password: user.password_hash = hash_password(payload.password)
    for f in ("name","email","is_active","is_superadmin"):
        v = getattr(payload, f)
        if v is not None:
            setattr(user, f, v)
    db.commit(); db.refresh(user)
    return user

@router.delete("/{user_id}", status_code=204)
def delete_admin_user(user_id: int, db: Session = Depends(get_db), me: AdminUser = Depends(get_current_admin)):
    if not me.is_superadmin:
        raise HTTPException(403, "Superadmin required")
    user = db.query(AdminUser).get(user_id)
    if not user: return
    db.delete(user); db.commit()