from typing import List, Optional

from fastapi import APIRouter, HTTPException, Request
from fastapi.responses import HTMLResponse, RedirectResponse
from fastapi.templating import Jinja2Templates

from src.core.db import SessionDep
from src.core.deps import CurrentUserDep, OptionalCurrentUserDep
from src.group_settings.repo import GroupConfigRepoDep
from src.group_settings.models import GroupConfig
from src.services.google_groups import check_user_in_group, is_group_admin
from src.services.logging_service import log_action

router = APIRouter(tags=["pages"])

templates = Jinja2Templates(directory="src/templates")


async def _get_authorized_groups(
    user_email: str, group_config_repo: GroupConfigRepoDep
) -> List[GroupConfig]:
    """Return all GroupConfigs whose group the user belongs to."""
    all_configs = await group_config_repo.get_all()
    authorized = []
    for config in all_configs:
        if check_user_in_group(user_email, config):
            authorized.append(config)
    return authorized


async def _get_group_for_event(
    lst_id: str,
    user_email: str,
    group_config_repo: GroupConfigRepoDep,
) -> GroupConfig:
    """Find the specific group that owns this event and that the user is a member of."""
    from src.services.campflow import get_campflow_client
    authorized_groups = await _get_authorized_groups(user_email, group_config_repo)
    
    for config in authorized_groups:
        client = get_campflow_client(config)
        event = await client.get_event_details(lst_id)
        if event:
            return config
    
    raise HTTPException(status_code=403, detail="Not authorized for this event.")


@router.get("/", response_class=HTMLResponse)
async def login_page(
    request: Request,
    error: Optional[str] = None,
    next: Optional[str] = None,
    current_user: OptionalCurrentUserDep = None,
):
    if current_user:
        return RedirectResponse(next or "/dashboard")

    return templates.TemplateResponse(
        request=request,
        name="login.html",
        context={"request": request, "error": error, "next": next},
    )


@router.get("/dashboard", response_class=HTMLResponse)
async def dashboard_page(
    request: Request,
    current_user: OptionalCurrentUserDep,
    group_config_repo: GroupConfigRepoDep,
):
    if not current_user:
        return RedirectResponse(f"/?next={request.url.path}")

    authorized_groups = await _get_authorized_groups(current_user.email, group_config_repo)
    in_group = len(authorized_groups) > 0
    # For simplicity, we check if they are admin in ANY of their groups for the dashboard link
    admin_of_any_group = any(is_group_admin(current_user.email, config) for config in authorized_groups)
    group_emails = [g.group_email for g in authorized_groups]

    return templates.TemplateResponse(
        request=request,
        name="dashboard.html",
        context={
            "request": request,
            "user": current_user,
            "is_in_group": in_group,
            "is_group_admin": admin_of_any_group,
            "is_super_admin": current_user.is_admin,
            "group_emails": group_emails,
        },
    )


@router.get("/events/{lst_id}", response_class=HTMLResponse)
async def event_page(
    request: Request,
    lst_id: str,
    current_user: OptionalCurrentUserDep,
    group_config_repo: GroupConfigRepoDep,
    session: SessionDep,
):
    if not current_user:
        return RedirectResponse(f"/?next={request.url.path}")

    try:
        group_config = await _get_group_for_event(lst_id, current_user.email, group_config_repo)
    except HTTPException:
        return RedirectResponse("/dashboard")

    # Audit Log
    await log_action(
        session=session,
        group_email=group_config.group_email,
        user_email=current_user.email,
        action="VIEW_EVENT",
        details=f"Viewed event details for list_id: {lst_id}"
    )

    admin_of_group = is_group_admin(current_user.email, group_config)
    authorized_groups = await _get_authorized_groups(current_user.email, group_config_repo)
    group_emails = [g.group_email for g in authorized_groups]

    return templates.TemplateResponse(
        request=request,
        name="event.html",
        context={
            "request": request,
            "user": current_user,
            "lst_id": lst_id,
            "is_group_admin": admin_of_group,
            "is_super_admin": current_user.is_admin,
            "group_emails": group_emails,
        },
    )


@router.get("/groups/{group_email}/stats", response_class=HTMLResponse)
async def group_stats_page(
    request: Request,
    group_email: str,
    current_user: OptionalCurrentUserDep,
    group_config_repo: GroupConfigRepoDep,
):
    if not current_user:
        return RedirectResponse(f"/?next={request.url.path}")

    authorized_groups = await _get_authorized_groups(current_user.email, group_config_repo)
    group_config = next(
        (g for g in authorized_groups if g.group_email == group_email), None
    )
    if not group_config:
        raise HTTPException(status_code=403, detail="Not a member of this group.")

    from src.services.google_groups import is_group_admin
    admin_of_group = is_group_admin(current_user.email, group_config)
    group_emails = [g.group_email for g in authorized_groups]

    return templates.TemplateResponse(
        request=request,
        name="group_stats.html",
        context={
            "request": request,
            "user": current_user,
            "group_email": group_email,
            "group_emails": group_emails,
            "is_group_admin": admin_of_group,
            "is_super_admin": current_user.is_admin,
            "active_page": "group_stats",
        },
    )


@router.get("/settings", response_class=HTMLResponse)
async def settings_page(
    request: Request,
    current_user: OptionalCurrentUserDep,
    group_config_repo: GroupConfigRepoDep,
    group_email: Optional[str] = None,
):
    if not current_user:
        return RedirectResponse(f"/?next={request.url.path}")

    # If group_email is provided (e.g. from Admin Panel), use that one (super-admin only)
    if group_email and current_user.is_admin:
        group_config = await group_config_repo.get_by_group_email(group_email)
    else:
        # Otherwise find the first group the user belongs to (for settings context)
        authorized_groups = await _get_authorized_groups(current_user.email, group_config_repo)
        group_config = authorized_groups[0] if authorized_groups else None
    
    authorized_groups = await _get_authorized_groups(current_user.email, group_config_repo)
    group_emails = [g.group_email for g in authorized_groups]

    # Authorization Check
    # 1. Super-admins can access settings for any group they find/specify
    # 2. Otherwise, user must be a member AND a group admin (OWNER/MANAGER)
    is_authorized = False
    if current_user.is_admin:
        is_authorized = True
    elif group_config and is_group_admin(current_user.email, group_config):
        is_authorized = True

    if group_config is None or not is_authorized:
        # If no group found for this user, they can't see settings
        raise HTTPException(status_code=403, detail="Group admin access required.")

    return templates.TemplateResponse(
        request=request,
        name="settings.html",
        context={
            "request": request,
            "user": current_user,
            "group_config": group_config,
            "is_group_admin": True,  # They are here, so they are effectively an admin
            "is_super_admin": current_user.is_admin,
            "group_emails": group_emails,
        },
    )


@router.get("/admin", response_class=HTMLResponse)
async def admin_page(
    request: Request,
    current_user: OptionalCurrentUserDep,
    group_config_repo: GroupConfigRepoDep,
):
    if not current_user:
        return RedirectResponse(f"/?next={request.url.path}")
    if not current_user.is_admin:
        raise HTTPException(status_code=403, detail="Super-admin access required.")

    all_configs = await group_config_repo.get_all()
    authorized_groups = await _get_authorized_groups(current_user.email, group_config_repo)
    group_emails = [g.group_email for g in authorized_groups]

    return templates.TemplateResponse(
        request=request,
        name="admin.html",
        context={
            "request": request,
            "user": current_user,
            "groups": all_configs,
            "is_group_admin": False, # Usually not needed here, but for navbar consistency
            "is_super_admin": True,
            "group_emails": group_emails,
        },
    )


@router.get("/impressum", response_class=HTMLResponse)
async def impressum_page(
    request: Request,
    current_user: OptionalCurrentUserDep,
    group_config_repo: GroupConfigRepoDep,
):
    group_emails = []
    if current_user:
        authorized_groups = await _get_authorized_groups(current_user.email, group_config_repo)
        group_emails = [g.group_email for g in authorized_groups]

    return templates.TemplateResponse(
        request=request,
        name="impressum.html",
        context={
            "request": request,
            "user": current_user,
            "is_super_admin": current_user.is_admin if current_user else False,
            "group_emails": group_emails,
        },
    )


@router.get("/datenschutz", response_class=HTMLResponse)
async def datenschutz_page(
    request: Request,
    current_user: OptionalCurrentUserDep,
    group_config_repo: GroupConfigRepoDep,
):
    group_emails = []
    if current_user:
        authorized_groups = await _get_authorized_groups(current_user.email, group_config_repo)
        group_emails = [g.group_email for g in authorized_groups]

    return templates.TemplateResponse(
        request=request,
        name="datenschutz.html",
        context={
            "request": request,
            "user": current_user,
            "is_super_admin": current_user.is_admin if current_user else False,
            "group_emails": group_emails,
        },
    )