# app/core/permissions.py
"""
Permission constants and checking logic for RBAC.

NOTE: This module now uses the module-driven permission system.
Permissions are defined in each module's definition.py file and
discovered by PermissionDiscoveryService.

This file provides backward-compatible exports for existing code.
New code should use:
    from app.modules.tenancy.services.permission_discovery_service import (
        permission_discovery_service
    )
"""

from enum import Enum

from app.modules.tenancy.services.permission_discovery_service import (
    permission_discovery_service,
)


class VendorPermissions(str, Enum):
    """
    All available permissions within a vendor context.

    NOTE: This enum is maintained for backward compatibility.
    Permissions are now defined in module definition.py files.

    Naming convention: RESOURCE_ACTION
    """

    # Dashboard (from core module)
    DASHBOARD_VIEW = "dashboard.view"

    # Products (from catalog module)
    PRODUCTS_VIEW = "products.view"
    PRODUCTS_CREATE = "products.create"
    PRODUCTS_EDIT = "products.edit"
    PRODUCTS_DELETE = "products.delete"
    PRODUCTS_IMPORT = "products.import"
    PRODUCTS_EXPORT = "products.export"

    # Stock/Inventory (from inventory module)
    STOCK_VIEW = "stock.view"
    STOCK_EDIT = "stock.edit"
    STOCK_TRANSFER = "stock.transfer"

    # Orders (from orders module)
    ORDERS_VIEW = "orders.view"
    ORDERS_EDIT = "orders.edit"
    ORDERS_CANCEL = "orders.cancel"
    ORDERS_REFUND = "orders.refund"

    # Customers (from customers module)
    CUSTOMERS_VIEW = "customers.view"
    CUSTOMERS_EDIT = "customers.edit"
    CUSTOMERS_DELETE = "customers.delete"
    CUSTOMERS_EXPORT = "customers.export"

    # Marketing (from messaging module - to be added)
    MARKETING_VIEW = "marketing.view"
    MARKETING_CREATE = "marketing.create"
    MARKETING_SEND = "marketing.send"

    # Reports (from analytics module - to be added)
    REPORTS_VIEW = "reports.view"
    REPORTS_FINANCIAL = "reports.financial"
    REPORTS_EXPORT = "reports.export"

    # Settings (from core module)
    SETTINGS_VIEW = "settings.view"
    SETTINGS_EDIT = "settings.edit"
    SETTINGS_THEME = "settings.theme"
    SETTINGS_DOMAINS = "settings.domains"

    # Team Management (from tenancy module)
    TEAM_VIEW = "team.view"
    TEAM_INVITE = "team.invite"
    TEAM_EDIT = "team.edit"
    TEAM_REMOVE = "team.remove"

    # Marketplace Imports (from marketplace module - to be added)
    IMPORTS_VIEW = "imports.view"
    IMPORTS_CREATE = "imports.create"
    IMPORTS_CANCEL = "imports.cancel"


class PermissionGroups:
    """
    Pre-defined permission groups for common roles.

    NOTE: These now delegate to permission_discovery_service for consistency.
    """

    @property
    def OWNER(self) -> set[str]:
        """Full access (for owners) - all permissions."""
        return permission_discovery_service.get_preset_permissions("owner")

    @property
    def MANAGER(self) -> set[str]:
        """Manager - Can do most things except team management."""
        return permission_discovery_service.get_preset_permissions("manager")

    @property
    def STAFF(self) -> set[str]:
        """Staff - Can view and edit products/orders but limited access."""
        return permission_discovery_service.get_preset_permissions("staff")

    @property
    def SUPPORT(self) -> set[str]:
        """Support - Can view and assist with orders/customers."""
        return permission_discovery_service.get_preset_permissions("support")

    @property
    def VIEWER(self) -> set[str]:
        """Viewer - Read-only access."""
        return permission_discovery_service.get_preset_permissions("viewer")

    @property
    def MARKETING(self) -> set[str]:
        """Marketing - Focused on marketing and customer communication."""
        return permission_discovery_service.get_preset_permissions("marketing")


# Singleton instance for backward compatibility
_permission_groups = PermissionGroups()


class PermissionChecker:
    """Utility class for permission checking."""

    @staticmethod
    def has_permission(permissions: list[str], required_permission: str) -> bool:
        """Check if a permission list contains a required permission."""
        return required_permission in permissions

    @staticmethod
    def has_any_permission(
        permissions: list[str], required_permissions: list[str]
    ) -> bool:
        """Check if a permission list contains ANY of the required permissions."""
        return any(perm in permissions for perm in required_permissions)

    @staticmethod
    def has_all_permissions(
        permissions: list[str], required_permissions: list[str]
    ) -> bool:
        """Check if a permission list contains ALL of the required permissions."""
        return all(perm in permissions for perm in required_permissions)

    @staticmethod
    def get_missing_permissions(
        permissions: list[str], required_permissions: list[str]
    ) -> list[str]:
        """Get list of missing permissions."""
        return [perm for perm in required_permissions if perm not in permissions]


def get_preset_permissions(preset_name: str) -> set[str]:
    """
    Get permissions for a preset role.

    Args:
        preset_name: Name of the preset (owner, manager, staff, support, viewer, marketing)

    Returns:
        Set of permission strings
    """
    return permission_discovery_service.get_preset_permissions(preset_name)