from fastapi import APIRouter, Depends, UploadFile, File, status, HTTPException
from sqlmodel import Session

from app.api.deps import get_current_user
from app.db.session import get_session
from app.schemas.user import UserRead, UserUpdate, UserPasswordChange
from app.services.user_service import UserService
from app.models.user import User
from app.core.constants import (
    ERR_USER_NOT_FOUND,
)

router = APIRouter(prefix="/api/users", tags=["Users"])

@router.get("/me", response_model=UserRead, status_code=status.HTTP_200_OK, summary="Get current user")
def get_me(current_user: User = Depends(get_current_user)):
    """
    Return the authenticated user's profile.
    """
    return current_user

@router.patch("/update", response_model=UserRead, status_code=status.HTTP_200_OK, summary="Update current user")
def update_profile(
    data: UserUpdate,
    session: Session = Depends(get_session),
    current_user: User = Depends(get_current_user),
):
    """
    Update allowed profile fields (first_name, last_name, phone).
    Partial updates are supported.
    """
    return UserService.update_user(current_user, data, session)

@router.patch("/upload-profile-image", response_model=UserRead, status_code=status.HTTP_200_OK, summary="Upload profile image")
def upload_profile_image(
    file: UploadFile = File(...),
    session: Session = Depends(get_session),
    current_user: User = Depends(get_current_user),
):
    """
    Upload and set the user's profile image after validation.
    """
    return UserService.update_profile_image(current_user, file, session)

@router.patch("/change-password", response_model=UserRead, status_code=status.HTTP_200_OK, summary="Change password")
def change_password(
    body: UserPasswordChange,
    session: Session = Depends(get_session),
    current_user: User = Depends(get_current_user),
):
    """
    Change the current user's password (requires old password validation).
    """
    return UserService.change_password(current_user, body.old_password, body.new_password, session)

# @router.delete("/{user_id}", status_code=status.HTTP_200_OK, summary="Soft-delete a user")
# def delete_user(
#     user_id: int,
#     session: Session = Depends(get_session),
#     current_user: User = Depends(get_current_user),
# ):
#     """
#     Soft-delete a user identified by `user_id`.
#     Enforces role-based permissions:
#       - SUPERADMIN: can delete anyone
#       - ADMIN: can delete only standard USERS
#       - USERS: cannot delete
#     """
#     target = session.get(User, user_id)
#     if not target or target.is_deleted:
#         raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=ERR_USER_NOT_FOUND)
#     UserService.delete_user(current_user, target, session)
#     return {"success": True}