src/app/api/v1/invitations.py

"""
User Invitation Management Endpoints
"""
from fastapi import APIRouter, Depends, HTTPException, status, Query
from sqlalchemy.orm import Session
from typing import List, Optional
from uuid import UUID

from app.api.deps import get_db, get_current_active_user
from app.models.user import User
from app.models.invitation import UserInvitation
from app.models.client import Client
from app.models.contractor import Contractor
from app.schemas.invitation import (
    InvitationCreate,
    InvitationResponse,
    InvitationPublicResponse,
    InvitationValidate,
    InvitationAccept,
    InvitationResend,
    InvitationListResponse
)
from app.services.invitation_service import InvitationService
from app.schemas.auth import TokenResponse
from app.core.permissions import require_permission
import logging
import math

logger = logging.getLogger(__name__)
router = APIRouter(prefix="/invitations", tags=["Invitations"])

# Initialize invitation service
invitation_service = InvitationService()


@router.post("", response_model=InvitationResponse, status_code=status.HTTP_201_CREATED)
@require_permission("invite_users")
async def create_invitation(
    invitation_data: InvitationCreate,
    db: Session = Depends(get_db),
    current_user: User = Depends(get_current_active_user)
):
    """
    Create a new user invitation
    
    **Authorization:**
    - `platform_admin` - Can invite to any organization
    - `client_admin` - Can invite to their client only
    - `contractor_admin` - Can invite to their contractor only
    
    **Notification:**
    - Default: WhatsApp (saves email credits)
    - Fallback: Email if WhatsApp fails
    - Options: 'whatsapp', 'email', 'both'
    """
    invitation = await invitation_service.create_invitation(
        invitation_data=invitation_data,
        invited_by_user=current_user,
        db=db
    )
    
    # Enrich response with organization name
    response = InvitationResponse.model_validate(invitation)
    return response


@router.get("", response_model=InvitationListResponse)
@require_permission("invite_users")
async def list_invitations(
    skip: int = Query(0, ge=0, description="Number of records to skip"),
    limit: int = Query(50, ge=1, le=100, description="Maximum records to return"),
    status: Optional[str] = Query(None, description="Filter by status"),
    client_id: Optional[UUID] = Query(None, description="Filter by client"),
    contractor_id: Optional[UUID] = Query(None, description="Filter by contractor"),
    db: Session = Depends(get_db),
    current_user: User = Depends(get_current_active_user)
):
    """
    List invitations with pagination and filters
    
    **Authorization:**
    - `platform_admin` - Can view all invitations
    - `client_admin` - Can view their client's invitations only
    - `contractor_admin` - Can view their contractor's invitations only
    - Other users - Can view invitations they created
    """
    query = db.query(UserInvitation)
    
    # Apply authorization filters
    if current_user.role == 'platform_admin':
        # Platform admin sees all
        pass
    elif current_user.role == 'client_admin':
        # Client admin sees only their client's invitations
        query = query.filter(UserInvitation.client_id == current_user.client_id)
    elif current_user.role == 'contractor_admin':
        # Contractor admin sees only their contractor's invitations
        query = query.filter(UserInvitation.contractor_id == current_user.contractor_id)
    else:
        # Other users see only invitations they created
        query = query.filter(UserInvitation.invited_by_user_id == current_user.id)
    
    # Apply filters
    if status:
        query = query.filter(UserInvitation.status == status)
    if client_id:
        query = query.filter(UserInvitation.client_id == client_id)
    if contractor_id:
        query = query.filter(UserInvitation.contractor_id == contractor_id)
    
    # Get total count
    total = query.count()
    
    # Apply pagination
    invitations = query.order_by(
        UserInvitation.created_at.desc()
    ).offset(skip).limit(limit).all()
    
    # Calculate pagination info
    total_pages = math.ceil(total / limit) if limit > 0 else 0
    current_page = (skip // limit) + 1 if limit > 0 else 1
    
    return InvitationListResponse(
        invitations=invitations,
        total=total,
        page=current_page,
        page_size=limit,
        total_pages=total_pages
    )


@router.get("/{invitation_id}", response_model=InvitationResponse)
async def get_invitation(
    invitation_id: UUID,
    db: Session = Depends(get_db),
    current_user: User = Depends(get_current_active_user)
):
    """
    Get a specific invitation by ID
    
    **Authorization:**
    - `platform_admin` - Can view any invitation
    - `client_admin` - Can view their client's invitations
    - `contractor_admin` - Can view their contractor's invitations
    - Other users - Can view invitations they created
    """
    invitation = db.query(UserInvitation).filter(
        UserInvitation.id == invitation_id
    ).first()
    
    if not invitation:
        raise HTTPException(
            status_code=status.HTTP_404_NOT_FOUND,
            detail="Invitation not found"
        )
    
    # Check authorization
    if current_user.role == 'platform_admin':
        pass  # Can view any
    elif current_user.role == 'client_admin':
        if invitation.client_id != current_user.client_id:
            raise HTTPException(
                status_code=status.HTTP_403_FORBIDDEN,
                detail="Access denied"
            )
    elif current_user.role == 'contractor_admin':
        if invitation.contractor_id != current_user.contractor_id:
            raise HTTPException(
                status_code=status.HTTP_403_FORBIDDEN,
                detail="Access denied"
            )
    else:
        if invitation.invited_by_user_id != current_user.id:
            raise HTTPException(
                status_code=status.HTTP_403_FORBIDDEN,
                detail="Access denied"
            )
    
    return invitation


@router.post("/{invitation_id}/resend", response_model=InvitationResponse)
@require_permission("invite_users")
async def resend_invitation(
    invitation_id: UUID,
    resend_data: InvitationResend,
    db: Session = Depends(get_db),
    current_user: User = Depends(get_current_active_user)
):
    """
    Resend an invitation notification
    
    **Behavior:**
    - If invitation is not expired: Resends same token
    - If invitation is expired: Generates new token and extends expiry by 72 hours
    
    **Authorization:**
    - `platform_admin` - Can resend any invitation
    - Org admins - Can resend their org's invitations
    - Other users - Can resend invitations they created
    """
    invitation = await invitation_service.resend_invitation(
        invitation_id=str(invitation_id),
        method=resend_data.invitation_method,
        db=db
    )
    
    return invitation


@router.delete("/{invitation_id}", status_code=status.HTTP_204_NO_CONTENT)
@require_permission("invite_users")
async def cancel_invitation(
    invitation_id: UUID,
    db: Session = Depends(get_db),
    current_user: User = Depends(get_current_active_user)
):
    """
    Cancel a pending invitation
    
    **Authorization:**
    - `platform_admin` - Can cancel any invitation
    - Org admins - Can cancel their org's invitations
    - Other users - Can cancel invitations they created
    """
    invitation_service.cancel_invitation(
        invitation_id=str(invitation_id),
        db=db
    )
    
    return None


# ============================================
# PUBLIC ENDPOINTS (No authentication required)
# ============================================

@router.post("/validate", response_model=InvitationPublicResponse)
async def validate_invitation_token(
    validation_data: InvitationValidate,
    db: Session = Depends(get_db)
):
    """
    Validate an invitation token (PUBLIC endpoint)
    
    Used by frontend to check if invitation is valid before showing registration form.
    No authentication required.
    """
    from app.services.token_service import TokenService
    
    token_service = TokenService()
    invitation = token_service.validate_token(validation_data.token, db)
    
    if not invitation:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
            detail="Invalid or expired invitation token"
        )
    
    # Get organization name
    organization_name = None
    organization_type = None
    
    if invitation.client_id:
        client = db.query(Client).filter(Client.id == invitation.client_id).first()
        organization_name = client.name if client else None
        organization_type = 'client'
    elif invitation.contractor_id:
        contractor = db.query(Contractor).filter(Contractor.id == invitation.contractor_id).first()
        organization_name = contractor.name if contractor else None
        organization_type = 'contractor'
    else:
        organization_name = 'SwiftOps Platform'
        organization_type = 'platform'
    
    # Split invited_name into suggested first and last names for form pre-filling
    suggested_first_name = None
    suggested_last_name = None
    
    if invitation.invited_name:
        # Smart name splitting
        name_parts = invitation.invited_name.strip().split()
        if len(name_parts) == 1:
            # Single name - use as first name
            suggested_first_name = name_parts[0]
        elif len(name_parts) == 2:
            # Two parts - first and last
            suggested_first_name = name_parts[0]
            suggested_last_name = name_parts[1]
        else:
            # Multiple parts - first word is first name, rest is last name
            # e.g., "John Michael Doe" → first="John", last="Michael Doe"
            suggested_first_name = name_parts[0]
            suggested_last_name = " ".join(name_parts[1:])
    
    # Get project details if this is a project invitation
    project_name = None
    project_role_name = None
    region_name = None
    
    if invitation.project_id:
        from app.models.project import Project, ProjectRole, ProjectRegion
        
        # Get project name
        project = db.query(Project).filter(Project.id == invitation.project_id).first()
        project_name = project.title if project else None
        
        # Get project role name
        if invitation.project_role_id:
            project_role = db.query(ProjectRole).filter(ProjectRole.id == invitation.project_role_id).first()
            project_role_name = project_role.role_name if project_role else None
        
        # Get region name
        if invitation.project_region_id:
            region = db.query(ProjectRegion).filter(ProjectRegion.id == invitation.project_region_id).first()
            region_name = region.region_name if region else None
    
    return InvitationPublicResponse(
        id=invitation.id,
        email=invitation.email,
        phone=invitation.phone,
        invited_role=invitation.invited_role,
        status=invitation.status,
        expires_at=invitation.expires_at,
        organization_name=organization_name,
        organization_type=organization_type,
        is_expired=invitation.is_expired,
        is_valid=invitation.is_pending,
        suggested_first_name=suggested_first_name,
        suggested_last_name=suggested_last_name,
        project_id=invitation.project_id,
        project_name=project_name,
        project_role_name=project_role_name,
        region_name=region_name
    )


@router.post("/accept", response_model=TokenResponse)
async def accept_invitation(
    acceptance_data: InvitationAccept,
    db: Session = Depends(get_db)
):
    """
    Accept an invitation and create user account (PUBLIC endpoint)
    
    This endpoint:
    1. Validates the invitation token
    2. Creates Supabase Auth user
    3. Creates local user profile
    4. Marks invitation as accepted
    5. Returns authentication token
    
    No authentication required (user doesn't exist yet).
    """
    result = await invitation_service.accept_invitation(
        acceptance_data=acceptance_data,
        db=db
    )
    
    return result