from flask_login import UserMixin
from werkzeug.security import check_password_hash
from app.extensions import db, login_manager
from app.models.base import TimestampMixin


class User(UserMixin, TimestampMixin, db.Model):
    id = db.Column(db.Integer, primary_key=True)
    email = db.Column(db.String(255), unique=True, nullable=False, index=True)
    name = db.Column(db.String(255), nullable=False)
    password_hash = db.Column(db.String(255), nullable=False)
    role = db.Column(db.String(50), default='operator', nullable=False)
    theme_preference = db.Column(db.String(20), default='light', nullable=False)
    is_blocked = db.Column(db.Boolean, default=False, nullable=False)
    force_password_change = db.Column(db.Boolean, default=False, nullable=False)
    last_login_at = db.Column(db.DateTime)
    company_access = db.relationship('UserCompanyAccess', back_populates='user', cascade='all, delete-orphan')

    def check_password(self, password):
        return check_password_hash(self.password_hash, password)

    def companies(self):
        return [item.company for item in self.company_access if item.company and item.company.is_active]

    def can_access_company(self, company_id):
        return any(item.company_id == company_id for item in self.company_access)

    def company_access_level(self, company_id):
        for item in self.company_access:
            if item.company_id == company_id:
                return item.access_level
        return None

    def is_company_readonly(self, company_id):
        return self.company_access_level(company_id) == 'readonly' or self.role == 'readonly'


@login_manager.user_loader
def load_user(user_id):
    return db.session.get(User, int(user_id))