from fastapi import APIRouter, Depends

from admin_app.api.dependencies import (
    get_current_staff_permissions,
    get_settings,
    require_admin_permission,
)
from admin_app.api.schemas import (
    AdminCapabilityResponse,
    AdminCurrentAccessResponse,
    AdminHealthResponse,
    AdminRootResponse,
    AdminSystemInfoResponse,
)
from admin_app.core import AuthenticatedStaffPrincipal
from admin_app.core.settings import AdminSettings
from admin_app.services.system_service import SystemService
from shared.contracts import AdminPermission

router = APIRouter(tags=["system"])


def _build_service(settings: AdminSettings) -> SystemService:
    return SystemService(settings=settings)


@router.get("/", response_model=AdminRootResponse)
def root(settings: AdminSettings = Depends(get_settings)):
    return _build_service(settings).build_root_payload()


@router.get("/health", response_model=AdminHealthResponse)
def health_check(settings: AdminSettings = Depends(get_settings)):
    return _build_service(settings).build_health_payload()


@router.get(
    "/system/info",
    response_model=AdminSystemInfoResponse,
)
def system_info(
    settings: AdminSettings = Depends(get_settings),
    _: AuthenticatedStaffPrincipal = Depends(
        require_admin_permission(AdminPermission.VIEW_SYSTEM)
    ),
):
    return _build_service(settings).build_system_info_payload()


@router.get(
    "/system/access",
    response_model=AdminCurrentAccessResponse,
)
def current_access(
    current_staff: AuthenticatedStaffPrincipal = Depends(
        require_admin_permission(AdminPermission.VIEW_SYSTEM)
    ),
    permissions: tuple[str, ...] = Depends(get_current_staff_permissions),
):
    return AdminCurrentAccessResponse(
        service="orquestrador-admin",
        staff_account={
            "id": current_staff.id,
            "email": current_staff.email,
            "display_name": current_staff.display_name,
            "role": current_staff.role,
            "is_active": current_staff.is_active,
        },
        permissions=list(permissions),
    )


@router.get(
    "/system/admin-capabilities",
    response_model=AdminCapabilityResponse,
)
def admin_capabilities(
    current_staff: AuthenticatedStaffPrincipal = Depends(
        require_admin_permission(AdminPermission.MANAGE_SETTINGS)
    ),
):
    return AdminCapabilityResponse(
        service="orquestrador-admin",
        action="manage_settings",
        allowed=True,
        role=current_staff.role,
    )