import flask
import psycopg2
import functools
from flask import request, session
from inventorysystem import app

def show_message(message):
    return flask.render_template("message.html", message=message)

def user_has_permission(user_id, permission, oe=None):
    db = psycopg2.connect(app.config["DSN"])
    cur = db.cursor()
    cur.execute("select count(*) from permissions where \"user\"=%s and permission=%s and (oe=%s or oe is NULL)", (user_id, permission, oe))
    allowed = cur.fetchone()[0] > 0
    db.close()
    return allowed

def login_required(f):
    @functools.wraps(f)
    def inner_function(*args, **kwargs):
        if "username" not in session:
            return flask.redirect(flask.url_for("login"))
        return f(*args, **kwargs)
    return inner_function

def permission_required(f, permission, oe=None):
    @functools.wraps(f)
    def inner_function(*args, **kwargs):
        if "username" not in session:
            return flask.redirect(flask.url_for("login"))
        if not user_has_permission(session["user_id"], permission, oe):
            return show_message("Permission denied")
        return f(*args, **kwargs)
    return inner_function

@app.route('/')
@login_required
def index():
    return flask.render_template("index.html")


@app.route('/login', methods=["GET", "POST"])
def login():
    if "username" in session:
        return flask.redirect(flask.url_for("index"))

    if request.method == "GET":
        return flask.render_template("login.html")

    elif request.method == "POST":
        db = psycopg2.connect(app.config["DSN"])
        username = request.form["user"]
        password = request.form["pass"]
        #FIXME hash password

        cur = db.cursor()
        cur.execute("select id,full_name from users where username=%s and password=%s",(username,password))
        result = cur.fetchall()
        if not result:
            return show_message("Failed to log in, are username and password correct?")
        else:
            session["username"] = username
            session["user_id"] = result[0][0]
            session["full_name"] = result[0][1]

        return flask.redirect(flask.url_for("index"))

@app.route("/oes")
@login_required
def list_oes():
    db = psycopg2.connect(app.config["DSN"])
    cur = db.cursor()
    cur.execute("select id, name from organizational_units")
    result = cur.fetchall()
    db.close()
    
    return flask.render_template("list_oes.html", dbresult=result)


@app.route("/inventory/<int:oe>")
def show_inventory(oe):
    if not user_has_permission(session["user_id"], "show_inventory", oe):
        return show_message("Permission denied"), 403

    db = psycopg2.connect(app.config["DSN"])
    cur = db.cursor()
    cur.execute("select id,serial,innenauftrag,description,location,purchase_date,old_inventory_id from inventory where oe=%s", (oe,))
    result = cur.fetchall()
    cur.execute("select name from organizational_units where id=%s", (oe,))
    oe_name = cur.fetchone()[0]
    db.close()

    return flask.render_template("show_inventory.html", dbresult=result, oe_name=oe_name)