import flask
import psycopg2
import psycopg2.extras
import functools
from flask import request, session
from inventorysystem import app

def show_message(message):
    return flask.render_template("message.html", message=message)

def user_has_permission(user_id, permission, oe=None):
    db = psycopg2.connect(app.config["DSN"])
    cur = db.cursor()
    cur.execute("select count(*) from permissions where \"user\"=%s and permission=%s and (oe=%s or oe is NULL)", (user_id, permission, oe))
    allowed = cur.fetchone()[0] > 0
    db.close()
    return allowed

def login_required(f):
    @functools.wraps(f)
    def inner_function(*args, **kwargs):
        if "username" not in session:
            return flask.redirect(flask.url_for("login"))
        return f(*args, **kwargs)
    return inner_function

def permission_required(f, permission, oe=None):
    @functools.wraps(f)
    def inner_function(*args, **kwargs):
        if "username" not in session:
            return flask.redirect(flask.url_for("login"))
        if not user_has_permission(session["user_id"], permission, oe):
            return show_message("Permission denied")
        return f(*args, **kwargs)
    return inner_function


@app.route('/login', methods=["GET", "POST"])
def login():
    if "username" in session:
        return flask.redirect(flask.url_for("index"))

    if request.method == "GET":
        return flask.render_template("login.html")

    elif request.method == "POST":
        db = psycopg2.connect(app.config["DSN"])
        username = request.form["user"]
        password = request.form["pass"]
        #FIXME hash password

        cur = db.cursor(cursor_factory=psycopg2.extras.RealDictCursor)
        cur.execute("select id,full_name from users where username=%s and password=%s",(username,password))
        result = cur.fetchall()
        if not result:
            return show_message("Failed to log in, are username and password correct?")
        else:
            session["username"] = username
            session["user_id"] = result[0]["id"]
            session["full_name"] = result[0]["full_name"]

        return flask.redirect(flask.url_for("index"))

@app.route('/')
@login_required
def index():
    db = psycopg2.connect(app.config["DSN"])
    cur = db.cursor(cursor_factory=psycopg2.extras.RealDictCursor)
    cur.execute("select id, name from organizational_units")
    result = cur.fetchall()
    db.close()

    return flask.render_template("index.html", dbresult=result)

def list_of_dicts_to_table(l, headers, default=None):
    table = {}
    table["headers"] = headers
    table["rows"] = []
    for d in l:
        tmp_list = []
        for header in headers:
            tmp_list.append(d.get(header,default))
        table["rows"].append(tmp_list)
    return table

@app.route("/inventory/<int:oe>")
def show_inventory(oe):
    if not user_has_permission(session["user_id"], "show_inventory", oe):
        return show_message("Permission denied"), 403

    db = psycopg2.connect(app.config["DSN"])
    cur = db.cursor(cursor_factory=psycopg2.extras.RealDictCursor)
    cur.execute("select id,serial,innenauftrag,description,location,purchase_date,purchase_price,old_inventory_id from inventory where oe=%s", (oe,))
    result = cur.fetchall()
    cur.execute("select name from organizational_units where id=%s", (oe,))
    oe_name = cur.fetchone()["name"]
    db.close()

    table = list_of_dicts_to_table(result, ["id", "serial", "description", "location", "innenauftrag", "purchase_date", "purchase_price", "old_inventory_id"])

    return flask.render_template("show_inventory.html", table=table, oe_name=oe_name)