from .permissions import get_user_permissions, has_permission
from .models import GroupPermissionManager

def can_access_expenses(user):
    """Check if user can access expense features"""
    if not user.is_authenticated:
        return False

    if user.is_superuser:
        return True

    # Use the dynamic permission system
    user_permissions = get_user_permissions(user)
    return ('view_expenses' in user_permissions or 
            'create_expenses' in user_permissions or 
            'manage_expenses' in user_permissions or
            'view_expense' in user_permissions or
            'add_expense' in user_permissions or
            'change_expense' in user_permissions)

def can_manage_expenses(user):
    """Check if user can manage expenses (approve/reject)"""
    if not user.is_authenticated:
        return False

    if user.is_superuser:
        return True

    # Use the dynamic permission system
    user_permissions = get_user_permissions(user)
    return ('manage_expenses' in user_permissions or 
            'approve_expenses' in user_permissions or
            'change_expense' in user_permissions or
            'delete_expense' in user_permissions)

def department_permissions(request):
    """Add permission flags to template context"""
    context = {
        'user_permissions': set(),
        'user_department': None,
        # Legacy compatibility
        'has_financial_access': False,
        'can_assign_tickets': False,
        'can_delete_customers': False,
    }

    if request.user.is_authenticated:
        user_permissions = get_user_permissions(request.user)
        context['user_permissions'] = user_permissions

        # Legacy compatibility
        context['has_financial_access'] = 'view_billing' in user_permissions
        context['can_assign_tickets'] = 'assign_tickets' in user_permissions
        context['can_delete_customers'] = 'delete_customers' in user_permissions

        if hasattr(request.user, 'employee_profile') and request.user.employee_profile:
            employee = request.user.employee_profile
            if employee.department:
                context['user_department'] = employee.department.name.lower()

            # Add dynamic permissions from database
            from .models import DepartmentPermissionAssignment

            department = request.user.employee_profile.department
            if department:
                assigned_permissions = DepartmentPermissionAssignment.objects.filter(
                    department=department,
                    permission__is_active=True
                ).select_related('permission')

                for assignment in assigned_permissions:
                    context['user_permissions'].add(assignment.permission.name)

            # Add expense-specific context
            context.update({
                'can_access_expenses': can_access_expenses(request.user),
                'can_manage_expenses': can_manage_expenses(request.user),
            })

    return context

def user_permissions(request):
    """Add user permissions to template context"""
    permissions = set()

    if request.user.is_authenticated:
        permissions = get_user_permissions(request.user)

        # Debug: Add all Django permissions the user has
        if hasattr(request.user, 'get_all_permissions'):
            django_permissions = request.user.get_all_permissions()
            permissions.update(django_permissions)

    return {
        'user_permissions': permissions,
        'has_permission': lambda perm: has_permission(request.user, perm),
        'user_groups': [group.name for group in request.user.groups.all()] if request.user.is_authenticated else [],
    }