from __future__ import annotations

from app.schemas.identity import IdentityUser


class IdentityService:
    DEMO_USERS = {
        "alice": {
            "user_id": "u1001",
            "user_name": "alice",
            "display_name": "Alice",
            "roles": ["DEPLOY_OPERATOR"],
            "tenant_id": "tenant-demo",
            "permissions": ["task:create", "task:confirm", "software_a:deploy"],
            "allowed_envs": ["test", "staging"],
            "allowed_apps": ["order-service", "user-service"],
        },
        "bob": {
            "user_id": "u2001",
            "user_name": "bob",
            "display_name": "Bob",
            "roles": ["APPROVER"],
            "tenant_id": "tenant-demo",
            "permissions": ["approval:decision"],
            "allowed_envs": ["prod"],
            "allowed_apps": ["order-service", "user-service"],
        },
    }

    def login(self, username: str, _: str) -> tuple[str, dict] | None:
        user = self.DEMO_USERS.get(username)
        if not user:
            return None
        return f"demo-token-{username}", user

    def get_user_by_token(self, access_token: str) -> dict | None:
        if not access_token.startswith("demo-token-"):
            return None
        username = access_token.removeprefix("demo-token-")
        return self.DEMO_USERS.get(username)

    def get_permissions(self, user_id: str) -> dict | None:
        for user in self.DEMO_USERS.values():
            if user["user_id"] == user_id:
                return user
        return None

    @staticmethod
    def to_identity_user(user: dict) -> IdentityUser:
        return IdentityUser(
            user_id=user["user_id"],
            user_name=user["user_name"],
            display_name=user["display_name"],
            roles=user["roles"],
            tenant_id=user["tenant_id"],
        )