from rest_framework import viewsets, status
from rest_framework.decorators import action
from rest_framework.response import Response

from userausfall.models import User, MissingUserAttribute, PasswordMismatch
from userausfall.rest_api.permissions import UserPermission
from userausfall.rest_api.serializers import (
    ActivateUserSerializer,
    CreateUserSerializer,
    RetrieveUserSerializer,
)


class UserViewSet(viewsets.ModelViewSet):
    permission_classes = [UserPermission]
    queryset = User.objects.all()

    @action(detail=False, url_path="me")
    def retrieve_authenticated(self, request):
        """Retrieve user data for logged in user."""
        serializer = self.get_serializer(request.user)
        return Response(serializer.data)

    @action(detail=True, methods=["post"])
    def activate(self, request, pk=None):
        """Create the corresponding LDAP account."""
        user: User = self.get_object()
        serializer = self.get_serializer(data=request.data)
        if serializer.is_valid():
            try:
                # We prevent untrusted user accounts from being activated via API.
                # They might be activated via Admin or programmatically.
                if not user.trust_bridge.is_trusted:
                    raise MissingUserAttribute("User has no trusted trust bridge.")
                user.create_ldap_account(serializer.validated_data["password"])
            except (MissingUserAttribute, PasswordMismatch) as e:
                return Response({"message": str(e)}, status=status.HTTP_400_BAD_REQUEST)
            return Response(status=status.HTTP_204_NO_CONTENT)
        else:
            return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)

    def get_serializer_class(self):
        if self.action == "activate":
            return ActivateUserSerializer
        elif self.action == "create":
            return CreateUserSerializer
        elif self.action == "retrieve_authenticated":
            return RetrieveUserSerializer