"""
Tenant Member Management API - ATOMIC operations
Handles team member CRUD operations
"""

import structlog
from fastapi import APIRouter, Depends, HTTPException, status, Path, Query
from typing import List, Dict, Any
from uuid import UUID

from app.schemas.tenants import TenantMemberResponse
from app.services.tenant_service import EnhancedTenantService
from shared.auth.decorators import get_current_user_dep
from shared.routing.route_builder import RouteBuilder
from shared.database.base import create_database_manager
from shared.monitoring.metrics import track_endpoint_metrics

logger = structlog.get_logger()
router = APIRouter()
route_builder = RouteBuilder("tenants")

# Dependency injection for enhanced tenant service
def get_enhanced_tenant_service():
    try:
        from app.core.config import settings
        database_manager = create_database_manager(settings.DATABASE_URL, "tenant-service")
        return EnhancedTenantService(database_manager)
    except Exception as e:
        logger.error("Failed to create enhanced tenant service", error=str(e))
        raise HTTPException(status_code=500, detail="Service initialization failed")

@router.post(route_builder.build_base_route("{tenant_id}/members", include_tenant_prefix=False), response_model=TenantMemberResponse)
@track_endpoint_metrics("tenant_add_member")
async def add_team_member(
    user_id: str,
    role: str,
    tenant_id: UUID = Path(..., description="Tenant ID"),
    current_user: Dict[str, Any] = Depends(get_current_user_dep),
    tenant_service: EnhancedTenantService = Depends(get_enhanced_tenant_service)
):
    """Add a team member to tenant with enhanced validation and role management"""

    try:
        result = await tenant_service.add_team_member(
            str(tenant_id),
            user_id,
            role,
            current_user["user_id"]
        )
        return result

    except HTTPException:
        raise
    except Exception as e:
        logger.error("Add team member failed",
                    tenant_id=str(tenant_id),
                    user_id=user_id,
                    role=role,
                    error=str(e))
        raise HTTPException(
            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
            detail="Failed to add team member"
        )

@router.get(route_builder.build_base_route("{tenant_id}/members", include_tenant_prefix=False), response_model=List[TenantMemberResponse])
async def get_team_members(
    tenant_id: UUID = Path(..., description="Tenant ID"),
    active_only: bool = Query(True, description="Only return active members"),
    current_user: Dict[str, Any] = Depends(get_current_user_dep),
    tenant_service: EnhancedTenantService = Depends(get_enhanced_tenant_service)
):
    """Get all team members for a tenant with enhanced filtering"""

    try:
        members = await tenant_service.get_team_members(
            str(tenant_id),
            current_user["user_id"],
            active_only=active_only
        )
        return members

    except HTTPException:
        raise
    except Exception as e:
        logger.error("Get team members failed",
                    tenant_id=str(tenant_id),
                    error=str(e))
        raise HTTPException(
            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
            detail="Failed to get team members"
        )

@router.put(route_builder.build_base_route("{tenant_id}/members/{member_user_id}/role", include_tenant_prefix=False), response_model=TenantMemberResponse)
@track_endpoint_metrics("tenant_update_member_role")
async def update_member_role(
    new_role: str,
    tenant_id: UUID = Path(..., description="Tenant ID"),
    member_user_id: str = Path(..., description="Member user ID"),
    current_user: Dict[str, Any] = Depends(get_current_user_dep),
    tenant_service: EnhancedTenantService = Depends(get_enhanced_tenant_service)
):
    """Update team member role with enhanced permission validation"""

    try:
        result = await tenant_service.update_member_role(
            str(tenant_id),
            member_user_id,
            new_role,
            current_user["user_id"]
        )
        return result

    except HTTPException:
        raise
    except Exception as e:
        logger.error("Update member role failed",
                    tenant_id=str(tenant_id),
                    member_user_id=member_user_id,
                    new_role=new_role,
                    error=str(e))
        raise HTTPException(
            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
            detail="Failed to update member role"
        )

@router.delete(route_builder.build_base_route("{tenant_id}/members/{member_user_id}", include_tenant_prefix=False))
@track_endpoint_metrics("tenant_remove_member")
async def remove_team_member(
    tenant_id: UUID = Path(..., description="Tenant ID"),
    member_user_id: str = Path(..., description="Member user ID"),
    current_user: Dict[str, Any] = Depends(get_current_user_dep),
    tenant_service: EnhancedTenantService = Depends(get_enhanced_tenant_service)
):
    """Remove team member from tenant with enhanced validation"""

    try:
        success = await tenant_service.remove_team_member(
            str(tenant_id),
            member_user_id,
            current_user["user_id"]
        )

        if success:
            return {"success": True, "message": "Team member removed successfully"}
        else:
            raise HTTPException(
                status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
                detail="Failed to remove team member"
            )

    except HTTPException:
        raise
    except Exception as e:
        logger.error("Remove team member failed",
                    tenant_id=str(tenant_id),
                    member_user_id=member_user_id,
                    error=str(e))
        raise HTTPException(
            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
            detail="Failed to remove team member"
        )