"""
Router dependencies for auth module

Classes:
 - List: Description
 - Classes: Description

Functions:
 - List: Description
 - Functions: Description
"""
from typing import Annotated
from fastapi import Depends

from src.user.dependencies import user_model_claims_dependency
from src.user.models import User
from src.organisation.dependencies import org_model_query_dependency, org_model_body_dependency
from src.organisation.models import Organisation as Org

from src.auth.exceptions import UnauthorizedException


def is_super_admin(user_model) -> bool:
	super_admin_emails = ["chris@sr2.uk"]
	if user_model.email not in super_admin_emails:
		raise UnauthorizedException()
	return True


async def org_query_user_claims(org_model: org_model_query_dependency, user_model: user_model_claims_dependency):
	if user_model in org_model.user_rel:
		return True

	raise UnauthorizedException()


org_query_user_claims_dependency = Annotated[bool, Depends(org_query_user_claims)]


async def org_query_root_claims(user_model: user_model_claims_dependency, org_model: org_model_query_dependency):
	if org_model.root_user_id == user_model.id:
		return org_model

	if is_super_admin(user_model):
		return org_model

	raise UnauthorizedException()


org_model_root_claim_query_dependency = Annotated[type[Org], Depends(org_query_root_claims)]


async def org_body_root_claims(user_model: user_model_claims_dependency, org_model: org_model_body_dependency):
	if org_model.root_user_id == user_model.id:
		return org_model

	if is_super_admin(user_model):
		return org_model

	raise UnauthorizedException()


org_model_root_claim_body_dependency = Annotated[type[Org], Depends(org_body_root_claims)]


async def user_model_super_admin(user_model: user_model_claims_dependency):
	if is_super_admin(user_model):
		return user_model

	raise UnauthorizedException()


super_admin_dependency = Annotated[type[User], Depends(user_model_super_admin)]