from django.contrib import admin
from user_roles.models import Role, UserRole
from user_roles.mixins import OwnerOnlyAdminMixin


@admin.register(Role)
class RoleAdmin(admin.ModelAdmin):
    list_display = ['code', 'name', 'is_system']
    list_filter = ['is_system']
    search_fields = ['code', 'name']
    readonly_fields = ['created_at']

    def has_delete_permission(self, request, obj=None):
        """Запрет удаления системных ролей"""
        if obj and obj.is_system:
            return False
        return super().has_delete_permission(request, obj)


@admin.register(UserRole)
class UserRoleAdmin(OwnerOnlyAdminMixin, admin.ModelAdmin):
    """
    Админка ролей пользователей.
    Доступна только владельцу.

    ВАЖНО: UserRole изолирован по тенантам автоматически через django-tenants,
    поэтому владелец видит только пользователей своего магазина!
    """
    list_display = ['user', 'role', 'is_active', 'created_at']
    list_filter = ['role', 'is_active']
    search_fields = ['user__email', 'user__name']
    readonly_fields = ['created_at', 'created_by']
    autocomplete_fields = ['user']

    def save_model(self, request, obj, form, change):
        """Автоматически устанавливаем created_by"""
        if not change:
            obj.created_by = request.user
        super().save_model(request, obj, form, change)