"""
Router tenant – gestione organizzazioni (solo super_admin).

Protezione doppia:
  1. require_super_admin  – JWT con ruolo super_admin
  2. verify_admin_key     – Header X-Admin-Key (se configurata in produzione)

Endpoint:
  GET    /api/v1/tenants            → lista tenant con statistiche
  POST   /api/v1/tenants            → crea tenant + admin
  GET    /api/v1/tenants/{id}       → dettaglio tenant con statistiche
  PATCH  /api/v1/tenants/{id}       → modifica tenant (incluso is_active per sospensione)
"""

import uuid
from typing import Annotated

from fastapi import APIRouter, Depends

from app.dependencies import DB, SuperAdminUser, verify_admin_key
from app.schemas.tenant import TenantCreateRequest, TenantResponse, TenantUpdateRequest
from app.services.tenant_service import TenantService

router = APIRouter(
    prefix="/tenants",
    tags=["Tenant (super-admin)"],
    dependencies=[Depends(verify_admin_key)],  # X-Admin-Key su tutti gli endpoint
)


@router.get(
    "",
    response_model=list[TenantResponse],
    summary="Lista tutti i tenant con statistiche",
)
async def list_tenants(
    _: SuperAdminUser,
    db: DB,
) -> list[TenantResponse]:
    service = TenantService(db)
    return await service.list_tenants_with_stats()


@router.post(
    "",
    response_model=TenantResponse,
    status_code=201,
    summary="Crea nuovo tenant con admin iniziale",
)
async def create_tenant(
    body: TenantCreateRequest,
    _: SuperAdminUser,
    db: DB,
) -> TenantResponse:
    service = TenantService(db)
    tenant, _ = await service.create_tenant(body)
    return TenantResponse.model_validate(tenant)


@router.get(
    "/{tenant_id}",
    response_model=TenantResponse,
    summary="Dettaglio tenant con statistiche",
)
async def get_tenant(
    tenant_id: uuid.UUID,
    _: SuperAdminUser,
    db: DB,
) -> TenantResponse:
    service = TenantService(db)
    return await service.get_tenant_with_stats(tenant_id)


@router.patch(
    "/{tenant_id}",
    response_model=TenantResponse,
    summary="Modifica tenant (nome, piano, limiti, sospensione)",
)
async def update_tenant(
    tenant_id: uuid.UUID,
    body: TenantUpdateRequest,
    _: SuperAdminUser,
    db: DB,
) -> TenantResponse:
    service = TenantService(db)
    tenant = await service.update_tenant(tenant_id, body)
    return TenantResponse.model_validate(tenant)