# webapp/api/users/serializers.py

from rest_framework import serializers
from webapp.models import master as m_master
from webapp.auth import auth_pwd_hash


class RoleSerializer(serializers.ModelSerializer):
    """Serializer untuk menampilkan informasi role."""

    class Meta:
        model = m_master.Roles
        fields = ["_pk", "role", "note"]


# ---- BASE ----
class UserBaseSerializer(serializers.ModelSerializer):
    pk_roles = RoleSerializer(read_only=True)
    pk_roles_id = serializers.PrimaryKeyRelatedField(
        source="pk_roles",
        queryset=m_master.Roles.objects.all(),
        write_only=True,
        help_text="ID role yang dimiliki user"
    )

    class Meta:
        model = m_master.Users
        fields = ["_pk", "usr", "pk_roles", "pk_roles_id"]
        extra_kwargs = {
            "usr": {
                "help_text": "Username untuk login",
                "contoh": "johndoe"   # <-- contoh pindah ke sini (valid di DRF)
            }
        }


# ---- CREATE ----
class UserCreateSerializer(UserBaseSerializer):
    pwd = serializers.CharField(
        write_only=True,
        required=True,
        help_text="Password baru untuk user",
        style={"input_type": "password"},
    )

    class Meta(UserBaseSerializer.Meta):
        fields = UserBaseSerializer.Meta.fields + ["pwd"]
        extra_kwargs = {
            "pwd": {"contoh": "password123"}   # contoh password
        }

    def create(self, validated_data):
        raw_pwd = validated_data.pop("pwd")
        validated_data["pwd"] = auth_pwd_hash(raw_pwd)
        return super().create(validated_data)


# ---- UPDATE ----
class UserUpdateSerializer(UserBaseSerializer):
    pwd = serializers.CharField(
        write_only=True,
        required=False,
        help_text="Password lama (wajib diisi jika ingin ganti password)",
        style={"input_type": "password"},
    )
    pwd_old = serializers.CharField(
        write_only=True,
        required=False,
        help_text="Password baru",
        style={"input_type": "password"},
    )
    pwd_new = serializers.CharField(
        write_only=True,
        required=False,
        help_text="Konfirmasi password baru (harus sama dengan password baru)",
        style={"input_type": "password"},
    )

    class Meta(UserBaseSerializer.Meta):
        fields = UserBaseSerializer.Meta.fields + ["pwd", "pwd_old", "pwd_new"]
        extra_kwargs = {
            "pwd": {"contoh": "password_lama"},
            "pwd_old": {"contoh": "password_baru"},
            "pwd_new": {"contoh": "password_baru"},
        }

    def update(self, instance, validated_data):
        pwd = validated_data.pop("pwd", None)
        pwd_old = validated_data.pop("pwd_old", None)
        pwd_new = validated_data.pop("pwd_new", None)

        if pwd and pwd_old and pwd_new:
            if instance.pwd != auth_pwd_hash(pwd):
                raise serializers.ValidationError({"password": "Password lama salah."})
            elif pwd_old != pwd_new:
                raise serializers.ValidationError({"password": "Password baru tidak sama."})
            else:
                validated_data["pwd"] = auth_pwd_hash(pwd_new)
        else:
            validated_data["pwd"] = instance.pwd

        return super().update(instance, validated_data)