from fastapi import APIRouter, Depends, HTTPException, Query, status
from sqlalchemy.orm import Session

from .. import crud, schemas, security
from ..database import get_db

router = APIRouter(prefix="/api/yatra/registrations", tags=["registrations"])


# Public: the registration form posts here.
@router.post("", response_model=schemas.RegistrationOut, status_code=status.HTTP_201_CREATED)
def create_registration(
    payload: schemas.RegistrationCreate,
    db: Session = Depends(get_db),
) -> schemas.RegistrationOut:
    return crud.create_registration(db, payload)


# Admin-only (any role can view PII).
@router.get(
    "",
    response_model=list[schemas.RegistrationOut],
    dependencies=[Depends(security.require_roles(*security.VIEW_ROLES))],
)
def list_registrations(
    skip: int = Query(0, ge=0),
    limit: int = Query(100, ge=1, le=500),
    db: Session = Depends(get_db),
) -> list[schemas.RegistrationOut]:
    return crud.list_registrations(db, skip=skip, limit=limit)


@router.get(
    "/{registration_id}",
    response_model=schemas.RegistrationOut,
    dependencies=[Depends(security.require_roles(*security.VIEW_ROLES))],
)
def get_registration(
    registration_id: str,
    db: Session = Depends(get_db),
) -> schemas.RegistrationOut:
    registration = crud.get_registration(db, registration_id)
    if registration is None:
        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Registration not found")
    return registration


# Deleting requires admin or superadmin.
@router.delete(
    "/{registration_id}",
    status_code=status.HTTP_204_NO_CONTENT,
    dependencies=[Depends(security.require_roles(*security.MANAGE_ROLES))],
)
def delete_registration(
    registration_id: str,
    db: Session = Depends(get_db),
) -> None:
    if not crud.delete_registration(db, registration_id):
        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Registration not found")