import re

from django.db import transaction, IntegrityError
from rest_framework import status
from rest_framework.decorators import api_view, permission_classes, throttle_classes
from rest_framework.permissions import IsAuthenticated
from rest_framework.response import Response
from rest_framework import serializers as drf_serializers
from drf_spectacular.utils import extend_schema, inline_serializer

from config.exceptions import AppError
from apps.user.models import User, Department
from apps.user.permissions import IsRegisterPermitted
from apps.user.throttling import RegisterIpThrottle
from apps.user.audit import log_register
from apps.user.auth import (
    build_user_response, REGISTERABLE_ROLES,
    resolve_or_create_institution,
)

DEFAULT_PASSWORD_PREFIX = 'Pass'


@extend_schema(
    summary='U2 管理员代注册',
    description='CMS 管理员为他人注册账号，无需验证码。**仅超级管理员 / 医院管理员可调用**：'
                '超级管理员可创建所有角色、可指定或新建任意机构；'
                '医院管理员可创建内容管理员 / 医生 / 学生，且**只能在本机构内**建账号。'
                '默认密码为 Pass+手机号（如 Pass13800001001），用户可自行修改。'
                '**不返回 tokens**，新用户需自行登录（CMS 用 U3、移动端学生用 U4）。',
    request=inline_serializer('RegisterRequest', fields={
        'phone': drf_serializers.CharField(help_text='手机号'),
        'real_name': drf_serializers.CharField(help_text='真实姓名'),
        'role_type': drf_serializers.ChoiceField(
            choices=['student', 'doctor', 'content_admin', 'hospital_admin', 'super_admin'],
            required=False, default='student', help_text='角色类型（受调用者角色限制）'),
        'institution_code': drf_serializers.CharField(
            help_text='机构编码（超管必填；医院管理员可省略，默认本机构，若填须与本机构一致）'),
        'institution_name': drf_serializers.CharField(help_text='机构名称（超管新建机构时必填）'),
        'department_name': drf_serializers.CharField(required=False, help_text='科室名称'),
    }),
    responses={201: inline_serializer('RegisterResponse', fields={
        'message': drf_serializers.CharField(),
        'user': drf_serializers.DictField(help_text='用户基本信息'),
    })},
    tags=['认证'],
)
@api_view(['POST'])
@permission_classes([IsAuthenticated, IsRegisterPermitted])
@throttle_classes([RegisterIpThrottle])
def register(request):
    """U2 管理员代注册（仅超级管理员 / 医院管理员，无需验证码）"""
    data = request.data

    phone = str(data.get('phone', ''))
    real_name = str(data.get('real_name', ''))
    role_type = str(data.get('role_type', 'student'))
    institution_code = str(data.get('institution_code', '')).strip()
    institution_name = str(data.get('institution_name', '')).strip()
    department_name = data.get('department_name') or ''

    # ── 入参校验 ──────────────────────────────────────────────────────────────

    if not re.match(r'^1[3-9]\d{9}$', phone):
        raise AppError('SMS_INVALID_PHONE', '手机号格式不合法')

    if not real_name or len(real_name) < 2 or len(real_name) > 20:
        raise AppError('USER_INVALID_NAME', '姓名长度应在 2-20 字符之间')

    actor = request.user

    # 目标角色须在调用者可创建的范围内（超管可建全部；医院管理员仅内容管理员/医生/学生）
    allowed_roles = REGISTERABLE_ROLES.get(actor.role_type, ())
    if role_type not in allowed_roles:
        raise AppError('USER_NO_REGISTER_ROLE_PERMISSION',
                       '您无权创建该角色账号', status_code=403)

    password = f'{DEFAULT_PASSWORD_PREFIX}{phone}'

    # ── 机构解析：超管任意；医院管理员仅限本机构 ─────────────────────────────

    if actor.role_type == 'hospital_admin':
        if not actor.institution_id:
            raise AppError('USER_NO_REGISTER_INSTITUTION',
                           '您未归属任何机构，无法代注册', status_code=403)
        institution = actor.institution
        # 若显式指定机构且与本机构不一致 → 拒绝（医院管理员不能跨机构建账号）
        if institution_code and institution_code != institution.code:
            raise AppError('USER_INSTITUTION_SCOPE_FORBIDDEN',
                           '医院管理员只能在本机构内建账号', status_code=403)
    else:
        # super_admin：机构编码 + 名称必填，按 code 查找或新建
        if not institution_code:
            raise AppError('USER_INSTITUTION_CODE_REQUIRED', '机构编码不能为空')
        if not institution_name:
            raise AppError('USER_INSTITUTION_REQUIRED', '机构名称不能为空')
        institution = resolve_or_create_institution(institution_code, institution_name)

    # ── 科室解析（可选）──────────────────────────────────────────────────────

    department = None
    if department_name:
        qs = Department.objects.filter(name=department_name, institution=institution)
        cnt = qs.count()
        if cnt == 0:
            raise AppError('USER_DEPARTMENT_NOT_FOUND', f'科室"{department_name}"不存在')
        if cnt > 1:
            raise AppError('USER_DEPARTMENT_AMBIGUOUS',
                           f'科室"{department_name}"不唯一')
        department = qs.first()

    # ── 事务内创建用户 ────────────────────────────────────────────────────────

    try:
        with transaction.atomic():
            if User.objects.filter(phone=phone).exists():
                raise AppError('AUTH_PHONE_REGISTERED', '该手机号已注册')

            user = User.objects.create_user(
                username=phone,
                password=password,
                phone=phone,
                real_name=real_name,
                role_type=role_type,
                institution=institution,
                department=department,
                status=1,
            )
    except AppError:
        raise
    except IntegrityError:
        raise AppError('AUTH_PHONE_REGISTERED', '该手机号已注册')

    # ── 善后 ──────────────────────────────────────────────────────────────────

    log_register(user.id, phone)

    return Response({
        'message': '注册成功',
        'user': build_user_response(user),
    }, status=status.HTTP_201_CREATED)