"""
審計日誌 Model
記錄所有關鍵操作,符合 ISO 要求
"""
from datetime import datetime
from sqlalchemy import Column, Integer, String, DateTime, Text, JSON, ForeignKey, Index
from sqlalchemy.dialects.postgresql import JSONB
from sqlalchemy.orm import relationship

from app.db.base import Base


class AuditLog(Base):
    """審計日誌表"""

    __tablename__ = "tenant_audit_logs"
    __table_args__ = (
        Index("idx_audit_tenant_action", "tenant_id", "action"),
        Index("idx_audit_tenant_resource", "tenant_id", "resource_type", "resource_id"),
        Index("idx_audit_tenant_time", "tenant_id", "performed_at"),
    )

    id = Column(Integer, primary_key=True, index=True)
    tenant_id = Column(Integer, ForeignKey("tenants.id", ondelete="CASCADE"), nullable=False, index=True, comment="租戶 ID")
    action = Column(String(50), nullable=False, index=True, comment="操作類型 (create/update/delete/login)")
    resource_type = Column(String(50), nullable=False, index=True, comment="資源類型 (employee/department/role)")
    resource_id = Column(Integer, nullable=True, index=True, comment="資源 ID")
    performed_by = Column(String(100), nullable=False, index=True, comment="操作者 SSO 帳號")
    performed_at = Column(DateTime, default=datetime.utcnow, nullable=False, index=True, comment="操作時間")
    details = Column(JSONB, nullable=True, comment="詳細變更內容 (JSON)")
    ip_address = Column(String(45), nullable=True, comment="IP 位址 (IPv4/IPv6)")

    # 通用欄位 (Note: audit_logs 不需要 is_active，只記錄不修改)
    edit_by = Column(String(100), nullable=True, comment="最後編輯者")
    created_at = Column(DateTime, default=datetime.utcnow, nullable=False, comment="建立時間")
    updated_at = Column(DateTime, default=datetime.utcnow, onupdate=datetime.utcnow, nullable=False, comment="更新時間")

    # 關聯
    tenant = relationship("Tenant")

    def __repr__(self):
        return f"<AuditLog {self.action} {self.resource_type}:{self.resource_id} by {self.performed_by}>"

    @classmethod
    def create_log(
        cls,
        tenant_id: int,
        action: str,
        resource_type: str,
        performed_by: str,
        resource_id: int = None,
        details: dict = None,
        ip_address: str = None,
    ) -> "AuditLog":
        """創建審計日誌"""
        return cls(
            tenant_id=tenant_id,
            action=action,
            resource_type=resource_type,
            resource_id=resource_id,
            performed_by=performed_by,
            details=details,
            ip_address=ip_address,
        )