#!/usr/bin/env python3
"""
Create Roles in Aumentum Database
Creates roles for limited access users (indexing, scanning, etc.)
"""

import sys
from aumentum_browser_service import AumentumBrowserService, DEFAULT_DB_CONFIG, DEFAULT_CONTENTSTORE_BASE

def calculate_crc(authority: str) -> int:
    """Calculate CRC for authority (Alfresco uses CRC32 for authority lookup)"""
    import zlib
    return zlib.crc32(authority.encode('utf-8')) & 0xffffffff

def create_role(role_name: str) -> bool:
    """
    Create a role in the database
    
    Args:
        role_name: Role name (e.g., 'ROLE_INDEXING_OFFICER')
    
    Returns:
        True if successful, False otherwise
    """
    if not role_name.startswith('ROLE_'):
        print(f"⚠️  Warning: Role name '{role_name}' should start with 'ROLE_'")
    
    service = AumentumBrowserService(
        db_config=DEFAULT_DB_CONFIG,
        contentstore_base=DEFAULT_CONTENTSTORE_BASE
    )
    
    conn = service._get_db_connection()
    cursor = conn.cursor()
    
    try:
        db_type = service.db_config.get("type", "mssql").lower()
        
        # Check if role already exists
        if db_type == "mysql":
            cursor.execute("SELECT id FROM alf_authority WHERE authority = %s", (role_name,))
        else:
            cursor.execute("SELECT id FROM LRSAdmin.alf_authority WHERE authority = ?", (role_name,))
        
        existing = cursor.fetchone()
        
        if existing:
            print(f"✅ Role '{role_name}' already exists (ID: {existing[0]})")
            return True
        
        # Get next ID
        if db_type == "mysql":
            cursor.execute("SELECT MAX(id) FROM alf_authority")
        else:
            cursor.execute("SELECT MAX(id) FROM LRSAdmin.alf_authority")
        
        max_id = cursor.fetchone()[0]
        role_id = (max_id or 0) + 1
        
        # Calculate CRC
        crc = calculate_crc(role_name)
        
        # Insert role
        if db_type == "mysql":
            cursor.execute("""
                INSERT INTO alf_authority (id, version, authority, crc)
                VALUES (%s, 1, %s, %s)
            """, (role_id, role_name, crc))
        else:
            cursor.execute("""
                INSERT INTO LRSAdmin.alf_authority (id, version, authority, crc)
                VALUES (?, 1, ?, ?)
            """, (role_id, role_name, crc))
        
        conn.commit()
        
        print(f"✅ Role '{role_name}' created successfully! (ID: {role_id})")
        return True
        
    except Exception as e:
        conn.rollback()
        print(f"❌ Error creating role '{role_name}': {e}")
        import traceback
        traceback.print_exc()
        return False
    finally:
        cursor.close()
        conn.close()

if __name__ == "__main__":
    import argparse
    
    parser = argparse.ArgumentParser(description="Create roles in Aumentum database")
    parser.add_argument("roles", nargs="+", help="Role names to create (e.g., ROLE_INDEXING_OFFICER ROLE_SCANNING_OPERATOR)")
    parser.add_argument("--all", action="store_true", help="Create all standard limited-access roles")
    
    args = parser.parse_args()
    
    print("="*70)
    print("CREATE ROLES")
    print("="*70)
    
    roles_to_create = []
    
    if args.all:
        roles_to_create = [
            'ROLE_INDEXING_OFFICER',
            'ROLE_SCANNING_OPERATOR',
            'ROLE_CASHIER',
            'ROLE_GIS_VIEWER',
            'ROLE_ARCHIVING_OFFICER'
        ]
        print("\nCreating all standard limited-access roles...")
    else:
        roles_to_create = args.roles
        print(f"\nCreating {len(roles_to_create)} role(s)...")
    
    success_count = 0
    for role_name in roles_to_create:
        if create_role(role_name):
            success_count += 1
    
    print("\n" + "="*70)
    print(f"✅ Created {success_count}/{len(roles_to_create)} role(s) successfully!")
    print("="*70)
    
    sys.exit(0 if success_count == len(roles_to_create) else 1)