#!/usr/bin/env python3
"""
fix_rules.py — Corrige las reglas de colecciones en PocketBase KQ.
Reemplaza @request.auth.role por @request.auth.rol en todas las colecciones.
"""
import json, urllib.request, urllib.error, getpass

PB_URL = "http://localhost:8091"

def req(method, path, data=None, token=None):
    url = f"{PB_URL}/api/{path}"
    body = json.dumps(data).encode() if data else None
    headers = {"Content-Type": "application/json"}
    if token:
        headers["Authorization"] = token
    r = urllib.request.Request(url, data=body, headers=headers, method=method)
    try:
        with urllib.request.urlopen(r) as resp:
            return json.loads(resp.read())
    except urllib.error.HTTPError as e:
        raise RuntimeError(f"HTTP {e.code}: {e.read().decode()}")

print("=== fix_rules.py — Kings & Queens ===\n")

admin_email    = input("Email superuser admin: ").strip()
admin_password = getpass.getpass("Password: ")

resp  = req("POST", "collections/_superusers/auth-with-password",
            {"identity": admin_email, "password": admin_password})
token = resp["token"]
print("✓ Autenticado\n")

# Colecciones a corregir y sus reglas esperadas
TARGET_COLLECTIONS = {
    "classes": {
        "listRule":   "@request.auth.id != ''",
        "viewRule":   "@request.auth.id != ''",
        "createRule": "@request.auth.id != '' && @request.auth.rol = 'teacher'",
        "updateRule": "@request.auth.id != '' && @request.auth.rol = 'teacher'",
        "deleteRule": "@request.auth.id != '' && @request.auth.rol = 'teacher'",
    },
    "student_profiles": {
        "listRule":   "@request.auth.id != ''",
        "viewRule":   "@request.auth.id != ''",
        "createRule": "@request.auth.id != '' && @request.auth.rol = 'teacher'",
        "updateRule": "@request.auth.id != '' && @request.auth.rol = 'teacher'",
        "deleteRule": "@request.auth.id != '' && @request.auth.rol = 'teacher'",
    },
    "whiteboard_sessions": {
        "listRule":   "@request.auth.id != ''",
        "viewRule":   "@request.auth.id != ''",
        "createRule": "@request.auth.id != '' && @request.auth.rol = 'teacher'",
        "updateRule": "@request.auth.id != '' && @request.auth.rol = 'teacher'",
        "deleteRule": "@request.auth.id != '' && @request.auth.rol = 'teacher'",
    },
    "users": {
        "listRule":   "@request.auth.id != ''",
        "viewRule":   "@request.auth.id != ''",
        "createRule": "",
        "updateRule": "@request.auth.id = id",
        "deleteRule": None,
    },
}

# Obtener colecciones actuales
all_cols = req("GET", "collections?perPage=200", token=token)["items"]
col_map  = {c["name"]: c for c in all_cols}

for name, rules in TARGET_COLLECTIONS.items():
    if name not in col_map:
        print(f"  ⚠ '{name}' no encontrada, saltando")
        continue

    col_id = col_map[name]["id"]
    try:
        req("PATCH", f"collections/{col_id}", rules, token=token)
        print(f"  ✓ {name} — reglas actualizadas")
    except RuntimeError as e:
        print(f"  ✗ {name} — error: {e}")

print("\n✅ Listo. Recargá el dashboard de Ale.")