from functools import wraps
from flask import session, request, jsonify, redirect, url_for
import sqlite3
from config import MAIN_DB

def login_required(f):
    @wraps(f)
    def decorated_function(*args, **kwargs):
        if 'user_id' not in session:
            if request.is_json:
                return jsonify({'success': False, 'error': 'No autorizado'}), 401
            return redirect(url_for('auth.login'))
        return f(*args, **kwargs)
    return decorated_function

def user_has_role(user_id, required_role):
    """Verificar si usuario tiene un rol específico (desde DB)"""
    if not user_id:
        return False
    
    conn = sqlite3.connect(MAIN_DB)
    c = conn.cursor()
    c.execute('SELECT role FROM users WHERE id = ?', (user_id,))
    result = c.fetchone()
    conn.close()
    
    if not result:
        return False
    
    user_role = result[0] or 'subscriber'
    
    # Jerarquía de roles GKACHELE™
    role_hierarchy = {
        'administrator': 4,
        'editor': 3,
        'author': 2,
        'subscriber': 1
    }
    
    user_level = role_hierarchy.get(user_role, 1)
    required_level = role_hierarchy.get(required_role, 1)
    
    return user_level >= required_level

def user_can(user_id, capability):
    """Verificar capacidad específica (desde DB)"""
    if not user_id:
        return False
    
    # Si es admin, puede todo
    if user_has_role(user_id, 'administrator'):
        return True
    
    return False