#!/usr/bin/env python3
"""ObsiGate CLI user management script.

Usage:
    python backend/create_admin.py create <username> <password> [--role admin|user] [--vaults V1 V2...] [--display-name NAME]
    python backend/create_admin.py list
    python backend/create_admin.py delete <username>

Docker usage:
    docker exec obsigate python backend/create_admin.py create admin MyPassword --role admin --vaults "*"
    docker exec obsigate python backend/create_admin.py list
"""

import sys
import argparse

# Add parent directory to path for imports
from pathlib import Path
sys.path.insert(0, str(Path(__file__).resolve().parent.parent))

from backend.auth.user_store import create_user, get_all_users, delete_user


def main():
    parser = argparse.ArgumentParser(description="ObsiGate user management")
    subparsers = parser.add_subparsers(dest="command")

    # create
    create_p = subparsers.add_parser("create", help="Create a user")
    create_p.add_argument("username")
    create_p.add_argument("password")
    create_p.add_argument("--role", default="user", choices=["admin", "user"])
    create_p.add_argument("--vaults", nargs="+", default=[])
    create_p.add_argument("--display-name")

    # list
    subparsers.add_parser("list", help="List all users")

    # delete
    del_p = subparsers.add_parser("delete", help="Delete a user")
    del_p.add_argument("username")

    args = parser.parse_args()

    if args.command == "create":
        try:
            user = create_user(
                args.username, args.password, args.role,
                args.vaults, args.display_name,
            )
            print(f"✅ User '{user['username']}' created (role: {user['role']})")
        except ValueError as e:
            print(f"❌ Error: {e}", file=sys.stderr)
            sys.exit(1)

    elif args.command == "list":
        users = get_all_users()
        if not users:
            print("No users found.")
            return
        for u in users:
            vaults = ", ".join(u["vaults"]) or "none"
            status = "✅" if u["active"] else "🔴"
            print(f"{status} {u['username']} ({u['role']}) — Vaults: {vaults}")

    elif args.command == "delete":
        try:
            delete_user(args.username)
            print(f"✅ User '{args.username}' deleted")
        except ValueError as e:
            print(f"❌ Error: {e}", file=sys.stderr)
            sys.exit(1)

    else:
        parser.print_help()


if __name__ == "__main__":
    main()