# -*- coding: utf-8 -*-
"""
小程序绩效路由 —— 绩效概览、绩效明细。

端点清单：
- GET /api/xcx/performance          — 绩效概览（PERF-1）
- GET /api/xcx/performance/records   — 绩效明细（PERF-2）

所有端点均需 JWT（approved 状态）。
"""

from __future__ import annotations

from fastapi import APIRouter, Depends, HTTPException, Query

from app.auth.dependencies import CurrentUser
from app.middleware.permission import require_approved, require_permission
from app.schemas.xcx_performance import (
    PerformanceOverviewResponse,
    PerformanceRecordsResponse,
)
from app.services import performance_service
from app.services.role import get_user_permissions
from app.trace.decorators import trace_service

router = APIRouter(prefix="/api/xcx/performance", tags=["小程序绩效"])


@router.get("", response_model=PerformanceOverviewResponse)
@trace_service("获取绩效概览", "Get performance overview")
async def get_performance_overview(
    year: int = Query(...),
    month: int = Query(..., ge=1, le=12),
    # CHANGE 2026-03-27 | 权限改造 W4：绩效跟任务走
    user: CurrentUser = Depends(require_permission("view_tasks")),
):
    """绩效概览（PERF-1）。"""
    return await performance_service.get_overview(
        user.user_id, user.site_id, year, month
    )


@router.get("/records", response_model=PerformanceRecordsResponse)
@trace_service("获取绩效明细", "Get performance records")
async def get_performance_records(
    year: int = Query(...),
    month: int = Query(..., ge=1, le=12),
    page: int = Query(1, ge=1),
    page_size: int = Query(20, ge=1, le=100),
    coach_id: int | None = Query(None, description="目标助教 ID（仅管理员可用）"),
    user: CurrentUser = Depends(require_approved()),
):
    """
    绩效明细（PERF-2）。

    权限分流（请求路径）：
    - 不带 coach_id（查自己）：要求 view_tasks 权限，assistant_id 由 user 绑定决定
    - 带 coach_id（查他人）：要求 view_board_coach 权限（manager/head_coach/staff），
      assistant_id 直接用传入值；同 site 由 user.site_id 隐式约束
    """
    user_perms = await get_user_permissions(user.user_id, user.site_id)

    if coach_id is None:
        if "view_tasks" not in user_perms:
            raise HTTPException(status_code=403, detail="权限不足")
        return await performance_service.get_records(
            user.user_id, user.site_id, year, month, page, page_size,
        )

    if "view_board_coach" not in user_perms:
        raise HTTPException(status_code=403, detail="权限不足")
    return await performance_service.get_records(
        user.user_id, user.site_id, year, month, page, page_size,
        assistant_id_override=coach_id,
    )