from __future__ import annotations

from typing import Any

from app.schemas.common import ApiModel


class PermissionContextRead(ApiModel):
    is_admin: bool = False
    can_manage_sites: bool = False
    can_manage_experiments: bool = False
    can_manage_variants: bool = False
    can_manage_releases: bool = False
    can_manage_goals: bool = False
    can_manage_sdk_configs: bool = False
    can_use_editor: bool = False
    can_read_runtime: bool = False
    raw_permissions: list[str] = []


class AuthenticatedUser(ApiModel):
    """Normalized current-user payload used by FastAPI.

    We keep the shape close to current frontend needs so migration can happen
    incrementally without losing role/group context.
    """

    id: str
    email: str | None = None
    first_name: str | None = None
    status: str | None = None
    fb_token: str | None = None
    role: dict[str, Any] | None = None
    user_group: dict[str, Any] | None = None
    domain_permissions: list[str] = []
    permissions: PermissionContextRead


class AuthMeResponse(ApiModel):
    user: AuthenticatedUser