from urllib.parse import urljoin, urlparse

from django.conf import settings
from django.contrib.auth import REDIRECT_FIELD_NAME
from django.core.urlresolvers import get_script_prefix, resolve
from django.http import Http404
from django.shortcuts import redirect, resolve_url
from django.utils.encoding import force_str
from django.utils.translation import ugettext as _

from pretix.base.models import Event, EventPermission, Organizer


class PermissionMiddleware:
    """
    This middleware enforces all requests to the control app to require login.
    Additionally, it enforces all requests to "control:event." URLs
    to be for an event the user has basic access to.
    """

    EXCEPTIONS = (
        "auth.login",
        "auth.register",
        "auth.forgot",
        "auth.forgot.recover"
    )

    def process_request(self, request):
        url = resolve(request.path_info)
        url_name = url.url_name
        if not request.path.startswith(get_script_prefix() + 'control'):
            # This middleware should only touch the /control subpath
            return
        if hasattr(request, 'domain'):
            # If the user is on a organizer's subdomain, he should be redirected to pretix
            return redirect(urljoin(settings.SITE_URL, request.get_full_path()))
        if url_name in self.EXCEPTIONS:
            return
        if not request.user.is_authenticated():
            # Taken from django/contrib/auth/decorators.py
            path = request.build_absolute_uri()
            # urlparse chokes on lazy objects in Python 3, force to str
            resolved_login_url = force_str(
                resolve_url(settings.LOGIN_URL_CONTROL))
            # If the login url is the same scheme and net location then just
            # use the path as the "next" url.
            login_scheme, login_netloc = urlparse(resolved_login_url)[:2]
            current_scheme, current_netloc = urlparse(path)[:2]
            if ((not login_scheme or login_scheme == current_scheme) and
                    (not login_netloc or login_netloc == current_netloc)):
                path = request.get_full_path()
            from django.contrib.auth.views import redirect_to_login

            return redirect_to_login(
                path, resolved_login_url, REDIRECT_FIELD_NAME)

        request.user.events_cache = request.user.events.order_by(
            "organizer", "date_from").prefetch_related("organizer")
        if 'event' in url.kwargs and 'organizer' in url.kwargs:
            try:
                request.event = Event.objects.filter(
                    slug=url.kwargs['event'],
                    permitted__id__exact=request.user.id,
                    organizer__slug=url.kwargs['organizer'],
                ).select_related('organizer')[0]
                request.eventperm = EventPermission.objects.get(
                    event=request.event,
                    user=request.user
                )
                request.organizer = request.event.organizer
            except IndexError:
                raise Http404(_("The selected event was not found or you "
                                "have no permission to administrate it."))
        elif 'organizer' in url.kwargs:
            try:
                request.organizer = Organizer.objects.filter(
                    slug=url.kwargs['organizer'],
                    permitted__id__exact=request.user.id,
                )[0]
            except IndexError:
                raise Http404(_("The selected organizer was not found or you "
                                "have no permission to administrate it."))