from rest_framework import viewsets, permissions, filters
from django_filters.rest_framework import DjangoFilterBackend
from .models import Ticket
from .serializers import TicketSerializer

class TicketViewSet(viewsets.ModelViewSet):
    """
    Standard users/guests can CREATE.
    Only Staff can LIST/RETRIEVE/UPDATE all.
    Users can LIST/RETRIEVE their own.
    """
    queryset = Ticket.objects.all()
    serializer_class = TicketSerializer
    permission_classes = [permissions.AllowAny] # We handle granular perms in get_queryset/perform_create
    filter_backends = [DjangoFilterBackend, filters.OrderingFilter]
    filterset_fields = ["status"]
    ordering_fields = ["created_at", "status"]
    ordering = ["-created_at"]

    def get_queryset(self):
        user = self.request.user
        if user.is_staff:
            return Ticket.objects.all()
        if user.is_authenticated:
            return Ticket.objects.filter(user=user)
        return Ticket.objects.none() # Guests can't list tickets

    def perform_create(self, serializer):
        if self.request.user.is_authenticated:
            serializer.save(user=self.request.user, email=self.request.user.email)
        else:
            serializer.save()