controles/routes/admin.py

from flask import Blueprint, render_template, flash, redirect, url_for, request, jsonify
from functions.database import Usuario, get_db_connection
from functions.decorators import require_permission, require_role, require_minimum_role
from flask_login import login_required, current_user
from sqlalchemy.orm import joinedload
import pyotp
from werkzeug.security import generate_password_hash
import secrets

admin_bp = Blueprint('admin', __name__, url_prefix='/admin')

@admin_bp.route('/')
@login_required
@require_role('ADMIN')
def dashboard():
    """Dashboard principal da área administrativa"""
    db = get_db_connection()
    try:
        # Carregar estatísticas relevantes
        total_users = db.query(Usuario).count()
        active_users = db.query(Usuario).filter(Usuario.is_active == True).count()
        inactive_users = total_users - active_users
        
        return render_template(
            'admin/dashboard.html',
            total_users=total_users,
            active_users=active_users,
            inactive_users=inactive_users
        )
    finally:
        db.close()

@admin_bp.route('/users')
@login_required
@require_role('ADMIN')
def list_users():
    """Lista todos os usuários do sistema"""
    db = get_db_connection()
    try:
        users = db.query(Usuario).options(
            joinedload(Usuario.roles),
            joinedload(Usuario.militante)
        ).all()
        return render_template('admin/users.html', users=users)
    finally:
        db.close()

@admin_bp.route('/users/<int:user_id>/reset-otp', methods=['POST'])
@login_required
@require_role('ADMIN')
def reset_user_otp(user_id):
    """Reseta o OTP de um usuário"""
    db = get_db_connection()
    try:
        user = db.query(Usuario).get(user_id)
        if not user:
            flash('Usuário não encontrado.', 'danger')
            return redirect(url_for('admin.list_users'))
        
        # Gerar novo segredo OTP
        user.otp_secret = pyotp.random_base32()
        db.commit()
        
        flash(f'OTP resetado com sucesso para {user.email}.', 'success')
        return redirect(url_for('admin.list_users'))
    finally:
        db.close()

@admin_bp.route('/users/<int:user_id>/reset-password', methods=['POST'])
@login_required
@require_role('ADMIN')
def reset_user_password(user_id):
    """Reseta a senha de um usuário"""
    db = get_db_connection()
    try:
        user = db.query(Usuario).get(user_id)
        if not user:
            flash('Usuário não encontrado.', 'danger')
            return redirect(url_for('admin.list_users'))
        
        # Gerar nova senha aleatória
        new_password = secrets.token_urlsafe(8)
        user.password = generate_password_hash(new_password)
        db.commit()
        
        flash(f'Senha resetada com sucesso. Nova senha: {new_password}', 'success')
        return redirect(url_for('admin.list_users'))
    finally:
        db.close()

@admin_bp.route('/users/<int:user_id>/toggle-status', methods=['POST'])
@login_required
@require_role('ADMIN')
def toggle_user_status(user_id):
    """Ativa/desativa um usuário"""
    db = get_db_connection()
    try:
        user = db.query(Usuario).get(user_id)
        if not user:
            return jsonify({'success': False, 'message': 'Usuário não encontrado.'})
        
        user.is_active = not user.is_active
        db.commit()
        
        status = 'ativado' if user.is_active else 'desativado'
        return jsonify({
            'success': True,
            'message': f'Usuário {status} com sucesso.',
            'new_status': user.is_active
        })
    finally:
        db.close()