from fastapi import APIRouter, Depends, HTTPException, Response
from sqlmodel import Session, select
from app.db import get_session
from app.models import Risk, User
from app.schemas import RiskCreate
from app.security import get_current_user, require_roles, WRITE_ROLES
from app.services.audit import audit
from app.services.exports import risks_xlsx
router=APIRouter(prefix="/risks", tags=["risks"])
@router.get("")
def list_risks(user:User=Depends(get_current_user), session:Session=Depends(get_session)):
    return [{**r.model_dump(),"risk_score":r.risk_score} for r in session.exec(select(Risk).where(Risk.tenant_id==user.tenant_id)).all()]
@router.post("")
def create_risk(data:RiskCreate, user:User=Depends(require_roles(*WRITE_ROLES)), session:Session=Depends(get_session)):
    r=Risk(tenant_id=user.tenant_id, **data.model_dump()); session.add(r); session.commit(); session.refresh(r); audit(session,user,"create","risk",r.id,{}); session.commit(); return {**r.model_dump(),"risk_score":r.risk_score}
@router.get("/export/poam.xlsx")
def export_poam(user:User=Depends(get_current_user), session:Session=Depends(get_session)):
    return Response(risks_xlsx(session,user.tenant_id), media_type="application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", headers={"Content-Disposition":"attachment; filename=secureflow-poam.xlsx"})