"""
Authenticated read-only access to custom page layout + title for viewing at /page/{slug}.
If the page has view_permission_key set, the user must have that permission; otherwise any
logged-in user may fetch. Editing remains under admin.custom_pages.
"""
from fastapi import APIRouter, Depends, HTTPException
from sqlalchemy.orm import Session

from app.database import get_db
from app.models import CustomPageLayout, User
from app.routers.auth import get_current_user, get_user_permissions
from app.routers.custom_pages import _parse_stored_layout, normalize_slug

router = APIRouter(prefix="/api/custom-pages", tags=["custom-pages"])


@router.get("/{slug}/layout")
async def get_public_custom_page_layout(
    slug: str,
    user: User = Depends(get_current_user),
    db: Session = Depends(get_db),
):
    key = normalize_slug(slug)
    row = db.query(CustomPageLayout).filter(CustomPageLayout.slug == key).first()
    if not row:
        raise HTTPException(status_code=404, detail="Page not found")
    vpk = getattr(row, "view_permission_key", None)
    if vpk:
        perms = get_user_permissions(db, user)
        if vpk not in perms:
            raise HTTPException(
                status_code=403,
                detail="You do not have permission to view this page.",
            )
    return {
        "slug": row.slug,
        "title": row.title,
        "layout": _parse_stored_layout(row.layout_json),
    }