"""Superadmin SSH CA management endpoints."""
import logging
from flask import request
from gatehouse_app.api.v1.superadmin import superadmin_bp
from gatehouse_app.utils.response import api_response
from gatehouse_app.decorators.superadmin import superadmin_required, superadmin_audit_log
from gatehouse_app.extensions import db

logger = logging.getLogger(__name__)


@superadmin_bp.route("/organizations/<org_id>/cas/<ca_id>", methods=["DELETE"])
@superadmin_required
@superadmin_audit_log(action="ca.delete", resource_type="CA")
def delete_org_ca(org_id, ca_id):
    """Soft-delete an SSH CA for an organization.
    
    Sets is_active=False and deleted_at=now().
    """
    from gatehouse_app.models.ssh_ca.ca import CA
    from gatehouse_app.models.organization.organization import Organization

    org = Organization.query.filter_by(id=org_id, deleted_at=None).first()
    if not org:
        return api_response(
            success=False,
            message="Organization not found",
            status=404,
            error_type="NOT_FOUND"
        )

    ca = CA.query.filter_by(id=ca_id, organization_id=org_id, deleted_at=None).first()
    if not ca:
        return api_response(
            success=False,
            message="CA not found",
            status=404,
            error_type="NOT_FOUND"
        )

    try:
        ca.is_active = False
        ca.delete(soft=True)
        db.session.commit()

        return api_response(data={"ca_id": ca_id}, message="CA deleted successfully")

    except Exception:
        db.session.rollback()
        logger.exception(f"Failed to delete CA {ca_id}")
        return api_response(
            success=False,
            message="Failed to delete CA",
            status=500,
            error_type="SERVER_ERROR"
        )