package rbac

import (
	"context"
	"testing"

	"tss-rocks-be/ent/enttest"
	"tss-rocks-be/ent/role"

	_ "github.com/mattn/go-sqlite3"
)

func TestInitializeRBAC(t *testing.T) {
	// Create an in-memory SQLite client for testing
	client := enttest.Open(t, "sqlite3", "file:ent?mode=memory&cache=shared&_fk=1")
	defer client.Close()

	ctx := context.Background()

	// Test initialization
	err := InitializeRBAC(ctx, client)
	if err != nil {
		t.Fatalf("Failed to initialize RBAC: %v", err)
	}

	// Verify roles were created
	for roleName := range DefaultRoles {
		r, err := client.Role.Query().Where(role.Name(roleName)).Only(ctx)
		if err != nil {
			t.Errorf("Role %s was not created: %v", roleName, err)
		}

		// Verify permissions for each role
		perms, err := r.QueryPermissions().All(ctx)
		if err != nil {
			t.Errorf("Failed to query permissions for role %s: %v", roleName, err)
		}

		expectedPerms := DefaultRoles[roleName]
		permCount := 0
		for _, actions := range expectedPerms {
			permCount += len(actions)
		}

		if len(perms) != permCount {
			t.Errorf("Role %s has %d permissions, expected %d", roleName, len(perms), permCount)
		}
	}
}

func TestAssignRoleToUser(t *testing.T) {
	// Create an in-memory SQLite client for testing
	client := enttest.Open(t, "sqlite3", "file:ent?mode=memory&cache=shared&_fk=1")
	defer client.Close()

	ctx := context.Background()

	// Initialize RBAC
	err := InitializeRBAC(ctx, client)
	if err != nil {
		t.Fatalf("Failed to initialize RBAC: %v", err)
	}

	// Create a test user
	user, err := client.User.Create().
		SetEmail("test@example.com").
		SetUsername("testuser").
		SetPasswordHash("$2a$10$hzLdXMZEIzgr8eGXL0YoCOIIrQhqEj6N.S3.wY1Jx5.4vWm1ZyHyy").
		Save(ctx)
	if err != nil {
		t.Fatalf("Failed to create test user: %v", err)
	}

	// Test assigning role to user
	err = AssignRoleToUser(ctx, client, user.ID, "editor")
	if err != nil {
		t.Fatalf("Failed to assign role to user: %v", err)
	}

	// Verify role assignment
	assignedRoles, err := user.QueryRoles().All(ctx)
	if err != nil {
		t.Fatalf("Failed to query user roles: %v", err)
	}

	if len(assignedRoles) != 1 {
		t.Errorf("Expected 1 role, got %d", len(assignedRoles))
	}

	if assignedRoles[0].Name != "editor" {
		t.Errorf("Expected role name 'editor', got '%s'", assignedRoles[0].Name)
	}

	// Test assigning non-existent role
	err = AssignRoleToUser(ctx, client, user.ID, "nonexistent")
	if err == nil {
		t.Error("Expected error when assigning non-existent role, got nil")
	}
}