package couchctl

import (
	"testing"

	dsapi "edge-infra.dev/pkg/edge/datasync/apis/v1alpha1"
	"edge-infra.dev/pkg/edge/datasync/couchdb"

	"github.com/stretchr/testify/assert"
)

func TestUserToSecurityBackwardCompatibility(t *testing.T) {
	// Single Role
	user := dsapi.NewCouchDBUser(dsapi.AdminCredentials, "cushion-user", couchdb.StoreServerName, "cushion-admin")
	expected := couchdb.Security{
		Members: couchdb.NameRole{
			Names: []string{"cushion-user"},
			Roles: []string{"cushion-admin"},
		},
	}
	actual := userToSecurity(user, "cushion-user")
	assert.Equal(t, expected, actual)

	// Multiple Roles
	user = dsapi.NewCouchDBUser(dsapi.AdminCredentials, "cushion-user", couchdb.StoreServerName, "cushion-admin1", "cushion-admin2")
	expected = couchdb.Security{
		Members: couchdb.NameRole{
			Names: []string{"cushion-user"},
			Roles: []string{"cushion-admin1", "cushion-admin2"},
		},
	}
	actual = userToSecurity(user, "cushion-user")
	assert.Equal(t, expected, actual)
}

func TestUserToSecurityReadOnlyUser(t *testing.T) {
	user := dsapi.NewCouchDBUser(dsapi.UserCredentials, "user1", couchdb.StoreServerName, couchdb.ReadOnlyUser)
	expected := couchdb.Security{
		Members: couchdb.NameRole{
			Names: []string{"user1"},
		},
	}
	actual := userToSecurity(user, "user1")
	assert.Equal(t, expected, actual)
}

func TestUserToSecurityCreateViewUser(t *testing.T) {
	user := dsapi.NewCouchDBUser(dsapi.UserCredentials, "user2", couchdb.StoreServerName, couchdb.CreateViewUser)
	expected := couchdb.Security{
		Admins: couchdb.NameRole{
			Names: []string{"user2"},
		},
	}
	actual := userToSecurity(user, "user2")
	assert.Equal(t, expected, actual)
}

func TestHasDBSecurityRole(t *testing.T) {
	assert.False(t, hasDBSecurityRole(dsapi.NewCouchDBUser(dsapi.AdminCredentials, couchdb.StoreServerName, "user-role")))
	user := dsapi.NewCouchDBUser(dsapi.UserCredentials, "user1", couchdb.StoreServerName, couchdb.ReadOnlyUser)
	assert.True(t, hasDBSecurityRole(user))
	user = dsapi.NewCouchDBUser(dsapi.UserCredentials, "user1", couchdb.StoreServerName, couchdb.CreateViewUser)
	assert.True(t, hasDBSecurityRole(user))
	user = dsapi.NewCouchDBUser(dsapi.UserCredentials, "cushion-user", couchdb.StoreServerName, "user-role")
	user.Spec.Provider = &dsapi.Provider{Name: "name"}
	assert.True(t, hasDBSecurityRole(user))
}

func TestUpdateDBSecurityForUser(t *testing.T) {
	dbWithoutProvider := dsapi.Dataset{}
	dbWithProvider := dsapi.Dataset{Provider: &dsapi.Provider{Name: "provider"}}
	userWithoutProvider := dsapi.NewCouchDBUser(dsapi.UserCredentials, "cushion-user", couchdb.StoreServerName, "user-role")
	userWithProvider := dsapi.NewCouchDBUser(dsapi.UserCredentials, "cushion-user", couchdb.StoreServerName, "user-role")
	userWithProvider.Spec.Provider = &dsapi.Provider{Name: "provider"}

	assert.True(t, updateDBSecurityForUser(userWithoutProvider, dbWithoutProvider))
	// same provider
	assert.True(t, updateDBSecurityForUser(userWithProvider, dbWithProvider))
	// different provider
	userWithProvider.Spec.Provider.Name = "not same"
	assert.False(t, updateDBSecurityForUser(userWithProvider, dbWithProvider))

	assert.True(t, updateDBSecurityForUser(userWithProvider, dbWithoutProvider))
	assert.False(t, updateDBSecurityForUser(userWithoutProvider, dbWithProvider))
}