//go:build !windows
// +build !windows

package fsutil

import (
	"os"
	"path/filepath"
	"testing"

	"github.com/stretchr/testify/assert"
)

func TestEnsureMaxPermissions(t *testing.T) {
	tmp := t.TempDir()
	p := filepath.Join(tmp, "file.txt")

	// Start with 0644 and change using os.Chmod so umask doesn't interfere.
	err := os.WriteFile(p, []byte(`AAA`), 0644)
	assert.NoError(t, err)

	// Check matching (1)
	err = os.Chmod(p, 0464)
	assert.NoError(t, err)
	fi, err := os.Stat(p)
	assert.NoError(t, err)
	err = EnsureMaxPermissions(fi, os.FileMode(0464))
	assert.NoError(t, err)

	// Check matching (2)
	err = os.Chmod(p, 0642)
	assert.NoError(t, err)
	fi, err = os.Stat(p)
	assert.NoError(t, err)
	err = EnsureMaxPermissions(fi, os.FileMode(0642))
	assert.NoError(t, err)

	// Check matching with file mode bits
	err = os.Chmod(p, 0444)
	assert.NoError(t, err)
	fi, err = os.Stat(p)
	assert.NoError(t, err)
	err = EnsureMaxPermissions(fi, os.ModeSymlink|os.ModeAppend|os.FileMode(0444))
	assert.NoError(t, err)

	// Check not matching (1)
	err = os.Chmod(p, 0444)
	assert.NoError(t, err)
	fi, err = os.Stat(p)
	assert.NoError(t, err)
	err = EnsureMaxPermissions(fi, os.FileMode(0400))
	assert.Error(t, err)

	// Check not matching (2)
	err = os.Chmod(p, 0444)
	assert.NoError(t, err)
	fi, err = os.Stat(p)
	assert.NoError(t, err)
	err = EnsureMaxPermissions(fi, os.FileMode(0222))
	assert.Error(t, err)

	// Check matching due to more restrictive perms on file
	err = os.Chmod(p, 0444)
	assert.NoError(t, err)
	fi, err = os.Stat(p)
	assert.NoError(t, err)
	err = EnsureMaxPermissions(fi, os.FileMode(0666))
	assert.NoError(t, err)
}