package app

import (
	http "net/http"
	"net/http/httptest"
	"testing"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/authzd.git/pkg/rpc"
)

func TestApp(t *testing.T) {
	handler := New()
	srv := httptest.NewServer(handler)
	defer srv.Close()

	t.Run("Ability.Allowed", func(t *testing.T) {
		client := rpc.NewAbilityProtobufClient(srv.URL, &http.Client{})

		t.Run("forbids", func(t *testing.T) {
			reply, err := client.Allowed(t.Context(), &rpc.AllowRequest{
				Subject:    "",
				Permission: "",
				Resource:   "",
			})
			require.NoError(t, err)
			assert.False(t, reply.Result)
		})

		t.Run("allows alice:view:jane_vacation", func(t *testing.T) {
			reply, err := client.Allowed(t.Context(), &rpc.AllowRequest{
				Subject:    "gid://example/User/alice",
				Permission: "view",
				Resource:   "gid://example/Album/jane_vacation",
			})
			require.NoError(t, err)
			assert.True(t, reply.Result)
		})

		t.Run("allows gid://User/1 read gid://Organization/2", func(t *testing.T) {
			reply, err := client.Allowed(t.Context(), &rpc.AllowRequest{
				Subject:    "gid://example/User/1",
				Permission: "read",
				Resource:   "gid://example/Organization/2",
			})
			require.NoError(t, err)
			assert.True(t, reply.Result)
		})
	})

	t.Run("GET /health", func(t *testing.T) {
		t.Run("returns OK", func(t *testing.T) {
			r := httptest.NewRequest("GET", "/health", nil)
			w := httptest.NewRecorder()

			handler.ServeHTTP(w, r)

			assert.Equal(t, http.StatusOK, w.Code)
		})
	})
}