package stub

import (
	"context"
	"strings"
	"testing"

	v1 "github.com/authzed/authzed-go/proto/authzed/api/v1"
	"github.com/stretchr/testify/require"
	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/authz"
	"google.golang.org/grpc"
)

type Check func(context.Context, *v1.CheckPermissionRequest) (*v1.CheckPermissionResponse, error)

func (m Check) CheckPermission(ctx context.Context, r *v1.CheckPermissionRequest, opts ...grpc.CallOption) (*v1.CheckPermissionResponse, error) {
	return m(ctx, r)
}

func AllowWith(t *testing.T, subject string, permission string, resource string) authz.CheckPermissionService {
	user := strings.SplitN(subject, ":", 2)
	model := strings.SplitN(resource, ":", 2)

	return Check(func(ctx context.Context, r *v1.CheckPermissionRequest) (*v1.CheckPermissionResponse, error) {
		require.Equal(t, user[0], r.Subject.Object.ObjectType)
		require.Equal(t, user[1], r.Subject.Object.ObjectId)

		require.Equal(t, permission, r.Permission)

		require.Equal(t, model[0], r.Resource.ObjectType)
		require.Equal(t, model[1], r.Resource.ObjectId)

		return &v1.CheckPermissionResponse{
			Permissionship: v1.CheckPermissionResponse_PERMISSIONSHIP_HAS_PERMISSION,
		}, nil
	})
}

func Allow() authz.CheckPermissionService {
	return Check(func(ctx context.Context, r *v1.CheckPermissionRequest) (*v1.CheckPermissionResponse, error) {
		return &v1.CheckPermissionResponse{
			Permissionship: v1.CheckPermissionResponse_PERMISSIONSHIP_HAS_PERMISSION,
		}, nil
	})
}

func Deny() authz.CheckPermissionService {
	return Check(func(ctx context.Context, r *v1.CheckPermissionRequest) (*v1.CheckPermissionResponse, error) {
		return &v1.CheckPermissionResponse{
			Permissionship: v1.CheckPermissionResponse_PERMISSIONSHIP_NO_PERMISSION,
		}, nil
	})
}