package rpc

import (
	"net"
	"testing"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
	grpc "google.golang.org/grpc"
	"google.golang.org/grpc/credentials/insecure"
)

func TestServer(t *testing.T) {
	listener, err := net.Listen("tcp", "localhost:0")
	require.NoError(t, err)
	defer listener.Close()

	server := New()
	defer server.Stop()

	go func() {
		require.NoError(t, server.Serve(listener))
	}()

	connection, err := grpc.NewClient(
		listener.Addr().String(),
		grpc.WithTransportCredentials(insecure.NewCredentials()),
	)
	require.NoError(t, err)

	defer connection.Close()
	client := NewAbilityClient(connection)

	t.Run("forbids", func(t *testing.T) {
		reply, err := client.Allowed(t.Context(), &AllowRequest{
			Subject:    "",
			Permission: "",
			Resource:   "",
		})
		require.NoError(t, err)
		assert.False(t, reply.Result)
	})

	t.Run("allows alice:view:jane_vacation", func(t *testing.T) {
		reply, err := client.Allowed(t.Context(), &AllowRequest{
			Subject:    "gid://example/User/alice",
			Permission: "view",
			Resource:   "gid://example/Album/jane_vacation",
		})
		require.NoError(t, err)
		assert.True(t, reply.Result)
	})

	t.Run("allows gid://User/1 read gid://Organization/2", func(t *testing.T) {
		reply, err := client.Allowed(t.Context(), &AllowRequest{
			Subject:    "gid://example/User/1",
			Permission: "read",
			Resource:   "gid://example/Organization/2",
		})
		require.NoError(t, err)
		assert.True(t, reply.Result)
	})
}