package config

import (
	"testing"
)

func TestCLIConfig_CheckPermission(t *testing.T) {
	tests := []struct {
		name       string
		config     *CLIConfig
		permission string
		want       bool
	}{
		{
			name: "Admin has all permissions",
			config: &CLIConfig{
				CurrentUser: &UserContext{
					Name:  "admin",
					Admin: true,
				},
			},
			permission: "any:permission",
			want:       true,
		},
		{
			name: "User with explicit permission",
			config: &CLIConfig{
				CurrentUser: &UserContext{
					Name:        "user",
					Admin:       false,
					Permissions: map[string]bool{"jobs:create": true},
				},
			},
			permission: "jobs:create",
			want:       true,
		},
		{
			name: "User without permission",
			config: &CLIConfig{
				CurrentUser: &UserContext{
					Name:        "user",
					Admin:       false,
					Permissions: map[string]bool{"jobs:read": true},
				},
			},
			permission: "jobs:create",
			want:       false,
		},
		{
			name: "No current user",
			config: &CLIConfig{
				CurrentUser: nil,
			},
			permission: "jobs:create",
			want:       false,
		},
	}

	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			got := tt.config.CheckPermission(tt.permission)
			if got != tt.want {
				t.Errorf("CheckPermission() = %v, want %v", got, tt.want)
			}
		})
	}
}

func TestCLIConfig_CanViewJob(t *testing.T) {
	tests := []struct {
		name      string
		config    *CLIConfig
		jobUserID string
		want      bool
	}{
		{
			name: "Admin can view any job",
			config: &CLIConfig{
				CurrentUser: &UserContext{
					Name:  "admin",
					Admin: true,
				},
			},
			jobUserID: "other_user",
			want:      true,
		},
		{
			name: "User can view own job",
			config: &CLIConfig{
				CurrentUser: &UserContext{
					Name:  "user1",
					Admin: false,
				},
			},
			jobUserID: "user1",
			want:      true,
		},
		{
			name: "User cannot view other's job",
			config: &CLIConfig{
				CurrentUser: &UserContext{
					Name:  "user1",
					Admin: false,
				},
			},
			jobUserID: "user2",
			want:      false,
		},
		{
			name: "No current user cannot view",
			config: &CLIConfig{
				CurrentUser: nil,
			},
			jobUserID: "user1",
			want:      false,
		},
	}

	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			got := tt.config.CanViewJob(tt.jobUserID)
			if got != tt.want {
				t.Errorf("CanViewJob() = %v, want %v", got, tt.want)
			}
		})
	}
}

func TestCLIConfig_CanModifyJob(t *testing.T) {
	tests := []struct {
		name      string
		config    *CLIConfig
		jobUserID string
		want      bool
	}{
		{
			name: "Admin can modify any job",
			config: &CLIConfig{
				CurrentUser: &UserContext{
					Name:        "admin",
					Admin:       true,
					Permissions: map[string]bool{"jobs:update": true},
				},
			},
			jobUserID: "other_user",
			want:      true,
		},
		{
			name: "User with permission can modify own job",
			config: &CLIConfig{
				CurrentUser: &UserContext{
					Name:        "user1",
					Admin:       false,
					Permissions: map[string]bool{"jobs:update": true},
				},
			},
			jobUserID: "user1",
			want:      true,
		},
		{
			name: "User without permission cannot modify",
			config: &CLIConfig{
				CurrentUser: &UserContext{
					Name:        "user1",
					Admin:       false,
					Permissions: map[string]bool{"jobs:read": true},
				},
			},
			jobUserID: "user1",
			want:      false,
		},
		{
			name: "User cannot modify other's job",
			config: &CLIConfig{
				CurrentUser: &UserContext{
					Name:        "user1",
					Admin:       false,
					Permissions: map[string]bool{"jobs:update": true},
				},
			},
			jobUserID: "user2",
			want:      false,
		},
	}

	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			got := tt.config.CanModifyJob(tt.jobUserID)
			if got != tt.want {
				t.Errorf("CanModifyJob() = %v, want %v", got, tt.want)
			}
		})
	}
}