import { ExecutionContext } from "@nestjs/common";
import { Reflector } from "@nestjs/core";
import { Test, TestingModule } from "@nestjs/testing";
import { RbacService } from "../rbac.service";
import { RolesGuard } from "./roles.guard";

describe("RolesGuard", () => {
	let guard: RolesGuard;
	let _reflector: Reflector;
	let _rbacService: RbacService;

	const mockReflector = {
		getAllAndOverride: jest.fn(),
	};

	const mockRbacService = {
		getUserRoles: jest.fn(),
	};

	beforeEach(async () => {
		const module: TestingModule = await Test.createTestingModule({
			providers: [
				RolesGuard,
				{ provide: Reflector, useValue: mockReflector },
				{ provide: RbacService, useValue: mockRbacService },
			],
		}).compile();

		guard = module.get<RolesGuard>(RolesGuard);
		_reflector = module.get<Reflector>(Reflector);
		_rbacService = module.get<RbacService>(RbacService);
	});

	it("should return true if no roles required", async () => {
		mockReflector.getAllAndOverride.mockReturnValue(null);
		const context = {
			getHandler: () => ({}),
			getClass: () => ({}),
		} as ExecutionContext;

		const result = await guard.canActivate(context);
		expect(result).toBe(true);
	});

	it("should return false if no user in request", async () => {
		mockReflector.getAllAndOverride.mockReturnValue(["admin"]);
		const context = {
			getHandler: () => ({}),
			getClass: () => ({}),
			switchToHttp: () => ({
				getRequest: () => ({ user: null }),
			}),
		} as ExecutionContext;

		const result = await guard.canActivate(context);
		expect(result).toBe(false);
	});

	it("should return true if user has required role", async () => {
		mockReflector.getAllAndOverride.mockReturnValue(["admin"]);
		const context = {
			getHandler: () => ({}),
			getClass: () => ({}),
			switchToHttp: () => ({
				getRequest: () => ({ user: { sub: "u1" } }),
			}),
		} as ExecutionContext;

		mockRbacService.getUserRoles.mockResolvedValue(["admin", "user"]);

		const result = await guard.canActivate(context);
		expect(result).toBe(true);
	});

	it("should return false if user doesn't have required role", async () => {
		mockReflector.getAllAndOverride.mockReturnValue(["admin"]);
		const context = {
			getHandler: () => ({}),
			getClass: () => ({}),
			switchToHttp: () => ({
				getRequest: () => ({ user: { sub: "u1" } }),
			}),
		} as ExecutionContext;

		mockRbacService.getUserRoles.mockResolvedValue(["user"]);

		const result = await guard.canActivate(context);
		expect(result).toBe(false);
	});
});