'use strict';

const test = require('ava');
const supertest = require('supertest');
const { EventEmitter } = require('events');
const store = require('../../test/fixtures/store');
const checkPermission = require('./permission-checker');
const getApp = require('../app');
const getLogger = require('../../test/fixtures/no-logger');

const eventBus = new EventEmitter();

function getSetup(preRouterHook) {
    const base = `/random${Math.round(Math.random() * 1000)}`;
    const stores = store.createStores();
    const app = getApp({
        baseUriPath: base,
        stores,
        eventBus,
        getLogger,
        preRouterHook(_app) {
            preRouterHook(_app);

            _app.get(
                `${base}/protectedResource`,
                checkPermission({ extendedPermissions: true }, 'READ'),
                (req, res) => {
                    res.status(200)
                        .json({ message: 'OK' })
                        .end();
                },
            );
        },
    });

    return {
        base,
        request: supertest(app),
    };
}

test('should return 403 when missing permission', t => {
    t.plan(0);
    const { base, request } = getSetup(() => {});

    return request.get(`${base}/protectedResource`).expect(403);
});

test('should allow access with correct permissions', t => {
    const { base, request } = getSetup(app => {
        app.use((req, res, next) => {
            req.user = { email: 'some@email.com', permissions: ['READ'] };
            next();
        });
    });

    return request
        .get(`${base}/protectedResource`)
        .expect(200)
        .expect(res => {
            t.is(res.body.message, 'OK');
        });
});

test('should allow access with admin permissions', t => {
    const { base, request } = getSetup(app => {
        app.use((req, res, next) => {
            req.user = { email: 'some@email.com', permissions: ['ADMIN'] };
            next();
        });
    });

    return request
        .get(`${base}/protectedResource`)
        .expect(200)
        .expect(res => {
            t.is(res.body.message, 'OK');
        });
});