import { describe, it, expect, vi } from "vitest";
import { hasPermission, canAccessUserManagement } from "../auth-helpers.server";
import { AUTH_LEVELS } from "~/types/auth";

// Mock the database
vi.mock("../db.server", () => ({
  prisma: {
    user: {
      findFirst: vi.fn(),
      findUnique: vi.fn(),
      create: vi.fn(),
      count: vi.fn(),
    },
  },
}));

// Mock auth.server to avoid session secret requirement
vi.mock("../auth.server", () => ({
  hashPassword: vi.fn(),
  verifyPassword: vi.fn(),
  createUserSession: vi.fn(),
  getUserSession: vi.fn(),
  getUserId: vi.fn(),
  requireUserId: vi.fn(),
  getUser: vi.fn(),
  requireUser: vi.fn(),
  logout: vi.fn(),
}));

describe("Authentication System", () => {

  describe("Authorization Helpers", () => {
    it("should check permissions correctly", () => {
      // Superadmin should have access to everything
      expect(hasPermission(AUTH_LEVELS.SUPERADMIN, AUTH_LEVELS.SUPERADMIN)).toBe(true);
      expect(hasPermission(AUTH_LEVELS.SUPERADMIN, AUTH_LEVELS.ADMIN)).toBe(true);
      expect(hasPermission(AUTH_LEVELS.SUPERADMIN, AUTH_LEVELS.USER)).toBe(true);

      // Admin should have access to admin and user levels
      expect(hasPermission(AUTH_LEVELS.ADMIN, AUTH_LEVELS.SUPERADMIN)).toBe(false);
      expect(hasPermission(AUTH_LEVELS.ADMIN, AUTH_LEVELS.ADMIN)).toBe(true);
      expect(hasPermission(AUTH_LEVELS.ADMIN, AUTH_LEVELS.USER)).toBe(true);

      // User should only have access to user level
      expect(hasPermission(AUTH_LEVELS.USER, AUTH_LEVELS.SUPERADMIN)).toBe(false);
      expect(hasPermission(AUTH_LEVELS.USER, AUTH_LEVELS.ADMIN)).toBe(false);
      expect(hasPermission(AUTH_LEVELS.USER, AUTH_LEVELS.USER)).toBe(true);
    });

    it("should check user management access correctly", () => {
      expect(canAccessUserManagement(AUTH_LEVELS.SUPERADMIN)).toBe(true);
      expect(canAccessUserManagement(AUTH_LEVELS.ADMIN)).toBe(true);
      expect(canAccessUserManagement(AUTH_LEVELS.USER)).toBe(false);
    });
  });


});