import { ForbiddenException } from '@nestjs/common';
import { Reflector } from '@nestjs/core';
import { describe, expect, it } from 'vitest';
import { AppPermission } from '@aechr/shared';
import { PermissionsGuard } from '../src/common/guards/permissions.guard';

function createContext(userPermissions: AppPermission[]) {
  return {
    getHandler: () => 'handler',
    getClass: () => 'class',
    switchToHttp: () => ({
      getRequest: () => ({
        user: { permissions: userPermissions },
      }),
    }),
  } as never;
}

describe('PermissionsGuard', () => {
  it('allows access when user has all required permissions', () => {
    const reflector = {
      getAllAndOverride: (_key: string) => [AppPermission.USERS_READ],
    } as unknown as Reflector;
    const guard = new PermissionsGuard(reflector);

    expect(guard.canActivate(createContext([AppPermission.USERS_READ]))).toBe(true);
  });

  it('throws when user lacks required permissions', () => {
    const reflector = {
      getAllAndOverride: (key: string) =>
        key === 'isPublic' ? false : [AppPermission.USERS_WRITE],
    } as unknown as Reflector;
    const guard = new PermissionsGuard(reflector);

    expect(() => guard.canActivate(createContext([AppPermission.USERS_READ]))).toThrow(
      ForbiddenException,
    );
  });
});