package registry_test

import (
	"encoding/json"
	"path/filepath"
	"testing"

	"github.com/netkingdom/flex-auth/internal/registry"
	"github.com/netkingdom/flex-auth/pkg/api"
)

func TestStoreImportsManifests(t *testing.T) {
	store := registry.NewStore()

	var subjects api.SubjectManifest
	loadYAML(t, filepath.Join("..", "..", "examples", "caring", "subject_manifest.yaml"), &subjects)
	if err := store.ImportSubjectManifest(subjects); err != nil {
		t.Fatalf("ImportSubjectManifest: %v", err)
	}

	var relationship api.RelationshipFact
	loadYAML(t, filepath.Join("..", "..", "examples", "caring", "relationship_fact.yaml"), &relationship)
	if err := store.PutRelationship(relationship); err != nil {
		t.Fatalf("PutRelationship: %v", err)
	}

	subject, ok := store.Subject("user:alice")
	if !ok {
		t.Fatal("subject user:alice not found")
	}
	if subject.Tenant != "tenant:alpha" {
		t.Errorf("subject.Tenant = %q; want tenant:alpha", subject.Tenant)
	}

	relations := store.RelationshipsForObject("document:internal-note")
	if len(relations) != 1 || relations[0].Subject != "group:platform-architecture" {
		t.Fatalf("RelationshipsForObject = %+v; want group reader relation", relations)
	}
}

func TestStoreLoadsAndSavesDeterministicSnapshot(t *testing.T) {
	snapshotPath := filepath.Join("..", "..", "examples", "caring", "registry_snapshot.json")
	store, err := registry.LoadFile(snapshotPath)
	if err != nil {
		t.Fatalf("LoadFile: %v", err)
	}

	resource, ok := store.Resource("markitect-tool", "document:internal-note")
	if !ok {
		t.Fatal("resource document:internal-note not found")
	}
	if resource.TrustZone != "internal" {
		t.Errorf("resource.TrustZone = %q; want internal", resource.TrustZone)
	}

	outPath := filepath.Join(t.TempDir(), "snapshot.json")
	if err := store.SaveFile(outPath); err != nil {
		t.Fatalf("SaveFile: %v", err)
	}

	reloaded, err := registry.LoadFile(outPath)
	if err != nil {
		t.Fatalf("reload saved snapshot: %v", err)
	}

	got := mustJSON(t, reloaded.Snapshot())
	want := mustJSON(t, store.Snapshot())
	if got != want {
		t.Fatalf("saved snapshot changed after reload\nwant: %s\ngot:  %s", want, got)
	}
}

func TestStoreRejectsInvalidRecords(t *testing.T) {
	store := registry.NewStore()
	if err := store.PutSubject(api.Subject{}); err == nil {
		t.Fatal("PutSubject accepted missing id")
	}
	if err := store.ImportResourceManifest(api.ResourceManifest{ID: "m1"}); err == nil {
		t.Fatal("ImportResourceManifest accepted missing system")
	}
	if err := store.PutRelationship(api.RelationshipFact{ID: "r1"}); err == nil {
		t.Fatal("PutRelationship accepted missing subject/relation/object")
	}
}

func mustJSON(t *testing.T, value any) string {
	t.Helper()

	data, err := json.Marshal(value)
	if err != nil {
		t.Fatalf("marshal json: %v", err)
	}
	return string(data)
}