use domain::entities::permission::{
    Permission, PermissionAction, ResourceType, admin_permissions, contributor_permissions,
    viewer_permissions,
};
use domain::entities::{Group, Role, User};
use domain::errors::DomainError;
use domain::value_objects::{Email, PasswordHash, SystemId};

// --- Permission ---

#[test]
fn admin_is_superset_of_contributor() {
    let admin = admin_permissions();
    let contrib = contributor_permissions();
    assert!(contrib.is_subset(&admin));
    assert!(admin.len() > contrib.len());
}

#[test]
fn viewer_cannot_write() {
    let viewer = viewer_permissions();
    let write = Permission::new(PermissionAction::WriteMetadata, ResourceType::Global);
    assert!(!viewer.contains(&write));
}

// --- Role ---

#[test]
fn role_checks_permission() {
    let role = Role::new("viewer", viewer_permissions(), true);
    assert!(role.has_permission(PermissionAction::ReadAsset, ResourceType::Global));
    assert!(!role.has_permission(PermissionAction::DeleteAsset, ResourceType::Global));
}

// --- User ---

#[test]
fn creates_user_with_unique_id() {
    let a = User::new(
        "alice",
        Email::new("a@example.com").unwrap(),
        PasswordHash::from_hash("h".into()),
    );
    let b = User::new(
        "bob",
        Email::new("b@example.com").unwrap(),
        PasswordHash::from_hash("h".into()),
    );
    assert_ne!(a.id, b.id);
    assert_eq!(a.username, "alice");
    assert_eq!(b.username, "bob");
}

// --- Group ---

#[test]
fn owner_auto_member() {
    let owner = SystemId::new();
    let g = Group::new("team", owner);
    assert!(g.is_member(&owner));
    assert_eq!(g.members.len(), 1);
}

#[test]
fn add_and_remove() {
    let owner = SystemId::new();
    let member = SystemId::new();
    let mut g = Group::new("team", owner);
    g.add_member(member).unwrap();
    assert!(g.is_member(&member));
    assert_eq!(g.members.len(), 2);
    g.remove_member(member).unwrap();
    assert!(!g.is_member(&member));
}

#[test]
fn cannot_remove_owner() {
    let owner = SystemId::new();
    let mut g = Group::new("team", owner);
    let result = g.remove_member(owner);
    assert!(matches!(result, Err(DomainError::Validation(_))));
}

#[test]
fn cannot_add_duplicate() {
    let owner = SystemId::new();
    let member = SystemId::new();
    let mut g = Group::new("team", owner);
    g.add_member(member).unwrap();
    let result = g.add_member(member);
    assert!(matches!(result, Err(DomainError::Conflict(_))));
}