import { describe, test, expect } from "bun:test";
import { permissionValidator } from "../../src/modules/permission-utils/permissionValidator";

describe("permissionValidator", () => {
  // -------------------------------------------------------------------
  // Exact match
  // -------------------------------------------------------------------
  describe("exact matches", () => {
    test("returns true for exact permission match", () => {
      expect(permissionValidator("company.fetch", ["company.fetch"])).toBe(
        true,
      );
    });

    test("returns false when no match", () => {
      expect(permissionValidator("company.fetch", ["company.create"])).toBe(
        false,
      );
    });

    test("returns false for empty expressions", () => {
      expect(permissionValidator("company.fetch", [])).toBe(false);
    });

    test("handles single string expression", () => {
      expect(permissionValidator("company.fetch", "company.fetch")).toBe(true);
    });

    test("handles single string non-match", () => {
      expect(permissionValidator("company.fetch", "company.create")).toBe(
        false,
      );
    });
  });

  // -------------------------------------------------------------------
  // Wildcard *
  // -------------------------------------------------------------------
  describe("wildcard (*)", () => {
    test("* matches any single-segment permission", () => {
      expect(permissionValidator("company", ["*"])).toBe(true);
    });

    test("* matches multi-segment permissions", () => {
      expect(permissionValidator("company.fetch.many", ["*"])).toBe(true);
    });

    test("company.* matches company.fetch", () => {
      expect(permissionValidator("company.fetch", ["company.*"])).toBe(true);
    });

    test("company.* matches company.fetch.many", () => {
      expect(permissionValidator("company.fetch.many", ["company.*"])).toBe(
        true,
      );
    });

    test("*.fetch matches company.fetch", () => {
      expect(permissionValidator("company.fetch", ["*.fetch"])).toBe(true);
    });

    test("company.fetch.* matches company.fetch.many", () => {
      expect(
        permissionValidator("company.fetch.many", ["company.fetch.*"]),
      ).toBe(true);
    });

    test("company.fetch.* does NOT match company.create", () => {
      expect(permissionValidator("company.create", ["company.fetch.*"])).toBe(
        false,
      );
    });
  });

  // -------------------------------------------------------------------
  // Single-character wildcard ?
  // -------------------------------------------------------------------
  describe("single-character wildcard (?)", () => {
    test("? matches exactly one character", () => {
      expect(permissionValidator("company.a", ["company.?"])).toBe(true);
    });

    test("? does not match multiple characters", () => {
      expect(permissionValidator("company.ab", ["company.?"])).toBe(false);
    });

    test("? does not match dot separator", () => {
      expect(permissionValidator("company.a.b", ["company.?"])).toBe(false);
    });
  });

  // -------------------------------------------------------------------
  // Bracket groups [a,b,c]
  // -------------------------------------------------------------------
  describe("bracket groups [a,b,c]", () => {
    test("matches first option in group", () => {
      expect(
        permissionValidator("company.fetch", ["company.[fetch,create]"]),
      ).toBe(true);
    });

    test("matches second option in group", () => {
      expect(
        permissionValidator("company.create", ["company.[fetch,create]"]),
      ).toBe(true);
    });

    test("does not match unlisted option", () => {
      expect(
        permissionValidator("company.delete", ["company.[fetch,create]"]),
      ).toBe(false);
    });
  });

  // -------------------------------------------------------------------
  // Multiple expressions
  // -------------------------------------------------------------------
  describe("multiple expressions", () => {
    test("returns true if any expression matches", () => {
      expect(
        permissionValidator("role.create", [
          "company.fetch",
          "role.create",
          "user.read",
        ]),
      ).toBe(true);
    });

    test("returns false if no expression matches", () => {
      expect(
        permissionValidator("role.delete", [
          "company.fetch",
          "role.create",
          "user.read",
        ]),
      ).toBe(false);
    });
  });

  // -------------------------------------------------------------------
  // Complex patterns
  // -------------------------------------------------------------------
  describe("complex patterns", () => {
    test("combined wildcard and bracket", () => {
      expect(
        permissionValidator("company.fetch.many", ["company.[fetch,create].*"]),
      ).toBe(true);
    });

    test("deeply nested permission with wildcard", () => {
      expect(
        permissionValidator("unifi.site.wifi.read.passphrase", [
          "unifi.site.wifi.*",
        ]),
      ).toBe(true);
    });
  });
});