import pytest

from tests.factories import (
    TaskOrderFactory,
    UserFactory,
    PortfolioFactory,
    PortfolioRoleFactory,
)
from atst.domain.authz import Authorization, user_can_access
from atst.domain.authz.decorator import user_can_access_decorator
from atst.domain.permission_sets import PermissionSets
from atst.domain.exceptions import UnauthorizedError
from atst.models.permissions import Permissions


@pytest.fixture
def invalid_user():
    return UserFactory.create()


@pytest.fixture
def task_order():
    return TaskOrderFactory.create()


def test_is_ko(task_order, invalid_user):
    assert not Authorization.is_ko(invalid_user, task_order)
    assert Authorization.is_ko(task_order.contracting_officer, task_order)


def test_is_cor(task_order, invalid_user):
    assert not Authorization.is_cor(invalid_user, task_order)
    assert Authorization.is_cor(
        task_order.contracting_officer_representative, task_order
    )


def test_is_so(task_order, invalid_user):
    assert Authorization.is_so(task_order.security_officer, task_order)
    assert not Authorization.is_so(invalid_user, task_order)


def test_check_is_ko_or_cor(task_order, invalid_user):
    assert Authorization.check_is_ko_or_cor(
        task_order.contracting_officer_representative, task_order
    )
    assert Authorization.check_is_ko_or_cor(task_order.contracting_officer, task_order)

    with pytest.raises(UnauthorizedError):
        Authorization.check_is_ko_or_cor(invalid_user, task_order)


def test_has_portfolio_permission():
    role_one = PermissionSets.get(PermissionSets.VIEW_PORTFOLIO_FUNDING)
    role_two = PermissionSets.get(PermissionSets.VIEW_PORTFOLIO_REPORTS)
    port_role = PortfolioRoleFactory.create(permission_sets=[role_one, role_two])
    different_user = UserFactory.create()
    assert Authorization.has_portfolio_permission(
        port_role.user, port_role.portfolio, Permissions.VIEW_PORTFOLIO_REPORTS
    )
    assert not Authorization.has_portfolio_permission(
        port_role.user, port_role.portfolio, Permissions.CREATE_TASK_ORDER
    )
    assert not Authorization.has_portfolio_permission(
        different_user, port_role.portfolio, Permissions.VIEW_PORTFOLIO_REPORTS
    )


def test_user_can_access():
    ccpo = UserFactory.create_ccpo()
    edit_admin = UserFactory.create()
    view_admin = UserFactory.create()

    portfolio = PortfolioFactory.create(owner=edit_admin)
    # factory gives view perms by default
    PortfolioRoleFactory.create(user=view_admin, portfolio=portfolio)

    # check a site-wide permission
    assert user_can_access(ccpo, Permissions.VIEW_AUDIT_LOG)
    with pytest.raises(UnauthorizedError):
        user_can_access(edit_admin, Permissions.VIEW_AUDIT_LOG)
        user_can_access(view_admin, Permissions.VIEW_AUDIT_LOG)

    # check a portfolio view permission
    assert user_can_access(ccpo, Permissions.VIEW_PORTFOLIO, portfolio=portfolio)
    assert user_can_access(edit_admin, Permissions.VIEW_PORTFOLIO, portfolio=portfolio)
    assert user_can_access(view_admin, Permissions.VIEW_PORTFOLIO, portfolio=portfolio)

    # check a portfolio edit permission
    assert user_can_access(ccpo, Permissions.EDIT_PORTFOLIO_NAME, portfolio=portfolio)
    assert user_can_access(
        edit_admin, Permissions.EDIT_PORTFOLIO_NAME, portfolio=portfolio
    )
    with pytest.raises(UnauthorizedError):
        user_can_access(
            view_admin, Permissions.EDIT_PORTFOLIO_NAME, portfolio=portfolio
        )


@pytest.fixture
def set_current_user(request_ctx):
    def _set_current_user(user):
        request_ctx.g.current_user = user

    yield _set_current_user

    request_ctx.g.current_user = None


def test_user_can_access_decorator(set_current_user):
    ccpo = UserFactory.create_ccpo()
    edit_admin = UserFactory.create()
    view_admin = UserFactory.create()

    portfolio = PortfolioFactory.create(owner=edit_admin)
    # factory gives view perms by default
    PortfolioRoleFactory.create(user=view_admin, portfolio=portfolio)

    @user_can_access_decorator(Permissions.EDIT_PORTFOLIO_NAME)
    def _edit_portfolio_name(*args, **kwargs):
        return True

    set_current_user(ccpo)
    assert _edit_portfolio_name(portfolio_id=portfolio.id)

    set_current_user(edit_admin)
    assert _edit_portfolio_name(portfolio_id=portfolio.id)

    set_current_user(view_admin)
    with pytest.raises(UnauthorizedError):
        _edit_portfolio_name(portfolio_id=portfolio.id)


def test_user_can_access_decorator_exceptions(set_current_user):
    rando_calrissian = UserFactory.create()
    portfolio = PortfolioFactory.create()

    wont_work = lambda *args, **kwargs: False
    because_i_said_so = lambda *args, **kwargs: True

    @user_can_access_decorator(
        Permissions.EDIT_PORTFOLIO_NAME, exceptions=[wont_work, because_i_said_so]
    )
    def _edit_portfolio_name(*args, **kwargs):
        return True

    set_current_user(rando_calrissian)
    assert _edit_portfolio_name(portfolio_id=portfolio.id)