const { requireRole, hasRole } = require('../src/middleware/requireRole');

describe('requireRole middleware', () => {
  it('should allow access for users with correct role', () => {
    const req = { user: { role: 'admin' } };
    const res = {
      status: jest.fn().mockReturnThis(),
      json: jest.fn()
    };
    const next = jest.fn();

    const middleware = requireRole(['admin']);
    middleware(req, res, next);

    expect(next).toHaveBeenCalled();
    expect(res.status).not.toHaveBeenCalled();
  });

  it('should deny access for users with incorrect role', () => {
    const req = { user: { role: 'user' } };
    const res = {
      status: jest.fn().mockReturnThis(),
      json: jest.fn()
    };
    const next = jest.fn();

    const middleware = requireRole(['admin']);
    middleware(req, res, next);

    expect(next).not.toHaveBeenCalled();
    expect(res.status).toHaveBeenCalledWith(403);
    expect(res.json).toHaveBeenCalledWith({ error: 'Insufficient permissions' });
  });

  it('should deny access for unauthenticated users', () => {
    const req = { user: null };
    const res = {
      status: jest.fn().mockReturnThis(),
      json: jest.fn()
    };
    const next = jest.fn();

    const middleware = requireRole(['admin']);
    middleware(req, res, next);

    expect(next).not.toHaveBeenCalled();
    expect(res.status).toHaveBeenCalledWith(401);
    expect(res.json).toHaveBeenCalledWith({ error: 'Authorization required' });
  });

  it('should correctly check role with hasRole helper', () => {
    expect(hasRole('admin', ['admin'])).toBe(true);
    expect(hasRole('user', ['admin'])).toBe(false);
    expect(hasRole('moderator', ['admin', 'moderator'])).toBe(true);
  });
});