const { requireRole } = require('../middleware/role.middleware');

describe('Role Middleware', () => {
  test('should allow access to users with correct roles', () => {
    const req = {
      user: { role: 'admin' }
    };
    const res = {
      status: jest.fn().mockReturnThis(),
      json: jest.fn()
    };
    const next = jest.fn();

    const middleware = requireRole(['admin']);
    middleware(req, res, next);

    expect(next).toHaveBeenCalled();
  });

  test('should deny access to users with incorrect roles', () => {
    const req = {
      user: { role: 'user' }
    };
    const res = {
      status: jest.fn().mockReturnThis(),
      json: jest.fn()
    };
    const next = jest.fn();

    const middleware = requireRole(['admin']);
    middleware(req, res, next);

    expect(res.status).toHaveBeenCalledWith(403);
    expect(res.json).toHaveBeenCalledWith({ error: 'Forbidden' });
  });

  test('should deny access to users without roles', () => {
    const req = {
      user: null
    };
    const res = {
      status: jest.fn().mockReturnThis(),
      json: jest.fn()
    };
    const next = jest.fn();

    const middleware = requireRole(['admin']);
    middleware(req, res, next);

    expect(res.status).toHaveBeenCalledWith(401);
    expect(res.json).toHaveBeenCalledWith({ error: 'Unauthorized' });
  });

  test('should allow access to users with one of multiple required roles', () => {
    const req = {
      user: { role: 'moderator' }
    };
    const res = {
      status: jest.fn().mockReturnThis(),
      json: jest.fn()
    };
    const next = jest.fn();

    const middleware = requireRole(['admin', 'moderator']);
    middleware(req, res, next);

    expect(next).toHaveBeenCalled();
  });
});