const request = require('supertest');
const app = require('../backend/app');
const { getUserById, updateUser } = require('../backend/services/user.service');
const { logAudit } = require('../backend/services/audit.service');

// Mock die Dienste
jest.mock('../backend/services/user.service');
jest.mock('../backend/services/audit.service');

describe('Roles API', () => {
  beforeEach(() => {
    // Reset mocks before each test
    jest.clearAllMocks();
  });

  describe('GET /api/users/:userId/roles', () => {
    it('should return user roles', async () => {
      const mockUser = { id: '1', roles: ['user', 'moderator'] };
      getUserById.mockResolvedValue(mockUser);

      const response = await request(app)
        .get('/api/users/1/roles')
        .expect(200);

      expect(response.body).toEqual(['user', 'moderator']);
      expect(getUserById).toHaveBeenCalledWith('1');
    });

    it('should return 404 if user not found', async () => {
      getUserById.mockResolvedValue(null);

      await request(app)
        .get('/api/users/999/roles')
        .expect(404);
    });
  });

  describe('PUT /api/users/:userId/roles', () => {
    it('should update user roles with admin permission', async () => {
      const mockUser = { id: '1', roles: ['user'] };
      getUserById.mockResolvedValue(mockUser);
      updateUser.mockResolvedValue(true);
      logAudit.mockResolvedValue(true);

      const response = await request(app)
        .put('/api/users/1/roles')
        .set('Authorization', 'Bearer admin-token')
        .send({ roles: ['user', 'admin'] })
        .expect(200);

      expect(response.body).toEqual({ message: 'Roles updated successfully' });
      expect(getUserById).toHaveBeenCalledWith('1');
      expect(updateUser).toHaveBeenCalledWith('1', { roles: ['user', 'admin'] });
      expect(logAudit).toHaveBeenCalled();
    });

    it('should return 400 if roles is not an array', async () => {
      await request(app)
        .put('/api/users/1/roles')
        .set('Authorization', 'Bearer admin-token')
        .send({ roles: 'user' })
        .expect(400);
    });

    it('should return 400 if role is invalid', async () => {
      await request(app)
        .put('/api/users/1/roles')
        .set('Authorization', 'Bearer admin-token')
        .send({ roles: ['invalid-role'] })
        .expect(400);
    });

    it('should return 403 if not authorized', async () => {
      await request(app)
        .put('/api/users/1/roles')
        .send({ roles: ['user'] })
        .expect(403);
    });
  });

  describe('DELETE /api/users/:userId/roles', () => {
    it('should delete user roles with admin permission', async () => {
      const mockUser = { id: '1', roles: ['user', 'moderator'] };
      getUserById.mockResolvedValue(mockUser);
      updateUser.mockResolvedValue(true);
      logAudit.mockResolvedValue(true);

      const response = await request(app)
        .delete('/api/users/1/roles')
        .set('Authorization', 'Bearer admin-token')
        .expect(200);

      expect(response.body).toEqual({ message: 'Roles deleted successfully' });
      expect(getUserById).toHaveBeenCalledWith('1');
      expect(updateUser).toHaveBeenCalledWith('1', { roles: [] });
      expect(logAudit).toHaveBeenCalled();
    });

    it('should return 403 if not authorized', async () => {
      await request(app)
        .delete('/api/users/1/roles')
        .expect(403);
    });
  });
});