using ColaFlow.Modules.Mcp.Domain.ValueObjects;
using FluentAssertions;
using Xunit;

namespace ColaFlow.Modules.Mcp.Tests.Domain;

public class ApiKeyPermissionsTests
{
    [Fact]
    public void ReadOnly_ShouldCreateReadOnlyPermissions()
    {
        // Act
        var permissions = ApiKeyPermissions.ReadOnly();

        // Assert
        permissions.Read.Should().BeTrue();
        permissions.Write.Should().BeFalse();
        permissions.AllowedResources.Should().BeEmpty();
        permissions.AllowedTools.Should().BeEmpty();
    }

    [Fact]
    public void ReadWrite_ShouldCreateReadWritePermissions()
    {
        // Act
        var permissions = ApiKeyPermissions.ReadWrite();

        // Assert
        permissions.Read.Should().BeTrue();
        permissions.Write.Should().BeTrue();
        permissions.AllowedResources.Should().BeEmpty();
        permissions.AllowedTools.Should().BeEmpty();
    }

    [Fact]
    public void Custom_ShouldCreateCustomPermissions()
    {
        // Arrange
        var allowedResources = new List<string> { "project://123" };
        var allowedTools = new List<string> { "create_task" };

        // Act
        var permissions = ApiKeyPermissions.Custom(true, true, allowedResources, allowedTools);

        // Assert
        permissions.Read.Should().BeTrue();
        permissions.Write.Should().BeTrue();
        permissions.AllowedResources.Should().BeEquivalentTo(allowedResources);
        permissions.AllowedTools.Should().BeEquivalentTo(allowedTools);
    }

    [Fact]
    public void CanAccessResource_WithNoRestrictions_ShouldReturnTrue()
    {
        // Arrange
        var permissions = ApiKeyPermissions.ReadOnly();

        // Act
        var result = permissions.CanAccessResource("project://123");

        // Assert
        result.Should().BeTrue();
    }

    [Fact]
    public void CanAccessResource_WithRestrictions_ShouldValidateCorrectly()
    {
        // Arrange
        var allowedResources = new List<string> { "project://123", "epic://456" };
        var permissions = ApiKeyPermissions.Custom(true, false, allowedResources);

        // Act & Assert
        permissions.CanAccessResource("project://123").Should().BeTrue();
        permissions.CanAccessResource("epic://456").Should().BeTrue();
        permissions.CanAccessResource("task://789").Should().BeFalse();
    }

    [Fact]
    public void CanUseTool_WithNoRestrictions_ShouldReturnWritePermission()
    {
        // Arrange
        var readOnlyPermissions = ApiKeyPermissions.ReadOnly();
        var readWritePermissions = ApiKeyPermissions.ReadWrite();

        // Act & Assert
        readOnlyPermissions.CanUseTool("create_task").Should().BeFalse();
        readWritePermissions.CanUseTool("create_task").Should().BeTrue();
    }

    [Fact]
    public void CanUseTool_WithRestrictions_ShouldValidateCorrectly()
    {
        // Arrange
        var allowedTools = new List<string> { "create_task", "update_story" };
        var permissions = ApiKeyPermissions.Custom(true, true, allowedTools: allowedTools);

        // Act & Assert
        permissions.CanUseTool("create_task").Should().BeTrue();
        permissions.CanUseTool("update_story").Should().BeTrue();
        permissions.CanUseTool("delete_project").Should().BeFalse();
    }
}