"""Tests for admin user-management endpoints."""

from __future__ import annotations

from .conftest import auth_cookies


def test_list_users_admin(client, admin, user):
    cookies = auth_cookies("admin", "adminpass1", client)
    r = client.get("/api/admin/users", cookies=cookies)
    assert r.status_code == 200
    handles = [u["handle"] for u in r.json()]
    assert "admin" in handles
    assert "alice" in handles


def test_list_users_non_admin(client, user):
    cookies = auth_cookies("alice", "alicepass1", client)
    r = client.get("/api/admin/users", cookies=cookies)
    assert r.status_code == 403


def test_list_users_unauthenticated(client):
    r = client.get("/api/admin/users")
    assert r.status_code == 401


def test_suspend_and_unsuspend(client, admin, user):
    cookies = auth_cookies("admin", "adminpass1", client)

    r = client.post("/api/admin/users/alice/suspend", cookies=cookies)
    assert r.status_code == 200
    assert r.json()["status"] == "suspended"

    # Suspended user can't log in
    r2 = client.post("/api/auth/login", json={"handle": "alice", "password": "alicepass1"})
    assert r2.status_code == 401

    r3 = client.post("/api/admin/users/alice/unsuspend", cookies=cookies)
    assert r3.status_code == 200

    r4 = client.post("/api/auth/login", json={"handle": "alice", "password": "alicepass1"})
    assert r4.status_code == 200


def test_suspend_self(client, admin):
    cookies = auth_cookies("admin", "adminpass1", client)
    r = client.post("/api/admin/users/admin/suspend", cookies=cookies)
    assert r.status_code == 400


def test_delete_user(client, admin, user):
    cookies = auth_cookies("admin", "adminpass1", client)
    r = client.delete("/api/admin/users/alice", cookies=cookies)
    assert r.status_code == 200

    users = client.get("/api/admin/users", cookies=cookies).json()
    assert not any(u["handle"] == "alice" for u in users)


def test_delete_self(client, admin):
    cookies = auth_cookies("admin", "adminpass1", client)
    r = client.delete("/api/admin/users/admin", cookies=cookies)
    assert r.status_code == 400


def test_delete_nonexistent_user(client, admin):
    cookies = auth_cookies("admin", "adminpass1", client)
    r = client.delete("/api/admin/users/ghost", cookies=cookies)
    assert r.status_code == 404


def test_set_access_flags(client, admin, user):
    cookies = auth_cookies("admin", "adminpass1", client)

    r = client.patch("/api/admin/users/alice/access",
                     json={"activity_access": True, "wiki_access": False},
                     cookies=cookies)
    assert r.status_code == 200

    users = client.get("/api/admin/users", cookies=cookies).json()
    alice = next(u for u in users if u["handle"] == "alice")
    assert alice["activity_access"] is True
    assert alice["wiki_access"] is False


def test_set_access_non_admin(client, user):
    cookies = auth_cookies("alice", "alicepass1", client)
    r = client.patch("/api/admin/users/alice/access", json={"wiki_access": False}, cookies=cookies)
    assert r.status_code == 403


def test_reset_password_code_for_unknown_user(client, admin):
    cookies = auth_cookies("admin", "adminpass1", client)
    r = client.post("/api/admin/users/ghost/reset-password-code", cookies=cookies)
    assert r.status_code == 404