package main

import (
	"net/http"
	"net/http/httptest"
	"testing"
)

func TestAttendeesListCreateDelete(t *testing.T) {
	app := testApp(t)
	admin := testAdminUser(t, app)
	token := testToken(t, app, admin)
	mux := testMux(app)

	// Create
	req := testAuthRequest("POST", "/api/attendees", map[string]string{"name": "Titania"}, token)
	w := httptest.NewRecorder()
	mux.ServeHTTP(w, req)
	if w.Code != http.StatusCreated {
		t.Fatalf("create: status = %d\nbody: %s", w.Code, w.Body.String())
	}
	created := parseJSON(t, w)
	id := created["id"].(float64)

	// List
	req = testAuthRequest("GET", "/api/attendees", nil, token)
	w = httptest.NewRecorder()
	mux.ServeHTTP(w, req)
	if w.Code != http.StatusOK {
		t.Fatalf("list: status = %d", w.Code)
	}
	list := parseJSON(t, w)
	attendees := list["attendees"].([]any)
	if len(attendees) != 1 {
		t.Errorf("list: got %d, want 1", len(attendees))
	}

	// Delete
	req = testAuthRequest("DELETE", "/api/attendees/"+itoa(int(id)), nil, token)
	w = httptest.NewRecorder()
	mux.ServeHTTP(w, req)
	if w.Code != http.StatusNoContent {
		t.Errorf("delete: status = %d", w.Code)
	}

	// List again — should be empty
	req = testAuthRequest("GET", "/api/attendees", nil, token)
	w = httptest.NewRecorder()
	mux.ServeHTTP(w, req)
	list = parseJSON(t, w)
	if a2, ok := list["attendees"].([]any); ok && len(a2) != 0 {
		t.Errorf("after delete: got %d, want 0", len(a2))
	}
}

func TestCheckInAttendeeHandler(t *testing.T) {
	app := testApp(t)
	admin := testAdminUser(t, app)
	token := testToken(t, app, admin)
	mux := testMux(app)

	app.createAttendee(Attendee{Name: "Oberon"})
	app.db.Exec(`UPDATE attendees SET party_size = 3 WHERE id = 1`)

	// Check in 1
	req := testAuthRequest("POST", "/api/attendees/1/checkin", map[string]int{"count": 1}, token)
	w := httptest.NewRecorder()
	mux.ServeHTTP(w, req)
	if w.Code != http.StatusOK {
		t.Fatalf("checkin: status = %d\nbody: %s", w.Code, w.Body.String())
	}
	result := parseJSON(t, w)
	attendee := result["attendee"].(map[string]any)
	if attendee["checked_in_count"] != float64(1) {
		t.Errorf("checked_in_count = %v, want 1", attendee["checked_in_count"])
	}
}

func TestGateRoleCanCheckIn(t *testing.T) {
	app := testApp(t)
	gate := testUserWithRole(t, app, "gateuser", "gate", []int{})
	token := testToken(t, app, gate)
	mux := testMux(app)

	app.createAttendee(Attendee{Name: "Puck"})

	req := testAuthRequest("POST", "/api/attendees/1/checkin", nil, token)
	w := httptest.NewRecorder()
	mux.ServeHTTP(w, req)
	if w.Code != http.StatusOK {
		t.Errorf("gate checkin: status = %d", w.Code)
	}
}

func TestGateRoleCannotDelete(t *testing.T) {
	app := testApp(t)
	gate := testUserWithRole(t, app, "gateuser", "gate", []int{})
	token := testToken(t, app, gate)
	mux := testMux(app)

	app.createAttendee(Attendee{Name: "Puck"})

	req := testAuthRequest("DELETE", "/api/attendees/1", nil, token)
	w := httptest.NewRecorder()
	mux.ServeHTTP(w, req)
	if w.Code != http.StatusForbidden {
		t.Errorf("gate delete: status = %d, want 403", w.Code)
	}
}