package rootmux

import (
	"encoding/json"
	"testing"

	"forge.grandlyon.com/apoyen/elections/internal/auth"
	"forge.grandlyon.com/apoyen/sdk-go/pkg/tester"
)

/**
Banker TESTS (those tests are to check the bankers rights)
**/
func VisualizerTests(t *testing.T) {
	// Create the tester
	ts, do, _ := createTester(t)
	defer ts.Close() // Close the tester
	tests := func() {
		// Get the XSRF Token
		response := do("GET", "/api/common/WhoAmI", noH, "", 200, "")
		token := auth.TokenData{}
		json.Unmarshal([]byte(response), &token)
		xsrfHeader := tester.Header{Key: "XSRF-TOKEN", Value: token.XSRFToken}

		// Create a capturer should fail with 405
		do("POST", "/api/Capturer", xsrfHeader, `{"userID":2,"name":"Capturer"}`, 405, `You're not authorize to execute this method on this ressource.`)
		// Get a capturer should fail with 405
		do("GET", "/api/Capturer/1", xsrfHeader, "", 405, `You're not authorize to execute this method on this ressource.`)
		// Get all the capturer should fail with 405
		do("GET", "/api/Capturer/", xsrfHeader, "", 405, `You're not authorize to execute this method on this ressource.`)
		// Update a capturer should fail with 405
		do("PUT", "/api/Capturer/1", xsrfHeader, `{"ID":1,"UserID":2,"Name":"capturer"}`, 405, `You're not authorize to execute this method on this ressource.`)
		// Delete a capturer should fail with 405
		do("DELETE", "/api/Capturer/1", xsrfHeader, ``, 405, `You're not authorize to execute this method on this ressource.`)

		// Create an election should fail with 405
		do("POST", "/api/Election", xsrfHeader, `{"Name":"Grand Lyon 2020", "BallotType":"metropolitan-direct"}`, 405, `You're not authorize to execute this method on this ressource.`)
		// Get an Election should fail with 405
		do("GET", "/api/Election/1", xsrfHeader, "", 405, `You're not authorize to execute this method on this ressource.`)
		// Get all the elections should fail with 405
		do("GET", "/api/Election/", xsrfHeader, "", 405, `You're not authorize to execute this method on this ressource.`)
		// Update an election should fail with 405
		do("PUT", "/api/Election/1", xsrfHeader, `{"Name":"Grand Lyon 2020", "BallotType":"metropolitan-direct"}`, 405, `You're not authorize to execute this method on this ressource.`)
		// Delete an election should fail with 405
		do("DELETE", "/api/Election/1", xsrfHeader, ``, 405, `You're not authorize to execute this method on this ressource.`)

	}
	// Do a in memory login with an known admin
	do("POST", "/Login", noH, `{"login": "visualizer","password": "password"}`, 200, "")
	tests()
	// Try to logout (must pass)
	do("GET", "/Logout", noH, "", 200, "Logout OK")
}