package rootmux

import (
	"encoding/json"
	"testing"

	"forge.grandlyon.com/apoyen/elections/internal/auth"
	"forge.grandlyon.com/apoyen/sdk-go/pkg/tester"
)

/**
Banker TESTS (those tests are to check the bankers rights)
**/
func CapturerTests(t *testing.T) {
	// Create the tester
	ts, do, _ := createTester(t)
	defer ts.Close() // Close the tester
	tests := func() {
		// Get the XSRF Token
		response := do("GET", "/api/common/WhoAmI", noH, "", 200, "")
		token := auth.TokenData{}
		json.Unmarshal([]byte(response), &token)
		xsrfHeader := tester.Header{Key: "XSRF-TOKEN", Value: token.XSRFToken}

		// Create a capturer should fail with 405
		do("POST", "/api/Capturer", xsrfHeader, `{"userID":2,"name":"Capturer"}`, 405, `You're not authorize to execute this method on this ressource.`)
		// Get the capturer connected
		do("GET", "/api/Capturer/1", xsrfHeader, "", 200, `{"ID":1,"UserID":2,"Name":"Capturer","DeskRounds":[]}`)
		// Get another capturer should fail with 405
		do("GET", "/api/Capturer/2", xsrfHeader, "", 403, `You can not access this ressource`)
		// Get all the capturer return only the capturer connected
		do("GET", "/api/Capturer/", xsrfHeader, "", 200, `[{"ID":1,"UserID":2,"Name":"Capturer","DeskRounds":[]}]`)
		// Update a capturer should fail with 405
		do("PUT", "/api/Capturer/1", xsrfHeader, `{"ID":1,"UserID":2,"Name":"capturer"}`, 405, `You're not authorize to execute this method on this ressource.`)
		// Delete a capturer should fail with 405
		do("DELETE", "/api/Capturer/1", xsrfHeader, ``, 405, `You're not authorize to execute this method on this ressource.`)

		// Create an election should fail with 405
		do("POST", "/api/Election", xsrfHeader, `{"Name":"Grand Lyon 2020", "BallotType":"metropolitan-direct"}`, 405, `You're not authorize to execute this method on this ressource.`)
		// Get an Election
		do("GET", "/api/Election/1", xsrfHeader, "", 200, `{"ID":1,"Name":"Grand Lyon 2020","BallotType":"metropolitan-direct","Areas":[{"ID":1,"ElectionID":1,"Name":"Area 1","SeatNumber":9,"MapID":"1","Sections":null}],"Rounds":null}`)
		// Get all the elections
		do("GET", "/api/Election/", xsrfHeader, "", 200, `[{"ID":1,"Name":"Grand Lyon 2020","BallotType":"metropolitan-direct","Areas":[{"ID":1,"ElectionID":1,"Name":"Area 1","SeatNumber":9,"MapID":"1","Sections":null}],"Rounds":null}]`)
		// Update an election should fail with 405
		do("PUT", "/api/Election/1", xsrfHeader, `{"Name":"Grand Lyon 2020", "BallotType":"metropolitan-direct"}`, 405, `You're not authorize to execute this method on this ressource.`)
		// Delete an election should fail with 405
		do("DELETE", "/api/Election/1", xsrfHeader, ``, 405, `You're not authorize to execute this method on this ressource.`)

		// Create an area should fail with 405
		do("POST", "/api/Area", xsrfHeader, `{"ElectionID":1,"Name":"Area 1","SeatNumber":9,"MapID":"1"}`, 405, `You're not authorize to execute this method on this ressource.`)
		// Get an area
		do("GET", "/api/Area/1", xsrfHeader, "", 200, `{"ID":1,"ElectionID":1,"Name":"Area 1","SeatNumber":9,"MapID":"1","Sections":[{"ID":1,"AreaID":1,"Name":"Section 1","MapID":"1","Desks":null}]}`)
		// Get all the areas
		do("GET", "/api/Area/", xsrfHeader, "", 200, `[{"ID":1,"ElectionID":1,"Name":"Area 1","SeatNumber":9,"MapID":"1","Sections":[{"ID":1,"AreaID":1,"Name":"Section 1","MapID":"1","Desks":null}]}]`)
		// Update an area should fail with 405
		do("PUT", "/api/Area/1", xsrfHeader, `{"ID":1,"ElectionID":1,"Name":"Area 1","SeatNumber":9,"MapID":"1"}`, 405, `You're not authorize to execute this method on this ressource.`)
		// Delete an area should fail with 405
		do("DELETE", "/api/Area/1", xsrfHeader, ``, 405, `You're not authorize to execute this method on this ressource.`)

		// Create a section should fail with 405
		do("POST", "/api/Section", xsrfHeader, `{"AreaID":1,"Name":"Section 1","MapID":"1"}`, 405, `You're not authorize to execute this method on this ressource.`)
		// Get a section
		do("GET", "/api/Section/1", xsrfHeader, "", 200, `{"ID":1,"AreaID":1,"Name":"Section 1","MapID":"1","Desks":[{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587,"DeskRounds":null}]}`)
		// Get all the sections
		do("GET", "/api/Section/", xsrfHeader, "", 200, `[{"ID":1,"AreaID":1,"Name":"Section 1","MapID":"1","Desks":[{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587,"DeskRounds":null}]}]`)
		// Update a section should fail with 405
		do("PUT", "/api/Section/1", xsrfHeader, `{"ID":1,"AreaID":1,"Name":"Section 1","MapID":"1"}`, 405, `You're not authorize to execute this method on this ressource.`)
		// Delete a section should fail with 405
		do("DELETE", "/api/Section/1", xsrfHeader, ``, 405, `You're not authorize to execute this method on this ressource.`)

		// Create a desk should fail with 405
		do("POST", "/api/Desk", xsrfHeader, `{"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587}`, 405, `You're not authorize to execute this method on this ressource.`)
		// Get a desk
		do("GET", "/api/Desk/1", xsrfHeader, "", 200, `{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587,"DeskRounds":[{"ID":1,"RoundID":1,"DeskID":1,"Capturers":null,"Completed":false,"DateCompletion":"0001-01-01T00:00:00Z","Validated":false,"Votes":null}]}`)
		// Get all the desks
		do("GET", "/api/Desk/", xsrfHeader, "", 200, `[{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587,"DeskRounds":[{"ID":1,"RoundID":1,"DeskID":1,"Capturers":null,"Completed":false,"DateCompletion":"0001-01-01T00:00:00Z","Validated":false,"Votes":null}]}]`)
		// Update a desk should fail with 405
		do("PUT", "/api/Desk/1", xsrfHeader, `{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":false,"Subscribed":3587}`, 405, `You're not authorize to execute this method on this ressource.`)
		// Delete a desk should fail with 405
		do("DELETE", "/api/Desk/1", xsrfHeader, ``, 405, `You're not authorize to execute this method on this ressource.`)

		// Create a round should fail with 405
		do("POST", "/api/Round", xsrfHeader, `{"ElectionID":1,"Date":"2020-06-28","Round":1}`, 405, `You're not authorize to execute this method on this ressource.`)
		// Get a desk
		do("GET", "/api/Round/1", xsrfHeader, "", 200, `{"ID":1,"ElectionID":1,"Parameter":{"ID":0,"CountBlankAndNull":false,"ShowOnlyCompleted":false,"ShowMap":false},"Date":"2020-06-28","Round":1,"DeskRounds":[{"ID":1,"RoundID":1,"DeskID":1,"Capturers":null,"Completed":false,"DateCompletion":"0001-01-01T00:00:00Z","Validated":false,"Votes":null}],"CandidateLists":[]}`)
		// Get all the desks
		do("GET", "/api/Round/", xsrfHeader, "", 200, `[{"ID":1,"ElectionID":1,"Parameter":{"ID":0,"CountBlankAndNull":false,"ShowOnlyCompleted":false,"ShowMap":false},"Date":"2020-06-28","Round":1,"DeskRounds":[{"ID":1,"RoundID":1,"DeskID":1,"Capturers":null,"Completed":false,"DateCompletion":"0001-01-01T00:00:00Z","Validated":false,"Votes":null}],"CandidateLists":[]}]`)
		// Update a desk should fail with 405
		do("PUT", "/api/Round/1", xsrfHeader, `{"ID":1,"ElectionID":1,"Date":"2020-07-28","Round":2}`, 405, `You're not authorize to execute this method on this ressource.`)
		// Delete a desk should fail with 405
		do("DELETE", "/api/Round/1", xsrfHeader, ``, 405, `You're not authorize to execute this method on this ressource.`)

		// Create a DeskRound should fail with 400
		do("POST", "/api/DeskRound", xsrfHeader, `{"ID":1,"RoundID":1,"DeskID":1,"Validated":false}`, 400, `method not allowed`)
		// Get a DeskRound
		do("GET", "/api/DeskRound/1", xsrfHeader, ``, 200, `{"ID":1,"RoundID":1,"DeskID":1,"Capturers":[],"Completed":false,"DateCompletion":"0001-01-01T00:00:00Z","Validated":false,"Votes":[]}`)
		// Get DeskRounds
		do("GET", "/api/DeskRound/", xsrfHeader, ``, 200, `[{"ID":1,"RoundID":1,"DeskID":1,"Capturers":[],"Completed":false,"DateCompletion":"0001-01-01T00:00:00Z","Validated":false,"Votes":[]}]`)
		// Update a desk should fail with 405
		do("PUT", "/api/DeskRound/1", xsrfHeader, `{"ID":1,"RoundID":1,"DeskID":1,"Validated":false}`, 405, `You're not authorize to execute this method on this ressource.`)
		// Delete a DeskRound should fail with 400
		do("DELETE", "/api/DeskRound/1", xsrfHeader, ``, 400, `method not allowed`)

		// Create a Party should fail with 405
		do("POST", "/api/Party", xsrfHeader, `{"Name":"MyGreatParty","Color":"#FFFFFF"}`, 405, `You're not authorize to execute this method on this ressource.`)
		// Get a party
		do("GET", "/api/Party/1", xsrfHeader, "", 200, `{"ID":1,"Name":"MyGreatParty","Color":"#FFFFFF","CandidateLists":[]}`)
		// Get all the parties
		do("GET", "/api/Party/", xsrfHeader, "", 200, `[{"ID":1,"Name":"MyGreatParty","Color":"#FFFFFF","CandidateLists":[]}]`)
		// Update a party should fail with 405
		do("PUT", "/api/Party/1", xsrfHeader, `{"ID":1,"Name":"MyBigParty","Color":"#000000"}`, 405, `You're not authorize to execute this method on this ressource.`)
		// Delete a party should fail with 405
		do("DELETE", "/api/Party/1", xsrfHeader, ``, 405, `You're not authorize to execute this method on this ressource.`)

		// Add deskround to capturer should fail with 405
		do("POST", "/api/CapturerDeskRound", xsrfHeader, `{"CapturerID":1,"DeskRoundID":1}`, 405, `You're not authorize to execute this method on this ressource.`)
		// Remove DeskRound to capturer
		do("DELETE", "/api/CapturerDeskRound/1", xsrfHeader, `{"CapturerID":1,"DeskRoundID":1}`, 405, `You're not authorize to execute this method on this ressource.`)

	}
	// Do a in memory login with an known admin
	do("POST", "/Login", noH, `{"login": "capturer","password": "password"}`, 200, "")
	tests()
	// Try to logout (must pass)
	do("GET", "/Logout", noH, "", 200, "Logout OK")
}