using Shouldly;
using Xunit;
using ZB.MOM.WW.OtOpcUa.Security.Ldap;

namespace ZB.MOM.WW.OtOpcUa.Security.Tests;

public sealed class RoleMapperTests
{
    /// <summary>
    /// Verifies that empty mapping returns no roles.
    /// </summary>
    [Fact]
    public void Empty_mapping_returns_empty()
    {
        RoleMapper.Map(new[] { "Admins" }, new Dictionary<string, string>())
            .ShouldBeEmpty();
    }

    /// <summary>
    /// Verifies that RoleMapper maps a group to its corresponding role.
    /// </summary>
    [Fact]
    public void Maps_group_to_role()
    {
        RoleMapper.Map(
            new[] { "AdminGroup" },
            new Dictionary<string, string> { ["AdminGroup"] = "FleetAdmin" })
            .ShouldBe(new[] { "FleetAdmin" });
    }

    /// <summary>
    /// Verifies that group matching is case-insensitive.
    /// </summary>
    [Fact]
    public void Case_insensitive_group_match()
    {
        RoleMapper.Map(
            new[] { "admingroup" },
            new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase)
            {
                ["AdminGroup"] = "FleetAdmin",
            })
            .ShouldBe(new[] { "FleetAdmin" });
    }

    /// <summary>
    /// Verifies that multiple groups are deduplicated to unique roles.
    /// </summary>
    [Fact]
    public void Multiple_groups_dedup_roles()
    {
        var roles = RoleMapper.Map(
            new[] { "AdminGroup", "AlsoAdmin" },
            new Dictionary<string, string>
            {
                ["AdminGroup"] = "FleetAdmin",
                ["AlsoAdmin"] = "FleetAdmin",
            });

        roles.ShouldBe(new[] { "FleetAdmin" });
    }
}