namespace NATS.Server.Tests;

using NATS.Server.Auth.Jwt;

public class PermissionTemplateTests
{
    [Fact]
    public void Expand_name_template()
    {
        var result = PermissionTemplates.Expand("user.{{name()}}.>",
            name: "alice", subject: "UABC", accountName: "acct", accountSubject: "AABC",
            userTags: [], accountTags: []);
        result.ShouldBe(["user.alice.>"]);
    }

    [Fact]
    public void Expand_subject_template()
    {
        var result = PermissionTemplates.Expand("inbox.{{subject()}}.>",
            name: "alice", subject: "UABC123", accountName: "acct", accountSubject: "AABC",
            userTags: [], accountTags: []);
        result.ShouldBe(["inbox.UABC123.>"]);
    }

    [Fact]
    public void Expand_account_name_template()
    {
        var result = PermissionTemplates.Expand("acct.{{account-name()}}.>",
            name: "alice", subject: "UABC", accountName: "myaccount", accountSubject: "AABC",
            userTags: [], accountTags: []);
        result.ShouldBe(["acct.myaccount.>"]);
    }

    [Fact]
    public void Expand_account_subject_template()
    {
        var result = PermissionTemplates.Expand("acct.{{account-subject()}}.>",
            name: "alice", subject: "UABC", accountName: "acct", accountSubject: "AABC456",
            userTags: [], accountTags: []);
        result.ShouldBe(["acct.AABC456.>"]);
    }

    [Fact]
    public void Expand_tag_template_single_value()
    {
        var result = PermissionTemplates.Expand("dept.{{tag(dept)}}.>",
            name: "alice", subject: "UABC", accountName: "acct", accountSubject: "AABC",
            userTags: ["dept:engineering"], accountTags: []);
        result.ShouldBe(["dept.engineering.>"]);
    }

    [Fact]
    public void Expand_tag_template_multi_value_cartesian()
    {
        var result = PermissionTemplates.Expand("dept.{{tag(dept)}}.>",
            name: "alice", subject: "UABC", accountName: "acct", accountSubject: "AABC",
            userTags: ["dept:eng", "dept:sales"], accountTags: []);
        result.Count.ShouldBe(2);
        result.ShouldContain("dept.eng.>");
        result.ShouldContain("dept.sales.>");
    }

    [Fact]
    public void Expand_account_tag_template()
    {
        var result = PermissionTemplates.Expand("region.{{account-tag(region)}}.>",
            name: "alice", subject: "UABC", accountName: "acct", accountSubject: "AABC",
            userTags: [], accountTags: ["region:us-east"]);
        result.ShouldBe(["region.us-east.>"]);
    }

    [Fact]
    public void Expand_no_templates_returns_original()
    {
        var result = PermissionTemplates.Expand("foo.bar.>",
            name: "alice", subject: "UABC", accountName: "acct", accountSubject: "AABC",
            userTags: [], accountTags: []);
        result.ShouldBe(["foo.bar.>"]);
    }

    [Fact]
    public void Expand_unknown_tag_returns_empty()
    {
        var result = PermissionTemplates.Expand("dept.{{tag(missing)}}.>",
            name: "alice", subject: "UABC", accountName: "acct", accountSubject: "AABC",
            userTags: ["dept:eng"], accountTags: []);
        result.ShouldBeEmpty();
    }

    [Fact]
    public void ExpandAll_expands_array_of_subjects()
    {
        var subjects = new[] { "user.{{name()}}.>", "inbox.{{subject()}}.>" };
        var result = PermissionTemplates.ExpandAll(subjects,
            name: "alice", subject: "UABC", accountName: "acct", accountSubject: "AABC",
            userTags: [], accountTags: []);
        result.ShouldBe(["user.alice.>", "inbox.UABC.>"]);
    }
}