package chain

import (
	"testing"

	"git.frostfs.info/TrueCloudLab/policy-engine/pkg/resource/testutil"
	"git.frostfs.info/TrueCloudLab/policy-engine/schema/native"
	"github.com/stretchr/testify/require"
)

func TestEncodeDecode(t *testing.T) {
	expected := Chain{
		MatchType: MatchTypeFirstMatch,
		Rules: []Rule{
			{
				Status: Allow,
				Actions: Actions{Names: []string{
					"native::PutObject",
				}},
				Resources: Resources{Names: []string{"*"}},
				Condition: []Condition{
					{
						Op:    CondStringEquals,
						Key:   "Name",
						Value: "NNS",
					},
				},
			},
		},
	}
	data := expected.Bytes()

	var actual Chain
	require.NoError(t, actual.DecodeBytes(data))
	require.Equal(t, expected, actual)
}

func TestReturnFirstMatch(t *testing.T) {
	ch := Chain{
		Rules: []Rule{
			{
				Status: Allow,
				Actions: Actions{Names: []string{
					native.MethodPutObject,
				}},
				Resources: Resources{Names: []string{native.ResourceFormatRootContainers}},
				Condition: []Condition{},
			},
			{
				Status: AccessDenied,
				Actions: Actions{Names: []string{
					native.MethodPutObject,
				}},
				Resources: Resources{Names: []string{native.ResourceFormatRootContainers}},
				Condition: []Condition{},
			},
		},
	}

	resource := testutil.NewResource(native.ResourceFormatRootContainers, nil)
	request := testutil.NewRequest(native.MethodPutObject, resource, nil)

	t.Run("default match", func(t *testing.T) {
		st, found := ch.Match(request)
		require.True(t, found)
		require.Equal(t, AccessDenied, st)
	})

	t.Run("return first match", func(t *testing.T) {
		ch.MatchType = MatchTypeFirstMatch
		st, found := ch.Match(request)
		require.True(t, found)
		require.Equal(t, Allow, st)
	})
}