import pytest
from conftest import auth_header


class TestListUsers:
    async def test_list_users_as_admin(self, client, admin_user, admin_token):
        resp = await client.get("/api/v1/users", headers=auth_header(admin_token))
        assert resp.status_code == 200
        body = resp.json()
        assert "total" in body
        assert "items" in body
        assert body["total"] >= 1

    async def test_list_users_as_visitor_forbidden(self, client, normal_user, user_token):
        resp = await client.get("/api/v1/users", headers=auth_header(user_token))
        assert resp.status_code == 403

    async def test_list_users_unauthenticated(self, client):
        resp = await client.get("/api/v1/users")
        assert resp.status_code == 401


class TestCreateUser:
    async def test_create_user_as_admin(self, client, admin_user, admin_token):
        resp = await client.post(
            "/api/v1/users",
            json={"username": "newuser", "password": "newpass123", "full_name": "New User", "role": "visitor"},
            headers=auth_header(admin_token),
        )
        assert resp.status_code == 200
        body = resp.json()
        assert body["username"] == "newuser"
        assert "id" in body

    async def test_create_user_as_visitor_forbidden(self, client, normal_user, user_token):
        resp = await client.post(
            "/api/v1/users",
            json={"username": "another", "password": "pass123"},
            headers=auth_header(user_token),
        )
        assert resp.status_code == 403

    async def test_create_duplicate_user(self, client, admin_user, admin_token):
        resp = await client.post(
            "/api/v1/users",
            json={"username": "testadmin", "password": "pass123"},
            headers=auth_header(admin_token),
        )
        assert resp.status_code == 400


class TestUpdateUser:
    async def test_update_user_as_admin(self, client, admin_user, normal_user, admin_token):
        resp = await client.put(
            f"/api/v1/users/{normal_user.id}",
            json={"full_name": "Updated Name"},
            headers=auth_header(admin_token),
        )
        assert resp.status_code == 200

    async def test_update_nonexistent_user(self, client, admin_user, admin_token):
        resp = await client.put(
            "/api/v1/users/99999",
            json={"full_name": "Ghost"},
            headers=auth_header(admin_token),
        )
        assert resp.status_code == 404


class TestRoles:
    async def test_list_roles(self, client, admin_user, admin_token, seed_roles):
        resp = await client.get("/api/v1/users/roles", headers=auth_header(admin_token))
        assert resp.status_code == 200
        body = resp.json()
        assert isinstance(body, list)
        assert len(body) >= 1
        assert "name" in body[0]
        assert "display_name" in body[0]