package rbac

import (
	"context"
	"testing"
)

func TestNewIdentity(t *testing.T) {
	id := NewIdentity("uid-1", "Jane Doe", "jane@example.com")

	if id.UID != "uid-1" {
		t.Errorf("UID = %q, want uid-1", id.UID)
	}
	if id.DisplayName != "Jane Doe" {
		t.Errorf("DisplayName = %q, want Jane Doe", id.DisplayName)
	}
	if id.Email != "jane@example.com" {
		t.Errorf("Email = %q, want jane@example.com", id.Email)
	}
	if id.TenantID != "" {
		t.Errorf("TenantID must be empty at construction, got %q", id.TenantID)
	}
}

func TestIdentity_WithTenant(t *testing.T) {
	original := NewIdentity("uid-1", "Jane Doe", "jane@example.com")
	enriched := original.WithTenant("tenant-abc")

	if enriched.TenantID != "tenant-abc" {
		t.Errorf("enriched.TenantID = %q, want tenant-abc", enriched.TenantID)
	}
	// WithTenant must not mutate the original.
	if original.TenantID != "" {
		t.Errorf("original.TenantID mutated to %q, must remain empty", original.TenantID)
	}
	// Other fields must be preserved.
	if enriched.UID != original.UID {
		t.Errorf("WithTenant changed UID: got %q, want %q", enriched.UID, original.UID)
	}
}

func TestContextHelpers_SetAndGet(t *testing.T) {
	id := NewIdentity("uid-1", "Jane Doe", "jane@example.com")
	ctx := SetInContext(context.Background(), id)

	retrieved, ok := FromContext(ctx)
	if !ok {
		t.Fatal("FromContext returned ok=false, expected to find identity")
	}
	if retrieved.UID != id.UID {
		t.Errorf("retrieved UID = %q, want %q", retrieved.UID, id.UID)
	}
}

func TestContextHelpers_MissingReturnsZeroValue(t *testing.T) {
	id, ok := FromContext(context.Background())
	if ok {
		t.Error("FromContext on empty context returned ok=true")
	}
	if id != (Identity{}) {
		t.Errorf("FromContext on empty context returned non-zero Identity: %+v", id)
	}
}

func TestContextHelpers_ValueSemanticsOnSet(t *testing.T) {
	id := NewIdentity("uid-1", "Jane Doe", "jane@example.com")
	ctx := SetInContext(context.Background(), id)

	// Mutating the original struct after storing must not affect the context value
	// because Identity is a value type.
	id.UID = "mutated"

	retrieved, _ := FromContext(ctx)
	if retrieved.UID == "mutated" {
		t.Error("context value was mutated after SetInContext; Identity must be a value type")
	}
}

func TestContextHelpers_OverwriteInContext(t *testing.T) {
	first := NewIdentity("uid-1", "Jane", "jane@example.com")
	second := NewIdentity("uid-2", "John", "john@example.com")

	ctx := SetInContext(context.Background(), first)
	ctx = SetInContext(ctx, second)

	retrieved, ok := FromContext(ctx)
	if !ok {
		t.Fatal("expected identity in context")
	}
	if retrieved.UID != "uid-2" {
		t.Errorf("expected overwritten identity uid-2, got %s", retrieved.UID)
	}
}