<?php

declare(strict_types=1);

namespace Tests\Identity;

use Netig\Netslim\Identity\Application\AuthorizationApplicationService;
use Netig\Netslim\Identity\Domain\Entity\User;
use Netig\Netslim\Identity\Domain\Policy\Permission;
use Netig\Netslim\Identity\Domain\Policy\RolePermissionMatrix;
use PHPUnit\Framework\TestCase;

final class AuthorizationServiceTest extends TestCase
{
    private AuthorizationApplicationService $service;

    protected function setUp(): void
    {
        $this->service = new AuthorizationApplicationService(new RolePermissionMatrix());
    }

    public function testEditorGetsFineGrainedPermissions(): void
    {
        $editor = new User(1, 'editor', 'editor@example.test', 'hash', User::ROLE_EDITOR);

        self::assertTrue($this->service->canUser($editor, Permission::CONTENT_PUBLISH));
        self::assertTrue($this->service->canUser($editor, Permission::MEDIA_MANAGE));
        self::assertFalse($this->service->canUser($editor, Permission::USERS_MANAGE));
    }

    public function testAdminHasWildcardPermissions(): void
    {
        self::assertTrue($this->service->canRole(User::ROLE_ADMIN, Permission::SETTINGS_MANAGE));
        self::assertContains('*', $this->service->permissionsForRole(User::ROLE_ADMIN));
    }
}