using Thalos.Service.Application.Adapters;
using Thalos.Service.Application.Ports;
using Thalos.Service.Application.UseCases;
using Thalos.Service.Identity.Abstractions.Contracts;

namespace Thalos.Service.Application.UnitTests;

public class EvaluateIdentityPolicyUseCaseTests
{
    [Fact]
    public async Task HandleAsync_WhenCalled_UsesIdentityContractsAndReturnsMappedResponse()
    {
        var useCase = new EvaluateIdentityPolicyUseCase(
            new FakeIdentityCapabilityContractAdapter(),
            new FakeIdentityPolicyContextReadPort());

        var response = await useCase.HandleAsync(new EvaluateIdentityPolicyRequest("subject-1", "tenant-1", "perm.read"));

        Assert.Equal("subject-1", response.SubjectId);
        Assert.Equal("perm.read", response.PermissionCode);
        Assert.True(response.IsAllowed);
    }

    private sealed class FakeIdentityCapabilityContractAdapter : IIdentityCapabilityContractAdapter
    {
        public IdentityPolicyContextRequest CreatePolicyContext(EvaluateIdentityPolicyRequest identityRequest)
        {
            return new IdentityPolicyContextRequest(identityRequest.SubjectId, identityRequest.TenantId, identityRequest.PermissionCode);
        }

        public EvaluateIdentityPolicyResponse MapPolicyResponse(
            EvaluateIdentityPolicyRequest identityRequest,
            IdentityPolicyContextResponse contextResponse)
        {
            return new EvaluateIdentityPolicyResponse(
                identityRequest.SubjectId,
                identityRequest.PermissionCode,
                contextResponse.ContextSatisfied);
        }
    }

    private sealed class FakeIdentityPolicyContextReadPort : IIdentityPolicyContextReadPort
    {
        public Task<IdentityPolicyContextResponse> ReadPolicyContextAsync(IdentityPolicyContextRequest request)
        {
            return Task.FromResult(new IdentityPolicyContextResponse(request.SubjectId, request.PermissionCode, true));
        }
    }
}