// Copyright 2018 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT

package integration

import (
	"fmt"
	"net/http"
	"testing"

	auth_model "code.gitea.io/gitea/models/auth"
	"code.gitea.io/gitea/models/db"
	"code.gitea.io/gitea/models/unittest"
	user_model "code.gitea.io/gitea/models/user"
	api "code.gitea.io/gitea/modules/structs"
	"code.gitea.io/gitea/tests"

	"github.com/stretchr/testify/assert"
)

func TestUserOrgs(t *testing.T) {
	defer tests.PrepareTestEnv(t)()
	adminUsername := "user1"
	normalUsername := "user2"
	privateMemberUsername := "user4"
	unrelatedUsername := "user5"

	orgs := getUserOrgs(t, adminUsername, normalUsername)

	org3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "org3"})
	org17 := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "org17"})

	assert.Equal(t, []*api.Organization{
		{
			ID:          17,
			Name:        org17.Name,
			UserName:    org17.Name,
			FullName:    org17.FullName,
			Email:       org17.Email,
			AvatarURL:   org17.AvatarLink(db.DefaultContext),
			Description: "",
			Website:     "",
			Location:    "",
			Visibility:  "public",
		},
		{
			ID:          3,
			Name:        org3.Name,
			UserName:    org3.Name,
			FullName:    org3.FullName,
			Email:       org3.Email,
			AvatarURL:   org3.AvatarLink(db.DefaultContext),
			Description: "",
			Website:     "",
			Location:    "",
			Visibility:  "public",
		},
	}, orgs)

	// user itself should get it's org's he is a member of
	orgs = getUserOrgs(t, privateMemberUsername, privateMemberUsername)
	assert.Len(t, orgs, 1)

	// unrelated user should not get private org membership of privateMemberUsername
	orgs = getUserOrgs(t, unrelatedUsername, privateMemberUsername)
	assert.Len(t, orgs, 0)

	// not authenticated call should not be allowed
	testUserOrgsUnauthenticated(t, privateMemberUsername)
}

func getUserOrgs(t *testing.T, userDoer, userCheck string) (orgs []*api.Organization) {
	token := ""
	if len(userDoer) != 0 {
		token = getUserToken(t, userDoer, auth_model.AccessTokenScopeReadOrganization, auth_model.AccessTokenScopeReadUser)
	}
	req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/users/%s/orgs", userCheck)).
		AddTokenAuth(token)
	resp := MakeRequest(t, req, http.StatusOK)
	DecodeJSON(t, resp, &orgs)
	return orgs
}

func testUserOrgsUnauthenticated(t *testing.T, userCheck string) {
	session := emptyTestSession(t)
	req := NewRequestf(t, "GET", "/api/v1/users/%s/orgs", userCheck)
	session.MakeRequest(t, req, http.StatusUnauthorized)
}

func TestMyOrgs(t *testing.T) {
	defer tests.PrepareTestEnv(t)()

	req := NewRequest(t, "GET", "/api/v1/user/orgs")
	MakeRequest(t, req, http.StatusUnauthorized)

	normalUsername := "user2"
	token := getUserToken(t, normalUsername, auth_model.AccessTokenScopeReadOrganization, auth_model.AccessTokenScopeReadUser)
	req = NewRequest(t, "GET", "/api/v1/user/orgs").
		AddTokenAuth(token)
	resp := MakeRequest(t, req, http.StatusOK)
	var orgs []*api.Organization
	DecodeJSON(t, resp, &orgs)
	org3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "org3"})
	org17 := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "org17"})

	assert.Equal(t, []*api.Organization{
		{
			ID:          17,
			Name:        org17.Name,
			UserName:    org17.Name,
			FullName:    org17.FullName,
			Email:       org17.Email,
			AvatarURL:   org17.AvatarLink(db.DefaultContext),
			Description: "",
			Website:     "",
			Location:    "",
			Visibility:  "public",
		},
		{
			ID:          3,
			Name:        org3.Name,
			UserName:    org3.Name,
			FullName:    org3.FullName,
			Email:       org3.Email,
			AvatarURL:   org3.AvatarLink(db.DefaultContext),
			Description: "",
			Website:     "",
			Location:    "",
			Visibility:  "public",
		},
	}, orgs)
}