"""Unit tests for L1-related dependency guards.

Uses MagicMock user objects — no database required.
"""

from unittest.mock import MagicMock
from uuid import uuid4

import pytest
from fastapi import HTTPException

from app.api.deps import require_l1, require_l1_or_coverage, require_l1_or_above


def _make_user(account_role="engineer", is_super_admin=False, can_cover_l1=False):
    user = MagicMock()
    user.id = uuid4()
    user.account_role = account_role
    user.is_super_admin = is_super_admin
    user.can_cover_l1 = can_cover_l1
    return user


# ---------------------------------------------------------------------------
# require_l1
# ---------------------------------------------------------------------------


async def test_require_l1_passes_for_l1_tech():
    user = _make_user(account_role="l1_tech")
    result = await require_l1(current_user=user)
    assert result is user


async def test_require_l1_passes_for_super_admin():
    user = _make_user(account_role="owner", is_super_admin=True)
    result = await require_l1(current_user=user)
    assert result is user


async def test_require_l1_blocks_engineer():
    user = _make_user(account_role="engineer")
    with pytest.raises(HTTPException) as exc:
        await require_l1(current_user=user)
    assert exc.value.status_code == 403


# ---------------------------------------------------------------------------
# require_l1_or_coverage
# ---------------------------------------------------------------------------


async def test_require_l1_or_coverage_passes_l1_tech():
    user = _make_user(account_role="l1_tech")
    result = await require_l1_or_coverage(current_user=user)
    assert result is user


async def test_require_l1_or_coverage_passes_engineer_with_flag():
    user = _make_user(account_role="engineer", can_cover_l1=True)
    result = await require_l1_or_coverage(current_user=user)
    assert result is user


async def test_require_l1_or_coverage_blocks_engineer_without_flag():
    user = _make_user(account_role="engineer", can_cover_l1=False)
    with pytest.raises(HTTPException) as exc:
        await require_l1_or_coverage(current_user=user)
    assert exc.value.status_code == 403


async def test_require_l1_or_coverage_passes_owner_always():
    user = _make_user(account_role="owner")
    result = await require_l1_or_coverage(current_user=user)
    assert result is user


# ---------------------------------------------------------------------------
# require_l1_or_above
# ---------------------------------------------------------------------------


async def test_require_l1_or_above_passes_engineer():
    user = _make_user(account_role="engineer")
    result = await require_l1_or_above(current_user=user)
    assert result is user


async def test_require_l1_or_above_passes_l1_tech():
    user = _make_user(account_role="l1_tech")
    result = await require_l1_or_above(current_user=user)
    assert result is user


async def test_require_l1_or_above_blocks_viewer():
    user = _make_user(account_role="viewer")
    with pytest.raises(HTTPException) as exc:
        await require_l1_or_above(current_user=user)
    assert exc.value.status_code == 403