from django.test import TestCase
from django.urls import reverse
from django.contrib.auth.models import User
from rest_framework.test import APIClient
from rest_framework_simplejwt.tokens import RefreshToken


class MeEndpointTests(TestCase):
    def setUp(self):
        self.user = User.objects.create_superuser(
            username='admin',
            email='admin@example.com',
            password='adminpass'
        )

        refresh = RefreshToken.for_user(self.user)
        self.access_token = str(refresh.access_token)

        self.client = APIClient()
        self.client.credentials(
            HTTP_AUTHORIZATION=f'Bearer {self.access_token}')

    def test_me_endpoint_returns_correct_user_data(self):
        """
        Verifica que GET /api/users/me/ devuelve los datos del usuario
        autenticado.
        """
        url = reverse('current-user')
        response = self.client.get(url)

        self.assertEqual(response.status_code, 200)

        expected_fields = {'id', 'username', 'email',
                           'first_name', 'last_name', 'role'}
        self.assertTrue(expected_fields.issubset(response.json().keys()))

        data = response.json()
        self.assertEqual(data['username'], self.user.username)
        self.assertEqual(data['email'], self.user.email)
        self.assertEqual(data['first_name'], self.user.first_name)
        self.assertEqual(data['last_name'], self.user.last_name)
        self.assertEqual(data['role'], 'administrator')

    def test_regular_user_role_is_user(self):
        """
        Verifica que un usuario sin permisos de staff recibe role 'user'.
        """
        regular_user = User.objects.create_user(
            username='regular',
            email='regular@example.com',
            password='regularpass',
            is_staff=False
        )

        refresh = RefreshToken.for_user(regular_user)
        access_token = str(refresh.access_token)

        client = APIClient()
        client.credentials(HTTP_AUTHORIZATION=f'Bearer {access_token}')

        url = reverse('current-user')
        response = client.get(url)

        self.assertEqual(response.status_code, 200)
        self.assertEqual(response.json()['role'], 'user')

    def test_staff_user_role_is_administrator(self):
        """
        Verifica que un usuario con is_staff=True recibe role 'administrator'.
        """
        staff_user = User.objects.create_user(
            username='staff',
            email='staff@example.com',
            password='staffpass',
            is_staff=True
        )

        refresh = RefreshToken.for_user(staff_user)
        access_token = str(refresh.access_token)

        client = APIClient()
        client.credentials(HTTP_AUTHORIZATION=f'Bearer {access_token}')

        url = reverse('current-user')
        response = client.get(url)

        self.assertEqual(response.status_code, 200)
        self.assertEqual(response.json()['role'], 'administrator')

    def test_me_endpoint_requires_authentication(self):
        """
        Sin token el endpoint debe devolver 401 Unauthorized.
        """
        client_no_auth = APIClient()
        url = reverse('current-user')
        response = client_no_auth.get(url)

        self.assertEqual(response.status_code, 401)