import { and, eq } from 'drizzle-orm';
import { db } from '../src/db';
import { permissions, rolePermissions, roles, users } from '../src/db/schema/auth';
import { aclRules, resources } from '../src/db/schema/resource';

async function runTest() {
  console.log('🛡️ Testing permission administration data flow...');

  const suffix = Date.now();
  const [permission] = await db.insert(permissions).values({
    action: `read-${suffix}`,
    resourceType: 'video',
  }).returning();

  let resourceId: string | null = null;

  try {
    const [viewerRole] = await db.select().from(roles).where(eq(roles.name, 'viewer')).limit(1);
    const [tester] = await db.select().from(users).where(eq(users.email, 'tester@ekb.com')).limit(1);

    if (!viewerRole || !tester) {
      throw new Error('Required seed data missing. Run npx tsx src/db/seed.ts first.');
    }

    await db.insert(rolePermissions).values({
      roleId: viewerRole.id,
      permissionId: permission.id,
    }).onConflictDoNothing();

    const [rolePermission] = await db.select().from(rolePermissions).where(and(
      eq(rolePermissions.roleId, viewerRole.id),
      eq(rolePermissions.permissionId, permission.id),
    )).limit(1);

    const [resource] = await db.insert(resources).values({
      name: `permission-admin-${suffix}.mp4`,
      path: `/permission-admin/${suffix}.mp4`,
      type: 'file',
    }).returning();
    resourceId = resource.id;

    const [aclRule] = await db.insert(aclRules).values({
      resourceId: resource.id,
      subjectType: 'user',
      subjectId: tester.id,
      permissionType: 'deny',
      action: 'read',
    }).returning();

    await db.delete(aclRules).where(eq(aclRules.id, aclRule.id));
    const [deletedAcl] = await db.select().from(aclRules).where(eq(aclRules.id, aclRule.id)).limit(1);

    if (!rolePermission || deletedAcl) {
      throw new Error('Permission admin data flow failed.');
    }
  } finally {
    await db.delete(rolePermissions).where(eq(rolePermissions.permissionId, permission.id));
    await db.delete(permissions).where(eq(permissions.id, permission.id));
    if (resourceId) {
      await db.delete(resources).where(eq(resources.id, resourceId));
    }
  }

  console.log('✅ Permission administration data flow passed.');
  process.exit(0);
}

runTest().catch((error) => {
  console.error('❌ Test failed with error:', error);
  process.exit(1);
});