import { describe, expect, it } from "vitest"

import { canAccessRoute, getRequiredPermission, isPublicRoute } from "./access"

describe("admin route access rules", () => {
  it("treats support fallback route as public", () => {
    expect(isPublicRoute("/support/support-access")).toBe(true)
    expect(canAccessRoute("editor", "/support/support-access")).toBe(true)
  })

  it("keeps settings route restricted to role with users:manage_roles", () => {
    expect(isPublicRoute("/settings")).toBe(false)
    expect(canAccessRoute("manager", "/settings")).toBe(false)
    expect(canAccessRoute("admin", "/settings")).toBe(true)
    expect(canAccessRoute("owner", "/settings")).toBe(true)
  })

  it("resolves route-specific permission requirements", () => {
    expect(getRequiredPermission("/todo")).toEqual({
      permission: "roadmap:read",
      scope: "global",
    })
  })

  it("maps new admin IA routes to dedicated permissions", () => {
    expect(getRequiredPermission("/pages")).toEqual({
      permission: "pages:read",
      scope: "team",
    })
    expect(getRequiredPermission("/navigation")).toEqual({
      permission: "navigation:read",
      scope: "team",
    })
    expect(getRequiredPermission("/media")).toEqual({
      permission: "media:read",
      scope: "team",
    })
    expect(getRequiredPermission("/portfolio")).toEqual({
      permission: "media:read",
      scope: "team",
    })
    expect(getRequiredPermission("/users")).toEqual({
      permission: "users:read",
      scope: "own",
    })
    expect(getRequiredPermission("/commissions")).toEqual({
      permission: "commissions:read",
      scope: "own",
    })
    expect(getRequiredPermission("/announcements")).toEqual({
      permission: "banner:read",
      scope: "global",
    })
    expect(getRequiredPermission("/news")).toEqual({
      permission: "news:read",
      scope: "team",
    })
  })
})