import pytest

import flask
from flask import g
from flask_principal import Identity

from endpoints.v2.v2auth import get_tuf_root
from auth import permissions
  
def admin_identity(namespace, reponame):
  identity = Identity('admin')
  identity.provides.add(permissions._RepositoryNeed(namespace, reponame, 'admin'))
  identity.provides.add(permissions._OrganizationRepoNeed(namespace, 'admin'))
  return identity

def write_identity(namespace, reponame):
  identity = Identity('writer')
  identity.provides.add(permissions._RepositoryNeed(namespace, reponame, 'write'))
  identity.provides.add(permissions._OrganizationRepoNeed(namespace, 'write'))
  return identity
  
def read_identity(namespace, reponame):
  identity = Identity('reader')
  identity.provides.add(permissions._RepositoryNeed(namespace, reponame, 'read'))
  identity.provides.add(permissions._OrganizationRepoNeed(namespace, 'read'))
  return identity

@pytest.mark.parametrize('identity,expected', [
  (Identity('anon'), 'quay'),
  (read_identity("namespace", "repo"), 'quay'),
  (read_identity("different", "repo"), 'quay'),
  (admin_identity("different", "repo"), 'quay'),
  (write_identity("different", "repo"), 'quay'),
  (admin_identity("namespace", "repo"), 'signer'),
  (write_identity("namespace", "repo"), 'signer'),
])
def test_get_tuf_root(identity, expected):
  app = flask.Flask(__name__)

  with app.test_request_context('/'):
    g.identity = identity
    actual = get_tuf_root("namespace", "repo")
  assert actual == expected, "should be %s, but was %s" % (expected, actual)