import unittest

from app import app

from data import model
from auth import scopes
from auth.permissions import SuperUserPermission, QuayDeferredPermissionUser
from initdb import setup_database_for_testing, finished_database_for_testing


SUPER_USERNAME = 'devtable'
UNSUPER_USERNAME = 'freshuser'


class TestSuperUserOps(unittest.TestCase):
  def setUp(self):
    setup_database_for_testing(self)
    self._su = model.user.get_user(SUPER_USERNAME)
    self._normie = model.user.get_user(UNSUPER_USERNAME)

  def tearDown(self):
    finished_database_for_testing(self)

  def test_superuser_matrix(self):
    test_cases = [
      (self._su, {scopes.SUPERUSER}, True),
      (self._su, {scopes.DIRECT_LOGIN}, True),
      (self._su, {scopes.READ_USER, scopes.SUPERUSER}, True),
      (self._su, {scopes.READ_USER}, False),
      (self._normie, {scopes.SUPERUSER}, False),
      (self._normie, {scopes.DIRECT_LOGIN}, False),
      (self._normie, {scopes.READ_USER, scopes.SUPERUSER}, False),
      (self._normie, {scopes.READ_USER}, False),
    ]

    for user_obj, scope_set, expected in test_cases:
      perm_user = QuayDeferredPermissionUser.for_user(user_obj, scope_set)
      has_su = perm_user.can(SuperUserPermission())
      self.assertEquals(has_su, expected)