// Copyright 2015 The Vanadium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

package nosql_test

import (
	"testing"

	wire "v.io/syncbase/v23/services/syncbase/nosql"
	"v.io/syncbase/v23/syncbase"
	"v.io/syncbase/v23/syncbase/nosql"
	tu "v.io/syncbase/v23/syncbase/testutil"
	"v.io/syncbase/x/ref/services/syncbase/server/util"
	"v.io/v23/context"
	"v.io/v23/naming"
	"v.io/v23/security"
	"v.io/v23/security/access"
	"v.io/v23/verror"
)

// Tests that SyncGroup.Create works as expected.
func TestCreateSyncGroup(t *testing.T) {
	ctx, sName, cleanup := tu.SetupOrDie(perms("root/client"))
	defer cleanup()
	a := tu.CreateApp(t, ctx, syncbase.NewService(sName), "a")
	d := tu.CreateNoSQLDatabase(t, ctx, a, "d")

	// Check if create fails with empty spec.
	spec := wire.SyncGroupSpec{}
	sg1 := naming.Join(sName, util.SyncbaseSuffix, "sg1")

	createSyncGroup(t, ctx, d, sg1, spec, verror.ErrBadArg.ID)

	// Create successfully.
	spec = wire.SyncGroupSpec{
		Description: "test syncgroup sg1",
		Perms:       nil,
		Prefixes:    []string{"t1/foo"},
	}
	createSyncGroup(t, ctx, d, sg1, spec, verror.ID(""))

	// Check if creating an already existing syncgroup fails.
	createSyncGroup(t, ctx, d, sg1, spec, verror.ErrExist.ID)

	// Create a peer syncgroup.
	spec.Description = "test syncgroup sg2"
	sg2 := naming.Join(sName, util.SyncbaseSuffix, "sg2")
	createSyncGroup(t, ctx, d, sg2, spec, verror.ID(""))

	// Create a nested syncgroup.
	spec.Description = "test syncgroup sg3"
	spec.Prefixes = []string{"t1/foobar"}
	sg3 := naming.Join(sName, util.SyncbaseSuffix, "sg3")
	createSyncGroup(t, ctx, d, sg3, spec, verror.ID(""))

	// Check that create fails if the perms disallow access.
	perms := perms("root/client")
	perms.Blacklist("root/client", string(access.Read))
	if err := d.SetPermissions(ctx, perms, ""); err != nil {
		t.Fatalf("d.SetPermissions() failed: %v", err)
	}
	spec.Description = "test syncgroup sg4"
	sg4 := naming.Join(sName, util.SyncbaseSuffix, "sg4")
	createSyncGroup(t, ctx, d, sg4, spec, verror.ErrNoAccess.ID)
}

// Tests that SyncGroup.Join works as expected for the case with one Syncbase
// and 2 clients. One client creates the SyncGroup, while the other attempts to
// join it.
//
// TODO(hpucha): Add more integration-style testing with 2 syncbases.
func TestJoinSyncGroup(t *testing.T) {
	// Create client1-server pair.
	ctx, ctx1, sName, rootp, cleanup := tu.SetupOrDieCustom("client1", "server", perms("root/client1"))
	defer cleanup()

	a1 := tu.CreateApp(t, ctx1, syncbase.NewService(sName), "a")
	d1 := tu.CreateNoSQLDatabase(t, ctx1, a1, "d")
	specA := wire.SyncGroupSpec{
		Description: "test syncgroup sgA",
		Perms:       perms("root/client1"),
		Prefixes:    []string{"t1/foo"},
	}
	sgNameA := naming.Join(sName, util.SyncbaseSuffix, "sgA")
	createSyncGroup(t, ctx1, d1, sgNameA, specA, verror.ID(""))

	// Check that creator can call join successfully.
	joinSyncGroup(t, ctx1, d1, sgNameA, verror.ID(""))

	// Create client2.
	ctx2 := tu.NewCtx(ctx, rootp, "client2")
	a2 := syncbase.NewService(sName).App("a")
	d2 := a2.NoSQLDatabase("d")

	// Check that client2's join fails if the perms disallow access.
	joinSyncGroup(t, ctx2, d2, sgNameA, verror.ErrNoAccess.ID)

	// Client1 gives access to client2.
	if err := d1.SetPermissions(ctx1, perms("root/client1", "root/client2"), ""); err != nil {
		t.Fatalf("d.SetPermissions() failed: %v", err)
	}

	// Verify client2 has access.
	if err := d2.SetPermissions(ctx2, perms("root/client1", "root/client2"), ""); err != nil {
		t.Fatalf("d.SetPermissions() failed: %v", err)
	}

	// Check that client2's join still fails since the SG ACL disallows access.
	joinSyncGroup(t, ctx2, d2, sgNameA, verror.ErrNoAccess.ID)

	// Create a different SyncGroup.
	specB := wire.SyncGroupSpec{
		Description: "test syncgroup sgB",
		Perms:       perms("root/client1", "root/client2"),
		Prefixes:    []string{"t1/foo"},
	}
	sgNameB := naming.Join(sName, util.SyncbaseSuffix, "sgB")
	createSyncGroup(t, ctx1, d1, sgNameB, specB, verror.ID(""))

	// Check that client2's join now succeeds.
	joinSyncGroup(t, ctx2, d2, sgNameB, verror.ID(""))
}

///////////////////
// Helpers.

func createSyncGroup(t *testing.T, ctx *context.T, d nosql.Database, sgName string, spec wire.SyncGroupSpec, errID verror.ID) nosql.SyncGroup {
	sg := d.SyncGroup(sgName)
	info := wire.SyncGroupMemberInfo{8}
	if err := sg.Create(ctx, spec, info); verror.ErrorID(err) != errID {
		tu.Fatalf(t, "Create SG %q failed: %v", sgName, err)
	}
	return sg
}

func joinSyncGroup(t *testing.T, ctx *context.T, d nosql.Database, sgName string, errID verror.ID) nosql.SyncGroup {
	sg := d.SyncGroup(sgName)
	info := wire.SyncGroupMemberInfo{10}
	if _, err := sg.Join(ctx, info); verror.ErrorID(err) != errID {
		tu.Fatalf(t, "Join SG %v failed: %v", sgName, err)
	}
	return sg
}

// TODO(sadovsky): This appears to be identical to tu.DefaultPerms(). We should
// just use that.
func perms(bps ...string) access.Permissions {
	perms := access.Permissions{}
	for _, bp := range bps {
		for _, tag := range access.AllTypicalTags() {
			perms.Add(security.BlessingPattern(bp), string(tag))
		}
	}
	return perms
}