-module(admin_handler_stats_tests).
-include_lib("eunit/include/eunit.hrl").
-include("records.hrl").

-define(JWT_SECRET,       <<"test-user-secret-key-32-byt!">>).
-define(ADMIN_JWT_SECRET, <<"test-admin-secret-key-32-b">>).

setup() ->
  ok = meck:new(cowboy_req, [non_strict]),
  ok = meck:new(handler_auth, [non_strict]),
  ok = meck:new(core_user, [non_strict]),
  ok = meck:new(mnesia, [non_strict]),
  ok = meck:expect(mnesia, dirty_match_object, fun(_) -> [] end),
  application:set_env(eventhub, jwt_secret, ?JWT_SECRET),
  application:set_env(eventhub, admin_jwt_secret, ?ADMIN_JWT_SECRET),
  {ok, _} = application:ensure_all_started(jose),
  ok.

cleanup(_) ->
  application:unset_env(eventhub, jwt_secret),
  application:unset_env(eventhub, admin_jwt_secret),
  application:stop(jose),
  meck:unload(mnesia),
  meck:unload(core_user),
  meck:unload(handler_auth),
  meck:unload(cowboy_req).

admin_stats_test_() ->
  {setup, fun setup/0, fun cleanup/1, [
    {"GET /admin/stats with admin role returns 200 and dashboard data",
      fun test_stats_admin/0},
    {"GET /admin/stats with non-admin role returns 403",
      fun test_stats_forbidden/0},
    {"POST /admin/stats returns 405",
      fun test_stats_wrong_method/0},
    {"Count functions return 0 with empty DB",
      fun test_count_functions/0}
  ]}.

%% ── Успешный GET с ролью админа ────────────────────────────
test_stats_admin() ->
  ok = meck:expect(cowboy_req, method, fun(_) -> <<"GET">> end),
  ok = meck:expect(handler_auth, authenticate,
    fun(Req) -> {ok, <<"adm1">>, Req} end),
  % Администратор с ролью superadmin
  AdminUser = #user{id = <<"adm1">>, role = superadmin, _ = '_'},
  ok = meck:expect(core_user, get_by_id,
    fun(<<"adm1">>) -> {ok, AdminUser} end),
  ok = meck:expect(cowboy_req, reply,
    fun(Code, Headers, Body, Req) ->
      put(test_reply, {Code, Headers, Body, Req})
    end),
  {ok, _, _} = admin_handler_stats:init(req, []),
  {Status, _, RespBody, _} = erase(test_reply),
  ?assertEqual(200, Status),
  Stats = jsx:decode(RespBody, [return_maps]),
  ?assert(is_map_key(<<"users">>, Stats)),
  ?assert(is_map_key(<<"events">>, Stats)).

%% ── Обычный пользователь получает 403 ─────────────────────
test_stats_forbidden() ->
  ok = meck:expect(cowboy_req, method, fun(_) -> <<"GET">> end),
  ok = meck:expect(handler_auth, authenticate,
    fun(Req) -> {error, 403, <<"Admin access required">>, Req} end),
  ok = meck:expect(cowboy_req, reply,
    fun(Code, Headers, Body, Req) ->
      put(test_reply, {Code, Headers, Body, Req})
    end),
  {ok, _, _} = admin_handler_stats:init(req, []),
  {Status, _, RespBody, _} = erase(test_reply),
  ?assertEqual(403, Status),
  ?assertEqual(#{<<"error">> => <<"Admin access required">>}, jsx:decode(RespBody, [return_maps])).

%% ── Неверный метод ──────────────────────────────────────
test_stats_wrong_method() ->
  ok = meck:expect(cowboy_req, method, fun(_) -> <<"POST">> end),
  ok = meck:expect(cowboy_req, reply,
    fun(Code, Headers, Body, Req) ->
      put(test_reply, {Code, Headers, Body, Req})
    end),
  {ok, _, _} = admin_handler_stats:init(req, []),
  {Status, _, RespBody, _} = erase(test_reply),
  ?assertEqual(405, Status),
  ?assertEqual(#{<<"error">> => <<"Method not allowed">>}, jsx:decode(RespBody, [return_maps])).

%% ── Функции подсчёта (мок mnesia) ──────────────────────
test_count_functions() ->
  ?assertEqual(0, admin_handler_stats:count_users()),
  ?assertEqual(0, admin_handler_stats:count_events()).