<?php

declare(strict_types=1);

namespace App\Tests\Functional\Controller;

use App\Entity\User;
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;

/**
 * @internal
 */
class ShareSettingsTest extends WebTestCase
{
    public function testGetSettingsReturns401WhenNotAuthenticated(): void
    {
        $client = static::createClient();
        $client->request('GET', '/api/settings/share');

        self::assertResponseStatusCodeSame(401);
    }

    public function testGetSettingsReturns403ForRoleUser(): void
    {
        $client    = static::createClient();
        $container = static::getContainer();
        $em        = $container->get('doctrine.orm.entity_manager');

        $user = $em->getRepository(User::class)->findOneBy(['username' => 'alice']);
        $client->loginUser($user);

        $client->request('GET', '/api/settings/share');

        self::assertResponseStatusCodeSame(403);
    }

    public function testAdminCanReadSettingsWithoutPasswordLeak(): void
    {
        $client    = static::createClient();
        $container = static::getContainer();
        $em        = $container->get('doctrine.orm.entity_manager');

        $admin = $em->getRepository(User::class)->findOneBy(['username' => 'admin']);
        $client->loginUser($admin);

        $client->request('GET', '/api/settings/share');

        self::assertResponseIsSuccessful();
        $data = json_decode($client->getResponse()->getContent(), true);
        self::assertArrayHasKey('hasPassword', $data);
        self::assertArrayNotHasKey('password', $data);
        self::assertArrayNotHasKey('encryptedPassword', $data);
    }
}