"""FluentGerman.ai — User management tests."""

import pytest
from httpx import AsyncClient


@pytest.mark.asyncio
async def test_create_user(client: AsyncClient, admin_token: str):
    """Admin can create a new client."""
    resp = await client.post(
        "/api/users/",
        json={"username": "alice", "email": "alice@test.com", "password": "pass123"},
        headers={"Authorization": f"Bearer {admin_token}"},
    )
    assert resp.status_code == 201
    data = resp.json()
    assert data["username"] == "alice"
    assert data["is_admin"] is False
    assert data["is_active"] is True


@pytest.mark.asyncio
async def test_create_duplicate_user(client: AsyncClient, admin_token: str):
    """Duplicate username/email returns 409."""
    headers = {"Authorization": f"Bearer {admin_token}"}
    await client.post(
        "/api/users/",
        json={"username": "bob", "email": "bob@test.com", "password": "pass"},
        headers=headers,
    )
    resp = await client.post(
        "/api/users/",
        json={"username": "bob", "email": "bob2@test.com", "password": "pass"},
        headers=headers,
    )
    assert resp.status_code == 409


@pytest.mark.asyncio
async def test_list_users(client: AsyncClient, admin_token: str):
    """Admin can list all clients."""
    headers = {"Authorization": f"Bearer {admin_token}"}
    await client.post(
        "/api/users/",
        json={"username": "charlie", "email": "charlie@test.com", "password": "pass"},
        headers=headers,
    )
    resp = await client.get("/api/users/", headers=headers)
    assert resp.status_code == 200
    users = resp.json()
    assert len(users) >= 1
    assert any(u["username"] == "charlie" for u in users)


@pytest.mark.asyncio
async def test_update_user(client: AsyncClient, admin_token: str):
    """Admin can update a client."""
    headers = {"Authorization": f"Bearer {admin_token}"}
    create_resp = await client.post(
        "/api/users/",
        json={"username": "dave", "email": "dave@test.com", "password": "pass"},
        headers=headers,
    )
    user_id = create_resp.json()["id"]

    resp = await client.put(
        f"/api/users/{user_id}",
        json={"username": "dave_updated"},
        headers=headers,
    )
    assert resp.status_code == 200
    assert resp.json()["username"] == "dave_updated"


@pytest.mark.asyncio
async def test_delete_user(client: AsyncClient, admin_token: str):
    """Admin can delete a client."""
    headers = {"Authorization": f"Bearer {admin_token}"}
    create_resp = await client.post(
        "/api/users/",
        json={"username": "eve", "email": "eve@test.com", "password": "pass"},
        headers=headers,
    )
    user_id = create_resp.json()["id"]

    resp = await client.delete(f"/api/users/{user_id}", headers=headers)
    assert resp.status_code == 204


@pytest.mark.asyncio
async def test_non_admin_cannot_manage_users(client: AsyncClient, user_token: str):
    """Regular user cannot access user management."""
    headers = {"Authorization": f"Bearer {user_token}"}
    resp = await client.get("/api/users/", headers=headers)
    assert resp.status_code == 403