/* @vitest-environment node */

import { describe, it, expect } from "vitest";
import { getBranchAccess, BRANCH_ACCESS } from "./branchAccess.js";

describe("lib/frontend/rbac/branchAccess", () => {
	it("allows branch users only for their own branch", () => {
		const user = { userId: "u1", role: "branch", branchId: "NL01" };

		expect(getBranchAccess(user, "NL01")).toBe(BRANCH_ACCESS.ALLOWED);
		expect(getBranchAccess(user, "NL02")).toBe(BRANCH_ACCESS.FORBIDDEN);
	});

	it("allows admin/dev users for any branch", () => {
		const admin = { userId: "u2", role: "admin", branchId: null };
		const dev = { userId: "u3", role: "dev", branchId: null };

		expect(getBranchAccess(admin, "NL01")).toBe(BRANCH_ACCESS.ALLOWED);
		expect(getBranchAccess(admin, "NL99")).toBe(BRANCH_ACCESS.ALLOWED);

		expect(getBranchAccess(dev, "NL01")).toBe(BRANCH_ACCESS.ALLOWED);
		expect(getBranchAccess(dev, "NL99")).toBe(BRANCH_ACCESS.ALLOWED);
	});

	it("denies unknown roles and missing data", () => {
		expect(getBranchAccess(null, "NL01")).toBe(BRANCH_ACCESS.FORBIDDEN);

		const weird = { userId: "u9", role: "user", branchId: "NL01" };
		expect(getBranchAccess(weird, "NL01")).toBe(BRANCH_ACCESS.FORBIDDEN);

		const branchNoId = { userId: "u1", role: "branch", branchId: null };
		expect(getBranchAccess(branchNoId, "NL01")).toBe(BRANCH_ACCESS.FORBIDDEN);
	});
});