-- Test user_profile
set client_min_messages to warning;
create extension if not exists pgtap;
reset client_min_messages;

begin;

select plan(53);

set search_path to camper, auth, public;

select has_view('user_profile');
select table_privs_are('user_profile', 'guest', array ['SELECT']);
select table_privs_are('user_profile', 'employee', array ['SELECT']);
select table_privs_are('user_profile', 'admin', array ['SELECT']);
select table_privs_are('user_profile', 'authenticator', array []::text[]);

select has_column('user_profile', 'user_id');
select col_type_is('user_profile', 'user_id', 'integer');
select column_privs_are('user_profile', 'user_id', 'guest', array ['SELECT']);
select column_privs_are('user_profile', 'user_id', 'employee', array ['SELECT']);
select column_privs_are('user_profile', 'user_id', 'admin', array ['SELECT']);
select column_privs_are('user_profile', 'user_id', 'authenticator', array []::text[]);

select has_column('user_profile', 'email');
select col_type_is('user_profile', 'email', 'email');
select column_privs_are('user_profile', 'email', 'guest', array ['SELECT']);
select column_privs_are('user_profile', 'email', 'employee', array ['SELECT', 'UPDATE']);
select column_privs_are('user_profile', 'email', 'admin', array ['SELECT', 'UPDATE']);
select column_privs_are('user_profile', 'email', 'authenticator', array []::text[]);

select has_column('user_profile', 'name');
select col_type_is('user_profile', 'name', 'text');
select column_privs_are('user_profile', 'name', 'guest', array ['SELECT']);
select column_privs_are('user_profile', 'name', 'employee', array ['SELECT', 'UPDATE']);
select column_privs_are('user_profile', 'name', 'admin', array ['SELECT', 'UPDATE']);
select column_privs_are('user_profile', 'name', 'authenticator', array []::text[]);

select has_column('user_profile', 'role');
select col_type_is('user_profile', 'role', 'name');
select column_privs_are('user_profile', 'role', 'guest', array ['SELECT']);
select column_privs_are('user_profile', 'role', 'employee', array ['SELECT']);
select column_privs_are('user_profile', 'role', 'admin', array ['SELECT']);
select column_privs_are('user_profile', 'role', 'authenticator', array []::text[]);

select has_column('user_profile', 'lang_tag');
select col_type_is('user_profile', 'lang_tag', 'text');
select column_privs_are('user_profile', 'lang_tag', 'guest', array ['SELECT']);
select column_privs_are('user_profile', 'lang_tag', 'employee', array ['SELECT', 'UPDATE']);
select column_privs_are('user_profile', 'lang_tag', 'admin', array ['SELECT', 'UPDATE']);
select column_privs_are('user_profile', 'lang_tag', 'authenticator', array []::text[]);

select has_column('user_profile', 'csrf_token');
select col_type_is('user_profile', 'csrf_token', 'text');
select column_privs_are('user_profile', 'csrf_token', 'guest', array ['SELECT']);
select column_privs_are('user_profile', 'csrf_token', 'employee', array ['SELECT']);
select column_privs_are('user_profile', 'csrf_token', 'admin', array ['SELECT']);
select column_privs_are('user_profile', 'csrf_token', 'authenticator', array []::text[]);


set client_min_messages to warning;
truncate company_host cascade;
truncate company_user cascade;
truncate company cascade;
truncate auth."user" cascade;
reset client_min_messages;

insert into auth."user" (user_id, email, name, password, cookie, cookie_expires_at, lang_tag)
values (1, 'demo@tandem.blog', 'Demo', 'test', '44facbb30d8a419dfd4bfbc44a4b5539d4970148dfc84bed0e', current_timestamp + interval '1 month', 'ca')
     , (5, 'admin@tandem.blog', 'Admin', 'test', '12af4c88b528c2ad4222e3740496ecbc58e76e26f087657524', current_timestamp + interval '1 month', 'es')
     , (7, 'another@tandem.blog', 'Another Admin', 'test', default, default, default)
;

insert into company (company_id, business_name, vatin, trade_name, phone, email, web, address, city, province, postal_code, rtc_number, tourist_tax, tourist_tax_max_days, country_code, currency_code, default_lang_tag)
values (2, 'Company 2', 'XX123', '', '555-555-555', 'a@a', '', '', '', '', '', '', 60, 7, 'ES', 'EUR', 'ca')
     , (4, 'Company 4', 'XX234', '', '666-666-666', 'b@b', '', '', '', '', '', '', 60, 7, 'FR', 'USD', 'es')
;

insert into company_user (company_id, user_id, role)
values (2, 1, 'employee')
     , (4, 5, 'admin')
     , (4, 7, 'admin')
;

insert into company_host (company_id, host)
values (2, 'co2')
     , (4, 'co4')
;

prepare profile as
select user_id, company_id, email, name, role, lang_tag, csrf_token
from user_profile;

select set_config('request.user.cookie', '', false);

select results_eq(
	'profile',
	$$ values (0, 0, null::email, '', 'guest'::name, 'und', '') $$,
	'Should be set up with the guest user when no user logged in yet.'
);

select set_cookie('44facbb30d8a419dfd4bfbc44a4b5539d4970148dfc84bed0e/demo@tandem.blog', 'co2');

select results_eq(
	'profile',
	$$ values (1, 2, 'demo@tandem.blog'::email, 'Demo', 'employee'::name, 'ca', '44facbb30d') $$,
	'Should only see the profile of the first user'
);

select lives_ok($$
	update user_profile
	set email = 'demo+update@tandem.blog'
	, name = 'Demo Update'
	, lang_tag = 'es';
	$$,
	'Should be able to update the first profile'
);

select throws_ok(
	$$ update user_profile set user_id = 123 $$,
	'42501', 'permission denied for view user_profile',
	'Should not be able to change the ID'
);

select throws_ok(
	$$ update user_profile set role = 'admin' $$,
	'42501', 'permission denied for view user_profile',
	'Should not be able to change the ID'
);

select results_eq(
	'profile',
	$$ values (1, 2, 'demo+update@tandem.blog'::email, 'Demo Update', 'employee'::name, 'es', '44facbb30d') $$,
	'Should see the changed profile of the first user'
);

reset role;

select set_cookie('12af4c88b528c2ad4222e3740496ecbc58e76e26f087657524/admin@tandem.blog', 'co4');

select results_eq(
	'profile',
	$$ values (5, 4, 'admin@tandem.blog'::email, 'Admin', 'admin'::name, 'es', '12af4c88b5') $$,
	'Should only see the profile of the second user'
);

select lives_ok($$
	update user_profile
	set email = 'admin+update@tandem.blog'
	, name = 'Admin Update'
	, lang_tag = 'ca';
	$$,
	'Should be able to update the second profile'
);

select throws_ok(
	$$ update user_profile set user_id = 123 $$,
	'42501', 'permission denied for view user_profile',
	'Should not be able to change the ID'
);

select throws_ok(
	$$ update user_profile set role = 'employee' $$,
	'42501', 'permission denied for view user_profile',
	'Should not be able to change the ID'
);

select results_eq(
	'profile',
	$$ values (5, 4, 'admin+update@tandem.blog'::email, 'Admin Update', 'admin'::name, 'ca', '12af4c88b5') $$,
	'Should see the changed profile of the first user'
);

reset role;

select results_eq(
	$$ select user_id, email, name, lang_tag from auth."user" order by user_id $$,
	$$ values (1, 'demo+update@tandem.blog'::email, 'Demo Update', 'es')
	        , (5, 'admin+update@tandem.blog'::email, 'Admin Update', 'ca')
	        , (7, 'another@tandem.blog'::email, 'Another Admin', 'und')
	$$,
	'Should have updated the base table’s data'
);

select *
from finish();

rollback;