""" """

import pytest
from httpx import AsyncClient


pytestmark = [
    pytest.mark.auth,
]


@pytest.mark.anyio
async def test_get_org_auth_root_su(default_client: AsyncClient):
    # If a super admin can access a resource when not the root user
    resp = await default_client.get("/org?org_id=2")
    assert resp.status_code != 422
    assert resp.status_code == 200
    assert resp.json()["organisations"][0]["name"] == "Org Two"


# Standardised tests verify if each endpoint has been assigned the correct auth level.
# Sample tests here verify that each auth level works.


@pytest.mark.anyio
async def test_get_org_auth_root(no_su_client: AsyncClient):
    # Sample test. Checks if a non-root user gets blocked on a root endpoint.
    resp = await no_su_client.get("/org?org_id=2")
    assert resp.status_code != 422
    assert resp.status_code == 403
    assert "Must be the org's root user" in resp.json()["detail"]


@pytest.mark.anyio
async def test_get_user_auth_su(no_su_client: AsyncClient):
    # Sample test. Checks if a non-su user gets blocked on a su endpoint.
    resp = await no_su_client.get("/user?user_id=1")
    assert resp.status_code != 422
    assert resp.status_code == 403
    assert resp.json()["detail"] == "Must be super admin"


@pytest.mark.anyio
async def test_get_self_db_auth_user(no_user_client: AsyncClient):
    # Sample test. Checks if a non-user gets blocked on a user endpoint.
    resp = await no_user_client.get("/user/self/db")
    assert resp.status_code != 422
    assert resp.status_code == 401
    assert resp.json()["detail"] == "Not authenticated"