"""
This module ensures root user only endpoints do return a correctly formatted 401 when user is not the root user for the org
DELETE endpoints are not tested
"""

import pytest
from httpx import AsyncClient

pytestmark = [
	pytest.mark.auth,
	pytest.mark.root_user,
]


@pytest.mark.anyio
async def test_get_org_auth_root(no_su_client: AsyncClient):
	resp = await no_su_client.get("/org?org_id=2")
	assert resp.status_code != 422
	assert resp.status_code == 403
	assert "Must be the org's root user" in resp.json()["detail"]


@pytest.mark.anyio
async def test_patch_org_questionnaire_auth_root(no_su_client: AsyncClient):
	resp = await no_su_client.patch(
		"/org/questionnaire",
		json={
			"organisation_id": 2,
			"intake_questionnaire": {
				"question_one": "new answer one",
				"question_two": None,
				"question_three": None,
			},
			"partial": True,
		},
	)
	assert resp.status_code != 422
	assert resp.status_code == 403
	assert "Must be the org's root user" in resp.json()["detail"]


@pytest.mark.anyio
async def test_get_org_users_auth_root(no_su_client: AsyncClient):
	resp = await no_su_client.get("/org/users?org_id=2")
	assert resp.status_code != 422
	assert resp.status_code == 403
	assert "Must be the org's root user" in resp.json()["detail"]


@pytest.mark.anyio
async def test_get_org_groups_auth_root(no_su_client: AsyncClient):
	resp = await no_su_client.get("/org/groups?org_id=2")
	assert resp.status_code != 422
	assert resp.status_code == 403
	assert "Must be the org's root user" in resp.json()["detail"]


@pytest.mark.anyio
async def test_get_org_contact_auth_root(no_su_client: AsyncClient):
	resp = await no_su_client.get("/org/contact?org_id=2&contact_type=billing")
	assert resp.status_code != 422
	assert resp.status_code == 403
	assert "Must be the org's root user" in resp.json()["detail"]


@pytest.mark.anyio
async def test_patch_org_contact_auth_root(no_su_client: AsyncClient):
	resp = await no_su_client.patch(
		"/org/contact",
		json={
			"organisation_id": 2,
			"contact_type": "billing",
			"email": "user@example.com",
		},
	)
	assert resp.status_code != 422
	assert resp.status_code == 403
	assert "Must be the org's root user" in resp.json()["detail"]


@pytest.mark.anyio
async def test_get_service_auth_root(no_su_client: AsyncClient):
	resp = await no_su_client.get("/service?org_id=2")
	assert resp.status_code != 422
	assert resp.status_code == 403
	assert "Must be the org's root user" in resp.json()["detail"]


@pytest.mark.anyio
async def test_get_iam_group_permissions_auth_root(no_su_client: AsyncClient):
	resp = await no_su_client.get("/iam/group/permissions?org_id=2&group_id=1")
	assert resp.status_code != 422
	assert resp.status_code == 403
	assert "Must be the org's root user" in resp.json()["detail"]


@pytest.mark.anyio
async def test_get_iam_group_users_auth_root(no_su_client: AsyncClient):
	resp = await no_su_client.get("/iam/group/users?org_id=2&group_id=1")
	assert resp.status_code != 422
	assert resp.status_code == 403
	assert "Must be the org's root user" in resp.json()["detail"]


@pytest.mark.anyio
async def test_post_iam_group_auth_root(no_su_client: AsyncClient):
	resp = await no_su_client.post(
		"/iam/group", json={"name": "New Group", "organisation_id": 2}
	)
	assert resp.status_code != 422
	assert resp.status_code == 403
	assert "Must be the org's root user" in resp.json()["detail"]


@pytest.mark.anyio
async def test_put_iam_group_permission_auth_root(no_su_client: AsyncClient):
	resp = await no_su_client.put(
		"/iam/group/permission",
		json={"permission_id": 1, "group_id": 2, "organisation_id": 2},
	)
	assert resp.status_code != 422
	assert resp.status_code == 403
	assert "Must be the org's root user" in resp.json()["detail"]


@pytest.mark.anyio
async def test_put_iam_group_user_auth_root(
	no_su_client: AsyncClient,
):
	resp = await no_su_client.put(
		"/iam/group/user", json={"user_id": 2, "group_id": 1, "organisation_id": 2}
	)
	assert resp.status_code != 422
	assert resp.status_code == 403
	assert "Must be the org's root user" in resp.json()["detail"]


@pytest.mark.anyio
async def test_get_iam_permissions_auth_root(no_su_client: AsyncClient):
	resp = await no_su_client.get("/iam/permissions?org_id=2")
	assert resp.status_code != 422
	assert resp.status_code == 403
	assert "Must be the org's root user" in resp.json()["detail"]


@pytest.mark.anyio
async def test_post_iam_permissions_search_auth_root(no_su_client: AsyncClient):
	resp = await no_su_client.post(
		"/iam/permissions/search", json={"organisation_id": 2, "action": "read"}
	)
	assert resp.status_code != 422
	assert resp.status_code == 403
	assert "Must be the org's root user" in resp.json()["detail"]