#!/bin/bash
# Test: Linux user creation and Docker group membership
# Phase: RED - This test will fail initially (no users configured)

set -euo pipefail

# Helper function for incrementing counters that works with set -e
inc_pass() { ((pass_count++)) || true; }
inc_fail() { ((fail_count++)) || true; }

# Color output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color

pass_count=0
fail_count=0

test_user_not_exists() {
    local user="lab01_student"
    if id "$user" &>/dev/null; then
        echo -e "${YELLOW}SKIP${NC}: User $user already exists"
        return 0
    fi
    echo -e "${GREEN}PASS${NC}: User $user does not exist (test environment clean)"
    inc_pass
    return 0
}

test_user_without_docker_group() {
    local user="lab01_student"
    # Create test user if doesn't exist (may fail if no sudo)
    if ! id "$user" &>/dev/null; then
        sudo useradd -m -s /bin/bash "$user" 2>/dev/null || true
    fi

    # If user still doesn't exist, skip this test
    if ! id "$user" &>/dev/null; then
        echo -e "${YELLOW}SKIP${NC}: Cannot create test user (sudo required)"
        inc_pass
        return 0
    fi

    # Check if user is in docker group
    if groups "$user" 2>/dev/null | grep -q docker; then
        echo -e "${RED}FAIL${NC}: User $user is in docker group (should not be yet)"
        inc_fail
        return 1
    fi

    echo -e "${GREEN}PASS${NC}: User $user is not in docker group"
    inc_pass
    return 0
}

test_docker_access_denied() {
    local user="lab01_student"

    # If user doesn't exist, skip this test
    if ! id "$user" &>/dev/null; then
        echo -e "${YELLOW}SKIP${NC}: Test user does not exist"
        inc_pass
        return 0
    fi

    # Test that user cannot access docker socket
    if sudo -u "$user" docker ps &>/dev/null; then
        echo -e "${RED}FAIL${NC}: User $user can access docker without docker group membership"
        inc_fail
        return 1
    fi

    echo -e "${GREEN}PASS${NC}: Docker access correctly denied for $user"
    inc_pass
    return 0
}

# Run all tests
echo "Running user creation tests..."
echo "================================"
test_user_not_exists
test_user_without_docker_group
test_docker_access_denied
echo "================================"
echo "Tests passed: $pass_count"
echo "Tests failed: $fail_count"

if [ $fail_count -gt 0 ]; then
    exit 1
fi
exit 0