# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements.  See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership.  The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License.  You may obtain a copy of the License at
#
#   http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied.  See the License for the
# specific language governing permissions and limitations
# under the License.
import json
from unittest.mock import patch

import pytest
from flask_appbuilder.security.sqla.models import User
from sqlalchemy.orm import Session

from superset.dashboards.commands.exceptions import DashboardAccessDeniedError
from superset.extensions import cache_manager
from superset.models.dashboard import Dashboard
from superset.temporary_cache.commands.entry import Entry
from superset.temporary_cache.utils import cache_key
from tests.integration_tests.base_tests import login
from tests.integration_tests.fixtures.client import client
from tests.integration_tests.fixtures.world_bank_dashboard import (
    load_world_bank_dashboard_with_slices,
    load_world_bank_data,
)
from tests.integration_tests.test_app import app

KEY = "test-key"
INITIAL_VALUE = json.dumps({"test": "initial value"})
UPDATED_VALUE = json.dumps({"test": "updated value"})


@pytest.fixture
def dashboard_id(load_world_bank_dashboard_with_slices) -> int:
    with app.app_context() as ctx:
        session: Session = ctx.app.appbuilder.get_session
        dashboard = session.query(Dashboard).filter_by(slug="world_health").one()
        return dashboard.id


@pytest.fixture
def admin_id() -> int:
    with app.app_context() as ctx:
        session: Session = ctx.app.appbuilder.get_session
        admin = session.query(User).filter_by(username="admin").one_or_none()
        return admin.id


@pytest.fixture(autouse=True)
def cache(dashboard_id, admin_id):
    entry: Entry = {"owner": admin_id, "value": INITIAL_VALUE}
    cache_manager.filter_state_cache.set(cache_key(dashboard_id, KEY), entry)


def test_post(client, dashboard_id: int):
    login(client, "admin")
    payload = {
        "value": INITIAL_VALUE,
    }
    resp = client.post(f"api/v1/dashboard/{dashboard_id}/filter_state", json=payload)
    assert resp.status_code == 201


def test_post_bad_request_non_string(client, dashboard_id: int):
    login(client, "admin")
    payload = {
        "value": 1234,
    }
    resp = client.post(f"api/v1/dashboard/{dashboard_id}/filter_state", json=payload)
    assert resp.status_code == 400


def test_post_bad_request_non_json_string(client, dashboard_id: int):
    login(client, "admin")
    payload = {
        "value": "foo",
    }
    resp = client.post(f"api/v1/dashboard/{dashboard_id}/filter_state", json=payload)
    assert resp.status_code == 400


@patch("superset.security.SupersetSecurityManager.raise_for_dashboard_access")
def test_post_access_denied(mock_raise_for_dashboard_access, client, dashboard_id: int):
    login(client, "admin")
    mock_raise_for_dashboard_access.side_effect = DashboardAccessDeniedError()
    payload = {
        "value": INITIAL_VALUE,
    }
    resp = client.post(f"api/v1/dashboard/{dashboard_id}/filter_state", json=payload)
    assert resp.status_code == 403


def test_post_same_key_for_same_tab_id(client, dashboard_id: int):
    login(client, "admin")
    payload = {
        "value": INITIAL_VALUE,
    }
    resp = client.post(
        f"api/v1/dashboard/{dashboard_id}/filter_state?tab_id=1", json=payload
    )
    data = json.loads(resp.data.decode("utf-8"))
    first_key = data.get("key")
    resp = client.post(
        f"api/v1/dashboard/{dashboard_id}/filter_state?tab_id=1", json=payload
    )
    data = json.loads(resp.data.decode("utf-8"))
    second_key = data.get("key")
    assert first_key == second_key


def test_post_different_key_for_different_tab_id(client, dashboard_id: int):
    login(client, "admin")
    payload = {
        "value": INITIAL_VALUE,
    }
    resp = client.post(
        f"api/v1/dashboard/{dashboard_id}/filter_state?tab_id=1", json=payload
    )
    data = json.loads(resp.data.decode("utf-8"))
    first_key = data.get("key")
    resp = client.post(
        f"api/v1/dashboard/{dashboard_id}/filter_state?tab_id=2", json=payload
    )
    data = json.loads(resp.data.decode("utf-8"))
    second_key = data.get("key")
    assert first_key != second_key


def test_post_different_key_for_no_tab_id(client, dashboard_id: int):
    login(client, "admin")
    payload = {
        "value": INITIAL_VALUE,
    }
    resp = client.post(f"api/v1/dashboard/{dashboard_id}/filter_state", json=payload)
    data = json.loads(resp.data.decode("utf-8"))
    first_key = data.get("key")
    resp = client.post(f"api/v1/dashboard/{dashboard_id}/filter_state", json=payload)
    data = json.loads(resp.data.decode("utf-8"))
    second_key = data.get("key")
    assert first_key != second_key


def test_put(client, dashboard_id: int):
    login(client, "admin")
    payload = {
        "value": UPDATED_VALUE,
    }
    resp = client.put(
        f"api/v1/dashboard/{dashboard_id}/filter_state/{KEY}", json=payload
    )
    assert resp.status_code == 200


def test_put_same_key_for_same_tab_id(client, dashboard_id: int):
    login(client, "admin")
    payload = {
        "value": INITIAL_VALUE,
    }
    resp = client.put(
        f"api/v1/dashboard/{dashboard_id}/filter_state/{KEY}?tab_id=1", json=payload
    )
    data = json.loads(resp.data.decode("utf-8"))
    first_key = data.get("key")
    resp = client.put(
        f"api/v1/dashboard/{dashboard_id}/filter_state/{KEY}?tab_id=1", json=payload
    )
    data = json.loads(resp.data.decode("utf-8"))
    second_key = data.get("key")
    assert first_key == second_key


def test_put_different_key_for_different_tab_id(client, dashboard_id: int):
    login(client, "admin")
    payload = {
        "value": INITIAL_VALUE,
    }
    resp = client.put(
        f"api/v1/dashboard/{dashboard_id}/filter_state/{KEY}?tab_id=1", json=payload
    )
    data = json.loads(resp.data.decode("utf-8"))
    first_key = data.get("key")
    resp = client.put(
        f"api/v1/dashboard/{dashboard_id}/filter_state/{KEY}?tab_id=2", json=payload
    )
    data = json.loads(resp.data.decode("utf-8"))
    second_key = data.get("key")
    assert first_key != second_key


def test_put_different_key_for_no_tab_id(client, dashboard_id: int):
    login(client, "admin")
    payload = {
        "value": INITIAL_VALUE,
    }
    resp = client.put(
        f"api/v1/dashboard/{dashboard_id}/filter_state/{KEY}", json=payload
    )
    data = json.loads(resp.data.decode("utf-8"))
    first_key = data.get("key")
    resp = client.put(
        f"api/v1/dashboard/{dashboard_id}/filter_state/{KEY}", json=payload
    )
    data = json.loads(resp.data.decode("utf-8"))
    second_key = data.get("key")
    assert first_key != second_key


def test_put_bad_request_non_string(client, dashboard_id: int):
    login(client, "admin")
    payload = {
        "value": 1234,
    }
    resp = client.put(
        f"api/v1/dashboard/{dashboard_id}/filter_state/{KEY}", json=payload
    )
    assert resp.status_code == 400


def test_put_bad_request_non_json_string(client, dashboard_id: int):
    login(client, "admin")
    payload = {
        "value": "foo",
    }
    resp = client.put(
        f"api/v1/dashboard/{dashboard_id}/filter_state/{KEY}", json=payload
    )
    assert resp.status_code == 400


@patch("superset.security.SupersetSecurityManager.raise_for_dashboard_access")
def test_put_access_denied(mock_raise_for_dashboard_access, client, dashboard_id: int):
    login(client, "admin")
    mock_raise_for_dashboard_access.side_effect = DashboardAccessDeniedError()
    payload = {
        "value": UPDATED_VALUE,
    }
    resp = client.put(
        f"api/v1/dashboard/{dashboard_id}/filter_state/{KEY}", json=payload
    )
    assert resp.status_code == 403


def test_put_not_owner(client, dashboard_id: int):
    login(client, "gamma")
    payload = {
        "value": UPDATED_VALUE,
    }
    resp = client.put(
        f"api/v1/dashboard/{dashboard_id}/filter_state/{KEY}", json=payload
    )
    assert resp.status_code == 403


def test_get_key_not_found(client, dashboard_id: int):
    login(client, "admin")
    resp = client.get(f"api/v1/dashboard/{dashboard_id}/filter_state/unknown-key/")
    assert resp.status_code == 404


def test_get_dashboard_not_found(client):
    login(client, "admin")
    resp = client.get(f"api/v1/dashboard/{-1}/filter_state/{KEY}")
    assert resp.status_code == 404


def test_get(client, dashboard_id: int):
    login(client, "admin")
    resp = client.get(f"api/v1/dashboard/{dashboard_id}/filter_state/{KEY}")
    assert resp.status_code == 200
    data = json.loads(resp.data.decode("utf-8"))
    assert INITIAL_VALUE == data.get("value")


@patch("superset.security.SupersetSecurityManager.raise_for_dashboard_access")
def test_get_access_denied(mock_raise_for_dashboard_access, client, dashboard_id):
    login(client, "admin")
    mock_raise_for_dashboard_access.side_effect = DashboardAccessDeniedError()
    resp = client.get(f"api/v1/dashboard/{dashboard_id}/filter_state/{KEY}")
    assert resp.status_code == 403


def test_delete(client, dashboard_id: int):
    login(client, "admin")
    resp = client.delete(f"api/v1/dashboard/{dashboard_id}/filter_state/{KEY}")
    assert resp.status_code == 200


@patch("superset.security.SupersetSecurityManager.raise_for_dashboard_access")
def test_delete_access_denied(
    mock_raise_for_dashboard_access, client, dashboard_id: int
):
    login(client, "admin")
    mock_raise_for_dashboard_access.side_effect = DashboardAccessDeniedError()
    resp = client.delete(f"api/v1/dashboard/{dashboard_id}/filter_state/{KEY}")
    assert resp.status_code == 403


def test_delete_not_owner(client, dashboard_id: int):
    login(client, "gamma")
    resp = client.delete(f"api/v1/dashboard/{dashboard_id}/filter_state/{KEY}")
    assert resp.status_code == 403
