import type { User } from '../../src/types'

// Mirrors `seed_users` per `_docs/02_document/tests/test-data.md`. Four users
// covering the role / permission combinations the e2e tests rely on.

export const opAlice: User = {
  id: 'user-alice',
  name: 'Alice Operator',
  email: 'op_alice@test.local',
  role: 'Operator',
  isActive: true,
}

export const opBob: User = {
  id: 'user-bob',
  name: 'Bob Operator',
  email: 'op_bob@test.local',
  role: 'Operator',
  isActive: true,
}

export const adminCarol: User = {
  id: 'user-carol',
  name: 'Carol Admin',
  email: 'admin_carol@test.local',
  role: 'Admin',
  isActive: true,
}

export const integratorDave: User = {
  id: 'user-dave',
  name: 'Dave Integrator',
  email: 'integrator_dave@test.local',
  role: 'SystemIntegrator',
  isActive: true,
}

export const seedUsers: User[] = [opAlice, opBob, adminCarol, integratorDave]

// Permissions are a parallel structure — the suite's auth service is the
// authoritative source. Tests that assert RBAC override the
// `/api/admin/users/me` handler with the relevant permission set.
export const seedPermissions: Record<string, string[]> = {
  'user-alice': ['ADMIN_VIEW', 'FLIGHTS_WRITE', 'ANNOTATIONS_WRITE', 'SETTINGS'],
  'user-bob': ['ADMIN_VIEW', 'FLIGHTS_WRITE', 'ANNOTATIONS_WRITE'],
  'user-carol': ['ADMIN_VIEW', 'ADMIN_WRITE', 'FLIGHTS_WRITE', 'ANNOTATIONS_WRITE', 'SETTINGS', 'CLASSES_WRITE'],
  'user-dave': ['ADMIN_VIEW', 'ADMIN_WRITE', 'INTEGRATION'],
}