import unittest

from admin_app.db.write_governance import (
    AdminWriteGovernanceViolation,
    build_admin_write_governance_payload,
    ensure_direct_admin_write_allowed,
    enforce_admin_session_write_governance,
)


class _FakeTabledObject:
    def __init__(self, table_name: str):
        self.__tablename__ = table_name


class AdminWriteGovernanceTests(unittest.TestCase):
    def test_payload_exposes_internal_allowlist_and_governed_targets(self):
        payload = build_admin_write_governance_payload()

        self.assertEqual(payload["mode"], "admin_internal_tables_only")
        self.assertEqual(
            payload["allowed_direct_write_tables"],
            ["admin_audit_logs", "staff_accounts", "staff_sessions"],
        )
        self.assertIn("sales_orders", payload["blocked_operational_dataset_keys"])
        self.assertIn("orders", payload["blocked_product_source_tables"])
        self.assertIn("conversation_turns", payload["blocked_product_source_tables"])
        self.assertIn("atendimento_runtime_profile", payload["governed_configuration_keys"])
        self.assertIn("bot_behavior_policy", payload["governed_configuration_keys"])

    def test_internal_admin_tables_are_allowed_for_direct_write(self):
        ensure_direct_admin_write_allowed("staff_accounts")
        ensure_direct_admin_write_allowed("staff_sessions")
        ensure_direct_admin_write_allowed("admin_audit_logs")

    def test_unknown_or_product_tables_raise_governance_violation(self):
        with self.assertRaises(AdminWriteGovernanceViolation):
            ensure_direct_admin_write_allowed("orders")

        with self.assertRaises(AdminWriteGovernanceViolation):
            ensure_direct_admin_write_allowed("conversation_turns")

    def test_session_guard_accepts_only_internal_admin_tables(self):
        enforce_admin_session_write_governance(
            new=(_FakeTabledObject("staff_accounts"),),
            dirty=(_FakeTabledObject("staff_sessions"),),
            deleted=(_FakeTabledObject("admin_audit_logs"),),
        )

    def test_session_guard_blocks_direct_operational_write_attempt(self):
        with self.assertRaises(AdminWriteGovernanceViolation) as context:
            enforce_admin_session_write_governance(
                new=(_FakeTabledObject("orders"),),
            )

        self.assertIn("fluxo governado, versionado e auditavel", str(context.exception))


if __name__ == "__main__":
    unittest.main()