#!/usr/bin/env python3
"""
Test script to verify multi-user data isolation in hermes-web-cli module.
This script simulates multiple users and verifies that they can only access their own data.
"""

import asyncio
import sys
import os

# Add the module path to Python path
sys.path.insert(0, os.path.join(os.path.dirname(__file__), '..'))

from hermes_web_cli.init import (
    get_all_services, create_service, delete_service, get_service_by_id,
    create_session, get_active_sessions, get_recent_sessions, get_session_by_id,
    get_setting, save_setting
)
from hermes_web_cli.user_context import get_current_user_id

# Mock ahserver's get_user function for testing
async def mock_get_user_1():
    return "user1"

async def mock_get_user_2():
    return "user2"

async def test_multiuser_isolation():
    """Test that users can only access their own data."""
    print("Testing multi-user data isolation...")
    
    # Test user 1
    print("\n--- Testing User 1 ---")
    
    # Mock user context for user 1
    import hermes_web_cli.user_context
    hermes_web_cli.user_context.get_user = mock_get_user_1
    
    # Create service for user 1
    service1_id = await create_service(
        name="User1 Service",
        url="http://localhost:8080",
        description="Service for user 1",
        apikey="user1-key"
    )
    print(f"Created service for user 1: {service1_id}")
    
    # Get services for user 1
    services1 = await get_all_services()
    print(f"User 1 sees {len(services1)} services")
    
    # Verify user 1 can access their service
    service1 = await get_service_by_id(service1_id)
    assert service1 is not None, "User 1 should be able to access their own service"
    print("User 1 can access their own service ✓")
    
    # Test user 2
    print("\n--- Testing User 2 ---")
    
    # Mock user context for user 2
    hermes_web_cli.user_context.get_user = mock_get_user_2
    
    # Create service for user 2
    service2_id = await create_service(
        name="User2 Service",
        url="http://localhost:8081",
        description="Service for user 2",
        apikey="user2-key"
    )
    print(f"Created service for user 2: {service2_id}")
    
    # Get services for user 2
    services2 = await get_all_services()
    print(f"User 2 sees {len(services2)} services")
    
    # Verify user 2 can access their service
    service2 = await get_service_by_id(service2_id)
    assert service2 is not None, "User 2 should be able to access their own service"
    print("User 2 can access their own service ✓")
    
    # Verify user 2 cannot access user 1's service
    service1_from_user2 = await get_service_by_id(service1_id)
    assert service1_from_user2 is None, "User 2 should NOT be able to access user 1's service"
    print("User 2 cannot access user 1's service ✓")
    
    # Verify user 1 still only sees their own service
    hermes_web_cli.user_context.get_user = mock_get_user_1
    services1_after = await get_all_services()
    assert len(services1_after) == 1, "User 1 should still only see 1 service"
    print("User 1 still only sees their own service ✓")
    
    # Test sessions
    print("\n--- Testing Session Isolation ---")
    
    # Create session for user 1
    hermes_web_cli.user_context.get_user = mock_get_user_1
    session1_id = await create_session(service1_id, "user1", "Hello from user 1")
    print(f"Created session for user 1: {session1_id}")
    
    # Create session for user 2
    hermes_web_cli.user_context.get_user = mock_get_user_2
    session2_id = await create_session(service2_id, "user2", "Hello from user 2")
    print(f"Created session for user 2: {session2_id}")
    
    # Verify user 1 only sees their session
    hermes_web_cli.user_context.get_user = mock_get_user_1
    sessions1 = await get_active_sessions()
    assert len(sessions1) == 1, "User 1 should only see 1 session"
    assert sessions1[0]['session_id'] == session1_id, "User 1 should see their own session"
    print("User 1 session isolation ✓")
    
    # Verify user 2 only sees their session
    hermes_web_cli.user_context.get_user = mock_get_user_2
    sessions2 = await get_active_sessions()
    assert len(sessions2) == 1, "User 2 should only see 1 session"
    assert sessions2[0]['session_id'] == session2_id, "User 2 should see their own session"
    print("User 2 session isolation ✓")
    
    # Test settings
    print("\n--- Testing Settings Isolation ---")
    
    # Save setting for user 1
    hermes_web_cli.user_context.get_user = mock_get_user_1
    await save_setting("appearance", "theme", "dark")
    
    # Save setting for user 2
    hermes_web_cli.user_context.get_user = mock_get_user_2
    await save_setting("appearance", "theme", "light")
    
    # Verify user 1 gets their setting
    hermes_web_cli.user_context.get_user = mock_get_user_1
    settings1 = await get_setting()
    assert settings1.get('appearance', {}).get('theme') == 'dark', "User 1 should have dark theme"
    print("User 1 settings isolation ✓")
    
    # Verify user 2 gets their setting
    hermes_web_cli.user_context.get_user = mock_get_user_2
    settings2 = await get_setting()
    assert settings2.get('appearance', {}).get('theme') == 'light', "User 2 should have light theme"
    print("User 2 settings isolation ✓")
    
    # Clean up
    print("\n--- Cleaning Up ---")
    hermes_web_cli.user_context.get_user = mock_get_user_1
    await delete_service(service1_id)
    
    hermes_web_cli.user_context.get_user = mock_get_user_2
    await delete_service(service2_id)
    
    print("\n✅ All multi-user isolation tests passed!")

if __name__ == "__main__":
    asyncio.run(test_multiuser_isolation())