module ApiHelper
  extend ActiveSupport::Concern

  included do
    let(:user) { create(:user) }
    let(:api_scopes) { [] } # empty scopes for stricter testing (in reality this would be default_scopes)
    let(:api_access_token) do
      create(:oauth2_access_token, resource_owner_id: user.id, scopes: api_scopes&.join(' ')).token
    end
    let(:Authorization) { "Bearer #{api_access_token}" } # rubocop:disable  RSpec/VariableName

    def self.it_handles_invalid_token
      context 'with invalid access token' do
        let(:Authorization) { 'abc' } # rubocop:disable  RSpec/VariableName

        response 401, 'not logged-in' do
          schema '$ref' => '#/components/schemas/Error401'
          run_test!
        end
      end
    end

    def self.it_handles_invalid_token_with_id
      context 'with invalid access token' do
        let(:Authorization) { 'abc' } # rubocop:disable  RSpec/VariableName
        let(:id) { 42 } # id doesn't matter here

        response 401, 'not logged-in' do
          schema '$ref' => '#/components/schemas/Error401'
          run_test!
        end
      end
    end

    def self.it_handles_invalid_scope(description = 'missing scope')
      context 'with invalid scope' do
        let(:api_scopes) { ['none'] }

        response 403, description do
          schema '$ref' => '#/components/schemas/Error403'
          run_test!
        end
      end
    end

    def self.it_handles_invalid_scope_with_id(description = 'missing scope')
      context 'with invalid scope' do
        let(:api_scopes) { ['none'] }
        let(:id) { 42 } # id doesn't matter here

        response 403, description do
          schema '$ref' => '#/components/schemas/Error403'
          run_test!
        end
      end
    end

    def self.it_cannot_find_object(description = 'not found')
      let(:id) { 'invalid' }

      response 404, description do
        schema '$ref' => '#/components/schemas/Error404'
        run_test!
      end
    end

    def self.it_handles_invalid_token_and_scope(*args)
      it_handles_invalid_token(*args)
      it_handles_invalid_scope(*args)
    end

    def self.id_url_param
      parameter name: :id, in: :path, type: :integer, required: true
    end

    def self.pagination_param
      parameter name: :per_page, in: :query, type: :integer, required: false
      parameter name: :page, in: :query, type: :integer, required: false
    end

    def self.q_ordered_url_param
      parameter name: :q, in: :query, required: false,
                description: "'member' show articles ordered by the user's ordergroup, 'all' by all members, and 'supplier' ordered at the supplier",
                schema: {
                  type: :object,
                  properties: {
                    ordered: { '$ref' => '#/components/schemas/q_ordered' }
                  }
                }
    end
  end
end