from __future__ import annotations

from app.api.deps import CurrentUserContext
from app.core.config import Settings, get_settings
from app.services.knowledge import KnowledgeService


def test_onlyoffice_config_is_read_only_for_admin_users(tmp_path, monkeypatch) -> None:
    env_file = tmp_path / ".env"
    env_file.write_text(
        "\n".join(
            [
                "ONLYOFFICE_ENABLED=true",
                "ONLYOFFICE_PUBLIC_URL=http://10.10.10.122:8082",
                "ONLYOFFICE_BACKEND_URL=http://main:8000",
                "ONLYOFFICE_JWT_SECRET=change-me-onlyoffice",
            ]
        )
        + "\n",
        encoding="utf-8",
    )
    original_env_file = Settings.model_config.get("env_file")
    monkeypatch.setitem(Settings.model_config, "env_file", (env_file,))
    get_settings.cache_clear()

    try:
        service = KnowledgeService(storage_root=tmp_path)
        service.ensure_library_ready()

        document_id = "readonly-docx"
        folder = "制度政策"
        stored_name = f"{document_id}__制度预览.docx"
        target_path = tmp_path / "knowledge" / folder / stored_name
        target_path.write_bytes(b"fake-docx-content")

        current_user = CurrentUserContext(
            username="admin",
            name="管理员",
            role_codes=["manager"],
            is_admin=True,
        )

        config = service.build_onlyoffice_config(document_id, current_user)
        permissions = config.config["document"]["permissions"]
        customization = config.config["editorConfig"]["customization"]

        assert config.documentServerUrl == "http://10.10.10.122:8082"
        assert config.config["editorConfig"]["mode"] == "view"
        assert permissions["edit"] is False
        assert permissions["download"] is True
        assert customization["autosave"] is False
        assert customization["forcesave"] is False
    finally:
        monkeypatch.setitem(Settings.model_config, "env_file", original_env_file)
        get_settings.cache_clear()