import { test, expect, registerUser } from '../fixtures';

/**
 * Admin Payments E2E tests (TEC-2749).
 *
 * Verifies authorization on POST /admin/payments/:id/confirm-transfer.
 * Full happy-path flow (confirm → payment.COMPLETED + audit log) requires
 * a seeded admin + pending bank-transfer payment and is exercised in
 * the handler unit tests.
 */
test.describe('Admin Payments API — Authorization', () => {
  let regularToken: string;

  test.beforeAll(async ({ request }) => {
    const { accessToken } = await registerUser(request);
    regularToken = accessToken;
  });

  test.describe('POST /admin/payments/:id/confirm-transfer — Confirm bank transfer', () => {
    test('rejects unauthenticated request', async ({ request }) => {
      const res = await request.post('admin/payments/test-payment-id/confirm-transfer', {
        data: { bankReference: 'FT123456' },
      });

      expect(res.status()).toBe(401);
    });

    test('rejects non-admin user', async ({ request }) => {
      const res = await request.post('admin/payments/test-payment-id/confirm-transfer', {
        data: { bankReference: 'FT123456' },
        headers: { Authorization: `Bearer ${regularToken}` },
      });

      expect(res.status()).toBe(403);
    });

    test('rejects non-admin user with empty body', async ({ request }) => {
      const res = await request.post('admin/payments/test-payment-id/confirm-transfer', {
        data: {},
        headers: { Authorization: `Bearer ${regularToken}` },
      });

      expect(res.status()).toBe(403);
    });
  });
});