---
- name: fail to set invalid right
  win_user_right:
    name: FailRight
    users: Administrator
  register: fail_invalid_right
  failed_when: fail_invalid_right.msg != 'the specified right FailRight is not a valid right'

- name: fail with invalid username
  win_user_right:
    name: '{{test_win_user_right_name}}'
    users: FakeUser
  register: fail_invalid_user
  failed_when: "'Account Name: FakeUser is not a valid account, cannot get SID' not in fail_invalid_user.msg"

- name: remove from empty right check
  win_user_right:
    name: '{{test_win_user_right_name}}'
    users: ['Administrator', 'Administrators']
    action: remove
  register: remove_empty_right_check
  check_mode: yes

- name: assert remove from empty right check
  assert:
    that:
    - remove_empty_right_check is not changed
    - remove_empty_right_check.added == []
    - remove_empty_right_check.removed == []

- name: remove from empty right
  win_user_right:
    name: '{{test_win_user_right_name}}'
    users: ['Administrator', 'Administrators']
    action: remove
  register: remove_empty_right
  check_mode: yes

- name: assert remove from empty right
  assert:
    that:
    - remove_empty_right is not changed
    - remove_empty_right.added == []
    - remove_empty_right.removed == []

- name: set administrator check
  win_user_right:
    name: '{{test_win_user_right_name}}'
    users: Administrator
    action: set
  register: set_administrator_check
  check_mode: yes

- name: get actual set administrator check
  test_get_right:
    name: '{{test_win_user_right_name}}'
  register: set_administrator_actual_check

- name: assert set administrator check
  assert:
    that:
    - set_administrator_check is changed
    - set_administrator_check.added == ["{{ansible_hostname}}\\Administrator"]
    - set_administrator_check.removed == []
    - set_administrator_actual_check.users == []

- name: set administrator
  win_user_right:
    name: '{{test_win_user_right_name}}'
    users: Administrator
    action: set
  register: set_administrator

- name: get actual set administrator
  test_get_right:
    name: '{{test_win_user_right_name}}'
  register: set_administrator_actual

- name: assert set administrator check
  assert:
    that:
    - set_administrator is changed
    - set_administrator.added == ["{{ansible_hostname}}\\Administrator"]
    - set_administrator.removed == []
    - set_administrator_actual.users == ['Administrator']

- name: set administrator again
  win_user_right:
    name: '{{test_win_user_right_name}}'
    users: Administrator
    action: set
  register: set_administrator_again

- name: assert set administrator check
  assert:
    that:
    - set_administrator_again is not changed
    - set_administrator_again.added == []
    - set_administrator_again.removed == []

- name: remove from right check
  win_user_right:
    name: '{{test_win_user_right_name}}'
    users: ['Administrator', 'Guests', '{{ansible_hostname}}\Users', '.\Backup Operators']
    action: remove
  register: remove_right_check
  check_mode: yes

- name: get actual remove from right check
  test_get_right:
    name: '{{test_win_user_right_name}}'
  register: remove_right_actual_check

- name: assert remove from right check
  assert:
    that:
    - remove_right_check is changed
    - remove_right_check.removed == ["{{ansible_hostname}}\\Administrator"]
    - remove_right_check.added == []
    - remove_right_actual_check.users == ['Administrator']

- name: remove from right
  win_user_right:
    name: '{{test_win_user_right_name}}'
    users: ['Administrator', 'Guests', '{{ansible_hostname}}\Users', '.\Backup Operators']
    action: remove
  register: remove_right

- name: get actual remove from right
  test_get_right:
    name: '{{test_win_user_right_name}}'
  register: remove_right_actual

- name: assert remove from right
  assert:
    that:
    - remove_right is changed
    - remove_right.removed == ["{{ansible_hostname}}\\Administrator"]
    - remove_right.added == []
    - remove_right_actual.users == []

- name: remove from right again
  win_user_right:
    name: '{{test_win_user_right_name}}'
    users: ['Administrator', 'Guests', '{{ansible_hostname}}\Users', '.\Backup Operators']
    action: remove
  register: remove_right_again

- name: assert remove from right
  assert:
    that:
    - remove_right_again is not changed
    - remove_right_again.removed == []
    - remove_right_again.added == []

- name: add to empty right check
  win_user_right:
    name: '{{test_win_user_right_name}}'
    users: ['Administrator', 'Administrators']
    action: add
  register: add_right_on_empty_check
  check_mode: yes

- name: get actual add to empty right check
  test_get_right:
    name: '{{test_win_user_right_name}}'
  register: add_right_on_empty_actual_check

- name: assert add to empty right check
  assert:
    that:
    - add_right_on_empty_check is changed
    - add_right_on_empty_check.removed == []
    - add_right_on_empty_check.added == ["{{ansible_hostname}}\\Administrator", "BUILTIN\\Administrators"]
    - add_right_on_empty_actual_check.users == []

- name: add to empty right
  win_user_right:
    name: '{{test_win_user_right_name}}'
    users: ['Administrator', 'Administrators']
    action: add
  register: add_right_on_empty

- name: get actual add to empty right
  test_get_right:
    name: '{{test_win_user_right_name}}'
  register: add_right_on_empty_actual

- name: assert add to empty right
  assert:
    that:
    - add_right_on_empty is changed
    - add_right_on_empty.removed == []
    - add_right_on_empty.added == ["{{ansible_hostname}}\\Administrator", "BUILTIN\\Administrators"]
    - add_right_on_empty_actual.users == ["Administrator", "BUILTIN\\Administrators"]

- name: add to empty right again
  win_user_right:
    name: '{{test_win_user_right_name}}'
    users: ['Administrator', 'Administrators']
    action: add
  register: add_right_on_empty_again

- name: assert add to empty right
  assert:
    that:
    - add_right_on_empty_again is not changed
    - add_right_on_empty_again.removed == []
    - add_right_on_empty_again.added == []

- name: add to existing right check
  win_user_right:
    name: '{{test_win_user_right_name}}'
    users: ['Administrator', 'Guests', '{{ansible_hostname}}\Users']
    action: add
  register: add_right_on_existing_check
  check_mode: yes

- name: get actual add to existing right check
  test_get_right:
    name: '{{test_win_user_right_name}}'
  register: add_right_on_existing_actual_check

- name: assert add to existing right check
  assert:
    that:
    - add_right_on_existing_check is changed
    - add_right_on_existing_check.removed == []
    - add_right_on_existing_check.added == ["BUILTIN\\Guests", "BUILTIN\\Users"]
    - add_right_on_existing_actual_check.users == ["Administrator", "BUILTIN\\Administrators"]

- name: add to existing right
  win_user_right:
    name: '{{test_win_user_right_name}}'
    users: ['Administrator', 'Guests', '{{ansible_hostname}}\Users']
    action: add
  register: add_right_on_existing

- name: get actual add to existing right
  test_get_right:
    name: '{{test_win_user_right_name}}'
  register: add_right_on_existing_actual

- name: assert add to existing right
  assert:
    that:
    - add_right_on_existing is changed
    - add_right_on_existing.removed == []
    - add_right_on_existing.added == ["BUILTIN\\Guests", "BUILTIN\\Users"]
    - add_right_on_existing_actual.users == ["Administrator", "BUILTIN\\Administrators", "BUILTIN\\Users", "BUILTIN\\Guests"]

- name: add to existing right again
  win_user_right:
    name: '{{test_win_user_right_name}}'
    users: ['Administrator', 'Guests', '{{ansible_hostname}}\Users']
    action: add
  register: add_right_on_existing_again

- name: assert add to existing right
  assert:
    that:
    - add_right_on_existing_again is not changed
    - add_right_on_existing_again.removed == []
    - add_right_on_existing_again.added == []

- name: remove from existing check
  win_user_right:
    name: '{{test_win_user_right_name}}'
    users: ['Guests', 'Administrator']
    action: remove
  register: remove_on_existing_check
  check_mode: yes

- name: get actual remove from existing check
  test_get_right:
    name: '{{test_win_user_right_name}}'
  register: remove_on_existing_actual_check

- name: assert remove from existing check
  assert:
    that:
    - remove_on_existing_check is changed
    - remove_on_existing_check.removed == ["BUILTIN\\Guests", "{{ansible_hostname}}\\Administrator"]
    - remove_on_existing_check.added == []
    - remove_on_existing_actual_check.users == ["Administrator", "BUILTIN\\Administrators", "BUILTIN\\Users", "BUILTIN\\Guests"]

- name: remove from existing
  win_user_right:
    name: '{{test_win_user_right_name}}'
    users: ['Guests', 'Administrator']
    action: remove
  register: remove_on_existing

- name: get actual remove from existing
  test_get_right:
    name: '{{test_win_user_right_name}}'
  register: remove_on_existing_actual

- name: assert remove from existing
  assert:
    that:
    - remove_on_existing is changed
    - remove_on_existing.removed == ["BUILTIN\\Guests", "{{ansible_hostname}}\\Administrator"]
    - remove_on_existing.added == []
    - remove_on_existing_actual.users == ["BUILTIN\\Administrators", "BUILTIN\\Users"]

- name: remove from existing again
  win_user_right:
    name: '{{test_win_user_right_name}}'
    users: ['Guests', 'Administrator']
    action: remove
  register: remove_on_existing_again

- name: assert remove from existing again
  assert:
    that:
    - remove_on_existing_again is not changed
    - remove_on_existing_again.removed == []
    - remove_on_existing_again.added == []

- name: set to existing check
  win_user_right:
    name: '{{test_win_user_right_name}}'
    users: ['Administrators', 'SYSTEM', 'Backup Operators']
    action: set
  register: set_on_existing_check
  check_mode: yes

- name: get actual set to existing check
  test_get_right:
    name: '{{test_win_user_right_name}}'
  register: set_on_existing_actual_check

- name: assert set to existing check
  assert:
    that:
    - set_on_existing_check is changed
    - set_on_existing_check.removed == ["BUILTIN\\Users"]
    - set_on_existing_check.added == ["NT AUTHORITY\\SYSTEM", "BUILTIN\\Backup Operators"]
    - set_on_existing_actual_check.users == ["BUILTIN\\Administrators", "BUILTIN\\Users"]

- name: set to existing
  win_user_right:
    name: '{{test_win_user_right_name}}'
    users: ['Administrators', 'SYSTEM', 'Backup Operators']
    action: set
  register: set_on_existing

- name: get actual set to existing
  test_get_right:
    name: '{{test_win_user_right_name}}'
  register: set_on_existing_actual

- name: assert set to existing
  assert:
    that:
    - set_on_existing is changed
    - set_on_existing.removed == ["BUILTIN\\Users"]
    - set_on_existing.added == ["NT AUTHORITY\\SYSTEM", "BUILTIN\\Backup Operators"]
    - set_on_existing_actual.users == ["NT AUTHORITY\\SYSTEM", "BUILTIN\\Administrators", "BUILTIN\\Backup Operators"]

- name: set to existing again
  win_user_right:
    name: '{{test_win_user_right_name}}'
    users: ['Administrators', 'SYSTEM', 'Backup Operators']
    action: set
  register: set_on_existing_again

- name: assert set to existing
  assert:
    that:
    - set_on_existing_again is not changed
    - set_on_existing_again.removed == []
    - set_on_existing_again.added == []