<?php

declare(strict_types=1);

use App\Filament\Resources\EntraGroupResource;
use App\Models\EntraGroup;
use App\Models\Tenant;
use App\Support\Workspaces\WorkspaceContext;
use Filament\Facades\Filament;
use Illuminate\Foundation\Testing\RefreshDatabase;

uses(RefreshDatabase::class);

it('returns not found for the admin group list when no canonical tenant context exists', function (): void {
    [$user, $tenant] = createUserWithTenant(role: 'owner');

    $this->actingAs($user);
    Filament::setTenant(null, true);

    $this->withSession([
        WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id,
    ])->get(EntraGroupResource::getUrl(panel: 'admin'))
        ->assertNotFound();
});

it('scopes the admin group list to the remembered tenant context', function (): void {
    $tenantA = Tenant::factory()->create();
    [$user, $tenantA] = createUserWithTenant(tenant: $tenantA, role: 'owner');

    $tenantB = Tenant::factory()->create([
        'workspace_id' => (int) $tenantA->workspace_id,
    ]);

    createUserWithTenant(tenant: $tenantB, user: $user, role: 'owner');

    $groupA = EntraGroup::factory()->for($tenantA)->create([
        'display_name' => 'Remembered tenant group',
    ]);

    EntraGroup::factory()->for($tenantB)->create([
        'display_name' => 'Other tenant group',
    ]);

    $this->actingAs($user);
    Filament::setTenant(null, true);

    $this->withSession([
        WorkspaceContext::SESSION_KEY => (int) $tenantA->workspace_id,
        WorkspaceContext::LAST_TENANT_IDS_SESSION_KEY => [
            (string) $tenantA->workspace_id => (int) $tenantA->getKey(),
        ],
    ])->get(EntraGroupResource::getUrl(panel: 'admin'))
        ->assertOk()
        ->assertSee((string) $groupA->display_name)
        ->assertDontSee('Other tenant group');
});

it('returns not found for admin direct group detail outside the canonical tenant scope', function (): void {
    $tenantA = Tenant::factory()->create();
    [$user, $tenantA] = createUserWithTenant(tenant: $tenantA, role: 'owner');

    $tenantB = Tenant::factory()->create([
        'workspace_id' => (int) $tenantA->workspace_id,
    ]);

    createUserWithTenant(tenant: $tenantB, user: $user, role: 'owner');

    $groupA = EntraGroup::factory()->for($tenantA)->create();
    $groupB = EntraGroup::factory()->for($tenantB)->create();

    $this->actingAs($user);
    Filament::setTenant(null, true);

    $session = [
        WorkspaceContext::SESSION_KEY => (int) $tenantA->workspace_id,
        WorkspaceContext::LAST_TENANT_IDS_SESSION_KEY => [
            (string) $tenantA->workspace_id => (int) $tenantA->getKey(),
        ],
    ];

    $this->withSession($session)
        ->get(EntraGroupResource::getUrl('view', ['record' => $groupA], panel: 'admin'))
        ->assertOk();

    $this->withSession($session)
        ->get(EntraGroupResource::getUrl('view', ['record' => $groupB], panel: 'admin'))
        ->assertNotFound();
});