<?php

use App\Filament\Pages\EnvironmentDashboard;
use App\Models\ManagedEnvironment;
use App\Models\User;
use App\Models\Workspace;
use App\Models\WorkspaceMembership;
use App\Support\Workspaces\WorkspaceContext;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Route;

uses(RefreshDatabase::class);

it('resolves the workspace environment shell by managed-environment slug during smoke login', function (): void {
    [$user, $environment] = createUserWithTenant(role: 'owner', workspaceRole: 'manager');
    $redirect = (string) parse_url(EnvironmentDashboard::getUrl(tenant: $environment), PHP_URL_PATH);

    $this
        ->get(route('admin.local.smoke-login', [
            'email' => $user->email,
            'workspace' => $environment->workspace->slug,
            'tenant' => $environment->slug,
            'redirect' => $redirect,
        ]))
        ->assertRedirect($redirect)
        ->assertSessionHas('current_workspace_id', (int) $environment->workspace_id);
});

it('returns not found when route binding targets an environment outside the requested workspace', function (): void {
    [$user, $environment] = createUserWithTenant(role: 'owner');
    $otherWorkspace = Workspace::factory()->create();

    WorkspaceMembership::factory()->create([
        'workspace_id' => (int) $otherWorkspace->getKey(),
        'user_id' => (int) $user->getKey(),
        'role' => 'owner',
    ]);

    $this->actingAs($user)->withSession([
        WorkspaceContext::SESSION_KEY => (int) $otherWorkspace->getKey(),
    ]);

    $this
        ->get('/admin/tenants/'.$environment->slug.'/provider-connections')
        ->assertNotFound()
        ->assertHeaderMissing('Location');
});

it('uses environment route parameters for canonical workspace environment routes', function (): void {
    $routeNames = [
        'admin.workspace.environments.show',
        'admin.workspace.environments.diagnostics',
        'admin.workspace.environments.access-scopes',
        'filament.admin.pages.workspaces.{workspace}.environments.{environment}.required-permissions',
    ];

    foreach ($routeNames as $routeName) {
        $route = Route::getRoutes()->getByName($routeName);

        expect($route)->not->toBeNull($routeName.' must be registered')
            ->and($route?->parameterNames())->toContain('environment')
            ->and($route?->parameterNames())->not->toContain('tenant');
    }
});

it('allows workspace members to inherit managed-environment access during smoke login', function (): void {
    $workspace = Workspace::factory()->create();
    $environment = ManagedEnvironment::factory()->create([
        'workspace_id' => (int) $workspace->getKey(),
    ]);
    $user = User::factory()->create();
    $redirect = (string) parse_url(EnvironmentDashboard::getUrl(tenant: $environment), PHP_URL_PATH);

    WorkspaceMembership::factory()->create([
        'workspace_id' => (int) $workspace->getKey(),
        'user_id' => (int) $user->getKey(),
        'role' => 'manager',
    ]);

    $this
        ->get(route('admin.local.smoke-login', [
            'email' => $user->email,
            'workspace' => $workspace->slug,
            'tenant' => $environment->slug,
            'redirect' => $redirect,
        ]))
        ->assertRedirect($redirect)
        ->assertSessionHas('current_workspace_id', (int) $workspace->getKey());
});