<?php

declare(strict_types=1);

use App\Models\Tenant;
use App\Models\TenantMembership;
use App\Models\User;
use App\Models\Workspace;
use App\Models\WorkspaceMembership;
use App\Support\Workspaces\WorkspaceContext;
use Illuminate\Foundation\Testing\RefreshDatabase;

uses(RefreshDatabase::class);

dataset('admin tenant scoped surface paths', [
    '/admin/policies',
    '/admin/policy-versions',
    '/admin/backup-sets',
    '/admin/inventory',
    '/admin/inventory/inventory-coverage',
]);

it('redirects tenant-scoped admin surfaces to choose-tenant when no tenant is selected', function (): void {
    $user = User::factory()->create();

    $workspace = Workspace::factory()->create();

    WorkspaceMembership::factory()->create([
        'workspace_id' => $workspace->getKey(),
        'user_id' => $user->getKey(),
        'role' => 'owner',
    ]);

    $tenants = Tenant::factory()->count(2)->create([
        'status' => 'active',
        'workspace_id' => $workspace->getKey(),
    ]);

    foreach ($tenants as $tenant) {
        TenantMembership::query()->create([
            'tenant_id' => $tenant->getKey(),
            'user_id' => $user->getKey(),
            'role' => 'owner',
            'source' => 'manual',
            'source_ref' => null,
            'created_by_user_id' => null,
        ]);
    }

    $this
        ->actingAs($user)
        ->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
        ->get('/admin/policies')
        ->assertRedirect('/admin/choose-tenant');

    $this
        ->actingAs($user)
        ->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
        ->get('/admin/policy-versions')
        ->assertRedirect('/admin/choose-tenant');

    $this
        ->actingAs($user)
        ->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
        ->get('/admin/backup-sets')
        ->assertRedirect('/admin/choose-tenant');

    $this
        ->actingAs($user)
        ->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
        ->get('/admin/inventory')
        ->assertRedirect('/admin/choose-tenant');
});

it('allows tenant-scoped admin surfaces to load from the remembered canonical tenant', function (string $path): void {
    $tenantA = Tenant::factory()->create();
    [$user, $tenantA] = createUserWithTenant(tenant: $tenantA, role: 'owner');

    $tenantB = Tenant::factory()->create([
        'workspace_id' => (int) $tenantA->workspace_id,
    ]);

    createUserWithTenant(tenant: $tenantB, user: $user, role: 'owner');

    $response = $this
        ->actingAs($user)
        ->withSession([
            WorkspaceContext::SESSION_KEY => (int) $tenantA->workspace_id,
            WorkspaceContext::LAST_TENANT_IDS_SESSION_KEY => [
                (string) $tenantA->workspace_id => (int) $tenantA->getKey(),
            ],
        ])
        ->get($path);

    expect($response->getStatusCode())->toBeIn([200, 302]);
    expect($response->headers->get('Location'))->not->toBe('/admin/choose-tenant');
})->with('admin tenant scoped surface paths');