<?php

declare(strict_types=1);

use App\Models\OperationRun;
use App\Models\Tenant;
use App\Support\OperationRunOutcome;
use App\Support\OperationRunStatus;
use App\Support\Workspaces\WorkspaceContext;
use Filament\Facades\Filament;

it('shows translated guidance to entitled viewers on canonical operation run pages', function (): void {
    [$user, $tenant] = createUserWithTenant(role: 'owner');

    $run = OperationRun::factory()->create([
        'tenant_id' => (int) $tenant->getKey(),
        'workspace_id' => (int) $tenant->workspace_id,
        'user_id' => (int) $user->getKey(),
        'type' => 'inventory_sync',
        'status' => OperationRunStatus::Completed->value,
        'outcome' => OperationRunOutcome::Blocked->value,
        'context' => [
            'reason_code' => 'missing_capability',
            'execution_legitimacy' => [
                'reason_code' => 'missing_capability',
            ],
        ],
        'failure_summary' => [[
            'code' => 'operation.blocked',
            'reason_code' => 'missing_capability',
            'message' => 'Operation blocked because the initiating actor no longer has the required capability.',
        ]],
    ]);

    Filament::setTenant($tenant, true);

    $this->actingAs($user)
        ->withSession([
            WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id,
        ])
        ->get(route('admin.operations.view', ['run' => (int) $run->getKey()]))
        ->assertSuccessful()
        ->assertSee('Permission required')
        ->assertSee('The initiating actor no longer has the capability required for this queued run.')
        ->assertSee('Review workspace or tenant access before retrying.');
});

it('returns not found before any translated guidance can leak to non-members', function (): void {
    $workspaceTenant = Tenant::factory()->create();
    [$owner, $visibleTenant] = createUserWithTenant(tenant: $workspaceTenant, role: 'owner');
    $hiddenTenant = Tenant::factory()->for($visibleTenant->workspace)->create();
    createUserWithTenant(tenant: $hiddenTenant, user: $owner, role: 'owner');

    $outsider = \App\Models\User::factory()->create();

    createUserWithTenant(tenant: $visibleTenant, user: $outsider, role: 'owner');

    $run = OperationRun::factory()->create([
        'tenant_id' => (int) $hiddenTenant->getKey(),
        'workspace_id' => (int) $hiddenTenant->workspace_id,
        'type' => 'inventory_sync',
        'status' => OperationRunStatus::Completed->value,
        'outcome' => OperationRunOutcome::Blocked->value,
        'context' => [
            'reason_code' => 'missing_capability',
        ],
        'failure_summary' => [[
            'code' => 'operation.blocked',
            'reason_code' => 'missing_capability',
            'message' => 'Operation blocked because the initiating actor no longer has the required capability.',
        ]],
    ]);

    $this->actingAs($outsider)
        ->withSession([
            WorkspaceContext::SESSION_KEY => (int) $hiddenTenant->workspace_id,
        ])
        ->get(route('admin.operations.view', ['run' => (int) $run->getKey()]))
        ->assertNotFound();
});