<?php

use App\Filament\Resources\ProviderConnectionResource;
use App\Filament\Resources\ProviderConnectionResource\Pages\ListProviderConnections;
use App\Filament\Resources\ProviderConnectionResource\Pages\ViewProviderConnection;
use App\Models\ProviderConnection;
use App\Models\Tenant;
use App\Support\Auth\UiTooltips;
use Filament\Facades\Filament;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Http;
use Livewire\Livewire;

uses(RefreshDatabase::class);

beforeEach(function (): void {
    Http::preventStrayRequests();
});

test('unauthorized tenant filter yields an empty list without leaking metadata', function () {
    $tenant = Tenant::factory()->create();
    $otherTenant = Tenant::factory()->create();

    [$user] = createUserWithTenant($otherTenant, role: 'owner');

    ProviderConnection::factory()->create([
        'tenant_id' => (int) $tenant->getKey(),
        'workspace_id' => (int) $tenant->workspace_id,
        'display_name' => 'Unauthorized Tenant Connection',
    ]);

    $this->actingAs($user)
        ->get(ProviderConnectionResource::getUrl('index', tenant: $tenant))
        ->assertOk()
        ->assertDontSee('Unauthorized Tenant Connection');
});

test('members without capability see provider connection actions disabled with standard tooltip', function () {
    $tenant = Tenant::factory()->create();
    [$user] = createUserWithTenant($tenant, role: 'readonly');

    $connection = ProviderConnection::factory()->create([
        'tenant_id' => $tenant->getKey(),
        'status' => 'needs_consent',
    ]);

    $tenant->makeCurrent();
    Filament::setTenant($tenant, true);

    Livewire::actingAs($user)
        ->test(ListProviderConnections::class)
        ->assertTableActionVisible('check_connection', $connection)
        ->assertTableActionDisabled('check_connection', $connection)
        ->assertTableActionExists('check_connection', fn ($action): bool => $action->getTooltip() === UiTooltips::insufficientPermission(), $connection);

    Livewire::actingAs($user)
        ->test(ViewProviderConnection::class, ['record' => $connection->getKey()])
        ->assertActionVisible('edit')
        ->assertActionDisabled('edit')
        ->assertActionExists('edit', fn ($action): bool => $action->getTooltip() === UiTooltips::insufficientPermission());
});

test('members with capability can see provider connection actions enabled', function () {
    $tenant = Tenant::factory()->create();
    [$user] = createUserWithTenant($tenant, role: 'owner');

    $connection = ProviderConnection::factory()->create([
        'tenant_id' => $tenant->getKey(),
        'status' => 'needs_consent',
    ]);

    $tenant->makeCurrent();
    Filament::setTenant($tenant, true);

    Livewire::actingAs($user)
        ->test(ListProviderConnections::class)
        ->assertTableActionVisible('check_connection', $connection)
        ->assertTableActionEnabled('check_connection', $connection);

    Livewire::actingAs($user)
        ->test(ViewProviderConnection::class, ['record' => $connection->getKey()])
        ->assertActionVisible('edit')
        ->assertActionEnabled('edit');
});