<?php

declare(strict_types=1);

use App\Models\OperationRun;
use App\Models\Tenant;
use App\Support\Workspaces\WorkspaceContext;
use Filament\Facades\Filament;

it('renders the tenant context picker on tenantless Monitoring → Operations', function (): void {
    $tenant = Tenant::factory()->create(['status' => 'active']);
    [$user, $tenant] = createUserWithTenant($tenant, role: 'owner');

    Filament::setTenant(null, true);

    $this->actingAs($user)
        ->withSession([
            WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id,
            WorkspaceContext::LAST_TENANT_IDS_SESSION_KEY => [
                (string) $tenant->workspace_id => (int) $tenant->getKey(),
            ],
        ])
        ->get('/admin/operations')
        ->assertOk()
        ->assertSee('Workspace:')
        ->assertSee('Tenant:')
        ->assertSee('Select tenant…')
        ->assertSee('admin/select-tenant')
        ->assertSee('Clear tenant context')
        ->assertSee($tenant->getFilamentName());

    $this->actingAs($user)
        ->withSession([
            WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id,
        ])
        ->post(route('admin.select-tenant'), ['tenant_id' => (int) $tenant->getKey()])
        ->assertRedirect();
});

it('filters the header tenant picker to tenants the user can access', function (): void {
    $tenantA = Tenant::factory()->create(['status' => 'active']);
    [$user, $tenantA] = createUserWithTenant($tenantA, role: 'owner');

    $tenantB = Tenant::factory()->create([
        'status' => 'active',
        'workspace_id' => (int) $tenantA->workspace_id,
        'name' => 'ZZZ-UNAUTHORIZED-TENANT-NAME-12345',
    ]);

    Filament::setTenant(null, true);

    $this->actingAs($user)
        ->withSession([
            WorkspaceContext::SESSION_KEY => (int) $tenantA->workspace_id,
        ])
        ->get('/admin/operations')
        ->assertOk()
        ->assertSee($tenantA->getFilamentName())
        ->assertDontSee($tenantB->getFilamentName());
});

it('does not implicitly switch tenant when opening canonical operation deep links', function (): void {
    $tenantA = Tenant::factory()->create(['status' => 'active']);
    [$user, $tenantA] = createUserWithTenant($tenantA, role: 'owner');

    $tenantB = Tenant::factory()->create([
        'status' => 'active',
        'workspace_id' => (int) $tenantA->workspace_id,
    ]);

    $user->tenants()->syncWithoutDetaching([
        $tenantB->getKey() => ['role' => 'owner'],
    ]);

    $runA = OperationRun::factory()->create([
        'tenant_id' => (int) $tenantA->getKey(),
        'workspace_id' => (int) $tenantA->workspace_id,
        'type' => 'policy.sync',
        'initiator_name' => 'TenantA',
    ]);

    OperationRun::factory()->create([
        'tenant_id' => (int) $tenantB->getKey(),
        'workspace_id' => (int) $tenantB->workspace_id,
        'type' => 'inventory.sync',
        'initiator_name' => 'TenantB',
    ]);

    Filament::setTenant(null, true);

    $this->actingAs($user)
        ->withSession([
            WorkspaceContext::SESSION_KEY => (int) $tenantA->workspace_id,
        ])
        ->get(route('admin.operations.view', ['run' => (int) $runA->getKey()]))
        ->assertOk();

    expect(Filament::getTenant())->toBeNull();

    $this->actingAs($user)
        ->withSession([
            WorkspaceContext::SESSION_KEY => (int) $tenantA->workspace_id,
        ])
        ->get('/admin/operations')
        ->assertOk()
        ->assertSee('Policy sync')
        ->assertSee('Inventory sync')
        ->assertSee('TenantA')
        ->assertSee('TenantB');
});