<?php

use App\Filament\Resources\PolicyResource\Pages\ListPolicies;
use App\Models\OperationRun;
use App\Models\Tenant;
use App\Models\User;
use Filament\Facades\Filament;
use Illuminate\Support\Facades\Queue;
use Livewire\Livewire;

/**
 * Tests for US2: Non-members cannot infer tenant resources
 *
 * These tests verify that UiEnforcement correctly handles:
 * - Non-members → action hidden in UI (prevents discovery)
 * - Non-members → action blocked from execution (no side effects)
 * - Membership revoked mid-session → still enforces protection
 *
 * Note on 404 behavior:
 * In Filament v5, hidden actions are treated as disabled and return 200 (no execution)
 * rather than 404. This is because Filament's action system doesn't support custom
 * HTTP status codes for blocked actions. The security guarantee is:
 * - Non-members cannot discover actions (hidden in UI)
 * - Non-members cannot execute actions (blocked by Filament's isHidden check)
 * - No side effects occur (jobs not pushed, data not modified)
 *
 * True 404 enforcement happens at the page/routing level via tenant middleware.
 */
describe('US2: Non-member sees action hidden in UI', function () {
    beforeEach(function () {
        Queue::fake();
    });

    it('hides sync action for users who are not members of the tenant', function () {
        // Create user without membership to the tenant
        $user = User::factory()->create();
        $tenant = Tenant::factory()->create();
        // No membership created

        $this->actingAs($user);
        $tenant->makeCurrent();
        Filament::setTenant($tenant, true);

        Livewire::test(ListPolicies::class)
            ->assertActionHidden('sync');

        Queue::assertNothingPushed();
    });

    it('hides sync action for authenticated users accessing wrong tenant', function () {
        // User is member of tenantA but accessing tenantB
        [$user, $tenantA] = createUserWithTenant(role: 'owner');
        $tenantB = Tenant::factory()->create();
        // User has no membership to tenantB

        $this->actingAs($user);
        $tenantB->makeCurrent();
        Filament::setTenant($tenantB, true);

        Livewire::test(ListPolicies::class)
            ->assertActionHidden('sync');

        Queue::assertNothingPushed();
    });
});

describe('US2: Non-member action execution is blocked', function () {
    beforeEach(function () {
        Queue::fake();
    });

    it('blocks action execution for non-members (no side effects)', function () {
        $user = User::factory()->create();
        $tenant = Tenant::factory()->create();
        // No membership

        $this->actingAs($user);
        $tenant->makeCurrent();
        Filament::setTenant($tenant, true);

        // Hidden actions are treated as disabled by Filament
        // The action call returns 200 but no execution occurs
        Livewire::test(ListPolicies::class)
            ->mountAction('sync')
            ->callMountedAction()
            ->assertSuccessful();

        // Verify no side effects
        Queue::assertNothingPushed();
        expect(OperationRun::query()->where('tenant_id', $tenant->getKey())->count())->toBe(0);
    });
});

describe('US2: Membership revoked mid-session still enforces protection', function () {
    beforeEach(function () {
        Queue::fake();
    });

    it('blocks action execution when membership is revoked between page load and action click', function () {
        bindFailHardGraphClient();

        [$user, $tenant] = createUserWithTenant(role: 'owner');

        $this->actingAs($user);
        $tenant->makeCurrent();
        Filament::setTenant($tenant, true);

        // Start the test - action should be visible for member
        $component = Livewire::test(ListPolicies::class)
            ->assertActionVisible('sync')
            ->assertActionEnabled('sync');

        // Simulate membership revocation mid-session
        $user->tenants()->detach($tenant->getKey());

        // Clear capability cache to ensure fresh check
        app(\App\Services\Auth\CapabilityResolver::class)->clearCache();

        // Now try to execute - action is now hidden (via fresh isVisible evaluation)
        // Filament blocks execution (returns 200 but no side effects)
        $component
            ->mountAction('sync')
            ->callMountedAction()
            ->assertSuccessful();

        // Verify no side effects
        Queue::assertNothingPushed();
        expect(OperationRun::query()->where('tenant_id', $tenant->getKey())->count())->toBe(0);
    });

    it('hides action in UI after membership revocation on re-render', function () {
        [$user, $tenant] = createUserWithTenant(role: 'owner');

        $this->actingAs($user);
        $tenant->makeCurrent();
        Filament::setTenant($tenant, true);

        // Initial state - action visible
        Livewire::test(ListPolicies::class)
            ->assertActionVisible('sync');

        // Revoke membership
        $user->tenants()->detach($tenant->getKey());
        app(\App\Services\Auth\CapabilityResolver::class)->clearCache();

        // New component instance (simulates page refresh)
        Livewire::test(ListPolicies::class)
            ->assertActionHidden('sync');

        Queue::assertNothingPushed();
    });
});