<?php

declare(strict_types=1);

use App\Models\PlatformUser;
use App\Models\ProviderConnection;
use App\Models\Tenant;
use App\Models\Workspace;
use App\Support\Auth\PlatformCapabilities;
use App\Support\Providers\ProviderConsentStatus;
use App\Support\Providers\ProviderVerificationStatus;
use App\Support\System\SystemDirectoryLinks;
use Illuminate\Foundation\Testing\RefreshDatabase;

uses(RefreshDatabase::class);

it('forbids tenants directory when platform.directory.view is missing', function () {
    $platformUser = PlatformUser::factory()->create([
        'capabilities' => [
            PlatformCapabilities::ACCESS_SYSTEM_PANEL,
        ],
        'is_active' => true,
    ]);

    $this->actingAs($platformUser, 'platform')
        ->get('/system/directory/tenants')
        ->assertForbidden();
});

it('lists tenants in the system directory with canonical health rollups from default microsoft connections only', function () {
    $workspace = Workspace::factory()->create(['name' => 'Directory Workspace']);

    $criticalTenant = Tenant::factory()->create([
        'workspace_id' => (int) $workspace->getKey(),
        'name' => 'A Critical Tenant',
        'status' => Tenant::STATUS_ACTIVE,
    ]);

    $warningTenant = Tenant::factory()->create([
        'workspace_id' => (int) $workspace->getKey(),
        'name' => 'B Warning Tenant',
        'status' => Tenant::STATUS_ACTIVE,
    ]);

    $healthyTenant = Tenant::factory()->create([
        'workspace_id' => (int) $workspace->getKey(),
        'name' => 'C Healthy Tenant',
        'status' => Tenant::STATUS_ACTIVE,
    ]);

    ProviderConnection::factory()->create([
        'workspace_id' => (int) $workspace->getKey(),
        'tenant_id' => (int) $criticalTenant->getKey(),
        'provider' => 'microsoft',
        'is_default' => true,
        'is_enabled' => true,
        'consent_status' => ProviderConsentStatus::Granted->value,
        'verification_status' => ProviderVerificationStatus::Blocked->value,
    ]);

    ProviderConnection::factory()->create([
        'workspace_id' => (int) $workspace->getKey(),
        'tenant_id' => (int) $warningTenant->getKey(),
        'provider' => 'microsoft',
        'is_default' => true,
        'is_enabled' => true,
        'consent_status' => ProviderConsentStatus::Granted->value,
        'verification_status' => ProviderVerificationStatus::Degraded->value,
    ]);

    ProviderConnection::factory()->create([
        'workspace_id' => (int) $workspace->getKey(),
        'tenant_id' => (int) $healthyTenant->getKey(),
        'provider' => 'microsoft',
        'is_default' => true,
        'is_enabled' => false,
        'consent_status' => ProviderConsentStatus::Granted->value,
        'verification_status' => ProviderVerificationStatus::Healthy->value,
    ]);

    ProviderConnection::factory()->create([
        'workspace_id' => (int) $workspace->getKey(),
        'tenant_id' => (int) $healthyTenant->getKey(),
        'provider' => 'microsoft',
        'is_default' => false,
        'is_enabled' => true,
        'consent_status' => ProviderConsentStatus::Granted->value,
        'verification_status' => ProviderVerificationStatus::Blocked->value,
    ]);

    $platformUser = PlatformUser::factory()->create([
        'capabilities' => [
            PlatformCapabilities::ACCESS_SYSTEM_PANEL,
            PlatformCapabilities::DIRECTORY_VIEW,
        ],
        'is_active' => true,
    ]);

    $this->actingAs($platformUser, 'platform')
        ->get('/system/directory/tenants')
        ->assertSuccessful()
        ->assertSeeInOrder([
            'A Critical Tenant',
            'Critical',
            'B Warning Tenant',
            'Warn',
            'C Healthy Tenant',
            'OK',
        ]);
});

it('renders system tenant detail rows with lifecycle, consent, and verification only', function () {
    $workspace = Workspace::factory()->create(['name' => 'Directory Workspace']);

    $tenant = Tenant::factory()->create([
        'workspace_id' => (int) $workspace->getKey(),
        'name' => 'Directory Detail Tenant',
        'status' => Tenant::STATUS_ACTIVE,
    ]);

    ProviderConnection::factory()->create([
        'workspace_id' => (int) $workspace->getKey(),
        'tenant_id' => (int) $tenant->getKey(),
        'provider' => 'microsoft',
        'display_name' => 'Disabled Default Connection',
        'is_default' => true,
        'is_enabled' => false,
        'consent_status' => ProviderConsentStatus::Granted->value,
        'verification_status' => ProviderVerificationStatus::Healthy->value,
    ]);

    $platformUser = PlatformUser::factory()->create([
        'capabilities' => [
            PlatformCapabilities::ACCESS_SYSTEM_PANEL,
            PlatformCapabilities::DIRECTORY_VIEW,
        ],
        'is_active' => true,
    ]);

    $this->actingAs($platformUser, 'platform')
        ->get(SystemDirectoryLinks::tenantDetail($tenant))
        ->assertSuccessful()
        ->assertSee('Connectivity signals')
        ->assertSee('Disabled Default Connection')
        ->assertSee('Disabled')
        ->assertSee('Granted')
        ->assertSee('Healthy')
        ->assertDontSee('Connected')
        ->assertDontSee('Legacy health');
});