<?php

declare(strict_types=1);

use App\Models\Policy;
use App\Models\Tenant;
use App\Services\Graph\GraphClientInterface;
use App\Services\Graph\GraphLogger;
use App\Services\Graph\GraphResponse;
use App\Services\Intune\PolicySyncService;

use function Pest\Laravel\mock;

it('returns a report with failures when policy list calls fail', function () {
    $tenant = Tenant::factory()->create([
        'status' => 'active',
    ]);

    $logger = mock(GraphLogger::class);
    $logger->shouldReceive('logRequest')->zeroOrMoreTimes()->andReturnNull();
    $logger->shouldReceive('logResponse')->zeroOrMoreTimes()->andReturnNull();

    mock(GraphClientInterface::class)
        ->shouldReceive('listPolicies')
        ->andReturnUsing(function (string $policyType) {
            return match ($policyType) {
                'endpointSecurityPolicy' => new GraphResponse(
                    success: false,
                    data: [],
                    status: 403,
                    errors: [['message' => 'Forbidden']],
                    meta: ['path' => '/deviceManagement/configurationPolicies'],
                ),
                default => new GraphResponse(
                    success: true,
                    data: [
                        ['id' => 'scp-1', 'displayName' => 'Settings Catalog', 'technologies' => ['mdm']],
                    ],
                    status: 200,
                ),
            };
        });

    $service = app(PolicySyncService::class);

    $result = $service->syncPoliciesWithReport($tenant, [
        ['type' => 'endpointSecurityPolicy', 'platform' => 'windows'],
        ['type' => 'settingsCatalogPolicy', 'platform' => 'windows'],
    ]);

    expect($result)->toHaveKeys(['synced', 'failures']);
    expect($result['synced'])->toBeArray();
    expect($result['failures'])->toBeArray();

    expect(count($result['synced']))->toBe(1);
    expect(Policy::query()->where('tenant_id', $tenant->id)->count())->toBe(1);

    expect(count($result['failures']))->toBe(1);
    expect($result['failures'][0]['policy_type'])->toBe('endpointSecurityPolicy');
    expect($result['failures'][0]['status'])->toBe(403);
});