<?php

use App\Models\ManagedEnvironment;
use App\Models\User;
use App\Models\Workspace;
use App\Models\WorkspaceMembership;
use App\Support\Workspaces\WorkspaceContext;
use Illuminate\Foundation\Testing\RefreshDatabase;

uses(RefreshDatabase::class);

it('remembers a managed environment only inside the active workspace and membership boundary', function (): void {
    [$user, $environment] = createUserWithTenant(role: 'owner', workspaceRole: 'manager');

    $this->actingAs($user)->withSession([
        WorkspaceContext::SESSION_KEY => (int) $environment->workspace_id,
    ]);

    $context = app(WorkspaceContext::class);

    expect($context->rememberTenantContext($environment, request()))->toBeTrue()
        ->and($context->rememberedTenant(request())?->is($environment))->toBeTrue()
        ->and($context->lastTenantId(request()))->toBe((int) $environment->getKey());
});

it('rejects remembered managed environments from a different workspace', function (): void {
    [$user, $environment] = createUserWithTenant(role: 'owner');
    $otherWorkspace = Workspace::factory()->create();

    WorkspaceMembership::factory()->create([
        'workspace_id' => (int) $otherWorkspace->getKey(),
        'user_id' => (int) $user->getKey(),
        'role' => 'owner',
    ]);

    $this->actingAs($user)->withSession([
        WorkspaceContext::SESSION_KEY => (int) $otherWorkspace->getKey(),
    ]);

    $context = app(WorkspaceContext::class);

    expect($context->rememberTenantContext($environment, request()))->toBeFalse()
        ->and($context->rememberedTenant(request()))->toBeNull();
});

it('clears a remembered environment when the actor loses managed-environment membership', function (): void {
    [$member, $environment] = createUserWithTenant(role: 'owner');
    $workspaceId = (int) $environment->workspace_id;

    $outsider = User::factory()->create();
    WorkspaceMembership::factory()->create([
        'workspace_id' => $workspaceId,
        'user_id' => (int) $outsider->getKey(),
        'role' => 'manager',
    ]);

    $this->actingAs($outsider)->withSession([
        WorkspaceContext::SESSION_KEY => $workspaceId,
        WorkspaceContext::LAST_TENANT_IDS_SESSION_KEY => [
            (string) $workspaceId => (int) $environment->getKey(),
        ],
    ]);

    unset($member);

    expect(app(WorkspaceContext::class)->rememberedTenant(request()))->toBeNull()
        ->and(session(WorkspaceContext::LAST_TENANT_IDS_SESSION_KEY))->toBe([]);
});

it('resolves the current workspace from a managed environment only for members with target access', function (): void {
    [$user, $environment] = createUserWithTenant(role: 'owner');

    $this->actingAs($user);

    expect(app(WorkspaceContext::class)->currentWorkspaceOrTenantWorkspace($environment, request())?->getKey())
        ->toBe($environment->workspace_id);
});

it('404s when a managed environment is outside the current workspace boundary', function (): void {
    [$user, $environment] = createUserWithTenant(role: 'owner');
    $otherWorkspace = Workspace::factory()->create();

    WorkspaceMembership::factory()->create([
        'workspace_id' => (int) $otherWorkspace->getKey(),
        'user_id' => (int) $user->getKey(),
        'role' => 'owner',
    ]);

    $this->actingAs($user)->withSession([
        WorkspaceContext::SESSION_KEY => (int) $otherWorkspace->getKey(),
    ]);

    app(WorkspaceContext::class)->ensureTenantAccessibleInCurrentWorkspace($environment, $user, request());
})->throws(Symfony\Component\HttpKernel\Exception\NotFoundHttpException::class);