<?php

declare(strict_types=1);

use App\Filament\Pages\TenantDashboard;
use App\Filament\Resources\BackupSetResource;
use App\Filament\Widgets\Dashboard\DashboardKpis;
use App\Filament\Widgets\Dashboard\NeedsAttention;
use App\Models\BackupItem;
use App\Models\BackupSet;
use App\Models\Tenant;
use App\Models\User;
use App\Models\Workspace;
use App\Services\Auth\CapabilityResolver;
use App\Support\Auth\Capabilities;
use App\Support\Rbac\UiTooltips;
use App\Support\Workspaces\WorkspaceContext;
use Filament\Facades\Filament;
use Livewire\Livewire;

it('seeds a deterministic blocked drill-through browser fixture for backup health', function (): void {
    $this->artisan('tenantpilot:backup-health:seed-browser-fixture', ['--no-interaction' => true])
        ->assertSuccessful()
        ->expectsOutputToContain('Fixture login URL')
        ->expectsOutputToContain('Dashboard URL');

    $workspaceConfig = config('tenantpilot.backup_health.browser_smoke_fixture.workspace');
    $userConfig = config('tenantpilot.backup_health.browser_smoke_fixture.user');
    $scenarioConfig = config('tenantpilot.backup_health.browser_smoke_fixture.blocked_drillthrough');
    $tenantRouteKey = $scenarioConfig['tenant_id'] ?? $scenarioConfig['tenant_external_id'];

    $workspace = Workspace::query()->where('slug', $workspaceConfig['slug'])->first();
    $user = User::query()->where('email', $userConfig['email'])->first();
    $tenant = Tenant::query()->where('external_id', $tenantRouteKey)->first();

    expect($workspace)->not->toBeNull();
    expect($user)->not->toBeNull();
    expect($tenant)->not->toBeNull();
    expect(BackupSet::query()->where('tenant_id', $tenant->getKey())->where('name', $scenarioConfig['backup_set_name'])->exists())->toBeTrue();
    expect(BackupItem::query()->where('tenant_id', $tenant->getKey())->where('policy_identifier', $scenarioConfig['policy_external_id'])->exists())->toBeTrue();

    $resolver = app(CapabilityResolver::class);
    $resolver->clearCache();

    expect($resolver->isMember($user, $tenant))->toBeTrue();
    expect($resolver->can($user, $tenant, Capabilities::TENANT_VIEW))->toBeFalse();

    $this->actingAs($user)->withSession([
        WorkspaceContext::SESSION_KEY => (int) $workspace->getKey(),
    ]);
    session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey());

    $this->get(route('filament.admin.pages.choose-tenant'))
        ->assertOk()
        ->assertSee((string) $tenant->name);

    $this->get(TenantDashboard::getUrl(tenant: $tenant))
        ->assertOk();

    Filament::setCurrentPanel(Filament::getPanel('tenant'));
    Filament::setTenant($tenant, true);

    Livewire::test(DashboardKpis::class)
        ->assertSee('Backup posture')
        ->assertSee('Stale');

    Livewire::test(NeedsAttention::class)
        ->assertSee('Latest backup is stale')
        ->assertSee('Open latest backup')
        ->assertSee(UiTooltips::INSUFFICIENT_PERMISSION);

    $this->get(BackupSetResource::getUrl('index', tenant: $tenant))
        ->assertForbidden();
});