<?php

declare(strict_types=1);

use App\Filament\Resources\AlertDeliveryResource;
use App\Models\AlertDelivery;
use App\Models\AlertDestination;
use App\Models\AlertRule;
use App\Models\Tenant;
use App\Models\User;
use App\Models\Workspace;
use App\Models\WorkspaceMembership;
use App\Services\Auth\WorkspaceCapabilityResolver;

it('lists only deliveries for entitled tenants', function (): void {
    [$user, $tenantA] = createUserWithTenant(role: 'readonly');

    $tenantB = Tenant::factory()->create([
        'workspace_id' => (int) $tenantA->workspace_id,
    ]);

    $workspaceId = (int) $tenantA->workspace_id;

    $rule = AlertRule::factory()->create([
        'workspace_id' => $workspaceId,
    ]);

    $destination = AlertDestination::factory()->create([
        'workspace_id' => $workspaceId,
    ]);

    AlertDelivery::factory()->create([
        'workspace_id' => $workspaceId,
        'tenant_id' => (int) $tenantA->getKey(),
        'alert_rule_id' => (int) $rule->getKey(),
        'alert_destination_id' => (int) $destination->getKey(),
        'event_type' => 'high_drift',
    ]);

    AlertDelivery::factory()->create([
        'workspace_id' => $workspaceId,
        'tenant_id' => (int) $tenantB->getKey(),
        'alert_rule_id' => (int) $rule->getKey(),
        'alert_destination_id' => (int) $destination->getKey(),
        'event_type' => 'compare_failed',
    ]);

    $this->actingAs($user)
        ->get(AlertDeliveryResource::getUrl(panel: 'admin'))
        ->assertOk()
        ->assertSee('high_drift')
        ->assertDontSee('compare_failed');
});

it('returns 404 when a member from another workspace tries to view a delivery', function (): void {
    [$user] = createUserWithTenant(role: 'owner');

    $otherWorkspace = Workspace::factory()->create();
    $tenant = Tenant::factory()->create([
        'workspace_id' => (int) $otherWorkspace->getKey(),
    ]);
    $rule = AlertRule::factory()->create([
        'workspace_id' => (int) $otherWorkspace->getKey(),
    ]);
    $destination = AlertDestination::factory()->create([
        'workspace_id' => (int) $otherWorkspace->getKey(),
    ]);
    $delivery = AlertDelivery::factory()->create([
        'workspace_id' => (int) $otherWorkspace->getKey(),
        'tenant_id' => (int) $tenant->getKey(),
        'alert_rule_id' => (int) $rule->getKey(),
        'alert_destination_id' => (int) $destination->getKey(),
    ]);

    $this->actingAs($user)
        ->get(AlertDeliveryResource::getUrl('view', ['record' => $delivery], panel: 'admin'))
        ->assertNotFound();
});

it('returns 403 for members missing alerts view capability on deliveries index', function (): void {
    $workspace = Workspace::factory()->create();
    $user = User::factory()->create();

    WorkspaceMembership::factory()->create([
        'workspace_id' => (int) $workspace->getKey(),
        'user_id' => (int) $user->getKey(),
        'role' => 'readonly',
    ]);

    $resolver = \Mockery::mock(WorkspaceCapabilityResolver::class);
    $resolver->shouldReceive('isMember')->andReturnTrue();
    $resolver->shouldReceive('can')->andReturnFalse();
    app()->instance(WorkspaceCapabilityResolver::class, $resolver);

    session()->put(\App\Support\Workspaces\WorkspaceContext::SESSION_KEY, (int) $workspace->getKey());

    $this->actingAs($user)
        ->get(AlertDeliveryResource::getUrl(panel: 'admin'))
        ->assertForbidden();
});