<?php

declare(strict_types=1);

use App\Filament\Resources\BackupSetResource;
use App\Filament\Resources\BackupSetResource\Pages\EditBackupSet;
use App\Filament\Resources\BackupSetResource\RelationManagers\BackupItemsRelationManager;
use App\Models\BackupItem;
use App\Models\BackupSet;
use App\Models\User;
use App\Models\WorkspaceMembership;
use Filament\Facades\Filament;
use Livewire\Livewire;

it('returns 404 for non-members before capability checks on backup item actions', function (): void {
    [$owner, $tenant] = createUserWithTenant(role: 'owner');

    $this->actingAs($owner);
    $tenant->makeCurrent();
    Filament::setTenant($tenant, true);

    $backupSet = BackupSet::factory()->create([
        'tenant_id' => (int) $tenant->getKey(),
    ]);
    $backupItem = BackupItem::factory()->for($backupSet)->for($tenant)->create();

    $outsider = User::factory()->create();
    WorkspaceMembership::factory()->create([
        'workspace_id' => (int) $tenant->workspace_id,
        'user_id' => (int) $outsider->getKey(),
        'role' => 'owner',
    ]);

    $this->actingAs($outsider);
    $tenant->makeCurrent();
    Filament::setTenant($tenant, true);

    $this->get(BackupSetResource::getUrl('view', ['record' => $backupSet], tenant: $tenant))
        ->assertNotFound();
});

it('keeps actions visible but disabled for members missing capability', function (): void {
    [$readonlyUser, $tenant] = createUserWithTenant(role: 'readonly');

    $this->actingAs($readonlyUser);
    $tenant->makeCurrent();
    Filament::setTenant($tenant, true);

    $backupSet = BackupSet::factory()->create([
        'tenant_id' => (int) $tenant->getKey(),
    ]);
    $backupItem = BackupItem::factory()->for($backupSet)->for($tenant)->create();

    Livewire::test(BackupItemsRelationManager::class, [
        'ownerRecord' => $backupSet,
        'pageClass' => EditBackupSet::class,
    ])
        ->assertTableActionVisible('remove', $backupItem)
        ->assertTableActionDisabled('remove', $backupItem);
});