<?php

namespace Tests\Feature;

use App\Models\Permission;
use App\Models\Role;
use App\Models\User;
use Database\Seeders\RbacSeeder;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Http\UploadedFile;
use Illuminate\Support\Facades\Bus;
use Tests\TestCase;

class RoutePermissionMiddlewareTest extends TestCase
{
    use RefreshDatabase;

    protected function setUp(): void
    {
        parent::setUp();

        $this->seed(RbacSeeder::class);
    }

    public function test_mapped_auth_route_requires_permission_for_rbac_user(): void
    {
        $role = Role::query()->create([
            'slug' => 'no_orders',
            'name' => 'No orders',
            'is_system' => false,
            'is_active' => true,
        ]);
        $user = User::factory()->create(['role' => $role->slug, 'role_id' => $role->id]);

        $this->actingAs($user)
            ->get(route('order.index'))
            ->assertForbidden();
    }

    public function test_mapped_auth_route_allows_permission_for_rbac_user(): void
    {
        $permission = Permission::query()->where('slug', 'orders.view')->firstOrFail();
        $role = Role::query()->create([
            'slug' => 'orders_viewer',
            'name' => 'Orders viewer',
            'is_system' => false,
            'is_active' => true,
        ]);
        $role->permissions()->sync([
            $permission->id => ['effect' => 'allow'],
        ]);
        $user = User::factory()->create(['role' => $role->slug, 'role_id' => $role->id]);

        $this->actingAs($user)
            ->get(route('order.index'))
            ->assertOk();
    }

    public function test_catalog_import_requires_catalog_import_permission(): void
    {
        Bus::fake();

        $importPermission = Permission::query()->where('slug', 'import.create')->firstOrFail();
        $role = Role::query()->create([
            'slug' => 'generic_importer',
            'name' => 'Generic importer',
            'is_system' => false,
            'is_active' => true,
        ]);
        $role->permissions()->sync([
            $importPermission->id => ['effect' => 'allow'],
        ]);
        $user = User::factory()->create(['role' => $role->slug, 'role_id' => $role->id]);

        $this->actingAs($user)
            ->post(route('import.create'), [
                'type' => 'catalog',
                'import_file' => UploadedFile::fake()->create('catalog.xlsx', 10),
            ])
            ->assertForbidden();
    }

    public function test_catalog_import_allows_catalog_import_permission(): void
    {
        Bus::fake();

        $permission = Permission::query()->where('slug', 'catalog.import')->firstOrFail();
        $role = Role::query()->create([
            'slug' => 'catalog_importer',
            'name' => 'Catalog importer',
            'is_system' => false,
            'is_active' => true,
        ]);
        $role->permissions()->sync([
            $permission->id => ['effect' => 'allow'],
        ]);
        $user = User::factory()->create(['role' => $role->slug, 'role_id' => $role->id]);

        $this->actingAs($user)
            ->post(route('import.create'), [
                'type' => 'catalog',
                'import_file' => UploadedFile::fake()->create('catalog.xlsx', 10),
            ])
            ->assertRedirect(route('import.index'));
    }
}