<?php

namespace Tests\Feature;

use App\Models\Order;
use App\Models\Role;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Tests\TestCase;

class AuthorizationTest extends TestCase
{
    use RefreshDatabase;

    protected $seed = true;

    private User $adminUser;
    private User $managerUser;
    private User $brigadierUser;

    protected function setUp(): void
    {
        parent::setUp();

        $this->adminUser = User::factory()->create(['role' => Role::ADMIN]);
        $this->managerUser = User::factory()->create(['role' => Role::MANAGER]);
        $this->brigadierUser = User::factory()->create(['role' => Role::BRIGADIER]);
    }

    // ==================== Admin-only routes ====================

    public function test_only_admin_can_access_admin_areas(): void
    {
        // Guest
        $this->get(route('admin.area.index'))->assertRedirect(route('login'));

        // Brigadier
        $this->actingAs($this->brigadierUser)
            ->get(route('admin.area.index'))
            ->assertStatus(403);

        // Manager
        $this->actingAs($this->managerUser)
            ->get(route('admin.area.index'))
            ->assertStatus(403);

        // Admin
        $this->actingAs($this->adminUser)
            ->get(route('admin.area.index'))
            ->assertStatus(200);
    }

    public function test_only_admin_can_access_admin_districts(): void
    {
        $this->get(route('admin.district.index'))->assertRedirect(route('login'));

        $this->actingAs($this->brigadierUser)
            ->get(route('admin.district.index'))
            ->assertStatus(403);

        $this->actingAs($this->managerUser)
            ->get(route('admin.district.index'))
            ->assertStatus(403);

        $this->actingAs($this->adminUser)
            ->get(route('admin.district.index'))
            ->assertStatus(200);
    }

    public function test_only_admin_can_access_user_management(): void
    {
        $this->get(route('user.index'))->assertRedirect(route('login'));

        $this->actingAs($this->brigadierUser)
            ->get(route('user.index'))
            ->assertStatus(403);

        $this->actingAs($this->managerUser)
            ->get(route('user.index'))
            ->assertStatus(403);

        $this->actingAs($this->adminUser)
            ->get(route('user.index'))
            ->assertStatus(200);
    }

    // ==================== Manager cannot delete users ====================

    public function test_manager_cannot_delete_user(): void
    {
        $targetUser = User::factory()->create(['role' => Role::BRIGADIER]);

        $this->actingAs($this->managerUser)
            ->delete(route('user.destroy', $targetUser))
            ->assertStatus(403);
    }

    public function test_admin_can_delete_user(): void
    {
        $targetUser = User::factory()->create(['role' => Role::BRIGADIER]);

        $this->actingAs($this->adminUser)
            ->delete(route('user.destroy', $targetUser))
            ->assertRedirect();

        $this->assertSoftDeleted('users', ['id' => $targetUser->id]);
    }

    // ==================== Brigadier access restrictions ====================

    public function test_brigadier_can_access_orders_index(): void
    {
        $this->actingAs($this->brigadierUser)
            ->get(route('order.index'))
            ->assertStatus(200);
    }

    public function test_brigadier_cannot_access_admin_panel(): void
    {
        $this->actingAs($this->brigadierUser)
            ->get(route('admin.area.index'))
            ->assertStatus(403);

        $this->actingAs($this->brigadierUser)
            ->get(route('admin.district.index'))
            ->assertStatus(403);
    }

    public function test_brigadier_cannot_access_user_management(): void
    {
        $this->actingAs($this->brigadierUser)
            ->get(route('user.index'))
            ->assertStatus(403);
    }

    // ==================== Manager access ====================

    public function test_manager_can_access_orders(): void
    {
        $this->actingAs($this->managerUser)
            ->get(route('order.index'))
            ->assertStatus(200);
    }

    public function test_manager_can_access_reclamations(): void
    {
        $this->actingAs($this->managerUser)
            ->get(route('reclamations.index'))
            ->assertStatus(200);
    }

    // ==================== Guest redirects ====================

    public function test_guest_redirected_from_order(): void
    {
        $this->get(route('order.index'))->assertRedirect(route('login'));
    }

    public function test_guest_redirected_from_reclamations(): void
    {
        $this->get(route('reclamations.index'))->assertRedirect(route('login'));
    }

    public function test_guest_redirected_from_schedule(): void
    {
        $this->get(route('schedule.index'))->assertRedirect(route('login'));
    }
}