<?php

namespace Tests\Feature;

use App\Models\Permission;
use App\Models\Role;
use App\Models\User;
use Database\Seeders\RbacSeeder;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Http\UploadedFile;
use Illuminate\Support\Facades\Bus;
use Tests\TestCase;

class RoutePermissionMiddlewareTest extends TestCase
{
    use RefreshDatabase;

    protected $seed = true;

    protected function setUp(): void
    {
        parent::setUp();

        $this->seed(RbacSeeder::class);
    }

    public function test_mapped_auth_route_requires_permission_for_rbac_user(): void
    {
        $role = Role::query()->create([
            'slug' => 'no_orders',
            'name' => 'No orders',
            'is_system' => false,
            'is_active' => true,
        ]);
        $user = User::factory()->create(['role' => $role->slug, 'role_id' => $role->id]);

        $this->actingAs($user)
            ->get(route('order.index'))
            ->assertForbidden();
    }

    public function test_mapped_auth_route_allows_permission_for_rbac_user(): void
    {
        $permission = Permission::query()->where('slug', 'orders.view')->firstOrFail();
        $role = Role::query()->create([
            'slug' => 'orders_viewer',
            'name' => 'Orders viewer',
            'is_system' => false,
            'is_active' => true,
        ]);
        $role->permissions()->sync([
            $permission->id => ['effect' => 'allow'],
        ]);
        $user = User::factory()->create(['role' => $role->slug, 'role_id' => $role->id]);

        $this->actingAs($user)
            ->get(route('order.index'))
            ->assertOk();
    }

    public function test_catalog_import_requires_catalog_import_permission(): void
    {
        Bus::fake();

        $importPermission = Permission::query()->where('slug', 'import.create')->firstOrFail();
        $role = Role::query()->create([
            'slug' => 'generic_importer',
            'name' => 'Generic importer',
            'is_system' => false,
            'is_active' => true,
        ]);
        $role->permissions()->sync([
            $importPermission->id => ['effect' => 'allow'],
        ]);
        $user = User::factory()->create(['role' => $role->slug, 'role_id' => $role->id]);

        $this->actingAs($user)
            ->post(route('import.create'), [
                'type' => 'catalog',
                'import_file' => UploadedFile::fake()->create('catalog.xlsx', 10),
            ])
            ->assertForbidden();
    }

    public function test_catalog_import_allows_catalog_import_permission(): void
    {
        Bus::fake();

        $permission = Permission::query()->where('slug', 'catalog.import')->firstOrFail();
        $role = Role::query()->create([
            'slug' => 'catalog_importer',
            'name' => 'Catalog importer',
            'is_system' => false,
            'is_active' => true,
        ]);
        $role->permissions()->sync([
            $permission->id => ['effect' => 'allow'],
        ]);
        $user = User::factory()->create(['role' => $role->slug, 'role_id' => $role->id]);

        $this->actingAs($user)
            ->post(route('import.create'), [
                'type' => 'catalog',
                'import_file' => UploadedFile::fake()->create('catalog.xlsx', 10),
            ])
            ->assertRedirect(route('import.index'));
    }

    public function test_custom_role_with_admin_permissions_can_open_admin_routes(): void
    {
        $user = $this->createUserWithAllPermissions('root_admin_routes');

        $this->actingAs($user)
            ->get(route('admin.roles.index'))
            ->assertOk()
            ->assertSee('Роли и права');
    }

    public function test_custom_role_with_admin_permissions_sees_admin_catalog_actions(): void
    {
        $user = $this->createUserWithAllPermissions('root_catalog_ui');

        $this->actingAs($user)
            ->get(route('catalog.index'))
            ->assertOk()
            ->assertSee(route('catalog.create'), false)
            ->assertSee('data-bs-target="#importModal"', false)
            ->assertSee('data-bs-target="#exportModal"', false);
    }

    private function createUserWithAllPermissions(string $slug): User
    {
        $role = Role::query()->create([
            'slug' => $slug,
            'name' => $slug,
            'is_system' => false,
            'is_active' => true,
        ]);
        $permissions = Permission::query()
            ->pluck('id')
            ->mapWithKeys(fn (int $id): array => [$id => ['effect' => 'allow']]);
        $role->permissions()->sync($permissions);

        return User::factory()->create(['role' => $role->slug, 'role_id' => $role->id]);
    }
}