<?php

use App\Concerns\AuthorizesPermissions;
use App\Enums\Permission;
use App\Enums\WorkspaceUserRole;
use App\Models\User;
use App\Models\Workspace;

uses(Tests\TestCase::class, Illuminate\Foundation\Testing\RefreshDatabase::class);

// Create a testable class that uses the trait
function createPermissionChecker(): object
{
    return new class
    {
        use AuthorizesPermissions;

        public function check(string $permission): void
        {
            $this->authorizePermission($permission);
        }
    };
}

function setupWorkspaceUser(string $role, array $permissions = []): array
{
    $user = User::factory()->create();
    $workspace = Workspace::factory()->create();
    $workspace->users()->attach($user->id, [
        'role' => $role,
        'permissions' => $permissions,
    ]);
    session(['current_workspace_id' => $workspace->id]);

    return [$user, $workspace];
}

test('owner always passes permission check', function () {
    [$user] = setupWorkspaceUser(WorkspaceUserRole::Owner);
    $this->actingAs($user);

    $checker = createPermissionChecker();
    $checker->check(Permission::CanManageTeam);

    expect(true)->toBeTrue(); // No exception thrown
});

test('worker always fails permission check with 404', function () {
    [$user] = setupWorkspaceUser(WorkspaceUserRole::Worker);
    $this->actingAs($user);

    $checker = createPermissionChecker();
    $checker->check(Permission::CanManageTeam);
})->throws(Symfony\Component\HttpKernel\Exception\NotFoundHttpException::class);

test('manager with granted permission passes', function () {
    [$user] = setupWorkspaceUser(WorkspaceUserRole::Manager, [
        Permission::CanViewActivityLogs => true,
    ]);
    $this->actingAs($user);

    $checker = createPermissionChecker();
    $checker->check(Permission::CanViewActivityLogs);

    expect(true)->toBeTrue(); // No exception thrown
});

test('manager with denied permission fails with 404', function () {
    [$user] = setupWorkspaceUser(WorkspaceUserRole::Manager, [
        Permission::CanManageTeam => false,
    ]);
    $this->actingAs($user);

    $checker = createPermissionChecker();
    $checker->check(Permission::CanManageTeam);
})->throws(Symfony\Component\HttpKernel\Exception\NotFoundHttpException::class);

test('manager with unknown permission key defaults to false and fails with 404', function () {
    [$user] = setupWorkspaceUser(WorkspaceUserRole::Manager, []);
    $this->actingAs($user);

    $checker = createPermissionChecker();
    $checker->check('some_unknown_permission');
})->throws(Symfony\Component\HttpKernel\Exception\NotFoundHttpException::class);

test('manager with empty permissions fails with 404', function () {
    [$user] = setupWorkspaceUser(WorkspaceUserRole::Manager, []);
    $this->actingAs($user);

    $checker = createPermissionChecker();
    $checker->check(Permission::CanConfigurePortal);
})->throws(Symfony\Component\HttpKernel\Exception\NotFoundHttpException::class);