<?php

use App\Models\Role;
use App\Models\User;

test('guests cannot access the edit user page', function () {
    $user = User::factory()->create();

    $this->get(route('users.edit', $user))->assertRedirect('/login');
});

test('authenticated users can access the edit user page', function () {
    $user = User::factory()->create();

    $this->actingAs($user)
        ->get(route('users.edit', $user))
        ->assertOk()
        ->assertViewIs('users.edit')
        ->assertViewHas('user', $user)
        ->assertViewHas('roles');
});

test('edit page shows all available roles', function () {
    $roles = Role::factory()->count(3)->create();
    $user = User::factory()->create();

    $this->actingAs($user)
        ->get(route('users.edit', $user))
        ->assertOk()
        ->assertViewHas('roles', fn ($viewRoles) => $viewRoles->count() === $roles->count());
});

test('can assign roles to a user', function () {
    $user = User::factory()->create();
    $roles = Role::factory()->count(2)->create();

    $this->actingAs($user)
        ->put(route('users.update', $user), ['roles' => $roles->pluck('id')->all()])
        ->assertRedirect(route('users.index'))
        ->assertSessionHas('status', 'user-updated');

    expect($user->roles()->count())->toBe(2);
});

test('can remove all roles from a user', function () {
    $user = User::factory()->create();
    $role = Role::factory()->create();
    $user->roles()->attach($role);

    $this->actingAs($user)
        ->put(route('users.update', $user), [])
        ->assertRedirect(route('users.index'));

    expect($user->roles()->count())->toBe(0);
});

test('syncs roles replacing previous assignments', function () {
    $user = User::factory()->create();
    $oldRole = Role::factory()->create();
    $newRole = Role::factory()->create();
    $user->roles()->attach($oldRole);

    $this->actingAs($user)
        ->put(route('users.update', $user), ['roles' => [$newRole->id]]);

    expect($user->roles()->pluck('id')->all())->toBe([$newRole->id]);
});

test('role ids must exist in the database', function () {
    $user = User::factory()->create();

    $this->actingAs($user)
        ->put(route('users.update', $user), ['roles' => [999]])
        ->assertSessionHasErrors('roles.*');
});

test('guests cannot update user roles', function () {
    $user = User::factory()->create();
    $role = Role::factory()->create();

    $this->put(route('users.update', $user), ['roles' => [$role->id]])
        ->assertRedirect('/login');

    expect($user->roles()->count())->toBe(0);
});