<?php

declare(strict_types=1);

namespace Tests\Feature\Company;

use App\Models\Company;
use App\Models\Organisation;
use App\Models\User;
use Database\Seeders\RoleSeeder;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Laravel\Sanctum\Sanctum;
use Tests\TestCase;

class CompanyTest extends TestCase
{
    use RefreshDatabase;

    private User $orgAdmin;
    private User $outsider;
    private Organisation $organisation;
    private Organisation $otherOrganisation;

    protected function setUp(): void
    {
        parent::setUp();
        $this->seed(RoleSeeder::class);

        $this->organisation = Organisation::factory()->create();
        $this->otherOrganisation = Organisation::factory()->create();

        $this->orgAdmin = User::factory()->create();
        $this->organisation->users()->attach($this->orgAdmin, ['role' => 'org_admin']);

        $this->outsider = User::factory()->create();
        $this->otherOrganisation->users()->attach($this->outsider, ['role' => 'org_admin']);
    }

    public function test_index_returns_companies_for_organisation(): void
    {
        Company::factory()->count(3)->create(['organisation_id' => $this->organisation->id]);

        // Company on other org should not appear
        Company::factory()->create(['organisation_id' => $this->otherOrganisation->id]);

        Sanctum::actingAs($this->orgAdmin);

        $response = $this->getJson("/api/v1/organisations/{$this->organisation->id}/companies");

        $response->assertOk();
        $this->assertCount(3, $response->json('data'));
    }

    public function test_index_returns_companies_ordered_by_name(): void
    {
        Company::factory()->create(['organisation_id' => $this->organisation->id, 'name' => 'Zebra BV']);
        Company::factory()->create(['organisation_id' => $this->organisation->id, 'name' => 'Alpha BV']);

        Sanctum::actingAs($this->orgAdmin);

        $response = $this->getJson("/api/v1/organisations/{$this->organisation->id}/companies");

        $response->assertOk();
        $names = collect($response->json('data'))->pluck('name')->all();
        $this->assertSame(['Alpha BV', 'Zebra BV'], $names);
    }

    public function test_index_includes_persons_count(): void
    {
        $company = Company::factory()->create(['organisation_id' => $this->organisation->id]);

        Sanctum::actingAs($this->orgAdmin);

        $response = $this->getJson("/api/v1/organisations/{$this->organisation->id}/companies");

        $response->assertOk();
        $this->assertArrayHasKey('persons_count', $response->json('data.0'));
    }

    public function test_index_unauthenticated_returns_401(): void
    {
        $response = $this->getJson("/api/v1/organisations/{$this->organisation->id}/companies");

        $response->assertUnauthorized();
    }

    public function test_index_cross_org_returns_403(): void
    {
        Sanctum::actingAs($this->outsider);

        $response = $this->getJson("/api/v1/organisations/{$this->organisation->id}/companies");

        $response->assertForbidden();
    }

    public function test_store_creates_company(): void
    {
        Sanctum::actingAs($this->orgAdmin);

        $response = $this->postJson("/api/v1/organisations/{$this->organisation->id}/companies", [
            'name' => 'Catering Janssen',
            'type' => 'supplier',
            'contact_name' => 'Jan Janssen',
            'contact_email' => 'jan@janssen.nl',
            'contact_phone' => '+31612345678',
        ]);

        $response->assertCreated()
            ->assertJson(['data' => ['name' => 'Catering Janssen', 'type' => 'supplier']]);

        $this->assertDatabaseHas('companies', [
            'organisation_id' => $this->organisation->id,
            'name' => 'Catering Janssen',
            'type' => 'supplier',
        ]);
    }

    public function test_store_unauthenticated_returns_401(): void
    {
        $response = $this->postJson("/api/v1/organisations/{$this->organisation->id}/companies", [
            'name' => 'Test BV',
            'type' => 'supplier',
        ]);

        $response->assertUnauthorized();
    }

    public function test_store_cross_org_returns_403(): void
    {
        Sanctum::actingAs($this->outsider);

        $response = $this->postJson("/api/v1/organisations/{$this->organisation->id}/companies", [
            'name' => 'Test BV',
            'type' => 'supplier',
        ]);

        $response->assertForbidden();
    }

    public function test_store_missing_name_returns_422(): void
    {
        Sanctum::actingAs($this->orgAdmin);

        $response = $this->postJson("/api/v1/organisations/{$this->organisation->id}/companies", [
            'type' => 'supplier',
        ]);

        $response->assertUnprocessable()
            ->assertJsonValidationErrors('name');
    }

    public function test_store_invalid_type_returns_422(): void
    {
        Sanctum::actingAs($this->orgAdmin);

        $response = $this->postJson("/api/v1/organisations/{$this->organisation->id}/companies", [
            'name' => 'Test BV',
            'type' => 'invalid_type',
        ]);

        $response->assertUnprocessable()
            ->assertJsonValidationErrors('type');
    }

    public function test_show_returns_company(): void
    {
        $company = Company::factory()->create([
            'organisation_id' => $this->organisation->id,
            'name' => 'Test BV',
        ]);

        Sanctum::actingAs($this->orgAdmin);

        $response = $this->getJson("/api/v1/organisations/{$this->organisation->id}/companies/{$company->id}");

        $response->assertOk()
            ->assertJson(['data' => ['name' => 'Test BV']]);
    }

    public function test_show_cross_org_returns_403(): void
    {
        $company = Company::factory()->create([
            'organisation_id' => $this->organisation->id,
        ]);

        Sanctum::actingAs($this->outsider);

        $response = $this->getJson("/api/v1/organisations/{$this->organisation->id}/companies/{$company->id}");

        $response->assertForbidden();
    }

    public function test_update_company(): void
    {
        $company = Company::factory()->create([
            'organisation_id' => $this->organisation->id,
            'name' => 'Old Name',
        ]);

        Sanctum::actingAs($this->orgAdmin);

        $response = $this->putJson("/api/v1/organisations/{$this->organisation->id}/companies/{$company->id}", [
            'name' => 'New Name',
            'type' => 'partner',
        ]);

        $response->assertOk()
            ->assertJson(['data' => ['name' => 'New Name', 'type' => 'partner']]);
    }

    public function test_update_cross_org_returns_403(): void
    {
        $company = Company::factory()->create([
            'organisation_id' => $this->organisation->id,
        ]);

        Sanctum::actingAs($this->outsider);

        $response = $this->putJson("/api/v1/organisations/{$this->organisation->id}/companies/{$company->id}", [
            'name' => 'Hacked',
        ]);

        $response->assertForbidden();
    }

    public function test_destroy_soft_deletes_company(): void
    {
        $company = Company::factory()->create([
            'organisation_id' => $this->organisation->id,
        ]);

        Sanctum::actingAs($this->orgAdmin);

        $response = $this->deleteJson("/api/v1/organisations/{$this->organisation->id}/companies/{$company->id}");

        $response->assertNoContent();
        $this->assertSoftDeleted('companies', ['id' => $company->id]);
    }

    public function test_destroy_cross_org_returns_403(): void
    {
        $company = Company::factory()->create([
            'organisation_id' => $this->organisation->id,
        ]);

        Sanctum::actingAs($this->outsider);

        $response = $this->deleteJson("/api/v1/organisations/{$this->organisation->id}/companies/{$company->id}");

        $response->assertForbidden();
    }
}