<?php

use App\Http\Controllers\AuditLogController;
use App\Models\AuditLog;
use App\Models\Role;
use App\Models\User;
use Illuminate\Http\Request;

it('returns unauthorized when no user', function (): void {
    $controller = new AuditLogController();
    $request = Request::create('/api/audit-logs', 'GET');
    $request->setUserResolver(fn () => null);

    $response = $controller->index($request);

    expect($response->getStatusCode())->toBe(401);
});

it('returns forbidden when user is not admin', function (): void {
    $controller = new AuditLogController();
    $user = User::factory()->create();
    $request = Request::create('/api/audit-logs', 'GET');
    $request->setUserResolver(fn () => $user);

    $response = $controller->index($request);

    expect($response->getStatusCode())->toBe(403);
});

it('returns logs for admin', function (): void {
    $controller = new AuditLogController();
    $admin = User::factory()->create();
    $role = Role::create(['name' => 'ROLE_ADMIN']);
    $admin->roles()->attach($role);

    AuditLog::create([
        'action' => 'test.action',
        'subject_type' => 'post',
        'subject_id' => 1,
        'metadata' => ['foo' => 'bar'],
        'ip_address' => '127.0.0.1',
        'user_agent' => 'test',
        'user_id' => $admin->id,
    ]);

    $request = Request::create('/api/audit-logs', 'GET');
    $request->setUserResolver(fn () => $admin);

    $response = $controller->index($request);

    expect($response->getStatusCode())->toBe(200);
    $payload = $response->getData(true);
    expect($payload)->toHaveCount(1);
    expect($payload[0]['user']['roles'][0])->toBe('ROLE_ADMIN');
});