defmodule MvWeb.MemberLiveAuthorizationTest do
  @moduledoc """
  Tests for UI authorization on Member LiveViews (Index and Show).
  """
  use MvWeb.ConnCase, async: false

  import Phoenix.LiveViewTest

  alias Mv.Fixtures

  describe "Member Index - Vorstand (read_only)" do
    @tag role: :read_only
    test "sees member list but not New Member button", %{conn: conn} do
      _member = Fixtures.member_fixture()

      {:ok, view, _html} = live(conn, "/members")

      refute has_element?(view, "[data-testid=member-new]")
    end

    @tag role: :read_only
    test "does not see Edit or Delete buttons in table", %{conn: conn} do
      member = Fixtures.member_fixture()

      {:ok, view, _html} = live(conn, "/members")

      # Index table has no Edit/Delete per row (only sr-only Show link); ensure they are not present
      refute has_element?(view, "#row-#{member.id} [data-testid=member-edit]")
      refute has_element?(view, "#row-#{member.id} [data-testid=member-delete]")
    end
  end

  describe "Member Index - Kassenwart (normal_user)" do
    @tag role: :normal_user
    test "sees New Member and Show link in row", %{conn: conn} do
      member = Fixtures.member_fixture()

      {:ok, view, _html} = live(conn, "/members")

      assert has_element?(view, "[data-testid=member-new]")
      # Index table action column has sr-only Show link only (Edit is on member show page)
      assert has_element?(view, "#row-#{member.id} [data-testid=member-show-link]")
    end

    @tag role: :normal_user
    test "does not see Delete button in table", %{conn: conn} do
      member = Fixtures.member_fixture()

      {:ok, view, _html} = live(conn, "/members")

      refute has_element?(view, "#row-#{member.id} [data-testid=member-delete]")
    end
  end

  describe "Member Index - Admin" do
    @tag role: :admin
    test "sees New Member and Show link in row", %{conn: conn} do
      member = Fixtures.member_fixture()

      {:ok, view, _html} = live(conn, "/members")

      assert has_element?(view, "[data-testid=member-new]")
      # Index table action column has sr-only Show link only (Edit/Delete are on member show page)
      assert has_element?(view, "#row-#{member.id} [data-testid=member-show-link]")
    end
  end

  describe "Member Index - Mitglied (own_data)" do
    @tag role: :member
    test "is redirected when accessing /members", %{conn: conn, current_user: user} do
      assert {:error, {:redirect, %{to: to}}} = live(conn, "/members")
      assert to == "/users/#{user.id}"
    end
  end

  describe "Member Show - Edit button visibility" do
    @tag role: :admin
    test "admin sees Edit button", %{conn: conn} do
      member = Fixtures.member_fixture()

      {:ok, view, _html} = live(conn, "/members/#{member.id}")

      assert has_element?(view, "[data-testid=member-edit]")
    end

    @tag role: :read_only
    test "read_only does not see Edit button", %{conn: conn} do
      member = Fixtures.member_fixture()

      {:ok, view, _html} = live(conn, "/members/#{member.id}")

      refute has_element?(view, "[data-testid=member-edit]")
    end

    @tag role: :normal_user
    test "normal_user sees Edit button", %{conn: conn} do
      member = Fixtures.member_fixture()

      {:ok, view, _html} = live(conn, "/members/#{member.id}")

      assert has_element?(view, "[data-testid=member-edit]")
    end
  end
end