import { test, expect } from '@playwright/test';
import { login } from './helpers/auth';

/**
 * Permission E2E tests.
 *
 * Two describe blocks form the full story:
 * 1. Admin user — can see all write controls.
 * 2. Read-only user ("reader", seeded in DataInitializer with READ_ALL only) —
 *    can browse content but sees no write controls anywhere.
 */

test.describe('Write permissions — admin user', () => {
	test('admin user sees Neues Dokument link on home page', async ({ page }) => {
		await page.goto('/');
		await expect(page.getByRole('link', { name: /Neues Dokument/i })).toBeVisible();
	});

	test('admin user sees Neue Person link on persons page', async ({ page }) => {
		await page.goto('/persons');
		await expect(page.getByRole('link', { name: /Neue Person/i })).toBeVisible();
	});

	test('admin user can navigate to /persons/new', async ({ page }) => {
		await page.goto('/persons/new');
		await expect(page).toHaveURL('/persons/new');
		await expect(page.getByLabel('Vorname')).toBeVisible();
	});

	test('admin user can navigate to /documents/new', async ({ page }) => {
		await page.goto('/documents/new');
		await expect(page).toHaveURL('/documents/new');
	});

	test('admin user sees edit button on person detail page', async ({ page }) => {
		await page.goto('/persons');
		const firstPerson = page.locator('a[href^="/persons/"]:not([href="/persons/new"])').first();
		await firstPerson.click();
		await expect(page.getByRole('button', { name: /Bearbeiten/i })).toBeVisible();
	});
});

// ── Read-only user journey ─────────────────────────────────────────────────────
//
// The "reader" user is seeded by DataInitializer (e2e profile) with READ_ALL only.
// They can browse documents and persons but must not see any mutation controls.

test.describe('Read-only user — no write controls visible', () => {
	// Fresh session — no shared admin cookies
	test.use({ storageState: { cookies: [], origins: [] } });

	test.beforeEach(async ({ page }) => {
		await login(page, 'reader', 'reader123');
	});

	test('read-only user is redirected to home after login', async ({ page }) => {
		await expect(page).toHaveURL('/');
		await page.screenshot({ path: 'test-results/e2e/permissions-reader-home.png' });
	});

	test('home page does not show the "Neues Dokument" link', async ({ page }) => {
		await expect(page.getByRole('link', { name: /Neues Dokument/i })).not.toBeVisible();
		await page.screenshot({ path: 'test-results/e2e/permissions-reader-no-new-doc.png' });
	});

	test('persons page does not show the "Neue Person" link', async ({ page }) => {
		await page.goto('/persons');
		await expect(page.getByRole('link', { name: /Neue Person/i })).not.toBeVisible();
		await page.screenshot({ path: 'test-results/e2e/permissions-reader-no-new-person.png' });
	});

	test('person detail page does not show the edit button', async ({ page }) => {
		await page.goto('/persons');
		const firstPerson = page.locator('a[href^="/persons/"]:not([href="/persons/new"])').first();
		await firstPerson.click();
		await page.waitForSelector('[data-hydrated]');
		await expect(page.getByRole('button', { name: /Bearbeiten/i })).not.toBeVisible();
		await page.screenshot({ path: 'test-results/e2e/permissions-reader-no-edit.png' });
	});

	test('navigating directly to /documents/new redirects away', async ({ page }) => {
		await page.goto('/documents/new');
		// Read-only user should not be able to access the new document form
		await expect(page).not.toHaveURL('/documents/new');
		await page.screenshot({ path: 'test-results/e2e/permissions-reader-no-new-doc-direct.png' });
	});
});