<?php

namespace Tests\Feature;

use App\Models\Event;
use App\Models\Photo;
use App\Models\PhotoLike;
use App\Models\PhotoShareLink;
use App\Services\EventJoinTokenService;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Storage;
use Tests\TestCase;

class EventGuestPhotoDeleteTest extends TestCase
{
    use RefreshDatabase;

    public function test_guest_can_delete_own_photo(): void
    {
        $disk = config('filesystems.default', 'local');
        Storage::fake($disk);

        $event = Event::factory()->create([
            'status' => 'published',
        ]);

        $token = app(EventJoinTokenService::class)
            ->createToken($event, ['label' => 'guest'])
            ->plain_token;

        $photo = Photo::factory()->for($event)->create([
            'status' => 'approved',
            'guest_name' => 'device-123',
            'created_by_device_id' => 'device-123',
            'file_path' => "events/{$event->id}/photos/test.jpg",
            'thumbnail_path' => "events/{$event->id}/photos/thumbs/test_thumb.jpg",
        ]);

        Storage::disk($disk)->put($photo->file_path, 'file');
        Storage::disk($disk)->put($photo->thumbnail_path, 'thumb');

        PhotoShareLink::factory()->create([
            'photo_id' => $photo->id,
        ]);

        PhotoLike::create([
            'photo_id' => $photo->id,
            'guest_name' => 'device-123',
            'ip_address' => 'device',
        ]);

        $response = $this->withHeaders(['X-Device-Id' => 'device-123'])
            ->deleteJson("/api/v1/events/{$token}/photos/{$photo->id}");

        $response->assertOk();
        $response->assertJsonFragment(['photo_id' => $photo->id]);

        $this->assertDatabaseMissing('photos', ['id' => $photo->id]);
        $this->assertDatabaseMissing('photo_share_links', ['photo_id' => $photo->id]);
        $this->assertDatabaseMissing('photo_likes', ['photo_id' => $photo->id]);
        Storage::disk($disk)->assertMissing($photo->file_path);
        Storage::disk($disk)->assertMissing($photo->thumbnail_path);
    }

    public function test_guest_cannot_delete_someone_elses_photo(): void
    {
        $event = Event::factory()->create([
            'status' => 'published',
        ]);

        $token = app(EventJoinTokenService::class)
            ->createToken($event, ['label' => 'guest'])
            ->plain_token;

        $photo = Photo::factory()->for($event)->create([
            'status' => 'approved',
            'guest_name' => 'device-123',
            'created_by_device_id' => 'device-123',
        ]);

        $this->withHeaders(['X-Device-Id' => 'device-999'])
            ->deleteJson("/api/v1/events/{$token}/photos/{$photo->id}")
            ->assertForbidden();

        $this->assertDatabaseHas('photos', ['id' => $photo->id]);
    }
}