package role

import (
	"errors"
	"testing"
	"time"

	permModel "perms-system-server/internal/model/perm"
	roleModel "perms-system-server/internal/model/role"
	"perms-system-server/internal/model/roleperm"
	"perms-system-server/internal/model/userrole"
	"perms-system-server/internal/response"
	"perms-system-server/internal/svc"
	"perms-system-server/internal/testutil"
	"perms-system-server/internal/testutil/ctxhelper"
	"perms-system-server/internal/types"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
)

// TC-0126: 正常删除+级联
func TestDeleteRole_WithCascading(t *testing.T) {
	ctx := ctxhelper.SuperAdminCtx()
	svcCtx := svc.NewServiceContext(testutil.GetTestConfig())
	conn := testutil.GetTestSqlConn()
	now := time.Now().Unix()
	pc := testutil.UniqueId()

	roleRes, err := svcCtx.SysRoleModel.Insert(ctx, &roleModel.SysRole{
		ProductCode: pc, Name: testutil.UniqueId(), Status: 1, PermsLevel: 1,
		CreateTime: now, UpdateTime: now,
	})
	require.NoError(t, err)
	roleId, _ := roleRes.LastInsertId()

	pRes, err := svcCtx.SysPermModel.Insert(ctx, &permModel.SysPerm{
		ProductCode: pc, Name: testutil.UniqueId(), Code: testutil.UniqueId(),
		Status: 1, CreateTime: now, UpdateTime: now,
	})
	require.NoError(t, err)
	permId, _ := pRes.LastInsertId()

	rpRes, err := svcCtx.SysRolePermModel.Insert(ctx, &roleperm.SysRolePerm{
		RoleId: roleId, PermId: permId, CreateTime: now, UpdateTime: now,
	})
	require.NoError(t, err)
	rpId, _ := rpRes.LastInsertId()

	urRes, err := svcCtx.SysUserRoleModel.Insert(ctx, &userrole.SysUserRole{
		UserId: 888888, RoleId: roleId, CreateTime: now, UpdateTime: now,
	})
	require.NoError(t, err)
	urId, _ := urRes.LastInsertId()

	t.Cleanup(func() {
		testutil.CleanTable(ctx, conn, "`sys_role_perm`", rpId)
		testutil.CleanTable(ctx, conn, "`sys_user_role`", urId)
		testutil.CleanTable(ctx, conn, "`sys_role`", roleId)
		testutil.CleanTable(ctx, conn, "`sys_perm`", permId)
	})

	logic := NewDeleteRoleLogic(ctx, svcCtx)
	err = logic.DeleteRole(&types.DeleteRoleReq{Id: roleId})
	require.NoError(t, err)

	_, err = svcCtx.SysRoleModel.FindOne(ctx, roleId)
	assert.Error(t, err)

	permIds, err := svcCtx.SysRolePermModel.FindPermIdsByRoleId(ctx, roleId)
	require.NoError(t, err)
	assert.Empty(t, permIds)

	roleIds, err := svcCtx.SysUserRoleModel.FindRoleIdsByUserId(ctx, 888888)
	require.NoError(t, err)
	assert.NotContains(t, roleIds, roleId)
}

// TC-0128: 无关联数据
func TestDeleteRole_NoAssociations(t *testing.T) {
	ctx := ctxhelper.SuperAdminCtx()
	svcCtx := svc.NewServiceContext(testutil.GetTestConfig())
	conn := testutil.GetTestSqlConn()
	now := time.Now().Unix()
	pc := testutil.UniqueId()

	roleRes, err := svcCtx.SysRoleModel.Insert(ctx, &roleModel.SysRole{
		ProductCode: pc, Name: testutil.UniqueId(), Status: 1, PermsLevel: 1,
		CreateTime: now, UpdateTime: now,
	})
	require.NoError(t, err)
	roleId, _ := roleRes.LastInsertId()

	t.Cleanup(func() {
		testutil.CleanTable(ctx, conn, "`sys_role`", roleId)
	})

	logic := NewDeleteRoleLogic(ctx, svcCtx)
	err = logic.DeleteRole(&types.DeleteRoleReq{Id: roleId})
	require.NoError(t, err)

	_, err = svcCtx.SysRoleModel.FindOne(ctx, roleId)
	assert.Error(t, err)
}

// TC-1120: L-R14-1 非超管 DeleteRole 针对别产品的 roleId 必须 404 "角色不存在"，
// 与 RoleDetail 的 M-N3 / UpdateRole 的 TC-1119 口径一致。
func TestDeleteRole_L_R14_1_CrossProductReturns404(t *testing.T) {
	ctx := ctxhelper.SuperAdminCtx()
	svcCtx := svc.NewServiceContext(testutil.GetTestConfig())
	conn := testutil.GetTestSqlConn()
	now := time.Now().Unix()

	otherProduct := "l_r14_1_del_" + testutil.UniqueId()
	res, err := svcCtx.SysRoleModel.Insert(ctx, &roleModel.SysRole{
		ProductCode: otherProduct, Name: testutil.UniqueId(), Status: 1, PermsLevel: 1,
		CreateTime: now, UpdateTime: now,
	})
	require.NoError(t, err)
	roleId, _ := res.LastInsertId()
	t.Cleanup(func() { testutil.CleanTable(ctx, conn, "`sys_role`", roleId) })

	adminCtx := ctxhelper.AdminCtx("test_product")
	err = NewDeleteRoleLogic(adminCtx, svcCtx).DeleteRole(&types.DeleteRoleReq{Id: roleId})
	require.Error(t, err)

	var ce *response.CodeError
	require.True(t, errors.As(err, &ce))
	assert.Equal(t, 404, ce.Code(), "跨产品 roleId 必须 404")
	assert.Equal(t, "角色不存在", ce.Error(), "文案必须与 id 不存在完全一致")

	// DB 必须保持原状
	still, err := svcCtx.SysRoleModel.FindOne(ctx, roleId)
	require.NoError(t, err, "跨产品拒绝的 DeleteRole 不得真的删角色")
	assert.Equal(t, roleId, still.Id)
}

// TC-0540: deleteRole非管理员拒绝
func TestDeleteRole_MemberRejected(t *testing.T) {
	pc := "test_product"
	ctx := ctxhelper.MemberCtx(pc)
	svcCtx := svc.NewServiceContext(testutil.GetTestConfig())
	conn := testutil.GetTestSqlConn()
	now := time.Now().Unix()

	roleRes, err := svcCtx.SysRoleModel.Insert(ctx, &roleModel.SysRole{
		ProductCode: pc, Name: testutil.UniqueId(), Status: 1, PermsLevel: 1,
		CreateTime: now, UpdateTime: now,
	})
	require.NoError(t, err)
	roleId, _ := roleRes.LastInsertId()
	t.Cleanup(func() { testutil.CleanTable(ctx, conn, "`sys_role`", roleId) })

	logic := NewDeleteRoleLogic(ctx, svcCtx)
	err = logic.DeleteRole(&types.DeleteRoleReq{Id: roleId})
	require.Error(t, err)
	var ce *response.CodeError
	require.True(t, errors.As(err, &ce))
	assert.Equal(t, 403, ce.Code())
}