import { test, expect } from '@playwright/test';

test.describe('权限边界测试', () => {
  test.describe.configure({ mode: 'serial' });

  const timestamp = Date.now();
  const normalUsername = `normal_user_${timestamp}`;
  const normalPassword = 'Test@123';

  test('准备：创建普通用户', async ({ page }) => {
    await test.step('管理员登录', async () => {
      await page.goto('/login');
      await page.fill('input[type="text"]', 'admin');
      await page.fill('input[type="password"]', 'Test@123');
      await page.click('button:has-text("登录")');
      await page.waitForURL(/.*dashboard/, { timeout: 10000 });
    });

    await test.step('导航到用户管理', async () => {
      await page.goto('/dashboard');
      await page.waitForLoadState('networkidle');
      await page.locator('text=系统管理').click();
      await page.waitForTimeout(500);
      await page.locator('text=用户管理').click();
      await page.waitForLoadState('networkidle');
      await expect(page).toHaveURL(/.*users/, { timeout: 10000 });
    });

    await test.step('创建普通用户', async () => {
      await page.locator('button:has-text("新增用户")').click();
      await page.waitForSelector('.el-dialog', { state: 'visible', timeout: 5000 });

      const dialog = page.locator('.el-dialog');
      await dialog.locator('input').first().fill(normalUsername);
      await dialog.locator('input[type="password"]').fill(normalPassword);
      await dialog.locator('input').nth(2).fill(`普通用户${timestamp}`);
      await dialog.locator('input').nth(3).fill(`normal_${timestamp}@example.com`);
      await dialog.locator('input').nth(4).fill('13800138001');

      await page.locator('.el-dialog button:has-text("确定")').click();
      await page.waitForSelector('.el-dialog', { state: 'hidden', timeout: 10000 });
      await expect(page.locator('.el-message--success')).toBeVisible({ timeout: 5000 });
    });

    await test.step('分配普通用户角色', async () => {
      await page.reload();
      await page.waitForLoadState('networkidle');
      await page.waitForTimeout(1000);

      const userRow = page.locator(`tr:has-text("${normalUsername}")`);
      await expect(userRow).toBeVisible({ timeout: 10000 });

      await userRow.locator('button:has-text("分配角色")').click();
      await page.waitForSelector('.el-dialog:has-text("分配角色")', { state: 'visible', timeout: 5000 });

      const transfer = page.locator('.el-transfer');
      const availableRole = transfer.locator('.el-transfer-panel').first().locator('.el-checkbox:has-text("普通用户")');
      if (await availableRole.isVisible()) {
        await availableRole.click();
        await page.waitForTimeout(500);
      }

      await page.locator('.el-dialog:has-text("分配角色") button:has-text("确定")').click();
      await page.waitForSelector('.el-dialog:has-text("分配角色")', { state: 'hidden', timeout: 10000 });
      await expect(page.locator('.el-message--success')).toBeVisible({ timeout: 5000 });
    });

    await test.step('管理员登出', async () => {
      await page.locator('.el-dropdown-link').click();
      await page.waitForTimeout(500);
      await page.locator('text=退出登录').click();
      await page.waitForURL(/.*login/, { timeout: 10000 });
    });
  });

  test('普通用户登录', async ({ page }) => {
    await test.step('普通用户登录', async () => {
      await page.goto('/login');
      await page.fill('input[type="text"]', normalUsername);
      await page.fill('input[type="password"]', normalPassword);
      await page.click('button:has-text("登录")');
      await page.waitForURL(/.*dashboard/, { timeout: 10000 });
    });

    await test.step('验证登录成功', async () => {
      await expect(page.locator('text=仪表盘')).toBeVisible({ timeout: 5000 });
    });
  });

  test('普通用户不能访问用户管理页面', async ({ page }) => {
    await test.step('普通用户登录', async () => {
      await page.goto('/login');
      await page.fill('input[type="text"]', normalUsername);
      await page.fill('input[type="password"]', normalPassword);
      await page.click('button:has-text("登录")');
      await page.waitForURL(/.*dashboard/, { timeout: 10000 });
    });

    await test.step('尝试直接访问用户管理页面', async () => {
      await page.goto('/dashboard/system/users');
      await page.waitForLoadState('networkidle');
    });

    await test.step('验证被重定向或显示无权限提示', async () => {
      const currentUrl = page.url();
      const hasNoPermission = await page.locator('text=无权限').isVisible().catch(() => false);
      const isRedirected = !currentUrl.includes('/users');

      expect(hasNoPermission || isRedirected).toBeTruthy();
    });
  });

  test('普通用户不能访问角色管理页面', async ({ page }) => {
    await test.step('普通用户登录', async () => {
      await page.goto('/login');
      await page.fill('input[type="text"]', normalUsername);
      await page.fill('input[type="password"]', normalPassword);
      await page.click('button:has-text("登录")');
      await page.waitForURL(/.*dashboard/, { timeout: 10000 });
    });

    await test.step('尝试直接访问角色管理页面', async () => {
      await page.goto('/dashboard/system/roles');
      await page.waitForLoadState('networkidle');
    });

    await test.step('验证被重定向或显示无权限提示', async () => {
      const currentUrl = page.url();
      const hasNoPermission = await page.locator('text=无权限').isVisible().catch(() => false);
      const isRedirected = !currentUrl.includes('/roles');

      expect(hasNoPermission || isRedirected).toBeTruthy();
    });
  });

  test('普通用户不能创建用户', async ({ page }) => {
    await test.step('普通用户登录', async () => {
      await page.goto('/login');
      await page.fill('input[type="text"]', normalUsername);
      await page.fill('input[type="password"]', normalPassword);
      await page.click('button:has-text("登录")');
      await page.waitForURL(/.*dashboard/, { timeout: 10000 });
    });

    await test.step('尝试通过API创建用户', async () => {
      const response = await page.request.post('http://localhost:8084/api/users', {
        headers: {
          'Content-Type': 'application/json',
        },
        data: {
          username: `unauthorized_user_${Date.now()}`,
          password: 'Test@123',
          nickname: '未授权用户',
          email: `unauthorized_${Date.now()}@example.com`,
          phone: '13800138002',
        },
      });

      expect(response.status()).toBe(401);
    });
  });

  test('清理：删除测试用户', async ({ page }) => {
    await test.step('管理员登录', async () => {
      await page.goto('/login');
      await page.fill('input[type="text"]', 'admin');
      await page.fill('input[type="password"]', 'Test@123');
      await page.click('button:has-text("登录")');
      await page.waitForURL(/.*dashboard/, { timeout: 10000 });
    });

    await test.step('导航到用户管理', async () => {
      await page.goto('/dashboard');
      await page.waitForLoadState('networkidle');
      await page.locator('text=系统管理').click();
      await page.waitForTimeout(500);
      await page.locator('text=用户管理').click();
      await page.waitForLoadState('networkidle');
      await expect(page).toHaveURL(/.*users/, { timeout: 10000 });
    });

    await test.step('删除测试用户', async () => {
      await page.reload();
      await page.waitForLoadState('networkidle');
      await page.waitForTimeout(1000);

      const userRow = page.locator(`tr:has-text("${normalUsername}")`);
      if (await userRow.isVisible()) {
        await userRow.locator('button:has-text("删除")').click();
        await page.waitForSelector('.el-message-box', { state: 'visible', timeout: 5000 });
        await page.locator('.el-message-box button:has-text("确定")').click();
        await page.waitForSelector('.el-message-box', { state: 'hidden', timeout: 10000 });
        await expect(page.locator('.el-message--success')).toBeVisible({ timeout: 5000 });
      }
    });
  });
});