require "rails_helper"

RSpec.describe CollectionResourcesController, type: :request do
  let(:page) { Capybara::Node::Simple.new(response.body) }
  let(:storage_service) { instance_double(Storage::S3Service, get_file_metadata: nil, delete_file: nil) }

  before do
    allow(Storage::S3Service).to receive(:new).and_return(storage_service)
    allow(storage_service).to receive(:configuration).and_return(OpenStruct.new(bucket_name: "core-test-collection-resources"))
  end

  describe "GET #index" do
    context "when user is not signed in" do
      it "redirects to the sign in page" do
        get collection_resources_path
        expect(response).to redirect_to(new_user_session_path)
      end
    end

    context "when user is signed in as a data coordinator" do
      let(:user) { create(:user, :data_coordinator) }

      before do
        sign_in user
      end

      it "returns page not found" do
        get collection_resources_path
        expect(response).to have_http_status(:not_found)
      end
    end

    context "when user is signed in as a data provider" do
      let(:user) { create(:user, :data_provider) }

      before do
        sign_in user
      end

      it "returns page not found" do
        get collection_resources_path
        expect(response).to have_http_status(:not_found)
      end
    end

    context "when user is signed in as a support user" do
      let(:user) { create(:user, :support) }

      before do
        allow(Time.zone).to receive(:today).and_return(Time.zone.local(2025, 1, 8))
        allow(user).to receive(:need_two_factor_authentication?).and_return(false)
        allow(storage_service).to receive(:file_exists?).and_return(true)
        sign_in user
      end

      it "displays collection resources" do
        get collection_resources_path

        expect(page).to have_content("Lettings 2024 to 2025")
        expect(page).to have_content("Lettings 2025 to 2026")
        expect(page).to have_content("Sales 2024 to 2025")
        expect(page).to have_content("Sales 2025 to 2026")
      end

      it "displays mandatory files" do
        get collection_resources_path

        expect(page).to have_content("Paper form")
        expect(page).to have_content("Bulk upload template")
        expect(page).to have_content("Bulk upload specification")
      end

      it "allows uploading new resources" do
        get collection_resources_path

        expect(page).to have_link("Add new sales 2024 to 2025 resource", href: new_collection_resource_path(year: 2024, log_type: "sales"))
        expect(page).to have_link("Add new lettings 2024 to 2025 resource", href: new_collection_resource_path(year: 2024, log_type: "lettings"))
        expect(page).to have_link("Add new sales 2025 to 2026 resource", href: new_collection_resource_path(year: 2025, log_type: "sales"))
        expect(page).to have_link("Add new lettings 2025 to 2026 resource", href: new_collection_resource_path(year: 2025, log_type: "lettings"))
      end

      context "when files are on S3" do
        before do
          allow(storage_service).to receive(:file_exists?).and_return(true)
          get collection_resources_path
        end

        it "displays file names with download links" do
          expect(page).to have_link("2024_25_lettings_paper_form.pdf", href: download_mandatory_collection_resource_path(year: 2024, log_type: "lettings", resource_type: "paper_form"))
          expect(page).to have_link("bulk-upload-lettings-template-2024-25.xlsx", href: download_mandatory_collection_resource_path(year: 2024, log_type: "lettings", resource_type: "bulk_upload_template"))
          expect(page).to have_link("bulk-upload-lettings-specification-2024-25.xlsx", href: download_mandatory_collection_resource_path(year: 2024, log_type: "lettings", resource_type: "bulk_upload_specification"))
          expect(page).to have_link("2024_25_sales_paper_form.pdf", href: download_mandatory_collection_resource_path(year: 2024, log_type: "sales", resource_type: "paper_form"))
          expect(page).to have_link("bulk-upload-sales-template-2024-25.xlsx", href: download_mandatory_collection_resource_path(year: 2024, log_type: "sales", resource_type: "bulk_upload_template"))
          expect(page).to have_link("bulk-upload-sales-specification-2024-25.xlsx", href: download_mandatory_collection_resource_path(year: 2024, log_type: "sales", resource_type: "bulk_upload_specification"))

          expect(page).to have_link("2025_26_lettings_paper_form.pdf", href: download_mandatory_collection_resource_path(year: 2025, log_type: "lettings", resource_type: "paper_form"))
          expect(page).to have_link("bulk-upload-lettings-template-2025-26.xlsx", href: download_mandatory_collection_resource_path(year: 2025, log_type: "lettings", resource_type: "bulk_upload_template"))
          expect(page).to have_link("bulk-upload-lettings-specification-2025-26.xlsx", href: download_mandatory_collection_resource_path(year: 2025, log_type: "lettings", resource_type: "bulk_upload_specification"))
          expect(page).to have_link("2025_26_sales_paper_form.pdf", href: download_mandatory_collection_resource_path(year: 2025, log_type: "sales", resource_type: "paper_form"))
          expect(page).to have_link("bulk-upload-sales-template-2025-26.xlsx", href: download_mandatory_collection_resource_path(year: 2025, log_type: "sales", resource_type: "bulk_upload_template"))
          expect(page).to have_link("bulk-upload-sales-specification-2025-26.xlsx", href: download_mandatory_collection_resource_path(year: 2025, log_type: "sales", resource_type: "bulk_upload_specification"))
        end

        it "displays change links" do
          expect(page).to have_selector(:link_or_button, "Change", count: 12)
          expect(page).to have_link("Change", href: edit_mandatory_collection_resource_path(year: 2024, log_type: "lettings", resource_type: "paper_form"))
          expect(page).to have_link("Change", href: edit_mandatory_collection_resource_path(year: 2024, log_type: "lettings", resource_type: "bulk_upload_template"))
          expect(page).to have_link("Change", href: edit_mandatory_collection_resource_path(year: 2024, log_type: "lettings", resource_type: "bulk_upload_specification"))
          expect(page).to have_link("Change", href: edit_mandatory_collection_resource_path(year: 2024, log_type: "sales", resource_type: "paper_form"))
          expect(page).to have_link("Change", href: edit_mandatory_collection_resource_path(year: 2024, log_type: "sales", resource_type: "bulk_upload_template"))
          expect(page).to have_link("Change", href: edit_mandatory_collection_resource_path(year: 2024, log_type: "sales", resource_type: "bulk_upload_specification"))

          expect(page).to have_link("Change", href: edit_mandatory_collection_resource_path(year: 2025, log_type: "lettings", resource_type: "paper_form"))
          expect(page).to have_link("Change", href: edit_mandatory_collection_resource_path(year: 2025, log_type: "lettings", resource_type: "bulk_upload_template"))
          expect(page).to have_link("Change", href: edit_mandatory_collection_resource_path(year: 2025, log_type: "lettings", resource_type: "bulk_upload_specification"))
          expect(page).to have_link("Change", href: edit_mandatory_collection_resource_path(year: 2025, log_type: "sales", resource_type: "paper_form"))
          expect(page).to have_link("Change", href: edit_mandatory_collection_resource_path(year: 2025, log_type: "sales", resource_type: "bulk_upload_template"))
          expect(page).to have_link("Change", href: edit_mandatory_collection_resource_path(year: 2025, log_type: "sales", resource_type: "bulk_upload_specification"))
        end

        it "displays next year banner" do
          expect(page).to have_content("The 2025 to 2026 collection resources are not yet available to users.")
          expect(page).to have_link("Release the 2025 to 2026 collection resources to users", href: confirm_mandatory_collection_resources_release_path(year: 2025))
        end

        context "when there are additional resources" do
          let!(:collection_resource) { create(:collection_resource, :additional, year: 2025, short_display_name: "additional resource", download_filename: "additional.pdf") }

          it "displays change links for additional resources" do
            get collection_resources_path

            expect(page).to have_link("Change", href: collection_resource_edit_path(collection_resource))
          end
        end
      end

      context "when files are not on S3" do
        before do
          allow(storage_service).to receive(:file_exists?).and_return(false)
          get collection_resources_path
        end

        it "displays No file uploaded" do
          expect(page).to have_content("No file uploaded")
        end

        it "displays upload links" do
          expect(page).to have_selector(:link_or_button, "Upload", count: 12)
          expect(page).to have_link("Upload", href: edit_mandatory_collection_resource_path(year: 2024, log_type: "lettings", resource_type: "paper_form"))
          expect(page).to have_link("Upload", href: edit_mandatory_collection_resource_path(year: 2024, log_type: "lettings", resource_type: "bulk_upload_template"))
          expect(page).to have_link("Upload", href: edit_mandatory_collection_resource_path(year: 2024, log_type: "lettings", resource_type: "bulk_upload_specification"))
          expect(page).to have_link("Upload", href: edit_mandatory_collection_resource_path(year: 2024, log_type: "sales", resource_type: "paper_form"))
          expect(page).to have_link("Upload", href: edit_mandatory_collection_resource_path(year: 2024, log_type: "sales", resource_type: "bulk_upload_template"))
          expect(page).to have_link("Upload", href: edit_mandatory_collection_resource_path(year: 2024, log_type: "sales", resource_type: "bulk_upload_specification"))

          expect(page).to have_link("Upload", href: edit_mandatory_collection_resource_path(year: 2025, log_type: "lettings", resource_type: "paper_form"))
          expect(page).to have_link("Upload", href: edit_mandatory_collection_resource_path(year: 2025, log_type: "lettings", resource_type: "bulk_upload_template"))
          expect(page).to have_link("Upload", href: edit_mandatory_collection_resource_path(year: 2025, log_type: "lettings", resource_type: "bulk_upload_specification"))
          expect(page).to have_link("Upload", href: edit_mandatory_collection_resource_path(year: 2025, log_type: "sales", resource_type: "paper_form"))
          expect(page).to have_link("Upload", href: edit_mandatory_collection_resource_path(year: 2025, log_type: "sales", resource_type: "bulk_upload_template"))
          expect(page).to have_link("Upload", href: edit_mandatory_collection_resource_path(year: 2025, log_type: "sales", resource_type: "bulk_upload_specification"))
        end

        it "displays next year banner" do
          expect(page).to have_content("The 2025 to 2026 collection resources are not yet available to users.")
          expect(page).to have_content("Once you have uploaded all the required 2025 to 2026 collection resources, you will be able to release them to users.")
        end
      end

      context "when there are additional resources" do
        let!(:collection_resource) { create(:collection_resource, :additional, year: 2025, short_display_name: "additional resource", download_filename: "additional.pdf") }

        before do
          # rubocop:disable RSpec/AnyInstance
          allow_any_instance_of(CollectionResourcesHelper).to receive(:editable_collection_resource_years).and_return([2025])
          # rubocop:enable RSpec/AnyInstance
          create(:collection_resource, :additional, year: 2026, short_display_name: "additional resource 2")
        end

        it "displays additional resources for editable years" do
          get collection_resources_path

          expect(page).to have_content("additional resource")
          expect(page).not_to have_content("additional resource 2")
          expect(page).to have_link("additional.pdf", href: collection_resource_download_path(collection_resource))
          expect(page).to have_link("Delete", href: collection_resource_delete_confirmation_path(collection_resource))
        end
      end
    end
  end

  describe "GET #download_mandatory_collection_resource" do
    before do
      # rubocop:disable RSpec/AnyInstance
      allow_any_instance_of(CollectionResourcesHelper).to receive(:editable_collection_resource_years).and_return([2025, 2026])
      allow_any_instance_of(CollectionResourcesHelper).to receive(:displayed_collection_resource_years).and_return([2025])
      # rubocop:enable RSpec/AnyInstance
      allow(user).to receive(:need_two_factor_authentication?).and_return(false)
      sign_in user
    end

    context "when user is signed in as a data coordinator" do
      let(:user) { create(:user, :data_coordinator) }

      context "when the file exists on S3" do
        before do
          allow(storage_service).to receive(:get_file).and_return("file")
          get download_mandatory_collection_resource_path(log_type: "lettings", year: 2025, resource_type: "paper_form")
        end

        it "downloads the file" do
          expect(response.body).to eq("file")
        end
      end

      context "when the file does not exist on S3" do
        before do
          allow(storage_service).to receive(:get_file).and_return(nil)
          get download_mandatory_collection_resource_path(log_type: "lettings", year: 2024, resource_type: "paper_form")
        end

        it "returns page not found" do
          expect(response).to have_http_status(:not_found)
        end
      end

      context "when resource isn't a mandatory resources" do
        before do
          get download_mandatory_collection_resource_path(log_type: "lettings", year: 2024, resource_type: "invalid_resource")
        end

        it "returns page not found" do
          expect(response).to have_http_status(:not_found)
        end
      end

      context "when year not in displayed_collection_resource_years" do
        before do
          get download_mandatory_collection_resource_path(log_type: "lettings", year: 2026, resource_type: "paper_form")
        end

        it "returns page not found" do
          expect(response).to have_http_status(:not_found)
        end
      end
    end

    context "when user is signed in as a support user" do
      let(:user) { create(:user, :support) }

      context "when year is in editable_collection_resource_years but not in displayed_collection_resource_years" do
        before do
          allow(storage_service).to receive(:get_file).and_return("file")
          get download_mandatory_collection_resource_path(log_type: "lettings", year: 2026, resource_type: "paper_form")
        end

        it "downloads the file" do
          expect(response.status).to eq(200)
          expect(response.body).to eq("file")
        end
      end
    end
  end

  describe "GET #edit_mandatory_collection_resource" do
    context "when user is not signed in" do
      it "redirects to the sign in page" do
        get edit_mandatory_collection_resource_path(year: 2024, log_type: "sales", resource_type: "bulk_upload_template")
        expect(response).to redirect_to(new_user_session_path)
      end
    end

    context "when user is signed in as a data coordinator" do
      let(:user) { create(:user, :data_coordinator) }

      before do
        sign_in user
      end

      it "returns page not authorised" do
        get edit_mandatory_collection_resource_path(year: 2024, log_type: "sales", resource_type: "bulk_upload_template")
        expect(response).to have_http_status(:unauthorized)
      end
    end

    context "when user is signed in as a data provider" do
      let(:user) { create(:user, :data_provider) }

      before do
        sign_in user
      end

      it "returns page not authorised" do
        get edit_mandatory_collection_resource_path(year: 2024, log_type: "sales", resource_type: "bulk_upload_template")
        expect(response).to have_http_status(:unauthorized)
      end
    end

    context "when user is signed in as a support user" do
      let(:user) { create(:user, :support) }

      before do
        allow(Time.zone).to receive(:today).and_return(Time.zone.local(2025, 1, 8))
        allow(user).to receive(:need_two_factor_authentication?).and_return(false)
        sign_in user
      end

      context "and the file exists on S3" do
        before do
          allow(storage_service).to receive(:file_exists?).and_return(true)
        end

        it "displays update collection resources page content" do
          get edit_mandatory_collection_resource_path(year: 2024, log_type: "sales", resource_type: "bulk_upload_template")

          expect(page).to have_content("Sales 2024 to 2025")
          expect(page).to have_content("Change the bulk upload template")
          expect(page).to have_content("This file will be available for all users to download.")
          expect(page).to have_content("Upload file")
          expect(page).to have_button("Save changes")
          expect(page).to have_link("Back", href: collection_resources_path)
          expect(page).to have_link("Cancel", href: collection_resources_path)
        end
      end

      context "and the file does not exist on S3" do
        before do
          allow(storage_service).to receive(:file_exists?).and_return(false)
        end

        it "displays upload collection resources page content" do
          get edit_mandatory_collection_resource_path(year: 2024, log_type: "sales", resource_type: "bulk_upload_template")

          expect(page).to have_content("Sales 2024 to 2025")
          expect(page).to have_content("Upload the bulk upload template")
          expect(page).to have_content("This file will be available for all users to download.")
          expect(page).to have_content("Upload file")
          expect(page).to have_button("Upload")
          expect(page).to have_link("Back", href: collection_resources_path)
          expect(page).to have_link("Cancel", href: collection_resources_path)
        end
      end
    end
  end

  describe "PATCH #update_mandatory_collection_resource" do
    let(:some_file) { File.open(file_fixture("blank_bulk_upload_sales.csv")) }
    let(:params) { { collection_resource: { year: 2024, log_type: "sales", resource_type: "bulk_upload_template", file: some_file } } }
    let(:collection_resource_service) { instance_double(CollectionResourcesService) }

    before do
      allow(CollectionResourcesService).to receive(:new).and_return(collection_resource_service)
    end

    context "when user is not signed in" do
      it "redirects to the sign in page" do
        patch update_mandatory_collection_resource_path(year: 2024, log_type: "sales", resource_type: "bulk_upload_template", file: some_file)
        expect(response).to redirect_to(new_user_session_path)
      end
    end

    context "when user is signed in as a data coordinator" do
      let(:user) { create(:user, :data_coordinator) }

      before do
        sign_in user
      end

      it "returns page not authorised" do
        patch update_mandatory_collection_resource_path, params: params
        expect(response).to have_http_status(:unauthorized)
      end
    end

    context "when user is signed in as a data provider" do
      let(:user) { create(:user, :data_provider) }

      before do
        sign_in user
      end

      it "returns page not authorised" do
        patch update_mandatory_collection_resource_path, params: params
        expect(response).to have_http_status(:unauthorized)
      end
    end
  end

  describe "GET #confirm_mandatory_collection_resources_release" do
    context "when user is not signed in" do
      it "redirects to the sign in page" do
        get confirm_mandatory_collection_resources_release_path(year: 2025)
        expect(response).to redirect_to(new_user_session_path)
      end
    end

    context "when user is signed in as a data coordinator" do
      let(:user) { create(:user, :data_coordinator) }

      before do
        sign_in user
      end

      it "returns page not authorised" do
        get confirm_mandatory_collection_resources_release_path(year: 2025)
        expect(response).to have_http_status(:unauthorized)
      end
    end

    context "when user is signed in as a data provider" do
      let(:user) { create(:user, :data_provider) }

      before do
        sign_in user
      end

      it "returns page not authorised" do
        get confirm_mandatory_collection_resources_release_path(year: 2025)
        expect(response).to have_http_status(:unauthorized)
      end
    end

    context "when user is signed in as a support user" do
      let(:user) { create(:user, :support) }

      before do
        # rubocop:disable RSpec/AnyInstance
        allow_any_instance_of(CollectionResourcesHelper).to receive(:editable_collection_resource_years).and_return([2025])
        # rubocop:enable RSpec/AnyInstance
        allow(user).to receive(:need_two_factor_authentication?).and_return(false)
        sign_in user
      end

      it "displays correct page content" do
        get confirm_mandatory_collection_resources_release_path(year: 2025)

        expect(page).to have_content("Are you sure you want to release the 2025 to 2026 collection resources?")
        expect(page).to have_content("The files uploaded will immediately become available for users to download.")
        expect(page).to have_content("You will not be able to undo this action.")
        expect(page).to have_button("Release the resources")
        expect(page).to have_link("Cancel", href: collection_resources_path)
        expect(page).to have_link("Back", href: collection_resources_path)
      end
    end
  end

  describe "PATCH #release_mandatory_collection_resources_path" do
    let(:some_file) { File.open(file_fixture("blank_bulk_upload_sales.csv")) }
    let(:collection_resource_service) { instance_double(CollectionResourcesService) }

    before do
      allow(CollectionResourcesService).to receive(:new).and_return(collection_resource_service)
    end

    context "when user is not signed in" do
      it "redirects to the sign in page" do
        patch release_mandatory_collection_resources_path(year: 2024)
        expect(response).to redirect_to(new_user_session_path)
      end
    end

    context "when user is signed in as a data coordinator" do
      let(:user) { create(:user, :data_coordinator) }

      before do
        sign_in user
      end

      it "returns page not authorised" do
        patch release_mandatory_collection_resources_path(year: 2024)
        expect(response).to have_http_status(:unauthorized)
      end
    end

    context "when user is signed in as a data provider" do
      let(:user) { create(:user, :data_provider) }

      before do
        sign_in user
      end

      it "returns page not authorised" do
        patch release_mandatory_collection_resources_path(year: 2024)
        expect(response).to have_http_status(:unauthorized)
      end
    end

    context "when user is signed in as a support user" do
      let(:user) { create(:user, :support) }

      before do
        # rubocop:disable RSpec/AnyInstance
        allow_any_instance_of(CollectionResourcesHelper).to receive(:editable_collection_resource_years).and_return([2025])
        # rubocop:enable RSpec/AnyInstance
        allow(user).to receive(:need_two_factor_authentication?).and_return(false)
        sign_in user
      end

      it "saves resources as released to users" do
        expect(CollectionResource.where(year: 2025, mandatory: true, released_to_user: true).count).to eq(0)

        patch release_mandatory_collection_resources_path(year: 2025)
        expect(CollectionResource.all.count).to eq(6)
        expect(CollectionResource.where(year: 2025, mandatory: true, released_to_user: true, log_type: "sales", resource_type: "paper_form").count).to eq(1)
        expect(CollectionResource.where(year: 2025, mandatory: true, released_to_user: true, log_type: "sales", resource_type: "bulk_upload_template").count).to eq(1)
        expect(CollectionResource.where(year: 2025, mandatory: true, released_to_user: true, log_type: "sales", resource_type: "bulk_upload_specification").count).to eq(1)
        expect(CollectionResource.where(year: 2025, mandatory: true, released_to_user: true, log_type: "lettings", resource_type: "paper_form").count).to eq(1)
        expect(CollectionResource.where(year: 2025, mandatory: true, released_to_user: true, log_type: "lettings", resource_type: "bulk_upload_template").count).to eq(1)
        expect(CollectionResource.where(year: 2025, mandatory: true, released_to_user: true, log_type: "lettings", resource_type: "bulk_upload_specification").count).to eq(1)
        expect(response).to redirect_to(collection_resources_path)
        expect(flash[:notice]).to eq("The 2025 to 2026 collection resources are now available to users.")
      end
    end
  end

  describe "GET #new_collection_resource" do
    context "when user is not signed in" do
      it "redirects to the sign in page" do
        get new_collection_resource_path(year: 2025, log_type: "sales")
        expect(response).to redirect_to(new_user_session_path)
      end
    end

    context "when user is signed in as a data coordinator" do
      let(:user) { create(:user, :data_coordinator) }

      before do
        sign_in user
      end

      it "returns page not authorised" do
        get new_collection_resource_path(year: 2025, log_type: "sales")
        expect(response).to have_http_status(:unauthorized)
      end
    end

    context "when user is signed in as a data provider" do
      let(:user) { create(:user, :data_provider) }

      before do
        sign_in user
      end

      it "returns page not authorised" do
        get new_collection_resource_path(year: 2025, log_type: "sales")
        expect(response).to have_http_status(:unauthorized)
      end
    end

    context "when user is signed in as a support user" do
      let(:user) { create(:user, :support) }

      before do
        # rubocop:disable RSpec/AnyInstance
        allow_any_instance_of(CollectionResourcesHelper).to receive(:editable_collection_resource_years).and_return([2025, 2026])
        # rubocop:enable RSpec/AnyInstance
        allow(user).to receive(:need_two_factor_authentication?).and_return(false)
        sign_in user
      end

      it "displays new collection resource page content" do
        get new_collection_resource_path(year: 2025, log_type: "sales")

        expect(page).to have_content("Sales 2025 to 2026")
        expect(page).to have_content("Add a new collection resource")
        expect(page).to have_content("Upload file")
        expect(page).to have_button("Add resource")
        expect(page).to have_link("Back", href: collection_resources_path)
        expect(page).to have_link("Cancel", href: collection_resources_path)
      end
    end
  end

  describe "POST #collection_resources" do
    let(:some_file) { File.open(file_fixture("blank_bulk_upload_sales.csv")) }
    let(:params) { { collection_resource: { year: 2025, log_type: "sales", file: some_file, display_name: "some file" } } }

    context "when user is not signed in" do
      it "redirects to the sign in page" do
        post collection_resources_path, params: params
        expect(response).to redirect_to(new_user_session_path)
      end
    end

    context "when user is signed in as a data coordinator" do
      let(:user) { create(:user, :data_coordinator) }

      before do
        sign_in user
      end

      it "returns page not authorised" do
        post collection_resources_path, params: params
        expect(response).to have_http_status(:unauthorized)
      end
    end

    context "when user is signed in as a data provider" do
      let(:user) { create(:user, :data_provider) }

      before do
        sign_in user
      end

      it "returns page not authorised" do
        post collection_resources_path, params: params
        expect(response).to have_http_status(:unauthorized)
      end
    end
  end

  describe "GET #download_additional_collection_resource" do
    let(:collection_resource) { create(:collection_resource, :additional, year: 2025, short_display_name: "additional resource") }

    before do
      # rubocop:disable RSpec/AnyInstance
      allow_any_instance_of(CollectionResourcesHelper).to receive(:editable_collection_resource_years).and_return([2025, 2026])
      allow_any_instance_of(CollectionResourcesHelper).to receive(:displayed_collection_resource_years).and_return([2025])
      # rubocop:enable RSpec/AnyInstance
    end

    context "when the user is not signed in" do
      context "when the file exists on S3" do
        before do
          allow(storage_service).to receive(:get_file).and_return("file")
          get collection_resource_download_path(collection_resource)
        end

        it "downloads the file" do
          expect(response.body).to eq("file")
        end
      end
    end

    context "when user is signed in as a data coordinator" do
      let(:user) { create(:user, :data_coordinator) }

      context "when the file exists on S3" do
        before do
          sign_in user
          allow(storage_service).to receive(:get_file).and_return("file")
          get collection_resource_download_path(collection_resource)
        end

        it "downloads the file" do
          expect(response.body).to eq("file")
        end
      end

      context "when the file does not exist on S3" do
        before do
          sign_in user
          allow(storage_service).to receive(:get_file).and_return(nil)
          get collection_resource_download_path(collection_resource)
        end

        it "returns page not found" do
          expect(response).to have_http_status(:not_found)
        end
      end

      context "when resource id is invalid" do
        before do
          sign_in user
          allow(storage_service).to receive(:get_file).and_return(nil)
          get collection_resource_download_path(collection_resource_id: "invalid")
        end

        it "returns page not found" do
          expect(response).to have_http_status(:not_found)
        end
      end

      context "when year not in displayed_collection_resource_years" do
        let(:collection_resource) { create(:collection_resource, :additional, year: 2026, short_display_name: "additional resource") }

        before do
          sign_in user
          get collection_resource_download_path(collection_resource)
        end

        it "returns page not found" do
          expect(response).to have_http_status(:not_found)
        end
      end
    end

    context "when user is signed in as a support user" do
      let(:collection_resource) { create(:collection_resource, :additional, year: 2026, short_display_name: "additional resource") }
      let(:user) { create(:user, :support) }

      context "when year is in editable_collection_resource_years but not in displayed_collection_resource_years" do
        before do
          allow(user).to receive(:need_two_factor_authentication?).and_return(false)
          sign_in user
          allow(storage_service).to receive(:get_file).and_return("file")
          get collection_resource_download_path(collection_resource)
        end

        it "downloads the file" do
          expect(response.status).to eq(200)
          expect(response.body).to eq("file")
        end
      end
    end
  end

  describe "GET #edit_additional_collection_resource" do
    let(:collection_resource) { create(:collection_resource, :additional, year: 2025, log_type: "sales", short_display_name: "additional resource", download_filename: "additional.pdf") }

    context "when user is not signed in" do
      it "redirects to the sign in page" do
        get collection_resource_edit_path(collection_resource)
        expect(response).to redirect_to(new_user_session_path)
      end
    end

    context "when user is signed in as a data coordinator" do
      let(:user) { create(:user, :data_coordinator) }

      before do
        sign_in user
      end

      it "returns page not authorised" do
        get collection_resource_edit_path(collection_resource)
        expect(response).to have_http_status(:unauthorized)
      end
    end

    context "when user is signed in as a data provider" do
      let(:user) { create(:user, :data_provider) }

      before do
        sign_in user
      end

      it "returns page not authorised" do
        get collection_resource_edit_path(collection_resource)
        expect(response).to have_http_status(:unauthorized)
      end
    end

    context "when user is signed in as a support user" do
      let(:user) { create(:user, :support) }

      before do
        allow(Time.zone).to receive(:today).and_return(Time.zone.local(2025, 1, 8))
        allow(user).to receive(:need_two_factor_authentication?).and_return(false)
        sign_in user
      end

      context "and the file exists on S3" do
        before do
          allow(storage_service).to receive(:file_exists?).and_return(true)
        end

        it "displays update collection resources page content" do
          get collection_resource_edit_path(collection_resource)

          expect(page).to have_content("Sales 2025 to 2026")
          expect(page).to have_content("Change the additional resource")
          expect(page).to have_content("This file will be available for all users to download.")
          expect(page).to have_content("Upload file")
          expect(page).to have_button("Save changes")
          expect(page).to have_link("Back", href: collection_resources_path)
          expect(page).to have_link("Cancel", href: collection_resources_path)
        end
      end
    end
  end

  describe "PATCH #update_additional_collection_resource" do
    let(:some_file) { File.open(file_fixture("blank_bulk_upload_sales.csv")) }
    let(:params) { { collection_resource: { short_display_name: "short name", file: some_file } } }
    let(:collection_resource_service) { instance_double(CollectionResourcesService) }
    let(:collection_resource) { create(:collection_resource, :additional, year: 2025, log_type: "sales", short_display_name: "additional resource", download_filename: "additional.pdf") }

    before do
      allow(CollectionResourcesService).to receive(:new).and_return(collection_resource_service)
    end

    context "when user is not signed in" do
      it "redirects to the sign in page" do
        patch collection_resource_update_path(collection_resource), params: params
        expect(response).to redirect_to(new_user_session_path)
      end
    end

    context "when user is signed in as a data coordinator" do
      let(:user) { create(:user, :data_coordinator) }

      before do
        sign_in user
      end

      it "returns page not authorised" do
        patch collection_resource_update_path(collection_resource), params: params
        expect(response).to have_http_status(:unauthorized)
      end
    end

    context "when user is signed in as a data provider" do
      let(:user) { create(:user, :data_provider) }

      before do
        sign_in user
      end

      it "returns page not authorised" do
        patch collection_resource_update_path(collection_resource), params: params
        expect(response).to have_http_status(:unauthorized)
      end
    end
  end

  describe "GET #collection_resource_delete_confirmation" do
    let(:collection_resource) { create(:collection_resource, :additional, year: 2025, log_type: "sales", short_display_name: "additional resource", download_filename: "additional.pdf") }

    context "when user is not signed in" do
      it "redirects to the sign in page" do
        get collection_resource_delete_confirmation_path(collection_resource)
        expect(response).to redirect_to(new_user_session_path)
      end
    end

    context "when user is signed in as a data coordinator" do
      let(:user) { create(:user, :data_coordinator) }

      before do
        sign_in user
      end

      it "returns page not authorised" do
        get collection_resource_delete_confirmation_path(collection_resource)
        expect(response).to have_http_status(:unauthorized)
      end
    end

    context "when user is signed in as a data provider" do
      let(:user) { create(:user, :data_provider) }

      before do
        sign_in user
      end

      it "returns page not authorised" do
        get collection_resource_delete_confirmation_path(collection_resource)
        expect(response).to have_http_status(:unauthorized)
      end
    end

    context "when user is signed in as a support user" do
      let(:user) { create(:user, :support) }

      before do
        allow(Time.zone).to receive(:today).and_return(Time.zone.local(2025, 1, 8))
        allow(user).to receive(:need_two_factor_authentication?).and_return(false)
        sign_in user
      end

      context "and the file exists on S3" do
        it "displays delete confirmation page content" do
          get collection_resource_delete_confirmation_path(collection_resource)

          expect(page).to have_content("Sales 2025 to 2026")
          expect(page).to have_content("Are you sure you want to delete the additional resource?")
          expect(page).to have_content("This file will no longer be available for users to download.")
          expect(page).to have_content("You will not be able to undo this action.")
          expect(page).to have_button("Delete resource")
          expect(page).to have_link("Back", href: collection_resources_path)
          expect(page).to have_link("Cancel", href: collection_resources_path)
        end
      end
    end
  end

  describe "DELETE #collection_resource_delete" do
    let!(:collection_resource) { create(:collection_resource, :additional, year: 2025, log_type: "sales", short_display_name: "additional resource", download_filename: "additional.pdf") }

    context "when user is not signed in" do
      it "redirects to the sign in page" do
        delete collection_resource_delete_path(collection_resource)
        expect(response).to redirect_to(new_user_session_path)
      end
    end

    context "when user is signed in as a data coordinator" do
      let(:user) { create(:user, :data_coordinator) }

      before do
        sign_in user
      end

      it "returns page not authorised" do
        delete collection_resource_delete_path(collection_resource)
        expect(response).to have_http_status(:unauthorized)
      end
    end

    context "when user is signed in as a data provider" do
      let(:user) { create(:user, :data_provider) }

      before do
        sign_in user
      end

      it "returns page not authorised" do
        delete collection_resource_delete_path(collection_resource)
        expect(response).to have_http_status(:unauthorized)
      end
    end

    context "when user is signed in as a support user" do
      let(:user) { create(:user, :support) }

      before do
        allow(storage_service).to receive(:file_exists?).and_return(true)
        allow(Time.zone).to receive(:today).and_return(Time.zone.local(2025, 1, 8))
        allow(user).to receive(:need_two_factor_authentication?).and_return(false)
        sign_in user
      end

      context "and the file exists on S3" do
        it "displays delete confirmation page content" do
          expect(CollectionResource.visible.count).to eq(1)
          delete collection_resource_delete_path(collection_resource)

          expect(CollectionResource.count).to eq(1)
          expect(CollectionResource.visible.count).to eq(0)
          expect(response).to redirect_to(collection_resources_path)
          expect(storage_service).to have_received(:delete_file).with(collection_resource.download_filename)
          follow_redirect!
          expect(page).to have_content("The sales 2025 to 2026 additional resource has been deleted.")
        end
      end
    end
  end
end