<?php

declare(strict_types=1);

namespace App\Policies;

use App\Models\EnvironmentReview;
use App\Models\ManagedEnvironment;
use App\Models\ReviewPublicationResolutionCase;
use App\Models\User;
use App\Services\Auth\CapabilityResolver;
use App\Support\Auth\Capabilities;
use App\Support\ReviewPublicationResolution\ReviewPublicationResolutionStepAuthorizer;
use Illuminate\Auth\Access\HandlesAuthorization;
use Illuminate\Auth\Access\Response;

class ReviewPublicationResolutionCasePolicy
{
    use HandlesAuthorization;

    public function view(User $user, ReviewPublicationResolutionCase $case): Response|bool
    {
        $tenant = $this->authorizedTenantOrNull($user, $case);

        if (! $tenant instanceof ManagedEnvironment) {
            return Response::denyAsNotFound();
        }

        return app(CapabilityResolver::class)->can($user, $tenant, Capabilities::ENVIRONMENT_REVIEW_VIEW)
            ? true
            : Response::deny();
    }

    public function executeStep(User $user, ReviewPublicationResolutionCase $case): Response|bool
    {
        $tenant = $this->authorizedTenantOrNull($user, $case);

        if (! $tenant instanceof ManagedEnvironment) {
            return Response::denyAsNotFound();
        }

        return app(ReviewPublicationResolutionStepAuthorizer::class)->canExecuteCurrentStep($user, $case)
            ? true
            : Response::deny();
    }

    public function cancel(User $user, ReviewPublicationResolutionCase $case): Response|bool
    {
        return $this->authorizeManageAction($user, $case);
    }

    private function authorizeManageAction(User $user, ReviewPublicationResolutionCase $case): Response|bool
    {
        $tenant = $this->authorizedTenantOrNull($user, $case);

        if (! $tenant instanceof ManagedEnvironment) {
            return Response::denyAsNotFound();
        }

        return app(CapabilityResolver::class)->can($user, $tenant, Capabilities::ENVIRONMENT_REVIEW_MANAGE)
            ? true
            : Response::deny();
    }

    private function authorizedTenantOrNull(User $user, ReviewPublicationResolutionCase $case): ?ManagedEnvironment
    {
        $case->loadMissing(['tenant', 'environmentReview']);

        $tenant = $case->tenant;
        $review = $case->environmentReview;

        if (! $tenant instanceof ManagedEnvironment || ! $review instanceof EnvironmentReview) {
            return null;
        }

        if (! $user->canAccessTenant($tenant)) {
            return null;
        }

        if ((int) $case->workspace_id !== (int) $tenant->workspace_id) {
            return null;
        }

        if ((int) $review->workspace_id !== (int) $case->workspace_id || (int) $review->managed_environment_id !== (int) $tenant->getKey()) {
            return null;
        }

        return $tenant;
    }
}