<?php

declare(strict_types=1);

namespace App\Services\Auth;

final readonly class ManagedEnvironmentAccessDecision
{
    public function __construct(
        public int $workspaceId,
        public int $managedEnvironmentId,
        public int $userId,
        public bool $workspaceMember,
        public ?string $workspaceRole,
        public bool $explicitScopeRowsPresent,
        public bool $managedEnvironmentAllowed,
        public ?string $failedBoundary = null,
        public ?string $requiredCapability = null,
        public bool $capabilityAllowed = true,
        public ?int $denialHttpStatus = null,
    ) {}

    public function allowed(): bool
    {
        return $this->workspaceMember
            && $this->managedEnvironmentAllowed
            && $this->capabilityAllowed;
    }

    public function shouldDenyAsNotFound(): bool
    {
        return $this->denialHttpStatus === 404;
    }

    public function shouldDenyAsForbidden(): bool
    {
        return $this->denialHttpStatus === 403;
    }
}