<?php

namespace App\Providers;

use App\Models\PlatformUser;
use App\Models\ProviderConnection;
use App\Models\Tenant;
use App\Models\User;
use App\Models\Workspace;
use App\Models\WorkspaceMembership;
use App\Policies\ProviderConnectionPolicy;
use App\Policies\WorkspaceMembershipPolicy;
use App\Policies\WorkspacePolicy;
use App\Services\Auth\CapabilityResolver;
use App\Services\Auth\WorkspaceCapabilityResolver;
use App\Support\Auth\Capabilities;
use App\Support\Auth\PlatformCapabilities;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use Illuminate\Support\Facades\Gate;

class AuthServiceProvider extends ServiceProvider
{
    protected $policies = [
        ProviderConnection::class => ProviderConnectionPolicy::class,
        Workspace::class => WorkspacePolicy::class,
        WorkspaceMembership::class => WorkspaceMembershipPolicy::class,
    ];

    public function boot(): void
    {
        $this->registerPolicies();

        $tenantResolver = app(CapabilityResolver::class);
        $workspaceResolver = app(WorkspaceCapabilityResolver::class);

        $defineWorkspaceCapability = function (string $capability) use ($workspaceResolver): void {
            Gate::define($capability, function (User $user, Workspace $workspace) use ($workspaceResolver, $capability): bool {
                return $workspaceResolver->can($user, $workspace, $capability);
            });
        };

        $defineTenantCapability = function (string $capability) use ($tenantResolver): void {
            Gate::define($capability, function (User $user, Tenant $tenant) use ($tenantResolver, $capability): bool {
                return $tenantResolver->can($user, $tenant, $capability);
            });
        };

        foreach (Capabilities::all() as $capability) {
            if (str_starts_with($capability, 'workspace.') || str_starts_with($capability, 'workspace_membership.')) {
                $defineWorkspaceCapability($capability);

                continue;
            }

            $defineTenantCapability($capability);
        }

        foreach (PlatformCapabilities::all() as $capability) {
            Gate::define($capability, function (PlatformUser $user) use ($capability): bool {
                return $user->hasCapability($capability);
            });
        }
    }
}