TenantAtlas/app/Support/References/Resolvers/BaselineProfileReferenceResolver.php

<?php

declare(strict_types=1);

namespace App\Support\References\Resolvers;

use App\Filament\Resources\BaselineProfileResource;
use App\Models\BaselineProfile;
use App\Models\User;
use App\Models\Workspace;
use App\Services\Auth\WorkspaceCapabilityResolver;
use App\Support\Auth\Capabilities;
use App\Support\References\ReferenceClass;
use App\Support\References\ReferenceDescriptor;
use App\Support\References\ReferenceLinkTarget;
use App\Support\References\ResolvedReference;

final class BaselineProfileReferenceResolver extends BaseReferenceResolver
{
    public function __construct(
        \App\Support\References\ReferenceTypeLabelCatalog $typeLabels,
        private readonly WorkspaceCapabilityResolver $workspaceCapabilityResolver,
    ) {
        parent::__construct($typeLabels);
    }

    public function referenceClass(): ReferenceClass
    {
        return ReferenceClass::BaselineProfile;
    }

    public function resolve(ReferenceDescriptor $descriptor): ResolvedReference
    {
        $profileId = $this->linkedModelId($descriptor);
        $workspaceId = $descriptor->workspaceId;

        if ($profileId === null || $workspaceId === null || $workspaceId <= 0) {
            return $this->unresolved($descriptor);
        }

        $profile = BaselineProfile::query()
            ->whereKey($profileId)
            ->where('workspace_id', $workspaceId)
            ->first();

        if (! $profile instanceof BaselineProfile) {
            return $this->missing($descriptor);
        }

        if (! $this->canOpenWorkspaceBaselines((int) $profile->workspace_id)) {
            return $this->inaccessible($descriptor);
        }

        return $this->resolved(
            descriptor: $descriptor,
            primaryLabel: (string) $profile->name,
            secondaryLabel: 'Baseline profile #'.$profile->getKey(),
            linkTarget: new ReferenceLinkTarget(
                targetKind: ReferenceClass::BaselineProfile->value,
                url: BaselineProfileResource::getUrl('view', ['record' => $profile], panel: 'admin'),
                actionLabel: 'View baseline profile',
                contextBadge: 'Workspace',
            ),
        );
    }

    private function canOpenWorkspaceBaselines(int $workspaceId): bool
    {
        $user = auth()->user();

        if (! $user instanceof User) {
            return false;
        }

        $workspace = Workspace::query()->whereKey($workspaceId)->first();

        if (! $workspace instanceof Workspace) {
            return false;
        }

        return $this->workspaceCapabilityResolver->isMember($user, $workspace)
            && $this->workspaceCapabilityResolver->can($user, $workspace, Capabilities::WORKSPACE_BASELINES_VIEW);
    }
}