<?php

namespace Chill\PersonBundle\Security\Authorization;

use Chill\MainBundle\Security\Authorization\AbstractChillVoter;
use Chill\MainBundle\Entity\User;
use Chill\MainBundle\Security\Authorization\VoterHelperFactoryInterface;
use Chill\MainBundle\Security\Authorization\VoterHelperInterface;
use Chill\MainBundle\Security\ProvideRoleHierarchyInterface;
use Chill\PersonBundle\Entity\Person;
use Chill\PersonBundle\Entity\AccompanyingPeriod;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Security;

class AccompanyingPeriodVoter extends AbstractChillVoter  implements ProvideRoleHierarchyInterface
{
    public const SEE = 'CHILL_PERSON_ACCOMPANYING_PERIOD_SEE';
    /**
     * details are for seeing:
     *
     * * SocialIssues
     */
    public const SEE_DETAILS = 'CHILL_PERSON_ACCOMPANYING_PERIOD_SEE_DETAILS';
    public const CREATE = 'CHILL_PERSON_ACCOMPANYING_PERIOD_CREATE';
    public const EDIT = 'CHILL_PERSON_ACCOMPANYING_PERIOD_UPDATE';
    public const DELETE = 'CHILL_PERSON_ACCOMPANYING_PERIOD_DELETE';

    /**
     * Give all the right above
     */
    public const FULL = 'CHILL_PERSON_ACCOMPANYING_PERIOD_FULL';

    public const ALL = [
        self::SEE,
        self::SEE_DETAILS,
        self::CREATE,
        self::EDIT,
        self::DELETE,
        self::FULL,
    ];

    private VoterHelperInterface $voterHelper;

    private Security $security;

    public function __construct(
        Security $security,
        VoterHelperFactoryInterface $voterHelperFactory
    ) {
        $this->security = $security;
        $this->voterHelper = $voterHelperFactory
            ->generate(self::class)
            ->addCheckFor(null, [self::CREATE])
            ->addCheckFor(AccompanyingPeriod::class, self::ALL)
            ->addCheckFor(Person::class, [self::SEE])
            ->build();
    }

    protected function supports($attribute, $subject)
    {
        return $this->voterHelper->supports($attribute, $subject);
    }

    protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
    {
        if (!$token->getUser() instanceof User) {
            return false;
        }

        if ($subject instanceof AccompanyingPeriod) {
            if (AccompanyingPeriod::STEP_DRAFT === $subject->getStep()) {
                // only creator can see, edit, delete, etc.
                if ($subject->getCreatedBy() === $token->getUser()
                    || NULL === $subject->getCreatedBy()) {
                    return true;
                }

                return false;
            }

            // if confidential, only the referent can see it
            if ($subject->isConfidential()) {
                return $token->getUser() === $subject->getUser();
            }
        }

        return $this->voterHelper->voteOnAttribute($attribute, $subject, $token);
    }

    public function getRoles()
    {
        return self::ALL;
    }

    public function getRolesWithoutScope()
    {
        return [];
    }

    public function getRolesWithHierarchy()
    {
        return [ 'Accompanying period' => $this->getRoles() ];
    }
}