<?php

/**
 * Chill is a software for social workers
 *
 * For the full copyright and license information, please view
 * the LICENSE file that was distributed with this source code.
 */

declare(strict_types=1);

namespace Chill\PersonBundle\Security\Authorization;

use Chill\PersonBundle\Entity\AccompanyingPeriod;
use Chill\PersonBundle\Entity\AccompanyingPeriod\AccompanyingPeriodWork;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Component\Security\Core\Security;
use UnexpectedValueException;
use function get_class;
use function in_array;

class AccompanyingPeriodWorkVoter extends Voter
{
    public const CREATE = 'CHILL_MAIN_ACCOMPANYING_PERIOD_WORK_CREATE';

    public const DELETE = 'CHILL_MAIN_ACCOMPANYING_PERIOD_WORK_DELETE';

    public const SEE = 'CHILL_MAIN_ACCOMPANYING_PERIOD_WORK_SEE';

    public const UPDATE = 'CHILL_MAIN_ACCOMPANYING_PERIOD_WORK_UPDATE';

    private Security $security;

    public function __construct(Security $security)
    {
        $this->security = $security;
    }

    protected function supports($attribute, $subject): bool
    {
        return
            (
                $subject instanceof AccompanyingPeriodWork
                && in_array($attribute, $this->getRoles(), true)
            ) || (
                $subject instanceof AccompanyingPeriod
                && in_array($attribute, [self::SEE, self::CREATE], true)
            );
    }

    /**
     * @param string $attribute
     * @param AccompanyingPeriodWork $subject
     */
    protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
    {
        if ($subject instanceof AccompanyingPeriodWork) {
            switch ($attribute) {
                case self::SEE:
                    return $this->security->isGranted(AccompanyingPeriodVoter::SEE_DETAILS, $subject->getAccompanyingPeriod());

                case self::CREATE:
                case self::UPDATE:
                case self::DELETE:
                    return $this->security->isGranted(AccompanyingPeriodVoter::EDIT, $subject->getAccompanyingPeriod());

                default:
                    throw new UnexpectedValueException("attribute {$attribute} is not supported");
            }
        } elseif ($subject instanceof AccompanyingPeriod) {
            switch ($attribute) {
                case self::SEE:
                    return $this->security->isGranted(AccompanyingPeriodVoter::SEE_DETAILS, $subject);

                case self::CREATE:
                    return $this->security->isGranted(AccompanyingPeriodVoter::CREATE, $subject);

                default:
                    throw new UnexpectedValueException(sprintf(
                        "attribute {$attribute} is not supported on instance %s",
                        AccompanyingPeriod::class
                    ));
            }
        }

        throw new UnexpectedValueException(sprintf("attribute {$attribute} on instance %s is not supported", get_class($subject)));
    }

    private function getRoles(): array
    {
        return [self::SEE, self::CREATE, self::UPDATE, self::DELETE];
    }
}