<?php

namespace App\Http\Middleware;

use App\Http\Resources\UserTypePermissionCollection;
use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use App\Services\UserTypePermissionService;

class CheckPermission
{
    public function __construct(
        protected UserTypePermissionService $userTypePermissionService,
    ) {
    }

    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
     * @param  string  $scope
     * @param  string  $permissionType
     * @return \Symfony\Component\HttpFoundation\Response
     */
    public function handle(Request $request, Closure $next, string $scope, string $permissionType)
    {
        $user = Auth::user();

        if (!$user) {
            $userPermissions = new UserTypePermissionCollection($this->userTypePermissionService->allGuestPermissions());
        } else {
            $userPermissions = new UserTypePermissionCollection($this->userTypePermissionService->allPermissionsByUserType($user->type));
        }

        if (!$this->hasPermission($userPermissions, $scope, $permissionType)) {
            return response()->json(['message' => 'Forbidden'], 403);
        }

        return $next($request);
    }

    private function hasPermission(UserTypePermissionCollection $userPermissions, string $scope, string $permissionType): bool
    {
        $bitwisePermissionTable = [
            'view' => 1,
            'add' => 2,
            'edit' => 4,
            'delete' => 8,
            'print' => 16,
            'export' => 32,
            'import' => 64,
            'limit' => 128,
            'menu' => 256,
        ];

        $requiredPermission = $bitwisePermissionTable[$permissionType] ?? 0;

        foreach ($userPermissions as $permission) {
            if ($permission['scope'] === $scope && ($permission['bits'] & $requiredPermission)) {
                return true;
            }
        }

        return false;
    }
}