<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use App\Models\Permission;
use App\Services\UserTypePermissionService;

class CheckPermission
{
    public function __construct(
        protected UserTypePermissionService $service
    ) {}

    public function handle(Request $request, Closure $next, string $scopes, string $permissionType)
    {
        $user = Auth::user();

        if (!$user) {
            if ($this->checkGuest($scopes, $permissionType)) {
                return $next($request);
            }
            return response()->json(['message' => 'Unauthorized'], 401);
        }

        foreach (explode('|', $scopes) as $scope) {
            if ($user->hasPermission($scope, $permissionType)) {
                return $next($request);
            }
        }

        return response()->json(['message' => 'Forbidden', 'code' => 403], 403);
    }

    protected function checkGuest(string $scopes, string $permissionType): bool
    {
        $requiredBit = Permission::getBit($permissionType);
        $permissions = $this->service->allGuestPermissions();

        foreach (explode('|', $scopes) as $scope) {
            $perm = $permissions->first(fn($p) => $p->permission->scope === $scope);
            if ($perm && ($perm->bits & $requiredBit)) return true;
        }
        return false;
    }
}