<?php

namespace App\Services\Auth;

use App\Exceptions\PrimaryRoleNotFoundException;
use App\Exceptions\RoleNotFoundException;
use App\Models\Role;
use App\Models\User;

class UserPermissionsHelper {

    const PERM_canGrantRolesToUsersWithPrimaryRole        = 'users.grant_role_to?primary_role=';
    const PERM_canRevokeRolesFromUsersWithPrimaryRole     = 'users.revoke_role_from?primary_role=';
    const PERM_canChangePrimaryRoleOfUsersTo              = 'users.change_primary_role_to?primary_role=';
    const PERM_canChangePrimaryRoleOfUsersWithPrimaryRole = 'users.change_primary_role_from?primary_role=';
    const PERM_canGrantRole                               = 'roles.grant_to_user?role=';
    const PERM_canRevokeRole                              = 'roles.revoke_from_user?role=';

    const PERM_canViewUsersWithPrimaryRole   = 'users.view?primary_role=';
    const PERM_canCreateUsersWithPrimaryRole = 'users.create?primary_role=';
    const PERM_canUpdateUsersWithPrimaryRole = 'users.update?primary_role=';
    const PERM_canDeleteUsersWithPrimaryRole = 'users.delete?primary_role=';

    protected $primaryRoles;
    protected $roles;

    protected function primaryRoles($forceRefresh = false) {
        if ($forceRefresh || !$this->primaryRoles) {
            $this->primaryRoles = Role::where('is_primary', 1)->get();
        }
        return $this->primaryRoles;
    }

    protected function roles($forceRefresh = false) {
        if ($forceRefresh || !$this->roles) {
            $this->roles = Role::where('is_primary', 0)->get();
        }
        return $this->roles;
    }

    protected function toPrimaryRole($primaryRole) {
        if ($primaryRole instanceof Role) {
            $exists = $this->primaryRoles()->where('name', $primaryRole->name)->count();
            if (!$exists) {
                throw new PrimaryRoleNotFoundException($primaryRole->name);
            }
            return $primaryRole->name;
        }

        $exists = $this->primaryRoles()->where('name', $primaryRole)->first();
        if (!$exists) {
            throw new PrimaryRoleNotFoundException($primaryRole);
        }
        return $primaryRole;
    }

    protected function toRole($role) {
        if ($role instanceof Role) {
            $exists = $this->roles()->where('name', $role->name)->count();
            if (!$exists) {
                throw new RoleNotFoundException($role->name);
            }
            return $role->name;
        }

        $exists = $this->roles()->where('name', $role)->first();
        if (!$exists) {
            throw new RoleNotFoundException($role);
        }
        return $role;
    }

    // view
    public function canViewUser(User $user, User $target) {
        $targetPrimaryRole = $target->getPrimaryRole();
        return $this->canViewUsersWithPrimaryRole($user, $targetPrimaryRole);
    }

    public function canViewUsersWithPrimaryRole(User $user, $primaryRole) {
        $primaryRole = $this->toPrimaryRole($primaryRole);
        $perm        = static::PERM_canViewUsersWithPrimaryRole . $primaryRole;
        return $user->can($perm);
    }

    public function canViewAnyUsers(User $user) {
        return $this->getCanViewUsersWithPrimaryRoles($user)->count() > 0;
    }

    public function getCanViewUsersWithPrimaryRoles(User $user) {
        return $this->primaryRoles()
                    ->filter(function ($role) use ($user) {
                        return $this->canViewUsersWithPrimaryRole($user, $role);
                    });
    }

    // create
    public function canCreateUsersWithPrimaryRole(User $user, $primaryRole) {
        $primaryRole = $this->toPrimaryRole($primaryRole);
        $perm        = static::PERM_canCreateUsersWithPrimaryRole . $primaryRole;
        return $user->can($perm);
    }

    public function canCreateAnyUsers(User $user) {
        return $this->getCanCreateUsersWithPrimaryRoles($user)->count() > 0;
    }

    public function getCanCreateUsersWithPrimaryRoles(User $user) {
        return $this->primaryRoles()
                    ->filter(function ($role) use ($user) {
                        return $this->canCreateUsersWithPrimaryRole($user, $role);
                    });
    }

    // update
    public function canUpdateUser(User $user, User $target) {
        $targetPrimaryRole = $target->getPrimaryRole();
        return $this->canUpdateUsersWithPrimaryRole($user, $targetPrimaryRole);
    }

    public function canUpdateUsersWithPrimaryRole(User $user, $primaryRole) {
        $primaryRole = $this->toPrimaryRole($primaryRole);
        $perm        = static::PERM_canUpdateUsersWithPrimaryRole . $primaryRole;
        return $user->can($perm);
    }

    public function canUpdateAnyUsers(User $user) {
        return $this->getCanUpdateUsersWithPrimaryRoles($user)->count() > 0;
    }

    public function getCanUpdateUsersWithPrimaryRoles(User $user) {
        return $this->primaryRoles()
                    ->filter(function ($role) use ($user) {
                        return $this->canUpdateUsersWithPrimaryRole($user, $role);
                    });
    }

    // delete
    public function canDeleteUser(User $user, User $target) {
        $targetPrimaryRole = $target->getPrimaryRole();
        return $this->canDeleteUsersWithPrimaryRole($user, $targetPrimaryRole);
    }

    public function canDeleteUsersWithPrimaryRole(User $user, $primaryRole) {
        $primaryRole = $this->toPrimaryRole($primaryRole);
        $perm        = static::PERM_canDeleteUsersWithPrimaryRole . $primaryRole;
        return $user->can($perm);
    }

    public function canDeleteAnyUsers(User $user) {
        return $this->getCanDeleteUsersWithPrimaryRoles($user)->count() > 0;
    }

    public function getCanDeleteUsersWithPrimaryRoles(User $user) {
        return $this->primaryRoles()
                    ->filter(function ($role) use ($user) {
                        return $this->canDeleteUsersWithPrimaryRole($user, $role);
                    });
    }

    // change primary role
    public function canChangePrimaryRoleOfUserTo(User $user, User $target, $newPrimaryRole) {
        return (
            $this->canChangePrimaryRoleOfUser($user, $target) &&
            $this->canChangePrimaryRoleOfUsersTo($user, $newPrimaryRole)
        );
    }

    public function canChangePrimaryRoleOfUsersTo(User $user, $primaryRole) {
        $primaryRole = $this->toPrimaryRole($primaryRole);
        $perm        = static::PERM_canChangePrimaryRoleOfUsersTo . $primaryRole;
        return $user->can($perm);
    }

    public function canChangePrimaryRoleOfUser(User $user, User $target) {
        $targetPrimaryRole = $target->getPrimaryRole();
        return $this->canChangePrimaryRoleOfUsersWithPrimaryRole($user, $targetPrimaryRole);
    }

    public function canChangePrimaryRoleOfUsersWithPrimaryRole(User $user, $primaryRole) {
        $primaryRole = $this->toPrimaryRole($primaryRole);
        $perm        = static::PERM_canChangePrimaryRoleOfUsersWithPrimaryRole . $primaryRole;
        return $user->can($perm);
    }

    public function canChangePrimaryRoleOfAnyUsers(User $user) {
        return $this->getCanChangePrimaryRoleOfUsersWithPrimaryRoles($user)->count() > 0;
    }

    public function getCanChangePrimaryRoleOfUsersWithPrimaryRoles(User $user) {
        return $this->primaryRoles()
                    ->filter(function ($role) use ($user) {
                        return $this->canChangePrimaryRoleOfUsersWithPrimaryRole($user, $role);
                    });
    }


    // grant role

    public function canGrantRoleToUser(User $user, User $target, $newRole) {
        return (
            $this->canGrantRolesToUser($user, $target) &&
            $this->canGrantRole($user, $newRole)
        );
    }

    public function canGrantRolesToUser(User $user, User $target) {
        $targetPrimaryRole = $target->getPrimaryRole();
        return $this->canGrantRolesToUsersWithPrimaryRole($user, $targetPrimaryRole);
    }

    public function canGrantRolesToUsersWithPrimaryRole(User $user, $primaryRole) {
        $primaryRole = $this->toPrimaryRole($primaryRole);
        $perm        = static::PERM_canGrantRolesToUsersWithPrimaryRole . $primaryRole;
        return $user->can($perm);
    }

    public function canGrantRole(User $user, $role) {
        $role = $this->toRole($role);
        $perm = static::PERM_canGrantRole . $role;
        return $user->can($perm);
    }

    public function canGrantAnyRoles(User $user) {
        return $this->getCanGrantRoles($user)->count() > 0;
    }

    public function getCanGrantRoles(User $user) {
        return $this->roles()
                    ->filter(function ($role) use ($user) {
                        return $this->canGrantRole($user, $role);
                    });
    }

    // revoke role
    public function canRevokeRoleFromUser(User $user, User $target, $revokeRole) {
        $revokeRole = $this->toRole($revokeRole);
        return (
            $this->canRevokeRolesFromUser($user, $target) &&
            $this->canRevokeRole($user, $revokeRole)
        );
    }

    public function canRevokeRolesFromUser(User $user, User $target) {
        $targetPrimaryRole = $target->getPrimaryRole();
        return $this->canRevokeRolesFromUsersWithPrimaryRole($user, $targetPrimaryRole);
    }

    public function canRevokeRolesFromUsersWithPrimaryRole(User $user, $primaryRole) {
        $primaryRole = $this->toPrimaryRole($primaryRole);
        $perm        = static::PERM_canRevokeRolesFromUsersWithPrimaryRole . $primaryRole;
        return $user->can($perm);
    }

    public function canRevokeRole(User $user, $role) {
        $role = $this->toRole($role);
        $perm = static::PERM_canRevokeRole . $role;
        return $user->can($perm);
    }

    public function canRevokeAnyRoles(User $user) {
        return $this->getCanRevokeRoles($user)->count() > 0;
    }

    public function getCanRevokeRoles(User $user) {
        return $this->roles()
                    ->filter(function ($role) use ($user) {
                        return $this->canRevokeRole($user, $role);
                    });
    }

}