<?php

namespace App\Support;

use App\Models\AdminSite;
use App\Models\AdminUser;
use Illuminate\Validation\ValidationException;

/** 平台账号创建/改角色时，操作者对目标站点的授权校验。 */
final class AdminPlatformUserSiteGuard
{
    public static function assertActorCanAssignSite(AdminUser $actor, int $siteId): void
    {
        $site = AdminSite::query()->find($siteId);
        if ($site === null) {
            throw ValidationException::withMessages([
                'admin_site_id' => [trans('validation.exists', ['attribute' => 'admin_site_id'])],
            ]);
        }

        if ($actor->isSuperAdmin()) {
            return;
        }

        if (! AdminIntegrationSiteAccess::canAccess($actor, $site)) {
            throw ValidationException::withMessages([
                'admin_site_id' => [trans('admin.site_access_denied')],
            ]);
        }
    }
}