<?php

namespace App\Support;

use App\Models\AdminUser;
use App\Models\AgentNode;

final class AgentAdminUserAuthorization
{
    public static function userVisibleTo(AdminUser $admin, AdminUser $target): bool
    {
        if ($admin->isSuperAdmin()) {
            return true;
        }

        $agent = $target->primaryAgentNode();
        if ($agent === null) {
            return false;
        }

        return AdminAgentScope::nodeVisibleTo($admin, $agent);
    }

    public static function userManageableBy(AdminUser $admin, AdminUser $target): bool
    {
        if (! self::userVisibleTo($admin, $target)) {
            return false;
        }

        if ($admin->isSuperAdmin()) {
            return true;
        }

        if (! $admin->hasPermissionCode('agent.user.manage')) {
            return false;
        }

        $agent = $target->primaryAgentNode();

        return $agent !== null && AdminAgentScope::nodeManageableBy($admin, $agent);
    }

    public static function denyUnlessUserManageable(AdminUser $admin, AdminUser $target): ?\Illuminate\Http\JsonResponse
    {
        if (self::userManageableBy($admin, $target)) {
            return null;
        }

        return ApiMessage::errorResponse(
            request(),
            'admin.agent_user_manage_denied',
            \App\Lottery\ErrorCode::AdminForbidden->value,
            null,
            403,
        );
    }
}