<?php

/*
 * AVSDev UF Organisations (https://avsdev.uk)
 *
 * @link      https://git.avsdev.uk/avsdev/sprinkle-organisations
 * @license   https://git.avsdev.uk/avsdev/sprinkle-organisations/blob/master/LICENSE.md (LGPL-3.0 License)
 */

namespace UserFrosting\Sprinkle\Organisations\Authorize;

use Illuminate\Support\Arr;
use Psr\Container\ContainerInterface;
use UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface;
use UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager as UFAuthorizationManager;

/**
 * AuthorizationManager class.
 *
 * Extends the authorization manager and allows for running an authorization callback without fetching it from the internal list.
 *
 * @author Craig Williams (https://avsdev.uk)
 */
class AuthorizationManager extends UFAuthorizationManager
{
    /**
     * Run a registered callback directly.
     *
     * @param string   $name
     * @param object   $user
     * @param ...      $args
     */
    public function runCallback($user, $name, ...$args)
    {
        $debug = $this->ci->config['debug.auth'];
        $logger = $this->ci->authLogger;

        if (is_null($user) || !($user instanceof UserInterface)) {
            if ($debug) {
                $this->ci->authLogger->debug('No user defined. Access denied.');
            }

            return false;
        }

        // The master (root) account has access to everything.
        // Need to use loose comparison for now, because some DBs return `id` as a string.
        if ($user->id == $this->ci->config['reserved_user_ids.master']) {
            if ($debug) {
                $this->ci->authLogger->debug('User is the master (root) user. Access granted.');
            }

            return true;
        }

        if ($debug) {
            $trace = array_slice(debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS, 3), 1);
            $this->ci->authLogger->debug('Authorization check requested at: ', $trace);
            $this->ci->authLogger->debug("Checking authorization for user {$user->id} ('{$user->user_name}') against check '$name'...");
        }

        if (!array_key_exists($name, $this->callbacks) || !isset($this->callbacks[$name])) {
            if ($debug) {
                $this->ci->authLogger->debug('No matching callback found. Access denied.');
            }

            return false;
        }

        try {
            if ($debug) {
                $this->ci->authLogger->debug("Calling check '{$name}' with arguments:", $args);
            }

            $result = call_user_func_array($this->callbacks[$name], $args);

            if ($result === true) {
                if ($debug) {
                    $this->ci->authLogger->debug("User passed check '{$name}'. Access granted.");
                }

                return true;
            }

            return $result;
        } catch (Exception $e) {
            if ($this->debug) {
                $this->logger->debug("Error running check '$name':" . $e->getMessage() . ". Access denied.");
            }

            return false;
        }
    }
}