<?php

namespace App\Security;

use App\Entity\User;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Component\Security\Core\Role\Role;

class RoleVoter extends Voter
{
    const VIEW = 'view';
    const EDIT = 'edit';
    const CREATE = 'create';
    const DELETE = 'delete';

    protected function supports(string $attribute, mixed $subject): bool
    {
        // if the attribute isn't one we support, return false
        if (
            !in_array($attribute, [
                    self::VIEW,
                    self::EDIT,
                    self::CREATE,
                    self::DELETE,
                ])
        ) {
            return false;
        }

        // only vote on Post objects inside this voter
        if (!$subject instanceof Role) {
            return false;
        }

        return true;
    }

    protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
    {
        $user = $token->getUser();

        if (!$user instanceof User) {
            // the user must be logged in; if not, deny access
            return false;
        }

        // ROLE_SUPER_ADMIN can do anything! The power!
        if ($this->decisionManager->decide($token, array('ROLE_SUPER_ADMIN'))) {
            return true;
        }
//        // you know $subject is a Post object, thanks to supports
//        /** @var Post $post */
//        $post = $subject;
//
//        switch ($attribute) {
//            case self::VIEW:
//                return $this->canView($post, $user);
//            case self::EDIT:
//                return $this->canEdit($post, $user);
//        }

        return true;
    }
}