<?php

declare(strict_types=1);

namespace App\State;

use ApiPlatform\Metadata\Operation;
use ApiPlatform\State\ProcessorInterface;
use App\ApiResource\WorkHourBulkSiteValidation;
use App\ApiResource\WorkHourBulkValidationResult;
use App\Entity\User;
use App\Entity\WorkHour;
use App\Service\WorkHours\WorkHourBulkValidationExecutor;
use Symfony\Bundle\SecurityBundle\Security;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;

final readonly class WorkHourBulkSiteValidationProcessor implements ProcessorInterface
{
    public function __construct(
        private Security $security,
        private WorkHourBulkValidationExecutor $executor,
    ) {}

    public function process(
        mixed $data,
        Operation $operation,
        array $uriVariables = [],
        array $context = []
    ): WorkHourBulkValidationResult {
        if (!$data instanceof WorkHourBulkSiteValidation) {
            throw new BadRequestHttpException('Invalid payload.');
        }

        $user = $this->security->getUser();
        if (!$user instanceof User) {
            throw new AccessDeniedHttpException('Authentication required.');
        }

        if (in_array('ROLE_ADMIN', $user->getRoles(), true) || in_array('ROLE_SELF', $user->getRoles(), true)) {
            throw new AccessDeniedHttpException('Only site managers can bulk update site validation.');
        }

        return $this->executor->execute(
            user: $user,
            workDateValue: $data->workDate,
            employeeIds: $data->employeeIds,
            shouldSkip: static fn (WorkHour $workHour): bool => $workHour->isValid() || $workHour->isSiteValid() === $data->isSiteValid,
            applyUpdate: static function (WorkHour $workHour) use ($data): void {
                $workHour->setIsSiteValid($data->isSiteValid);
            }
        );
    }
}