<?php

declare(strict_types=1);

namespace App\Module\Core\Infrastructure\DataFixtures;

use App\Module\Core\Domain\Entity\Role;
use App\Module\Core\Domain\Entity\User;
use App\Module\Core\Domain\Repository\RoleRepositoryInterface;
use App\Module\Core\Domain\Security\SystemRoles;
use Doctrine\Bundle\FixturesBundle\Fixture;
use Doctrine\Persistence\ObjectManager;
use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;

/**
 * Fixtures de base du module Core : 3 utilisateurs (1 admin + 2 standards)
 * rattaches aux roles systeme RBAC seedes par la migration Version20260414150034.
 *
 * Note : le purger Doctrine execute avant load() supprime l'ensemble des
 * entites managees, ce qui inclut la table role. On re-seede donc les roles
 * systeme de maniere idempotente avant de rattacher les utilisateurs, afin
 * que le workflow "make db-reset && make fixtures" reste one-shot.
 */
class AppFixtures extends Fixture
{
    public function __construct(
        private readonly UserPasswordHasherInterface $passwordHasher,
        private readonly RoleRepositoryInterface $roleRepository,
    ) {}

    public function load(ObjectManager $manager): void
    {
        $adminRole = $this->ensureSystemRole(
            $manager,
            SystemRoles::ADMIN_CODE,
            'Administrateur',
            'Role administrateur - bypass complet via is_admin',
        );
        $userRole = $this->ensureSystemRole(
            $manager,
            SystemRoles::USER_CODE,
            'Utilisateur',
            'Role de base sans permission specifique',
        );

        $admin = new User();
        $admin->setUsername('admin');
        $admin->setIsAdmin(true);
        $admin->setPassword($this->passwordHasher->hashPassword($admin, 'admin'));
        $admin->addRbacRole($adminRole);
        $manager->persist($admin);

        $alice = new User();
        $alice->setUsername('alice');
        $alice->setPassword($this->passwordHasher->hashPassword($alice, 'alice'));
        $alice->addRbacRole($userRole);
        $manager->persist($alice);

        $bob = new User();
        $bob->setUsername('bob');
        $bob->setPassword($this->passwordHasher->hashPassword($bob, 'bob'));
        $bob->addRbacRole($userRole);
        $manager->persist($bob);

        $manager->flush();
    }

    /**
     * Retourne le role systeme correspondant au code donne, en le creant
     * s'il n'existe pas encore (le purger Doctrine a pu vider la table role).
     *
     * La description est recopiee depuis la migration RBAC pour que les
     * deux chemins (migration prod, fixtures dev) produisent un etat
     * identique.
     */
    private function ensureSystemRole(
        ObjectManager $manager,
        string $code,
        string $label,
        string $description,
    ): Role {
        $role = $this->roleRepository->findByCode($code);

        if (null !== $role) {
            return $role;
        }

        $role = new Role($code, $label, isSystem: true, description: $description);
        $manager->persist($role);

        return $role;
    }
}