<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;

class Acl
{

    private $excepts = ['ckeditor', 'home'];
    /**
     * Handle an incoming request.
     *
     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
     */
    public function handle(Request $request, Closure $next): Response
    {
        $route = \Route::getCurrentRoute();
        // check admin page & user is not super admin
        if (auth()->check() && isset($route->action['as'])) {
            // explode user request to process
            $requestPath = explode('.', $route->action['as']);
            // ignore admin and not admin page
            if ($requestPath[0] == 'admin' && !auth()->user()->hasRole('developer') && !auth()->user()->hasRole('admin')) {
                // check excpet and has 3 routes and has user acceess
                if (!in_array($requestPath[1], $this->excepts) &&
                    isset($requestPath[2]) &&
                    !auth()->user()->hasAccess($route->action['as'])) {
                    return abort(403, __("You don't have access this action"));
                }
                // check delete or destroy with bulk action
                if (isset($requestPath[2]) && $requestPath[2] == 'bulk' && $request->input('bulk') == 'delete') {
                    $requestPath[2] = 'delete';
                    if (!auth()->user()->hasAccess(implode('.', $requestPath))) {
                        $requestPath[2] = 'destroy';
                        if (!auth()->user()->hasAccess(implode('.', $requestPath))) {
                            return abort(403, __("You don't have access this action"));
                        }
                    }
                }
                if (auth()->user()->accesses()->count() == 0){
                    return   redirect()->route('admin.logout')->with(['message' => "You don't have any access to login"]);
                }
            }
        }
        return $next($request);
    }
}