<?php

namespace App\Providers;

use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use Illuminate\Support\Facades\Gate;

class AuthServiceProvider extends ServiceProvider
{
    /**
     * The model to policy mappings for the application.
     *
     * @var array<class-string, class-string>
     */
    protected $policies = [
        //
    ];

    /**
     * Register any authentication / authorization services.
     */
    public function boot(): void
    {
        // Define gates that map to Spatie permissions
        // These gates are used in controllers with $this->authorize()

        // Payment Order gates
        Gate::define('create_payment_order', function ($user) {
            return $user->can('create_payment_order');
        });

        Gate::define('verify_payment_order', function ($user) {
            return $user->can('verify_payment_order');
        });

        Gate::define('execute_payment', function ($user) {
            return $user->can('execute_payment');
        });

        // Finance document gates
        Gate::define('approve_finance_secretary', function ($user) {
            return $user->can('approve_finance_secretary') || $user->hasRole('secretary_general');
        });

        Gate::define('approve_finance_chair', function ($user) {
            return $user->can('approve_finance_chair') || $user->hasRole('finance_chair');
        });

        Gate::define('approve_finance_board', function ($user) {
            return $user->can('approve_finance_board') || $user->hasRole('finance_board_member');
        });

        // Member management gates
        Gate::define('create_members', function ($user) {
            return $user->can('create_members') || $user->hasRole(['admin', 'super_admin']);
        });

        Gate::define('edit_members', function ($user) {
            return $user->can('edit_members') || $user->hasRole(['admin', 'super_admin']);
        });

        // Issue management gates
        Gate::define('create_issues', function ($user) {
            return $user->can('create_issues') || $user->hasRole(['admin', 'super_admin']);
        });

        Gate::define('edit_issues', function ($user) {
            return $user->can('edit_issues') || $user->hasRole(['admin', 'super_admin']);
        });

        // Super admin bypass - can do anything
        Gate::before(function ($user, $ability) {
            if ($user->hasRole('super_admin')) {
                return true;
            }
        });
    }
}