<?php

declare(strict_types=1);

namespace App\Http\Requests\Dashboard;

use App\Models\Artwork;
use Illuminate\Foundation\Http\FormRequest;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;

final class ArtworkEditRequest extends FormRequest
{
    private ?Artwork $artwork = null;

    public function authorize(): bool
    {
        $user = $this->user();
        if (! $user) {
            $this->logUnauthorized('missing_user');
            $this->denyAsNotFound();
        }

        $id = (int) $this->route('id');
        if ($id <= 0) {
            $this->logUnauthorized('missing_artwork_id');
            $this->denyAsNotFound();
        }

        $artwork = Artwork::query()->whereKey($id)->first();
        if (! $artwork || (int) $artwork->user_id !== (int) $user->id) {
            $this->logUnauthorized('artwork_not_owned_or_missing');
            $this->denyAsNotFound();
        }

        $this->artwork = $artwork;

        return true;
    }

    public function rules(): array
    {
        return [];
    }

    public function artwork(): Artwork
    {
        if (! $this->artwork) {
            $this->denyAsNotFound();
        }

        return $this->artwork;
    }

    private function denyAsNotFound(): void
    {
        throw new NotFoundHttpException();
    }

    private function logUnauthorized(string $reason): void
    {
        logger()->warning('Dashboard artwork edit unauthorized access', [
            'reason' => $reason,
            'artwork_id' => $this->route('id'),
            'user_id' => $this->user()?->id,
            'ip' => $this->ip(),
        ]);
    }
}