# frozen_string_literal: true

module ActionPolicy
  # Raised when `authorize!` check fails
  class Unauthorized < Error
    attr_reader :policy, :rule, :result

    # NEXT_RELEASE: remove result fallback
    def initialize(policy, rule, result = policy.result)
      @policy = policy.class
      @rule = rule
      @result = result

      super("Not authorized: #{@policy}##{@rule} returns false")
    end
  end

  # The main purpose of this module is to extact authorize actions
  # from everything else to make it easily testable.
  module Authorizer
    class << self
      # Performs authorization, raises an exception when check failed.
      def call(policy, rule)
        res = authorize(policy, rule)
        return if res.success?

        raise(::ActionPolicy::Unauthorized.new(policy, rule, res))
      end

      def authorize(policy, rule)
        policy.apply_r(rule)
      end

      # Applies scope to the target
      def scopify(target, policy, **options)
        policy.apply_scope(target, **options)
      end
    end
  end
end