<?php

/** DomFramework
  * @package domframework
  * @author Dominique Fournier <dominique@fournier38.fr>
  * @license BSD
  */

namespace Domframework;

/** All the needed functions to authorize or deny access to an authenticated
    user by its groups membership */
class Authzgroups
{
    /**
     * The table prefix to use
     * @var string
     */
    public $tableprefix = "";
    /** The dblayer object use to manage the Object table */
    private $dbObject = null;
    /** The dblayer object use to manage the Group table */
    private $dbGroup = null;
    /** The dblayer object use to manage the GroupMember table */
    private $dbGroupMember = null;
    /** The dblayer object use to manage the Right table */
    private $dbRight = null;
    /** Set the debug level */
    public $debug = 0;
    /** A local cache of the rights if multiple tests are needed */
    private $rightCache = null;

    /////////////////////
    //   USER RIGHTS   //
    /////////////////////
    /** Return an array with all the rights of the user in the module.
      * Cache this information to be quicker with next requests
      * Remove the entries where path is not at least readable
      * @param string $module The module to use
      * @param string $user The user to get the rights
      */
    public function userrightsget($module, $user)
    {
//    if (isset ($_SESSION["domframework"]["authzgroups"][$module][$user]))
//      return $_SESSION["domframework"]["authzgroups"][$module][$user];
        if ($this->rightCache !== null) {
            return $this->rightCache;
        }
        if ($this->dbObject == null) {
            throw new \Exception(dgettext(
                "domframework",
                "DB for Object is not connected"
            ), 500);
        }
        // Do the SQL request in hard to be more performant on jointures
        if ($user === "cli" || $user === "root") {
            $req = "SELECT o.object,'2' AS right
      FROM " . $this->tableprefix . "authzobject AS o
      WHERE o.module=:module";
        } else {
            $req = "SELECT o.object,MAX(r.right) AS \"right\"
      FROM " . $this->tableprefix . "authzright AS r,
           " . $this->tableprefix . "authzobject AS o,
           " . $this->tableprefix . "authzgroup AS g,
           " . $this->tableprefix . "authzgroupmember AS gm
      WHERE r.idgroup=g.idgroup AND r.idobject=o.idobject AND
            gm.idgroup=g.idgroup
            AND gm.user=:user AND g.module=:module
      GROUP BY o.object
      ORDER BY o.object";
        }

        if ($this->debug) {
            echo "$req\n";
        }
        try {
            $st = $this->dbObject->prepare($req);
        } catch (\Exception $e) {
            if ($this->dbObject->debug) {
                echo "DEBUG : PREPARE ERROR ! Return FALSE" .
                $e->getMessage() . "\n";
            }
            throw new \Exception($e->getMessage(), 500);
        }

        if ($user !== "cli" && $user !== "root") {
            $st->bindValue(":user", $user);
        }
        $st->bindValue(":module", $module);
        try {
            $rc = $st->execute();
            if ($rc === false) {
                throw new \Exception("Can't execute SQL request", 500);
            }
        } catch (\Exception $e) {
            if ($this->dbObject->debug) {
                echo "DEBUG : EXECUTE ERROR ! Return FALSE" .
                $e->getMessage() . "\n";
            }
            throw new \Exception($e->getMessage(), 500);
        }
        $res = array();
        while ($d = $st->fetch(\PDO::FETCH_ASSOC)) {
            $res[$d["object"]] = $d["right"];
        }
        // Transform the numerical rights to RO/RW
        foreach ($res as $k => $r) {
            switch ($r) {
                case "2":
                    $res[$k] = "RW";
                    break;
                case "1":
                    $res[$k] = "RO";
                    break;
                default:
                    throw new \Exception(dgettext(
                        "domframework",
                        "Unknown right stored"
                    ), 500);
            }
        }
        if (isset($_SESSION)) {
            $_SESSION["domframework"]["authzgroups"][$module][$user] = $res;
        }
        $this->rightCache = $res;
        return $res;
    }

    /** Return the right defined for this user in the module for one object
      * @param string $module The module to use
      * @param string $user The user to get the rights
      * @param string $object The object to return the rights for the user
      */
    public function allow($module, $user, $object)
    {
        $ressource = $this->userrightsget($module, $user);
        // The complete tree should not be readable for the user : it can have
        // access to a card, but not to all the cards (group -> reject,
        // group/XXX->allow)
        /*// Limit to allowed trees : if a member of the path is not recorded (is
        // unreadable), return NO.
        // Can be the last entry (the complete object) too
        $path = explode ("/", $object);
        $completePath = "/";
        foreach ($path as $k=>$p)
        {
          if ($k>1)
            $completePath .= "/";
          $completePath .= "$p";
          if (! isset ($ressource[$completePath]))
          {
            if ($this->debug)
              echo "DEBUG allow : REJECT because $completePath is not found\n";
            return "NO";
          }
        }*/
        if (! isset($ressource[$object])) {
            return "NO";
        }
        return $ressource[$object];
    }

    /** Return TRUE if the user right allow to see the object (RO or RW)
      * Return a 403 Exception if the user don't have the right
      * Return a 401 Exception if the user is not connected
      * @param string $module The module to use
      * @param string $user The user to get the rights
      * @param string $object The object to check the rights for the user
      */
    public function accessRight($module, $user, $object)
    {
        if ($this->dbObject === null) {
            throw new \Exception("Can't use authzgroups\\accessRight without " .
                           "connected database", 500);
        }
        if ($module === null || ! is_string($module) || trim($module) === "") {
            throw new \Exception(
                "Module not provided to authzgroups\\accessRight",
                500
            );
        }
        if ($user === null || ! is_string($user) || trim($user) === "") {
            throw new \Exception(
                "User not provided to authzgroups\\accessright",
                500
            );
        }
        if ($object === null || ! is_string($object)) {
            throw new \Exception(
                "Object not provided to authzgroups\\accessRight",
                500
            );
        }
        if ($object[0] !== "/") {
            $object = "/$object";
        }
        $rc = $this->allow($module, $user, "$object");
        if ($this->debug) {
            trigger_error("authzgroups : accessRight ('$module', '$user', " .
            "'$object')=$rc", E_USER_NOTICE);
        }
        if ($rc !== "NO") {
            return true;
        }
        if ($user === "anonymous") {
            throw new \Exception(
                dgettext("domframework", "Anonymous not allowed"),
                401
            );
        }
        throw new \Exception(dgettext("domframework", "Access forbidden"), 403);
    }

    /** Return TRUE if the user right allow to edit the object (RW only)
      * Return a 403 Exception if the user don't have the right
      * Return a 401 Exception if the user is not connected
      * @param string $module The module to use
      * @param string $user The user to get the rights
      * @param string $object The object to check the rights for the user
      */
    public function accessWrite($module, $user, $object)
    {
        if ($this->dbObject === null) {
            throw new \Exception("Can't use authzgroups\\accessWrite without " .
                           "connected database", 500);
        }
        if ($module === null || ! is_string($module) || trim($module) === "") {
            throw new \Exception(
                "Module not provided to authzgroups\\accessWrite",
                500
            );
        }
        if ($user === null || ! is_string($user) || trim($user) === "") {
            throw new \Exception(
                "User not provided to authzgroups\\accessWrite",
                500
            );
        }
        if ($object === null || ! is_string($object)) {
            throw new \Exception(
                "Object not provided to authzgroups\\accessWrite",
                500
            );
        }
        if ($object[0] !== "/") {
            $object = "/$object";
        }
        $rc = $this->allow($module, $user, $object);
        if ($this->debug) {
            trigger_error("authzgroups : accessWrite ('$module', '$user', " .
            "'$object')=$rc", E_USER_NOTICE);
        }
        if ($rc === "RW") {
            return true;
        }
        if ($user === "anonymous") {
            throw new \Exception(
                dgettext("domframework", "Anonymous not allowed"),
                401
            );
        }
        throw new \Exception(
            dgettext("domframework", "Modification forbidden"),
            403
        );
    }

    /** Return TRUE if the user right allow to see but without modification
      * the object  (RO only)
      * Return a 403 Exception if the user don't have the right
      * Return a 401 Exception if the user is not connected
      * @param string $module The module to use
      * @param string $user The user to get the rights
      * @param string $object The object to check the rights for the user
      */
    public function accessReadOnly($module, $user, $object)
    {
        if ($this->dbObject === null) {
            throw new \Exception("Can't use authzgroups\\accessReadOnly without " .
                           "connected database", 500);
        }
        if ($module === null || ! is_string($module) || trim($module) === "") {
            throw new \Exception(
                "Module not provided to authzgroups\\accessReadOnly",
                500
            );
        }
        if ($user === null || ! is_string($user) || trim($user) === "") {
            throw new \Exception(
                "User not provided to authzgroups\\accessReadOnly",
                500
            );
        }
        if ($object === null || ! is_string($object)) {
            throw new \Exception(
                "Object not provided to authzgroups\\accessReadOnly",
                500
            );
        }
        if ($object[0] !== "/") {
            $object = "/$object";
        }
        $rc = $this->allow($module, $user, $object);
        if ($this->debug) {
            trigger_error("authzgroups : accessReadOnly ('$module', '$user', " .
                   "'$object')" . "=$rc", E_USER_NOTICE);
        }
        if ($rc === "RO") {
            return true;
        }
        if ($user === "anonymous") {
            throw new \Exception(
                dgettext("domframework", "Anonymous not allowed"),
                401
            );
        }
        throw new \Exception(dgettext("domframework", "Access forbidden"), 403);
    }

    /////////////////////////
    //  DATABASE STORAGE   //
    /////////////////////////
    /** Connect to the database before using it
      * @param string $dsn The DSN to use to connect to the database
      * @param string|null $username The username to use to connect to the
      * database
      * @param string|null $password The password to use to connect to the
      * database
      * @param array|null $driver_options The options to pass to PDO driver
      */
    public function connect(
        $dsn,
        $username = null,
        $password = null,
        $driver_options = null
    ) {
        $this->dbObject = new Dblayer($dsn, $username, $password, $driver_options);
        $this->dbObject->debug = $this->debug;
        $this->dbObject->table = "authzobject";
        $this->dbObject->tableprefix = $this->tableprefix;
        $this->dbObject->fields = array(
        "idobject" => array("integer", "not null", "autoincrement"),
        "module"   => array("varchar", "255", "not null"),
        "object"   => array("varchar", "255", "not null"),
        "comment"  => array("varchar", "255"));
        $this->dbObject->primary = "idobject";
        $this->dbObject->unique = array("idobject", array("object", "module"));
        $this->dbObject->titles = array(
        "idobject" => dgettext("domframework", "idobject"),
        "module"   => dgettext("domframework", "Module"),
        "object"   => dgettext("domframework", "Object"),
        "comment"  => dgettext("domframework", "Comment"));

        $this->dbGroup = new Dblayer($dsn, $username, $password, $driver_options);
        $this->dbGroup->debug = $this->debug;
        $this->dbGroup->table = "authzgroup";
        $this->dbGroup->tableprefix = $this->tableprefix;
        $this->dbGroup->fields = array(
        "idgroup" => array("integer", "not null", "autoincrement"),
        "module"  => array("varchar", "255", "not null"),
        "group"   => array("varchar", "255", "not null"),
        "comment" => array("varchar", "255"));
        $this->dbGroup->primary = "idgroup";
        $this->dbGroup->unique = array("idgroup", array("module", "group"));
        $this->dbGroup->titles = array(
        "idgroup" => dgettext("domframework", "idgroup"),
        "module"  => dgettext("domframework", "Module"),
        "group"   => dgettext("domframework", "Group"),
        "comment" => dgettext("domframework", "Comment"));

        $this->dbGroupMember = new Dblayer(
            $dsn,
            $username,
            $password,
            $driver_options
        );
        $this->dbGroupMember->debug = $this->debug;
        $this->dbGroupMember->table = "authzgroupmember";
        $this->dbGroupMember->tableprefix = $this->tableprefix;
        $this->dbGroupMember->fields = array(
        "idgroupmember" => array("integer", "not null", "autoincrement"),
        "user"          => array("varchar", "255", "not null"),
        "idgroup"       => array("integer", "not null"),
        "comment"       => array("varchar", "255"));
        $this->dbGroupMember->primary = "idgroupmember";
        $this->dbGroupMember->unique = array("idgroupmember",
                                          array("user", "idgroup"));
        $this->dbGroupMember->foreign = array(
        "idgroup" => array("authzgroup", "idgroup",
                        "ON UPDATE CASCADE ON DELETE CASCADE"));
        $this->dbGroupMember->titles = array(
        "idgroupmember" => dgettext("domframework", "idgroupmember"),
        "user" => dgettext("domframework", "User"),
        "idgroup" => dgettext("domframework", "idgroup"),
        "comment" => dgettext("domframework", "Comment"));

        $this->dbRight = new Dblayer($dsn, $username, $password, $driver_options);
        $this->dbRight->debug = $this->debug;
        $this->dbRight->table = "authzright";
        $this->dbRight->tableprefix = $this->tableprefix;
        $this->dbRight->fields = array(
        "idright" => array("integer", "not null", "autoincrement"),
        "idgroup" => array("integer", "not null"),
        "idobject" => array("integer", "not null"),
        "right" =>   array("varchar", "2", "not null"), // RO, RW
        "comment" => array("varchar", "255"));
        $this->dbRight->primary = "idright";
        $this->dbRight->unique = array("idright", array("idgroup", "idobject"));
        $this->dbRight->foreign = array(
        "idgroup" => array("authzgroup", "idgroup",
        "ON UPDATE CASCADE ON DELETE CASCADE"),
        "idobject" => array("authzobject", "idobject",
        "ON UPDATE CASCADE ON DELETE CASCADE"),
        );
        $this->dbRight->titles = array(
        "idright"  => dgettext("domframework", "idright"),
        "idgroup"  => dgettext("domframework", "idgroup"),
        "idobject" => dgettext("domframework", "idobject"),
        "right"    => dgettext("domframework", "Right"),
        "comment"  => dgettext("domframework", "Comment"));
        return true;
    }

    /** Disconnect from the database. Should be only used in the unit tests
      */
    public function disconnect()
    {
        $this->dbObject->disconnect();
    }

    /** Create the tables in the database to store the data
      */
    public function createTables()
    {
        if ($this->dbObject == null) {
            throw new \Exception(dgettext(
                "domframework",
                "DB for Object is not connected"
            ), 500);
        }
        if ($this->dbGroup == null) {
            throw new \Exception(dgettext(
                "domframework",
                "DB for Group is not connected"
            ), 500);
        }
        if ($this->dbGroupMember == null) {
            throw new \Exception(
                dgettext(
                    "domframework",
                    "DB for GroupMember is not connected"
                ),
                500
            );
        }
        if ($this->dbRight == null) {
            throw new \Exception(dgettext(
                "domframework",
                "DB for Right is not connected"
            ), 500);
        }
        $tables = array("Object", "Group", "GroupMember", "Right");
        foreach ($tables as $table) {
            try {
                $class = "db$table";
                $this->$class->createTable();
            } catch (\Exception $e) {
                echo $e->getMessage() . "\n";
            }
        }
        return true;
    }

    /////////////////
    //   OBJECTS   //
    /////////////////
    /** Add a new object to object list
      * Return the idobject created
      * @param string $module The module to use
      * @param string $object The object to create
      * @param string|null $comment The comment to save
      */
    public function objectAdd($module, $object, $comment = "")
    {
        if ($this->dbObject == null) {
            throw new \Exception(dgettext(
                "domframework",
                "DB for Object is not connected"
            ), 500);
        }
        // TODO : Check parameters before saving them
        $this->rightCache = null;
        return $this->dbObject->insert(array("module" => $module,
                                           "object" => $object,
                                           "comment" => $comment));
    }

    /** Remove an object from database and all the rights using it
      * @param string $module The module to use
      * @param string $object The object to delete
      */
    public function objectDel($module, $object)
    {
        if ($this->dbObject == null) {
            throw new \Exception(dgettext(
                "domframework",
                "DB for Object is not connected"
            ), 500);
        }
        $idobjects = $this->objectRead($module, $object);
        if (! isset($idobjects[0]["idobject"])) {
            throw new \Exception(dgettext(
                "domframework",
                "Wanted object not found"
            ), 404);
        }
        $this->rightCache = null;
        return $this->dbObject->delete($idobjects[0]["idobject"]);
    }

    /** Remove an object from database and all the rights using it
      * @param string $module The module to use
      * @param integer $idobject The object to delete
      */
    public function objectDelByID($module, $idobject)
    {
        if ($this->dbObject == null) {
            throw new \Exception(dgettext(
                "domframework",
                "DB for Object is not connected"
            ), 500);
        }
        $idobjects = $this->objectReadByID($module, $idobject);
        if (! isset($idobjects[0]["idobject"])) {
            throw new \Exception(dgettext(
                "domframework",
                "Wanted object not found"
            ), 404);
        }
        $this->rightCache = null;
        return $this->dbObject->delete($idobjects[0]["idobject"]);
    }

    /** Update an object in the database
      * @param string $module The module to use
      * @param string $object The object to update
      * @param string $newobject The new name of the object
      * @param string|null $newcomment The new comment of the object
      */
    public function objectUpdate($module, $object, $newobject, $newcomment = "")
    {
        if ($this->dbObject == null) {
            throw new \Exception(dgettext(
                "domframework",
                "DB for Object is not connected"
            ), 500);
        }
        $idobjects = $this->objectRead($module, $object);
        if (! isset($idobjects[0]["idobject"])) {
            throw new \Exception(dgettext(
                "domframework",
                "Wanted object not found"
            ), 404);
        }
        $this->rightCache = null;
        return $this->dbObject->update(
            $idobjects[0]["idobject"],
            array("object" => $newobject,
                                           "comment" => $newcomment)
        );
    }

    /** Update an object in the database
      * @param string $module The module to use
      * @param integer $idobject The object to update
      * @param string $newobject The new name of the object
      * @param string|null $newcomment The new comment of the object
      */
    public function objectUpdateByID(
        $module,
        $idobject,
        $newobject,
        $newcomment = ""
    ) {
        if ($this->dbObject == null) {
            throw new \Exception(dgettext(
                "domframework",
                "DB for Object is not connected"
            ), 500);
        }
        $idobjects = $this->objectReadByID($module, $idobject);
        if (! isset($idobjects[0]["idobject"])) {
            throw new \Exception(dgettext(
                "domframework",
                "Wanted object not found"
            ), 404);
        }
        $this->rightCache = null;
        return $this->dbObject->update(
            $idobjects[0]["idobject"],
            array("object" => $newobject,
                                           "comment" => $newcomment)
        );
    }

    /** Return an array with all the available objects in the module, or only
      * one object if $object is provided
      * @param string $module The module to use
      * @param string $object The name of the object to get
      */
    public function objectRead($module, $object = null)
    {
        if ($this->dbObject == null) {
            throw new \Exception(dgettext(
                "domframework",
                "DB for Object is not connected"
            ), 500);
        }
        $select[] = array("module", $module);
        if ($object !== null) {
            $select[] = array("object", $object);
        }
        return $this->dbObject->read(
            $select,
            null,
            array(array("object", "ASC"))
        );
    }

    /** Return an array with all the available objects in the module, or only
      * one object if $object is provided
      * @param string $module The module to use
      * @param integer $idobject The name of the object to get
      */
    public function objectReadByID($module, $idobject = null)
    {
        if ($this->dbObject == null) {
            throw new \Exception(dgettext(
                "domframework",
                "DB for Object is not connected"
            ), 500);
        }
        $select[] = array("module", $module);
        if ($idobject !== null) {
            $select[] = array("idobject", $idobject);
        }
        return $this->dbObject->read($select);
    }

    /** Return an array containing the titles of the table translating in the user
      * language
      */
    public function objectTitles()
    {
        return $this->dbObject->titles;
    }

    /** Check if the provided data are compliant with the object specification
      * @param array $data The name of the object to get
      * @param integer|null $idobject The object to check
      * @return array The errors found in the data
      */
    public function objectVerify($data, $idobject = false)
    {
        return $this->dbObject->verify($data, $idobject);
    }

    ////////////////
    //   GROUPS   //
    ////////////////
    /** Add a new group to group list
      * Return the idgroup created
      * @param string $module The module to use
      * @param string $group The group to create
      * @param string|null $comment The comment to add with the group
      */
    public function groupAdd($module, $group, $comment = "")
    {
        if ($this->dbGroup == null) {
            throw new \Exception(dgettext(
                "domframework",
                "DB for Group is not connected"
            ), 500);
        }
        // TODO : Check parameters before saving them
        return $this->dbGroup->insert(array("module" => $module,
                                          "group" => $group,
                                          "comment" => $comment));
    }

    /** Remove an group from database and all the rights using it
      * @param string $module The module to use
      * @param string $group The group to delete
      */
    public function groupDel($module, $group)
    {
        if ($this->dbGroup == null) {
            throw new \Exception(dgettext(
                "domframework",
                "DB for Group is not connected"
            ), 500);
        }
        $idgroups = $this->groupRead($module, $group);
        if (! isset($idgroups[0]["idgroup"])) {
            throw new \Exception(dgettext(
                "domframework",
                "Wanted group not found"
            ), 404);
        }
        return $this->dbGroup->delete($idgroups[0]["idgroup"]);
    }

    /** Remove an group from database and all the rights using it
      * @param string $module The module to use
      * @param integer $idgroup The group to delete
      */
    public function groupDelByID($module, $idgroup)
    {
        if ($this->dbGroup == null) {
            throw new \Exception(dgettext(
                "domframework",
                "DB for Group is not connected"
            ), 500);
        }
        $idgroups = $this->groupReadByID($module, $idgroup);
        if (! isset($idgroups[0]["idgroup"])) {
            throw new \Exception(dgettext(
                "domframework",
                "Wanted group not found"
            ), 404);
        }
        return $this->dbGroup->delete($idgroups[0]["idgroup"]);
    }

    /** Update an group in the database
      * @param string $module The module to use
      * @param string $group The group to update
      * @param string $newgroup The new group name
      * @param string|null $comment The comment for the group
      */
    public function groupUpdate($module, $group, $newgroup, $comment = "")
    {
        if ($this->dbGroup == null) {
            throw new \Exception(dgettext(
                "domframework",
                "DB for Group is not connected"
            ), 500);
        }
        $idgroups = $this->groupRead($module, $group);
        if (! isset($idgroups[0]["idgroup"])) {
            throw new \Exception(dgettext(
                "domframework",
                "Wanted group not found"
            ), 404);
        }
        return $this->dbGroup->update(
            $idgroups[0]["idgroup"],
            array("group" => $newgroup,
                                          "comment" => $comment)
        );
    }

    /** Update an group in the database
      * @param string $module The module to use
      * @param integer $idgroup The group to update
      * @param string $newgroup The new group name
      * @param string|null $comment The comment for the group
      */
    public function groupUpdateByID($module, $idgroup, $newgroup, $comment = "")
    {
        if ($this->dbGroup == null) {
            throw new \Exception(dgettext(
                "domframework",
                "DB for Group is not connected"
            ), 500);
        }
        $idgroups = $this->groupReadByID($module, $idgroup);
        if (! isset($idgroups[0]["idgroup"])) {
            throw new \Exception(dgettext(
                "domframework",
                "Wanted group not found"
            ), 404);
        }
        return $this->dbGroup->update(
            $idgroups[0]["idgroup"],
            array("group" => $newgroup,
                                          "comment" => $comment)
        );
    }

    /** Return an array with all the available groups in the module
      * @param string $module The module to use
      * @param string|null $group The group to check if exists
      */
    public function groupRead($module, $group = null)
    {
        if ($this->dbGroup == null) {
            throw new \Exception(dgettext(
                "domframework",
                "DB for Group is not connected"
            ), 500);
        }
        $select[] = array("module", $module);
        if ($group !== null) {
            $select[] = array("group", $group);
        }
        return $this->dbGroup->read($select, null, array(array("group", "ASC")));
    }


    /** Return an array with all the available groups in the module
      * @param string $module The module to use
      * @param integer $idgroup The group to check if exists
      */
    public function groupReadByID($module, $idgroup)
    {
        if ($this->dbGroup == null) {
            throw new \Exception(dgettext(
                "domframework",
                "DB for Group is not connected"
            ), 500);
        }
        $select[] = array("module", $module);
        $select[] = array("idgroup", $idgroup);
        return $this->dbGroup->read($select);
    }

    /** Return an array containing the titles of the table translating in the user
      * language
      */
    public function groupTitles()
    {
        return $this->dbGroup->titles;
    }

    /** Check if the provided data are compilant with the group specification
      * @param array $data The data to check
      * @param integer|null $idgroup The idgroup to check
      * @return array The errors found in the data
      */
    public function groupVerify($data, $idgroup = false)
    {
        return $this->dbGroup->verify($data, $idgroup);
    }

    //////////////////////
    //   GROUP MEMBER   //
    //////////////////////
    /** Add a new groupmember to groupmember list
      * Return the idgroupmember created
      * @param string $module The module to use
      * @param string $group The group to use
      * @param string $user The user to add in group
      * @param string|null $comment The comment to save
      */
    public function groupmemberAdd($module, $group, $user, $comment = "")
    {
        if ($this->dbGroupMember == null) {
            throw new \Exception(
                dgettext(
                    "domframework",
                    "DB for GroupMember is not connected"
                ),
                500
            );
        }
        $groups = $this->groupRead($module, $group);
        if (! isset($groups[0]["idgroup"])) {
            throw new \Exception(dgettext(
                "domframework",
                "Wanted group not found"
            ), 404);
        }
        $this->rightCache = null;
        return $this->dbGroupMember->insert(array(
                                           "user" => $user,
                                           "idgroup" => $groups[0]["idgroup"],
                                           "comment" => $comment));
    }

    /** Remove an groupmember from database and all the rights using it
      * @param string $module The module to use
      * @param string $group The group to use
      * @param string $user The user to remove
      */
    public function groupmemberDel($module, $group, $user)
    {
        if ($this->dbGroupMember == null) {
            throw new \Exception(
                dgettext(
                    "domframework",
                    "DB for GroupMember is not connected"
                ),
                500
            );
        }
        $groups = $this->groupRead($module, $group);
        if (! isset($groups[0]["idgroup"])) {
            throw new \Exception(dgettext(
                "domframework",
                "Wanted group not found"
            ), 404);
        }
        $groupsMembers = $this->dbGroupMember->read(array(
                                    array("user", $user),
                                    array("idgroup", $groups[0]["idgroup"])));
        if (! isset($groupsMembers[0]["idgroupmember"])) {
            throw new \Exception(dgettext(
                "domframework",
                "Wanted GroupMember not found"
            ), 404);
        }
        $this->rightCache = null;
        return $this->dbGroupMember->delete($groupsMembers[0]["idgroupmember"]);
    }

    /** Remove an groupmember from database and all the rights using it
      * @param string $module The module to use
      * @param integer $idgroup The group to use
      * @param integer $idgroupmember The user to remove
      */
    public function groupmemberDelByID($module, $idgroup, $idgroupmember)
    {
        if ($this->dbGroupMember == null) {
            throw new \Exception(dgettext(
                "domframework",
                "DB for GroupMember is not connected"
            ), 500);
        }
        $groups = $this->groupReadByID($module, $idgroup);
        if (! isset($groups[0]["idgroup"])) {
            throw new \Exception(dgettext(
                "domframework",
                "Wanted group not found"
            ), 404);
        }
        $groupsMembers = $this->dbGroupMember->read(array(
                                    array("idgroupmember", $idgroupmember),
                                    array("idgroup", $idgroup)));
        if (! isset($groupsMembers[0]["idgroupmember"])) {
            throw new \Exception(dgettext(
                "domframework",
                "Wanted GroupMember not found"
            ), 404);
        }
        $this->rightCache = null;
        return $this->dbGroupMember->delete($groupsMembers[0]["idgroupmember"]);
    }

    /** Update an groupmember in the database
      * @param string $module The module to use
      * @param string $group The group to use
      * @param string $user The user to update
      * @param string|null $comment The comment to update
      */
    public function groupmemberUpdate($module, $group, $user, $comment = "")
    {
        $this->rightCache = null;
        die("This function is not available : contact us if you need it\n");
    }

    /** Update an groupmember in the database
      * @param string $module The module to use
      * @param integer $idgroup The group to use
      * @param integer $iduser The user to update
      * @param string $user The new user name
      * @param string|null $comment The comment to update
      */
    public function groupmemberUpdateByID(
        $module,
        $idgroup,
        $iduser,
        $user,
        $comment = ""
    ) {
        $data = $this->groupmemberReadUserDataByID($module, $idgroup, $iduser);
        if (count($data) === 0) {
            throw new \Exception(dgettext(
                "domframework",
                "IDUser in IDGroup not found"
            ), 404);
        }
        $this->rightCache = null;
        return $this->dbGroupMember->update(
            $iduser,
            array("user" => $user,
                                                "comment" => $comment)
        );
    }


    /** Return an array with all the groups where the user is in and in the module
      * @param string $module The module to use
      * @param string $user The user to search
      */
    public function groupmemberReadUser($module, $user)
    {
        if ($this->dbGroupMember == null) {
            throw new \Exception(
                dgettext(
                    "domframework",
                    "DB for GroupMember is not connected"
                ),
                500
            );
        }
        $idgrouptmps = $this->groupRead($module);
        // Create an array with idgroup=>group
        $idgroups = array();
        foreach ($idgrouptmps as $val) {
            $idgroups[$val["idgroup"]] = $val["group"];
        }
        $select = array();
        $select[] = array("user", $user);
        $idgroupmembers = $this->dbGroupMember->read($select);
        $res = array();
        foreach ($idgroupmembers as $idmembers) {
            $res[$idmembers["idgroup"]] = $idgroups[$idmembers["idgroup"]];
        }
        return $res;
    }

    /** Return an array with all the groups where the user is in and in the module
      * @param string $module The module to use
      * @param integer $idgroupmember The user to search
      */
    public function groupmemberReadUserByID($module, $idgroupmember)
    {
        if ($this->dbGroupMember == null) {
            throw new \Exception(
                dgettext(
                    "domframework",
                    "DB for GroupMember is not connected"
                ),
                500
            );
        }
        $idgrouptmps = $this->groupRead($module);
        // Create an array with idgroup=>group
        $idgroups = array();
        foreach ($idgrouptmps as $val) {
            $idgroups[$val["idgroup"]] = $val["group"];
        }
        $select = array();
        $select[] = array("idgroupmember", $idgroupmember);
        $idgroupmembers = $this->dbGroupMember->read($select);
        $res = array();
        foreach ($idgroupmembers as $idmembers) {
            $res[$idmembers["idgroup"]] = $idgroups[$idmembers["idgroup"]];
        }
        return $res;
    }

    /** Return an array with all the available users in the group and in the
      * module
      * @param string $module The module to use
      * @param string $group The group to search
      */
    public function groupmemberReadGroup($module, $group)
    {
        if ($this->dbGroupMember == null) {
            throw new \Exception(
                dgettext(
                    "domframework",
                    "DB for GroupMember is not connected"
                ),
                500
            );
        }
        $groups = $this->groupRead($module, $group);
        if (! isset($groups[0]["idgroup"])) {
            throw new \Exception(dgettext(
                "domframework",
                "Wanted group not found"
            ), 404);
        }
        $select[] = array("idgroup", $groups[0]["idgroup"]);
        return $this->dbGroupMember->read($select, array("user"));
    }

    /** Return an array with all the available users in the group and in the
      * module
      * @param string $module The module to use
      * @param integer $idgroup The group to search
      */
    public function groupmemberReadGroupByID($module, $idgroup)
    {
        if ($this->dbGroupMember == null) {
            throw new \Exception(
                dgettext(
                    "domframework",
                    "DB for GroupMember is not connected"
                ),
                500
            );
        }
        $groups = $this->groupReadByID($module, $idgroup);
        if (! isset($groups[0]["idgroup"])) {
            throw new \Exception(dgettext(
                "domframework",
                "Wanted group not found"
            ), 404);
        }
        $select[] = array("idgroup", $groups[0]["idgroup"]);
        return $this->dbGroupMember->read($select);
    }

    /** Return an array containing the information of a user in a specific group
      * @param string $module The module to use
      * @param integer $idgroup The group to search
      * @param integer $iduser The user to search
      */
    public function groupmemberReadUserDataByID($module, $idgroup, $iduser)
    {
        if ($this->dbGroupMember == null) {
            throw new \Exception(
                dgettext(
                    "domframework",
                    "DB for GroupMember is not connected"
                ),
                500
            );
        }
        $groups = $this->groupReadByID($module, $idgroup);
        if (! isset($groups[0]["idgroup"])) {
            throw new \Exception(dgettext(
                "domframework",
                "Wanted group not found"
            ), 404);
        }
        $select[] = array("idgroup", $groups[0]["idgroup"]);
        $select[] = array("idgroupmember", $iduser);
        return $this->dbGroupMember->read($select);
    }

    /** Return an array containing the titles of the table translating in the user
      * language
      */
    public function groupmembersTitles()
    {
        return $this->dbGroupMember->titles;
    }

    /** Check if the provided data are compilant with the group specification
      * @param array $data The data to check
      * @param integer|null $idgroupmember The group member associated to verify
      * @return array The errors found in the data
      */
    public function groupmembersVerify($data, $idgroupmember = false)
    {
        return $this->dbGroupMember->verify($data, $idgroupmember);
    }

    ////////////////
    //   RIGHTS   //
    ////////////////
    /** Add a new right to right list
      * Return the idright created
      * @param string $module The module to use
      * @param string $group The group to use
      * @param string $object The object to use
      * @param string $right The right to add
      * @param string|null $comment The comment to add
      */
    public function rightAdd($module, $group, $object, $right, $comment = "")
    {
        if ($this->dbRight == null) {
            throw new \Exception(dgettext(
                "domframework",
                "DB for Right is not connected"
            ), 500);
        }
        switch ($right) {
            case "RW":
                $right = 2;
                break;
            case "RO":
                $right = 1;
                break;
            default:
                throw new \Exception(
                    dgettext(
                        "domframework",
                        "Unknown right provided (RO/RW only)"
                    ),
                    500
                );
        }
        $groups = $this->groupRead($module, $group);
        if (! isset($groups[0]["idgroup"])) {
            throw new \Exception(dgettext(
                "domframework",
                "Wanted group not found"
            ), 404);
        }
        $objects = $this->objectRead($module, $object);
        if (! isset($objects[0]["idobject"])) {
            throw new \Exception(dgettext(
                "domframework",
                "Wanted object not found"
            ), 404);
        }
        $this->rightCache = null;
        return $this->dbRight->insert(array("idgroup" => $groups[0]["idgroup"],
                                          "idobject" => $objects[0]["idobject"],
                                          "right" => $right,
                                          "comment" => $comment));
    }

    /** Add a new right to right list by ID
      * Return the idright created
      * @param string $module The module to use
      * @param integer $idgroup The group to use
      * @param integer $idobject The object to use
      * @param integer $idright The right to add
      * @param string|null $comment The comment to add
      */
    public function rightAddByID(
        $module,
        $idgroup,
        $idobject,
        $idright,
        $comment = ""
    ) {
        if ($this->dbRight == null) {
            throw new \Exception(dgettext(
                "domframework",
                "DB for Right is not connected"
            ), 500);
        }
        switch ($idright) {
            case "2":
                $right = 2;
                break;
            case "1":
                $right = 1;
                break;
            default:
                throw new \Exception(
                    dgettext(
                        "domframework",
                        "Unknown right provided (RO/RW only)"
                    ),
                    500
                );
        }
        $groups = $this->groupReadByID($module, $idgroup);
        if (! isset($groups[0]["idgroup"])) {
            throw new \Exception(dgettext(
                "domframework",
                "Wanted group not found"
            ), 404);
        }
        $objects = $this->objectReadByID($module, $idobject);
        if (! isset($objects[0]["idobject"])) {
            throw new \Exception(dgettext(
                "domframework",
                "Wanted object not found"
            ), 404);
        }
        $this->rightCache = null;
        return $this->dbRight->insert(array("idgroup" => $groups[0]["idgroup"],
                                          "idobject" => $objects[0]["idobject"],
                                          "right" => $right,
                                          "comment" => $comment));
    }

    /** Remove an right from database and all the rights using it
      * @param string $module The module to use
      * @param string $group The group to use
      * @param string $object The object to remove the rights
      */
    public function rightDel($module, $group, $object)
    {
        if ($this->dbRight == null) {
            throw new \Exception(dgettext(
                "domframework",
                "DB for Right is not connected"
            ), 500);
        }
        $idrights = $this->rightRead($module, $group, $object);
        if (!isset($idrights[0]["idright"])) {
            throw new \Exception(dgettext(
                "domframework",
                "Wanted right not found"
            ), 404);
        }
        $this->rightCache = null;
        return $this->dbRight->delete($idrights[0]["idright"]);
    }

    /** Remove an right from database by ID and all the rights using it
      * @param string $module The module to use
      * @param integer $idright The idright to be deleted
      */
    public function rightDelByID($module, $idright)
    {
        if ($this->dbRight == null) {
            throw new \Exception(dgettext(
                "domframework",
                "DB for Right is not connected"
            ), 500);
        }
        $idrights = $this->rightReadByID($module, $idright);
        if (!isset($idrights[0]["idright"])) {
            throw new \Exception(dgettext(
                "domframework",
                "Wanted right not found"
            ), 404);
        }
        $this->rightCache = null;
        return $this->dbRight->delete($idrights[0]["idright"]);
    }

    /** Update a right in the database
      * @param string $module The module to use
      * @param string $group The group to update the right
      * @param string $object The object ot update the right
      * @param string $newright The new right to save
      * @param string|null $newcomment The new comment to save
      */
    public function rightUpdate(
        $module,
        $group,
        $object,
        $newright,
        $newcomment = ""
    ) {
        if ($this->dbRight == null) {
            throw new \Exception(dgettext(
                "domframework",
                "DB for Right is not connected"
            ), 500);
        }
        switch ($newright) {
            case "RW":
                $newright = 2;
                break;
            case "RO":
                $newright = 1;
                break;
            default:
                throw new \Exception(
                    dgettext(
                        "domframework",
                        "Unknown right provided (RO/RW only)"
                    ),
                    500
                );
        }
        $idrights = $this->rightRead($module, $group, $object);
        if (!isset($idrights[0]["idright"])) {
            throw new \Exception(dgettext(
                "domframework",
                "Wanted right not found"
            ), 404);
        }
        $this->rightCache = null;
        return $this->dbRight->update(
            $idrights[0]["idright"],
            array("right" => $newright,
                                          "comment" => $newcomment)
        );
    }

    /** Update a right by ID in the database
      * @param string $module The module to use
      * @param integer $idright The idright to update the right
      * @param integer $newidobject The object ot update the right
      * @param integer $newright The new right to save
      * @param string|null $newcomment The new comment to save
      */
    public function rightUpdateByID(
        $module,
        $idright,
        $newidobject,
        $newright,
        $newcomment = ""
    ) {
        if ($this->dbRight == null) {
            throw new \Exception(dgettext(
                "domframework",
                "DB for Right is not connected"
            ), 500);
        }
        switch ($newright) {
            case "2":
                $newright = 2;
                break;
            case "1":
                $newright = 1;
                break;
            default:
                throw new \Exception(
                    dgettext(
                        "domframework",
                        "Unknown right provided (RO/RW only)"
                    ),
                    500
                );
        }
        $idrights = $this->rightReadByID($module, $idright);
        if (!isset($idrights[0]["idright"])) {
            throw new \Exception(dgettext(
                "domframework",
                "Wanted right not found"
            ), 404);
        }
        $this->rightCache = null;
        return $this->dbRight->update(
            $idrights[0]["idright"],
            array("idobject" => $newidobject,
                                          "right" => $newright,
                                          "comment" => $newcomment)
        );
    }


    /** Return an array with all the available rights in the module, for a group,
      * and concerning an object
      * @param string $module The module to use
      * @param string $group The group to get the rights
      * @param string $object The object to get the rights
      */
    public function rightRead($module, $group, $object)
    {
        if ($this->dbRight == null) {
            throw new \Exception(dgettext(
                "domframework",
                "DB for Right is not connected"
            ), 500);
        }
        $groups = $this->groupRead($module, $group);
        if (! isset($groups[0]["idgroup"])) {
            throw new \Exception(dgettext(
                "domframework",
                "Wanted group not found"
            ), 404);
        }
        $objects = $this->objectRead($module, $object);
        if (! isset($objects[0]["idobject"])) {
            throw new \Exception(dgettext(
                "domframework",
                "Wanted object not found"
            ), 404);
        }
        $select[] = array("idgroup", $groups[0]["idgroup"]);
        $select[] = array("idobject", $objects[0]["idobject"]);
        return $this->dbRight->read($select);
    }

    /** Return an array with all the available rights for a module and a group
      * @param string $module The module to use
      * @param string $group The group to get the rights
      */
    public function rightReadByGroup($module, $group)
    {
        if ($this->dbRight == null) {
            throw new \Exception(dgettext(
                "domframework",
                "DB for Right is not connected"
            ), 500);
        }
        $groups = $this->groupRead($module, $group);
        if (! isset($groups[0]["idgroup"])) {
            throw new \Exception(dgettext(
                "domframework",
                "Wanted group not found"
            ), 404);
        }
        return $this->rightReadByGroupByID($module, $objects[0]["idgroup"]);
    }

    /** Return an array with all the available rights for a module and a group
      * @param string $module The module to use
      * @param integer $idgroup The group to get the rights
      */
    public function rightReadByGroupByID($module, $idgroup)
    {
        if ($this->dbRight == null) {
            throw new \Exception(dgettext(
                "domframework",
                "DB for Right is not connected"
            ), 500);
        }
        $select[] = array("idgroup", $idgroup);
        return $this->dbRight->read($select);
    }

    /** Return an array with all the information concerning a right selected by
      * @param string $module The module to use
      * @param integer $idright The right to search
      * ID
      */
    public function rightReadByID($module, $idright)
    {
        if ($this->dbRight == null) {
            throw new \Exception(dgettext(
                "domframework",
                "DB for Right is not connected"
            ), 500);
        }
        $select[] = array("idright", $idright);
        return $this->dbRight->read($select);
    }

    /** Return an array with all the available rights for a module and an object
      * @param string $module The module to use
      * @param string $object The object to search
      */
    public function rightReadByObject($module, $object)
    {
        if ($this->dbRight == null) {
            throw new \Exception(dgettext(
                "domframework",
                "DB for Right is not connected"
            ), 500);
        }
        $objects = $this->objectRead($module, $object);
        if (! isset($objects[0]["idobject"])) {
            throw new \Exception(dgettext(
                "domframework",
                "Wanted object not found"
            ), 404);
        }
        $select[] = array("idobject", $objects[0]["idobject"]);
        return $this->dbRight->read($select);
    }

    /** Return an array with all the available rights for a module and an idobject
      * @param string $module The module to use
      * @param integer $idobject The object to search
      */
    public function rightReadByObjectByID($module, $idobject)
    {
        if ($this->dbRight == null) {
            throw new \Exception(dgettext(
                "domframework",
                "DB for Right is not connected"
            ), 500);
        }
        // FIXME : Do not use $module ?
        $select[] = array("idobject", $idobject);
        return $this->dbRight->read($select);
    }


    /** Return an array containing the titles of the table translating in the user
      * language
      */
    public function rightTitles()
    {
        return $this->dbRight->titles;
    }

    /** Return all the types of rights available (RO and RW)
      */
    public function rightTypes()
    {
        return array("1" => "RO", "2" => "RW");
    }

    /** Check if the provided data are compilant with the group specification
      * @param array $data The data of the right to check
      * @param integer $idright The right to search
      * @return array The errors found in the data
      */
    public function rightVerify($data, $idright = false)
    {
        return $this->dbRight->verify($data, $idright);
    }
}