<?php
/** DomFramework
  * @package domframework
  * @author Dominique Fournier <dominique@fournier38.fr>
  * @license BSD
  */

require_once ("domframework/dblayer.php");

/** DBLayer with authorization
  * All the actions in database are conditionned to the rights in authzgroups
  */
class dblayerauthzgroups extends dblayer
{
  /** The authzgroups object, connected to the database */
  public $authzgroups = null;
  /** The module name for authzgroups */
  public $module = null;
  /** The user name for authzgroups */
  public $user = null;
  /** The auth information (email, lastname, firstname) */
  public $auth = null;
  /** The default group(s) when creating a new object. Can be a string or an
      array with multiple groups */
  public $createGroup = null;
  /** The default right when creating a new object */
  public $createRight = "RW";
  /** Pre-Path in object authzgroups */
  public $path = "";
  /** Flag when primary key is added before search */
  private $primaryKeyAdded = false;

  ////////////////////////
  ///   MAIN METHODS   ///
  ////////////////////////
  /** Hook preread
    * This hook is run before selecting the data in the database, after the
    * verification
    * @param array|null &$select Rows to select with
    *    $select = array (array ($key, $val, $operator), ...)
    *    $key=>column, $val=>value to found, $operator=>'LIKE', =...
    * @param array|null &$display Columns displayed
    *    $display = array ($col1, $col2...);
    * @param array|null &$order Sort the columns by orientation
    *    $order = array (array ($key, $orientation), ...)
    *    $key=>column, $orientation=ASC/DESC
    * @param boolean|null &$whereOr The WHERE parameters are separated by OR
    *                            instead of AND
    * @param array|null &$foreignSelect Add a filter on foreign keys
    */
  public function hookpreread (&$select, &$display, &$order, &$whereOr,
                               &$foreignSelect)
  {
    if ($this->module === null)
      throw new Exception ("No module defined for dblayerauthzgroups", 500);
    if ($this->auth !== null && array_key_exists ("email", $this->auth) &&
        $this->user === null)
      $this->user = $this->auth["email"];
    if ($this->user === null)
      throw new Exception ("No user defined for dblayerauthzgroups", 500);
    if ($this->authzgroups === null)
      throw new Exception ("No authzgroups defined for dblayerauthzgroups",
                           500);
    if ($display === null || ! in_array ($this->primary, $display))
    {
      // Need the primary key to allow/deny access. Add it and remove the data
      // after the access verification
      $display[] = $this->primary;
      $this->primaryKeyAdded = true;
    }
  }

  /** Hook postread
    * This hook is run after selecting the data. Return only the allowed data to
    * the user. It must have at least the RO flag.
    * @param array $data the data selected by the select
    * @return array The data modified by the hook
    */
  public function hookpostread ($data)
  {
    // TODO : If foreign keys, do we check if the access is allowed too ?
    if ($this->module === null)
      throw new Exception ("No module defined for dblayerauthzgroups", 500);
    if ($this->auth !== null && array_key_exists ("email", $this->auth) &&
        $this->user === null)
      $this->user = $this->auth["email"];
    if ($this->user === null)
      throw new Exception ("No user defined for dblayerauthzgroups", 500);
    if ($this->authzgroups === null)
      throw new Exception ("No authzgroups defined for dblayerauthzgroups",
                           500);
    $this->allowPath ();
    foreach ($data as $key=>$line)
    {
      try
      {
        $this->authzgroups->accessRight ($this->module, $this->user,
                                 $this->path."/".$line[$this->primary]);
      }
      catch (Exception $e)
      {
        unset ($data[$key]);
      }
      if ($this->primaryKeyAdded === true)
        unset ($data[$key][$this->primary]);
    }
    return $data;
  }

  /** Hook preinsert
    * This hook is run before inserting a new data in the database, after the
    * verification
    * @param array $data the data to insert in the database
    * @return the modified data
    */
  public function hookpreinsert ($data)
  {
    if ($this->module === null)
      throw new Exception ("No module defined for dblayerauthzgroups", 500);
    if ($this->auth !== null && array_key_exists ("email", $this->auth) &&
        $this->user === null)
      $this->user = $this->auth["email"];
    if ($this->user === null)
      throw new Exception ("No user defined for dblayerauthzgroups", 500);
    if ($this->authzgroups === null)
      throw new Exception ("No authzgroups defined for dblayerauthzgroups",
                           500);
    if ($this->createGroup === null)
      throw new Exception ("No createGroup defined for dblayerauthzgroups",
                           500);
    $this->allowPath ();
    $this->authzgroups->accessWrite ($this->module, $this->user, $this->path);
    return $data;
  }

  /** Hook postinsert
    * This hook is run after successfuly insert a new data in the database
    * @param array $data The data stored in the database
    * @param integer $lastID The lastID stored
    * @return the modified lastID
    */
  public function hookpostinsert ($data, $lastID)
  {
    if ($this->module === null)
      throw new Exception ("No module defined for dblayerauthzgroups", 500);
    if ($this->auth !== null && array_key_exists ("email", $this->auth) &&
        $this->user === null)
      $this->user = $this->auth["email"];
    if ($this->user === null)
      throw new Exception ("No user defined for dblayerauthzgroups", 500);
    if ($this->authzgroups === null)
      throw new Exception ("No authzgroups defined for dblayerauthzgroups",
                           500);
    if ($this->createGroup === null)
      throw new Exception ("No createGroup defined for dblayerauthzgroups",
                           500);
    $this->authzgroups->objectAdd ($this->module, $this->path."/$lastID");
    if (is_array ($this->createGroup))
    {
      foreach ($this->createGroup as $group)
      {
        $this->authzgroups->rightAdd ($this->module, $group,
                                      $this->path."/$lastID",
                                      $this->createRight);
      }
    }
    elseif (is_string ($this->createGroup))
    {
      $this->authzgroups->rightAdd ($this->module, $this->createGroup,
                                    $this->path."/$lastID", $this->createRight);
    }
    else
    {
      throw new Exception ("createGroup defined for dblayerauthzgroups is not ".
                           "an array or a string", 500);
    }
    return $lastID;
  }

  /** Hook preupdate
    * This hook is run before updating a data in the database, after the
    * verification
    * @param integer $updatekey The key which will be updated
    * @param array $data The data to store in the provided key
    * @return the modified data
    */
  public function hookpreupdate ($updatekey, $data)
  {
    if ($this->module === null)
      throw new Exception ("No module defined for dblayerauthzgroups", 500);
    if ($this->auth !== null && array_key_exists ("email", $this->auth) &&
        $this->user === null)
      $this->user = $this->auth["email"];
    if ($this->user === null)
      throw new Exception ("No user defined for dblayerauthzgroups", 500);
    if ($this->authzgroups === null)
      throw new Exception ("No authzgroups defined for dblayerauthzgroups",
                           500);
    $this->allowPath ();
    $this->authzgroups->accessWrite ($this->module, $this->user, $this->path);
    $this->authzgroups->accessWrite ($this->module, $this->user,
                                     $this->path."/$updatekey");
    return $data;
  }

  /** Hook predelete
    * This hook is run before deleting a data in the database
    * @param string $deletekey The key to delete
    * @return the modified $deletekey
    */
  public function hookpredelete ($deletekey)
  {
    if ($this->module === null)
      throw new Exception ("No module defined for dblayerauthzgroups", 500);
    if ($this->auth !== null && array_key_exists ("email", $this->auth) &&
        $this->user === null)
      $this->user = $this->auth["email"];
    if ($this->user === null)
      throw new Exception ("No user defined for dblayerauthzgroups", 500);
    if ($this->authzgroups === null)
      throw new Exception ("No authzgroups defined for dblayerauthzgroups",
                           500);
    $this->allowPath ();
    $this->authzgroups->accessWrite ($this->module, $this->user, $this->path);
    $this->authzgroups->accessWrite ($this->module, $this->user,
                                     $this->path."/$deletekey");
    return $deletekey;
  }

  /** Hook postdelete
    * This hook is run after successfuly deleting a data in the database
    * @param string $deletekey The key to delete
    * @param integer $nbLinesDeleted The number of deleted lines
    * @return $nbLinesUpdated
    */
  public function hookpostdelete ($deletekey, $nbLinesDeleted)
  {
    if ($this->module === null)
      throw new Exception ("No module defined for dblayerauthzgroups", 500);
    if ($this->auth !== null && array_key_exists ("email", $this->auth) &&
        $this->user === null)
      $this->user = $this->auth["email"];
    if ($this->user === null)
      throw new Exception ("No user defined for dblayerauthzgroups", 500);
    if ($this->authzgroups === null)
      throw new Exception ("No authzgroups defined for dblayerauthzgroups",
                           500);
    $this->authzgroups->objectDel ($this->module, $this->path."/$deletekey");
    return $nbLinesDeleted;
  }

  /** Return true if all the paths are allowed. Throw an exception elsewhere
    */
  private function allowPath ()
  {
    if ($this->module === null)
      throw new Exception ("No module defined for dblayerauthzgroups", 500);
    if ($this->auth !== null && array_key_exists ("email", $this->auth) &&
        $this->user === null)
      $this->user = $this->auth["email"];
    if ($this->user === null)
      throw new Exception ("No user defined for dblayerauthzgroups", 500);
    if ($this->authzgroups === null)
      throw new Exception ("No authzgroups defined for dblayerauthzgroups",
                           500);
    if (substr ($this->path, -1) === "/")
      $this->path = substr ($this->path, 0, -1);
    $paths = explode ("/", $this->path);
    $path = "";
    foreach ($paths as $pathTmp)
    {
      $path .= "/$pathTmp";
      $path = str_replace ("//", "/", $path);
      $this->authzgroups->accessRight ($this->module, $this->user, $path);
    }
    return true;
  }

  ///////////////////
  ///   SETTERS   ///
  ///////////////////
  /** Set the authzgroups property
    * @param object $authzgroups The object of the authzgroups
    */
  public function authzgroupsSet ($authzgroups)
  {
    $this->authzgroups = $authzgroups;
    return $this;
  }

  /** Set the module property
    * @param string $module The module name to use
    */
  public function moduleSet ($module)
  {
    $this->module = $module;
    return $this;
  }

  /** Set the auth property
    * @param array $auth The auth array
    */
  public function authSet ($auth)
  {
    $this->auth = $auth;
    return $this;
  }

  /** Set the user property
    * @param string $user The user to authorize
    */
  public function userSet ($user)
  {
    $this->user = $user;
    return $this;
  }

  /** Set the createGroup property
    * @param array|string $createGroup The createGroup to set
    */
  public function createGroupSet ($createGroup)
  {
    $this->createGroup = $createGroup;
    return $this;
  }

  /** Set the createRight property
    * @param string $createRight The right to create
    */
  public function createRightSet ($createRight)
  {
    $this->createRight = $createRight;
    return $this;
  }

  /** Set the path property
    * @param string $path The pre-path to use
    */
  public function pathSet ($path)
  {
    $this->path = $path;
    return $this;
  }
}