<?php

/** DomFramework
  * @package domframework
  * @author Dominique Fournier <dominique@fournier38.fr>
  * @license BSD
  */

namespace Domframework;

/** DBLayer with authorization
  * All the actions in database are conditionned to the rights in authzgroups
  */
class Dblayerauthzgroups extends Dblayer
{
    /** The authzgroups object, connected to the database */
    public $authzgroups = null;
    /** The module name for authzgroups */
    public $module = null;
    /** The user name for authzgroups */
    public $user = null;
    /** The auth information (email, lastname, firstname) */
    public $auth = null;
    /** The default group(s) when creating a new object. Can be a string or an
        array with multiple groups */
    public $createGroup = null;
    /** The default right when creating a new object */
    public $createRight = "RW";
    /** Pre-Path in object authzgroups */
    public $path = "";
    /** Flag when primary key is added before search */
    private $primaryKeyAdded = false;

    ////////////////////////
    ///   MAIN METHODS   ///
    ////////////////////////
    /** Hook preread
      * This hook is run before selecting the data in the database, after the
      * verification
      * @param array|null &$select Rows to select with
      *    $select = array (array ($key, $val, $operator), ...)
      *    $key=>column, $val=>value to found, $operator=>'LIKE', =...
      * @param array|null &$display Columns displayed
      *    $display = array ($col1, $col2...);
      * @param array|null &$order Sort the columns by orientation
      *    $order = array (array ($key, $orientation), ...)
      *    $key=>column, $orientation=ASC/DESC
      * @param boolean|null &$whereOr The WHERE parameters are separated by OR
      *                            instead of AND
      * @param array|null &$foreignSelect Add a filter on foreign keys
      */
    public function hookpreread(
        &$select,
        &$display,
        &$order,
        &$whereOr,
        &$foreignSelect
    ) {
        if ($this->module === null) {
            throw new \Exception("No module defined for dblayerauthzgroups", 500);
        }
        if (
            $this->auth !== null && array_key_exists("email", $this->auth) &&
            $this->user === null
        ) {
            $this->user = $this->auth["email"];
        }
        if ($this->user === null) {
            throw new \Exception("No user defined for dblayerauthzgroups", 500);
        }
        if ($this->authzgroups === null) {
            throw new \Exception(
                "No authzgroups defined for dblayerauthzgroups",
                500
            );
        }
        if ($display === null || ! in_array($this->primary, $display)) {
            // Need the primary key to allow/deny access. Add it and remove the data
            // after the access verification
            $display[] = $this->primary;
            $this->primaryKeyAdded = true;
        }
    }

    /** Hook postread
      * This hook is run after selecting the data. Return only the allowed data to
      * the user. It must have at least the RO flag.
      * @param array $data the data selected by the select
      * @return array The data modified by the hook
      */
    public function hookpostread($data)
    {
        // TODO : If foreign keys, do we check if the access is allowed too ?
        if ($this->module === null) {
            throw new \Exception("No module defined for dblayerauthzgroups", 500);
        }
        if (
            $this->auth !== null && array_key_exists("email", $this->auth) &&
            $this->user === null
        ) {
            $this->user = $this->auth["email"];
        }
        if ($this->user === null) {
            throw new \Exception("No user defined for dblayerauthzgroups", 500);
        }
        if ($this->authzgroups === null) {
            throw new \Exception(
                "No authzgroups defined for dblayerauthzgroups",
                500
            );
        }
        $this->allowPath();
        foreach ($data as $key => $line) {
            try {
                $this->authzgroups->accessRight(
                    $this->module,
                    $this->user,
                    $this->path . "/" . $line[$this->primary]
                );
            } catch (\Exception $e) {
                unset($data[$key]);
            }
            if ($this->primaryKeyAdded === true) {
                unset($data[$key][$this->primary]);
            }
        }
        return $data;
    }

    /** Hook preinsert
      * This hook is run before inserting a new data in the database, after the
      * verification
      * @param array $data the data to insert in the database
      * @return the modified data
      */
    public function hookpreinsert($data)
    {
        if ($this->module === null) {
            throw new \Exception("No module defined for dblayerauthzgroups", 500);
        }
        if (
            $this->auth !== null && array_key_exists("email", $this->auth) &&
            $this->user === null
        ) {
            $this->user = $this->auth["email"];
        }
        if ($this->user === null) {
            throw new \Exception("No user defined for dblayerauthzgroups", 500);
        }
        if ($this->authzgroups === null) {
            throw new \Exception(
                "No authzgroups defined for dblayerauthzgroups",
                500
            );
        }
        if ($this->createGroup === null) {
            throw new \Exception(
                "No createGroup defined for dblayerauthzgroups",
                500
            );
        }
        $this->allowPath();
        $this->authzgroups->accessWrite($this->module, $this->user, $this->path);
        return $data;
    }

    /** Hook postinsert
      * This hook is run after successfuly insert a new data in the database
      * @param array $data The data stored in the database
      * @param integer $lastID The lastID stored
      * @return the modified lastID
      */
    public function hookpostinsert($data, $lastID)
    {
        if ($this->module === null) {
            throw new \Exception("No module defined for dblayerauthzgroups", 500);
        }
        if (
            $this->auth !== null && array_key_exists("email", $this->auth) &&
            $this->user === null
        ) {
            $this->user = $this->auth["email"];
        }
        if ($this->user === null) {
            throw new \Exception("No user defined for dblayerauthzgroups", 500);
        }
        if ($this->authzgroups === null) {
            throw new \Exception(
                "No authzgroups defined for dblayerauthzgroups",
                500
            );
        }
        if ($this->createGroup === null) {
            throw new \Exception(
                "No createGroup defined for dblayerauthzgroups",
                500
            );
        }
        $this->authzgroups->objectAdd($this->module, $this->path . "/$lastID");
        if (is_array($this->createGroup)) {
            foreach ($this->createGroup as $group) {
                $this->authzgroups->rightAdd(
                    $this->module,
                    $group,
                    $this->path . "/$lastID",
                    $this->createRight
                );
            }
        } elseif (is_string($this->createGroup)) {
            $this->authzgroups->rightAdd(
                $this->module,
                $this->createGroup,
                $this->path . "/$lastID",
                $this->createRight
            );
        } else {
            throw new \Exception("createGroup defined for dblayerauthzgroups is not " .
                           "an array or a string", 500);
        }
        return $lastID;
    }

    /** Hook preupdate
      * This hook is run before updating a data in the database, after the
      * verification
      * @param integer $updatekey The key which will be updated
      * @param array $data The data to store in the provided key
      * @return the modified data
      */
    public function hookpreupdate($updatekey, $data)
    {
        if ($this->module === null) {
            throw new \Exception("No module defined for dblayerauthzgroups", 500);
        }
        if (
            $this->auth !== null && array_key_exists("email", $this->auth) &&
            $this->user === null
        ) {
            $this->user = $this->auth["email"];
        }
        if ($this->user === null) {
            throw new \Exception("No user defined for dblayerauthzgroups", 500);
        }
        if ($this->authzgroups === null) {
            throw new \Exception(
                "No authzgroups defined for dblayerauthzgroups",
                500
            );
        }
        $this->allowPath();
        $this->authzgroups->accessWrite($this->module, $this->user, $this->path);
        $this->authzgroups->accessWrite(
            $this->module,
            $this->user,
            $this->path . "/$updatekey"
        );
        return $data;
    }

    /** Hook predelete
      * This hook is run before deleting a data in the database
      * @param string $deletekey The key to delete
      * @return the modified $deletekey
      */
    public function hookpredelete($deletekey)
    {
        if ($this->module === null) {
            throw new \Exception("No module defined for dblayerauthzgroups", 500);
        }
        if (
            $this->auth !== null && array_key_exists("email", $this->auth) &&
            $this->user === null
        ) {
            $this->user = $this->auth["email"];
        }
        if ($this->user === null) {
            throw new \Exception("No user defined for dblayerauthzgroups", 500);
        }
        if ($this->authzgroups === null) {
            throw new \Exception(
                "No authzgroups defined for dblayerauthzgroups",
                500
            );
        }
        $this->allowPath();
        $this->authzgroups->accessWrite($this->module, $this->user, $this->path);
        $this->authzgroups->accessWrite(
            $this->module,
            $this->user,
            $this->path . "/$deletekey"
        );
        return $deletekey;
    }

    /** Hook postdelete
      * This hook is run after successfuly deleting a data in the database
      * @param string $deletekey The key to delete
      * @param integer $nbLinesDeleted The number of deleted lines
      * @return $nbLinesUpdated
      */
    public function hookpostdelete($deletekey, $nbLinesDeleted)
    {
        if ($this->module === null) {
            throw new \Exception("No module defined for dblayerauthzgroups", 500);
        }
        if (
            $this->auth !== null && array_key_exists("email", $this->auth) &&
            $this->user === null
        ) {
            $this->user = $this->auth["email"];
        }
        if ($this->user === null) {
            throw new \Exception("No user defined for dblayerauthzgroups", 500);
        }
        if ($this->authzgroups === null) {
            throw new \Exception(
                "No authzgroups defined for dblayerauthzgroups",
                500
            );
        }
        $this->authzgroups->objectDel($this->module, $this->path . "/$deletekey");
        return $nbLinesDeleted;
    }

    /** Return true if all the paths are allowed. Throw an exception elsewhere
      */
    private function allowPath()
    {
        if ($this->module === null) {
            throw new \Exception("No module defined for dblayerauthzgroups", 500);
        }
        if (
            $this->auth !== null && array_key_exists("email", $this->auth) &&
            $this->user === null
        ) {
            $this->user = $this->auth["email"];
        }
        if ($this->user === null) {
            throw new \Exception("No user defined for dblayerauthzgroups", 500);
        }
        if ($this->authzgroups === null) {
            throw new \Exception(
                "No authzgroups defined for dblayerauthzgroups",
                500
            );
        }
        if (substr($this->path, -1) === "/") {
            $this->path = substr($this->path, 0, -1);
        }
        $paths = explode("/", $this->path);
        $path = "";
        foreach ($paths as $pathTmp) {
            $path .= "/$pathTmp";
            $path = str_replace("//", "/", $path);
            $this->authzgroups->accessRight($this->module, $this->user, $path);
        }
        return true;
    }

    ///////////////////
    ///   SETTERS   ///
    ///////////////////
    /** Set the authzgroups property
      * @param object $authzgroups The object of the authzgroups
      */
    public function authzgroupsSet($authzgroups)
    {
        $this->authzgroups = $authzgroups;
        return $this;
    }

    /** Set the module property
      * @param string $module The module name to use
      */
    public function moduleSet($module)
    {
        $this->module = $module;
        return $this;
    }

    /** Set the auth property
      * @param array $auth The auth array
      */
    public function authSet($auth)
    {
        $this->auth = $auth;
        return $this;
    }

    /** Set the user property
      * @param string $user The user to authorize
      */
    public function userSet($user)
    {
        $this->user = $user;
        return $this;
    }

    /** Set the createGroup property
      * @param array|string $createGroup The createGroup to set
      */
    public function createGroupSet($createGroup)
    {
        $this->createGroup = $createGroup;
        return $this;
    }

    /** Set the createRight property
      * @param string $createRight The right to create
      */
    public function createRightSet($createRight)
    {
        $this->createRight = $createRight;
        return $this;
    }

    /** Set the path property
      * @param string $path The pre-path to use
      */
    public function pathSet($path)
    {
        $this->path = $path;
        return $this;
    }
}