<?php
/** DomFramework
    @package domframework
    @author Dominique Fournier <dominique@fournier38.fr> */

require_once ("domframework/dblayer.php");

/** DBLayer with authorization
    All the actions in database are conditionned to the rights in authzgroups */
class dblayerauthzgroups extends dblayer
{
  /** The authzgroups object, connected to the database */
  public $authzgroups = null;
  /** The module name for authzgroups */
  public $module = null;
  /** The user name for authzgroups */
  public $user = null;
  /** The default group(s) when creating a new object. Can be a string or an
      array with multiple groups */
  public $createGroup = null;
  /** The default right when creating a new object */
  public $createRight = "RW";
  /** Pre-Path in object authzgroups */
  public $path = "";
  /** Flag when primary key is added before search */
  private $primaryKeyAdded = false;

  ////////////////////////
  ///   MAIN METHODS   ///
  ////////////////////////
  /** Hook preread
      This hook is run before selecting the data in the database, after the
      verification
      @param array|null &$select Rows to select with
         $select = array (array ($key, $val, $operator), ...)
         $key=>column, $val=>value to found, $operator=>'LIKE', =...
      @param array|null &$display Columns displayed
         $display = array ($col1, $col2...);
      @param array|null &$order Sort the columns by orientation
         $order = array (array ($key, $orientation), ...)
         $key=>column, $orientation=ASC/DESC
      @param bool|null &$whereOr The WHERE parameters are separated by OR
                                 instead of AND
      @param array|null &$foreignSelect Add a filter on foreign keys */
  public function hookpreread (&$select, &$display, &$order, &$whereOr,
                               &$foreignSelect)
  {
    if ($this->module === null)
      throw new Exception ("No module defined for dblayerauthzgroups", 500);
    if ($this->user === null)
      throw new Exception ("No user defined for dblayerauthzgroups", 500);
    if ($this->authzgroups === null)
      throw new Exception ("No authzgroups defined for dblayerauthzgroups",
                           500);
    if ($display === null || ! in_array ($this->primary, $display))
    {
      // Need the primary key to allow/deny access. Add it and remove the data
      // after the access verification
      $display[] = $this->primary;
      $this->primaryKeyAdded = true;
    }
  }

  /** Hook postread 
      This hook is run after selecting the data. Return only the allowed data to
      the user. It must have at least the RO flag.
      @param array $data the data selected by the select
      @return array The data modified by the hook */
  public function hookpostread ($data)
  {
    // TODO : If foreign keys, do we check if the access is allowed too ?
    if ($this->module === null)
      throw new Exception ("No module defined for dblayerauthzgroups", 500);
    if ($this->user === null)
      throw new Exception ("No user defined for dblayerauthzgroups", 500);
    if ($this->authzgroups === null)
      throw new Exception ("No authzgroups defined for dblayerauthzgroups",
                           500);
    $this->allowPath ();
    foreach ($data as $key=>$line)
    {
      try
      {
        $this->authzgroups->accessRight ($this->module, $this->user,
                                 $this->path."/".$line[$this->primary]);
      }
      catch (Exception $e)
      {
        unset ($data[$key]);
      }
      if ($this->primaryKeyAdded === true)
        unset ($data[$key][$this->primary]);
    } 
    return $data;
  }

  /** Hook preinsert
      This hook is run before inserting a new data in the database, after the 
      verification 
      @param array the data to insert in the database
      @return the modified datas */
  public function hookpreinsert ($data)
  {
    if ($this->module === null)
      throw new Exception ("No module defined for dblayerauthzgroups", 500);
    if ($this->user === null)
      throw new Exception ("No user defined for dblayerauthzgroups", 500);
    if ($this->authzgroups === null)
      throw new Exception ("No authzgroups defined for dblayerauthzgroups",
                           500);
    if ($this->createGroup === null)
      throw new Exception ("No createGroup defined for dblayerauthzgroups",
                           500);
    $this->allowPath ();
    $this->authzgroups->accessWrite ($this->module, $this->user, $this->path);
    return $data;
  }

  /** Hook postinsert
      This hook is run after successfuly insert a new data in the database
      @return the modified lastID */
  public function hookpostinsert ($data, $lastID)
  {
    if ($this->module === null)
      throw new Exception ("No module defined for dblayerauthzgroups", 500);
    if ($this->user === null)
      throw new Exception ("No user defined for dblayerauthzgroups", 500);
    if ($this->authzgroups === null)
      throw new Exception ("No authzgroups defined for dblayerauthzgroups",
                           500);
    if ($this->createGroup === null)
      throw new Exception ("No createGroup defined for dblayerauthzgroups",
                           500);
    $this->authzgroups->objectAdd ($this->module, $this->path."/$lastID");
    if (is_array ($this->createGroup))
    {
      foreach ($this->createGroup as $group)
      {
        $this->authzgroups->rightAdd ($this->module, $group,
                                      $this->path."/$lastID",
                                      $this->createRight);
      }
    }
    elseif (is_string ($this->createGroup))
    {
      $this->authzgroups->rightAdd ($this->module, $this->createGroup,
                                    $this->path."/$lastID", $this->createRight);
    }
    else
    {
      throw new Exception ("createGroup defined for dblayerauthzgroups is not ".
                           "an array or a string", 500);
    }
    return $lastID;
  }

  /** Hook preupdate
      This hook is run before updating a data in the database, after the
      verification
      @return the modified datas */
  public function hookpreupdate ($updatekey, $data)
  {
    if ($this->module === null)
      throw new Exception ("No module defined for dblayerauthzgroups", 500);
    if ($this->user === null)
      throw new Exception ("No user defined for dblayerauthzgroups", 500);
    if ($this->authzgroups === null)
      throw new Exception ("No authzgroups defined for dblayerauthzgroups",
                           500);
    $this->allowPath ();
    $this->authzgroups->accessWrite ($this->module, $this->user, $this->path);
    $this->authzgroups->accessWrite ($this->module, $this->user, 
                                     $this->path."/$updatekey");
    return $data;
  }

  /** Hook predelete
      This hook is run before deleting a data in the database
      @return the modified $deletekey */
  public function hookpredelete ($deletekey)
  {
    if ($this->module === null)
      throw new Exception ("No module defined for dblayerauthzgroups", 500);
    if ($this->user === null)
      throw new Exception ("No user defined for dblayerauthzgroups", 500);
    if ($this->authzgroups === null)
      throw new Exception ("No authzgroups defined for dblayerauthzgroups",
                           500);
    $this->allowPath ();
    $this->authzgroups->accessWrite ($this->module, $this->user, $this->path);
    $this->authzgroups->accessWrite ($this->module, $this->user, 
                                     $this->path."/$deletekey");
    return $deletekey;
  }

  /** Hook postdelete
      This hook is run after successfuly deleting a data in the database
      @return $nbLinesUpdated */
  public function hookpostdelete ($deletekey, $nbLinesDeleted)
  {
    if ($this->module === null)
      throw new Exception ("No module defined for dblayerauthzgroups", 500);
    if ($this->user === null)
      throw new Exception ("No user defined for dblayerauthzgroups", 500);
    if ($this->authzgroups === null)
      throw new Exception ("No authzgroups defined for dblayerauthzgroups",
                           500);
    $this->authzgroups->objectDel ($this->module, $this->path."/$deletekey");
    return $nbLinesDeleted;
  }

  /** Return true if all the paths are allowed. Throw an exception elsewhere */
  private function allowPath ()
  {
    if ($this->module === null)
      throw new Exception ("No module defined for dblayerauthzgroups", 500);
    if ($this->user === null)
      throw new Exception ("No user defined for dblayerauthzgroups", 500);
    if ($this->authzgroups === null)
      throw new Exception ("No authzgroups defined for dblayerauthzgroups",
                           500);
    if (substr ($this->path, -1) === "/")
      $this->path = substr ($this->path, 0, -1);
    $paths = explode ("/", $this->path);
    $path = "";
    foreach ($paths as $pathTmp)
    {
      $path .= "/$pathTmp";
      $path = str_replace ("//", "/", $path);
	    $this->authzgroups->accessRight ($this->module, $this->user, $path);
    }
    return true;
  }

  ///////////////////
  ///   SETTERS   ///
  ///////////////////
  /** Set the authzgroups property */
  public function authzgroupsSet ($authzgroups)
  {
    $this->authzgroups = $authzgroups;
    return $this;
  }

  /** Set the module property */
  public function moduleSet ($module)
  {
    $this->module = $module;
    return $this;
  }
  
  /** Set the user property */
  public function userSet ($user)
  {
    $this->user = $user;
    return $this;
  }
  
  /** Set the createGroup property */
  public function createGroupSet ($createGroup)
  {
    $this->createGroup = $createGroup;
    return $this;
  }
  
  /** Set the createRight property */
  public function createRightSet ($createRight)
  {
    $this->createRight = $createRight;
    return $this;
  }
  
  /** Set the path property */
  public function pathSet ($path)
  {
    $this->path = $path;
    return $this;
  }
}