/*
 *  Copyright 2018 Anyware Services
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */
package org.ametys.cms.model.restrictions;

import java.util.HashMap;
import java.util.Map;
import java.util.UUID;

import org.apache.avalon.framework.component.Component;
import org.apache.avalon.framework.component.ComponentException;
import org.apache.avalon.framework.configuration.Configuration;
import org.apache.avalon.framework.configuration.ConfigurationException;

import org.ametys.cms.model.restrictions.Restriction.RestrictionResult;
import org.ametys.cms.repository.Content;
import org.ametys.plugins.repository.AmetysRepositoryException;
import org.ametys.runtime.model.Model;
import org.ametys.runtime.model.ModelItem;
import org.ametys.runtime.plugin.component.ThreadSafeComponentManager;

/**
 * Helper for definitions with restrictions on contents 
 */
public class ContentRestrictedModelItemHelper implements Component
{
    /** The Avalon role name */
    public static final String ROLE = ContentRestrictedModelItemHelper.class.getName();
    
    private final Map<String, Map<String, RestrictedModelItem>> _restrictionsToLookup = new HashMap<>();
    
    /**
     * Determine whether a model item can be read at this time.
     * @param item the restricted model item on which check the restrictions
     * @param content The content where item is to be written on. Can be null, on content creation. 
     * @return <code>true</code> if the current user is allowed to write the model item of this content.
     * @throws AmetysRepositoryException if an error occurs while accessing the content workflow.
     */
    @SuppressWarnings("unchecked")
    public boolean canRead(Content content, RestrictedModelItem item) throws AmetysRepositoryException
    {
        Restriction restrictions = item.getRestriction();
        if (restrictions == null)
        {
            return true;
        }
        
        RestrictionResult firstResult = restrictions.canRead(content, item);
        if (!RestrictionResult.UNKNOWN.equals(firstResult))
        {
            return RestrictionResult.TRUE.equals(firstResult);
        }
        
        ModelItem parent = item.getParent();
        if (parent != null && parent instanceof RestrictedModelItem)
        {
            // Check write access on parent model item
            return ((RestrictedModelItem<Content>) parent).canRead(content);
        }
        
        return true;
    }

    /**
     * Determine whether a model item can be written at this time.
     * @param item the restricted model item on which check the restrictions
     * @param content The content where item is to be written on. Can be null, on content creation. 
     * @return <code>true</code> if the current user is allowed to write the model item of this content.
     * @throws AmetysRepositoryException if an error occurs while accessing the content workflow.
     */
    @SuppressWarnings("unchecked")
    public boolean canWrite(Content content, RestrictedModelItem item) throws AmetysRepositoryException
    {
        Restriction restrictions = item.getRestriction();
        if (restrictions == null)
        {
            return true;
        }
        
        RestrictionResult firstResult = restrictions.canWrite(content, item);
        if (!RestrictionResult.UNKNOWN.equals(firstResult))
        {
            return RestrictionResult.TRUE.equals(firstResult);
        }
        
        ModelItem parent = item.getParent();
        if (parent != null && parent instanceof RestrictedModelItem)
        {
            // Check write access on parent model item
            return ((RestrictedModelItem<Content>) parent).canWrite(content);
        }

        return canRead(content, item);
    }
    
    /**
     * Parses the attribute definition's restrictions.
     * @param pluginName the plugin name
     * @param attributeConfiguration the attribute configuration to use.
     * @param restrictedModelItem the restricted model item
     * @param restrictionManager the restrictions component manager.
     * @throws ConfigurationException if the configuration is not valid.
     */
    @SuppressWarnings("unchecked")
    public void parseAndSetRestriction(String pluginName, RestrictedModelItem restrictedModelItem, Configuration attributeConfiguration, ThreadSafeComponentManager<Restriction> restrictionManager) throws ConfigurationException
    {
        Configuration restrictToConf = attributeConfiguration.getChild("restrict-to", false);
        
        if (restrictToConf != null)
        {
            Configuration customRestriction = restrictToConf.getChild("custom-restriction", false);
            String restrictionClassName;

            if (customRestriction != null)
            {
                restrictionClassName = customRestriction.getAttribute("class");
            }
            else
            {
                restrictionClassName = DefaultRestriction.class.getName();
            }
            
            String modelId = restrictedModelItem.getModel().getId();
            final String restrictionRole = modelId + "$" + restrictedModelItem.getPath() + "$" + UUID.randomUUID().toString();
            
            try
            {
                Class restrictionClass = Class.forName(restrictionClassName);
                restrictionManager.addComponent(pluginName, null, restrictionRole, restrictionClass, restrictToConf);
            }
            catch (Exception e)
            {
                throw new ConfigurationException("Unable to instantiate restrictions for class: " + restrictionClassName, e);
            }
            
            if (!_restrictionsToLookup.containsKey(modelId))
            {
                _restrictionsToLookup.put(modelId, new HashMap<>());
            }
            
            Map<String, RestrictedModelItem> restrictionsByModel = _restrictionsToLookup.get(modelId);

            // Will be affected later when restrictionManager will be initialized
            // in lookupRestrictions() call
            restrictionsByModel.put(restrictionRole, restrictedModelItem);
            
        }
    }
    
    /**
     * Retrieves local restrictions components and set them into
     * previously parsed element definition.
     * @param model the model
     * @param restrictionManager the restrictions component manager.
     * @throws Exception if an error occurs.
     */
    public void lookupRestrictions(Model model, ThreadSafeComponentManager<Restriction> restrictionManager) throws Exception
    {
        restrictionManager.initialize();
        
        if (_restrictionsToLookup.containsKey(model.getId()))
        {
            for (Map.Entry<String, RestrictedModelItem> entry : _restrictionsToLookup.get(model.getId()).entrySet())
            {
                String restrictionRole = entry.getKey();
                RestrictedModelItem modelItem = entry.getValue();
                
                try
                {
                    modelItem.setRestriction(restrictionManager.lookup(restrictionRole));
                }
                catch (ComponentException e)
                {
                    throw new Exception("Unable to lookup restriction role: '" + restrictionRole + "' for model item: " + modelItem, e);
                }
            }
        }
        
    }
}