/*
 *  Copyright 2017 Anyware Services
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */
package org.ametys.plugins.thesaurus.right;

import java.util.Map;
import java.util.Set;

import org.apache.avalon.framework.context.Context;
import org.apache.avalon.framework.context.ContextException;
import org.apache.avalon.framework.context.Contextualizable;
import org.apache.avalon.framework.service.ServiceException;
import org.apache.avalon.framework.service.ServiceManager;
import org.apache.cocoon.components.ContextHelper;
import org.apache.cocoon.environment.Request;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang3.StringUtils;

import org.ametys.cms.content.archive.ArchiveConstants;
import org.ametys.cms.contenttype.ContentTypesHelper;
import org.ametys.cms.repository.Content;
import org.ametys.cms.rights.ContentTypeAccessController;
import org.ametys.core.group.GroupIdentity;
import org.ametys.core.right.AccessController;
import org.ametys.core.right.AccessController.Permission.PermissionType;
import org.ametys.core.right.AccessExplanation;
import org.ametys.core.right.Profile;
import org.ametys.core.right.RightsException;
import org.ametys.core.right.RightsExtensionPoint;
import org.ametys.core.user.UserIdentity;
import org.ametys.plugins.core.impl.right.AbstractProfileStorageBasedAccessController;
import org.ametys.plugins.repository.provider.RequestAttributeWorkspaceSelector;
import org.ametys.plugins.thesaurus.ThesaurusDAO;
import org.ametys.runtime.i18n.I18nizableText;
import org.ametys.runtime.i18n.I18nizableTextParameter;

/**
 * {@link AccessController} for a thesaurus objects. The rights are checked on '/cms' context.
 * Read access is allowed to any connected user.
 */
public class ThesaurusAccessController extends AbstractProfileStorageBasedAccessController implements Contextualizable
{
    /** Right to edit thesaurus term */
    public static final String THESAURUS_RIGHTS_EDIT_TERM = "Thesaurus_Rights_EditTerm";

    /** The right context for thesaurus */
    private static final String __APPLICATION_RIGHT_CONTEXT = "/cms";
    
    /** The right extension point */
    protected RightsExtensionPoint _rightEP;
    
    private ContentTypesHelper _contentTypeHelper;

    private Context _context;
    
    @Override
    public void service(ServiceManager manager) throws ServiceException
    {
        super.service(manager);
        _contentTypeHelper = (ContentTypesHelper) manager.lookup(ContentTypesHelper.ROLE);
        _rightEP = (RightsExtensionPoint) manager.lookup(RightsExtensionPoint.ROLE);
    }
    
    public void contextualize(Context context) throws ContextException
    {
        _context = context;
    }
    
    public boolean supports(Object object)
    {
        Request request = ContextHelper.getRequest(_context);
        String currentWorkspace = RequestAttributeWorkspaceSelector.getForcedWorkspace(request);
        
        if (ArchiveConstants.ARCHIVE_WORKSPACE.equals(currentWorkspace))
        {
            return false;
        }
        
        return object instanceof Content && _contentTypeHelper.isInstanceOf((Content) object, ThesaurusDAO.MICROTHESAURUS_ABSTRACT_CONTENT_TYPE);
    }
    
    @Override
    protected Object _convertContext(Object initialContext)
    {
        String siteName = _getSiteName();
        return __APPLICATION_RIGHT_CONTEXT + (StringUtils.isNoneEmpty(siteName) ? "/" + siteName : "");
    }
    
    /**
     * Convert the asked right id to the real right to check
     * @param rightId The asked right id
     * @return the right to check
     */
    protected String _convertRightId(String rightId)
    {
        return THESAURUS_RIGHTS_EDIT_TERM;
    }

    @Override
    public AccessResult getPermission(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object)
    {
        return super.getPermission(user, userGroups, _convertRightId(rightId), object);
    }
    
    @Override
    public AccessExplanation explainPermission(UserIdentity user, Set<GroupIdentity> groups, String rightId, Object object)
    {
        return super.explainPermission(user, groups, _convertRightId(rightId), object);
    }
    
    @Override
    protected I18nizableText _getExplanationI18nText(PermissionDetails details)
    {
        return new I18nizableText("plugin.thesaurus", _getAccessExplanationI18nKey("PLUGINS_THESAURUS_ACCESS_CONTROLLER_", details), _getExplanationI18nParams(details));
    }
    
    @Override
    protected Map<String, I18nizableTextParameter> _getExplanationI18nParams(PermissionDetails details)
    {
        Map<String, I18nizableTextParameter> i18nParams = super._getExplanationI18nParams(details);
        i18nParams.put("right", _rightEP.getExtension(_convertRightId(null)).getLabel());
        return i18nParams;
    }
    
    @Override
    protected I18nizableText getObjectLabelForExplanation(Object object) throws RightsException
    {
        return new I18nizableText("plugin.thesaurus", "PLUGINS_THESAURUS_ACCESS_CONTROLLER_EXPLANATION_CONTEXT_LABEL");
    }

    @Override
    public AccessResult getReadAccessPermission(UserIdentity user, Set<GroupIdentity> userGroups, Object object)
    {
        return AccessResult.ANY_CONNECTED_ALLOWED;
    }
    
    @Override
    public AccessExplanation explainReadAccessPermission(UserIdentity user, Set<GroupIdentity> groups, Object object)
    {
        return new AccessExplanation(
                getId(),
                getReadAccessPermission(user, groups, object),
                new I18nizableText("plugin.thesaurus", "PLUGINS_THESAURUS_ACCESS_CONTROLLER_READ_ACCESS_EXPLANATION", Map.of("title", new I18nizableText(((Content) object).getTitle())))
            );
    }

    @Override
    public Map<String, AccessResult> getPermissionByRight(UserIdentity user, Set<GroupIdentity> userGroups, Object object)
    {
        return MapUtils.EMPTY_MAP;
    }

    @Override
    public AccessResult getPermissionForAnonymous(String rightId, Object object)
    {
        return AccessResult.ANONYMOUS_DENIED;
    }
    
    @Override
    public AccessExplanation explainPermissionForAnonymous(String rightId, Object object)
    {
        return new AccessExplanation(
                getId(),
                getPermissionForAnonymous(rightId, object),
                new I18nizableText("plugin.thesaurus", "PLUGINS_THESAURUS_ACCESS_CONTROLLER_ANONYMOUS_PERMISSION_EXPLANATION", Map.of("title", new I18nizableText(((Content) object).getTitle())))
            );
    }

    @Override
    public AccessResult getReadAccessPermissionForAnonymous(Object object)
    {
        return AccessResult.ANONYMOUS_DENIED;
    }
    
    @Override
    public AccessExplanation explainReadAccessPermissionForAnonymous(Object object)
    {
        return new AccessExplanation(
                getId(),
                getReadAccessPermissionForAnonymous(object),
                new I18nizableText("plugin.thesaurus", "PLUGINS_THESAURUS_ACCESS_CONTROLLER_ANONYMOUS_PERMISSION_EXPLANATION", Map.of("title", new I18nizableText(((Content) object).getTitle())))
            );
    }

    @Override
    public AccessResult getPermissionForAnyConnectedUser(String rightId, Object object)
    {
        return AccessResult.ANY_CONNECTED_DENIED;
    }
    
    @Override
    public AccessExplanation explainPermissionForAnyConnectedUser(String rightId, Object object)
    {
        return new AccessExplanation(
                getId(),
                getPermissionForAnyConnectedUser(rightId, object),
                new I18nizableText("plugin.thesaurus", "PLUGINS_THESAURUS_ACCESS_CONTROLLER_ANY_CONNECTED_PERMISSION_EXPLANATION")
            );
    }

    @Override
    public AccessResult getReadAccessPermissionForAnyConnectedUser(Object object)
    {
        return AccessResult.ANY_CONNECTED_ALLOWED;
    }
    
    @Override
    public AccessExplanation explainReadAccessPermissionForAnyConnectedUser(Object object)
    {
        return new AccessExplanation(
                getId(),
                getReadAccessPermissionForAnyConnectedUser(object),
                new I18nizableText("plugin.thesaurus", "PLUGINS_THESAURUS_ACCESS_CONTROLLER_READ_ACCESS_EXPLANATION")
            );
    }

    @Override
    public Map<UserIdentity, AccessResult> getPermissionByUser(String rightId, Object object)
    {
        return MapUtils.EMPTY_MAP;
    }

    @Override
    public Map<GroupIdentity, AccessResult> getReadAccessPermissionByGroup(Object object)
    {
        return MapUtils.EMPTY_MAP;
    }
    
    @Override
    public Map<UserIdentity, AccessResult> getReadAccessPermissionByUser(Object object)
    {
        return MapUtils.EMPTY_MAP;
    }

    @Override
    public Map<GroupIdentity, AccessResult> getPermissionByGroup(String rightId, Object object)
    {
        return MapUtils.EMPTY_MAP;
    }
    
    @Override
    protected boolean ignoreOnHasAnyPermission()
    {
        return true;
    }
    
    @Override
    protected Set< ? extends Object> _convertWorkspaceToRootRightContexts(Set<Object> workspacesContexts)
    {
        if (workspacesContexts.contains("/cms"))
        {
            // the implementation of _convertContext doesn't depends on the context
            return Set.of(_convertContext(null));
        }
        return null;
    }
    
    // FIXME To remove https://issues.ametys.org/browse/THES-86
    private String _getSiteName()
    {
        Request request = ContextHelper.getRequest(_context);
        String siteName = request.getParameter("siteName");
        
        if (siteName == null)
        {
            siteName = (String) request.getAttribute("siteName");
        }
        return siteName;
    }

    @Override
    public Map<ExplanationObject, Map<Permission, AccessExplanation>> explainAllPermissions(UserIdentity identity, Set<GroupIdentity> groups, Set<Object> workspacesContexts)
    {
        AccessExplanation explanation = explainPermission(identity, groups, null, null);
        if (explanation.accessResult() != AccessResult.UNKNOWN)
        {
            return Map.of(
                    getExplanationObject("thesaurus"),
                    Map.of(new Permission(PermissionType.ALL_RIGHTS, null), explanation)
                );
        }
        return Map.of();
    }
    
    public I18nizableText getObjectLabel(Object object) throws RightsException
    {
        return new I18nizableText("plugin.thesaurus", "PLUGINS_THESAURUS_ACCESS_CONTROLLER_ALL_CONTEXT");
    }
    
    public I18nizableText getObjectCategory(Object object)
    {
        return ContentTypeAccessController.REFERENCE_TABLE_CONTEXT_CATEGORY;
    }
    
    public int getObjectPriority(Object object)
    {
        // after root but before the content type
        return 5;
    }
    
    @Override
    public Map<ExplanationObject, AccessExplanation> explainAllProfileUsesForAnonymousOnWorkspaces(String profileId, Set<Object> workspacesContexts)
    {
        Profile profile = _rightProfileDAO.getProfile(profileId);
        if (profile != null
            && _rightProfileDAO.getRights(profile).contains(THESAURUS_RIGHTS_EDIT_TERM))
        {
            return super.explainAllProfileUsesForAnonymousOnWorkspaces(profileId, workspacesContexts);
        }
        return Map.of();
    }
    
    @Override
    public Map<ExplanationObject, AccessExplanation> explainAllProfileUsesForAnyConnectedOnWorkspaces(String profileId, Set<Object> workspacesContexts)
    {
        Profile profile = _rightProfileDAO.getProfile(profileId);
        if (profile != null
            && _rightProfileDAO.getRights(profile).contains(THESAURUS_RIGHTS_EDIT_TERM))
        {
            return super.explainAllProfileUsesForAnyConnectedOnWorkspaces(profileId, workspacesContexts);
        }
        return Map.of();
    }
    
    @Override
    public Map<ExplanationObject, Map<GroupIdentity, AccessExplanation>> explainAllProfileUsesOnWorkspacesByGroups(String profileId, Set<Object> workspacesContexts)
    {
        Profile profile = _rightProfileDAO.getProfile(profileId);
        if (profile != null
            && _rightProfileDAO.getRights(profile).contains(THESAURUS_RIGHTS_EDIT_TERM))
        {
            return super.explainAllProfileUsesOnWorkspacesByGroups(profileId, workspacesContexts);
        }
        return Map.of();
    }
    
    @Override
    public Map<ExplanationObject, Map<UserIdentity, AccessExplanation>> explainAllProfileUsesOnWorkspacesByUser(String profileId, Set<Object> workspacesContexts)
    {
        Profile profile = _rightProfileDAO.getProfile(profileId);
        if (profile != null
            && _rightProfileDAO.getRights(profile).contains(THESAURUS_RIGHTS_EDIT_TERM))
        {
            return super.explainAllProfileUsesOnWorkspacesByUser(profileId, workspacesContexts);
        }
        return Map.of();
    }
}