/*
 *  Copyright 2017 Anyware Services
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */
package org.ametys.cms.rights.solrchecking;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;

import org.apache.avalon.framework.activity.Initializable;
import org.apache.avalon.framework.parameters.Parameters;
import org.apache.avalon.framework.service.ServiceException;
import org.apache.avalon.framework.service.ServiceManager;
import org.apache.cocoon.acting.ServiceableAction;
import org.apache.cocoon.environment.ObjectModelHelper;
import org.apache.cocoon.environment.Redirector;
import org.apache.cocoon.environment.Request;
import org.apache.cocoon.environment.SourceResolver;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;

import org.ametys.core.cocoon.JSonReader;
import org.ametys.core.group.GroupIdentity;
import org.ametys.core.right.AllowedUsers;
import org.ametys.core.user.UserIdentity;
import org.ametys.core.util.AvalonLoggerAdapter;
import org.ametys.plugins.repository.AmetysObject;
import org.ametys.plugins.repository.AmetysObjectResolver;
import org.ametys.plugins.repository.AmetysRepositoryException;
import org.ametys.plugins.repository.provider.RequestAttributeWorkspaceSelector;
import org.ametys.runtime.config.Config;

/**
 * Action called to know allowed users for each {@link AmetysObject} in a list.
 */
public class AllowedUsersByObjectAction extends ServiceableAction implements Initializable
{
    /** The Ametys object resolver */
    protected AmetysObjectResolver _resolver;
    
    /** The helper for read access */
    protected ReadAccessHelper _readAccessHelper;
    
    private Logger _logger;
    
    @Override
    public void service(ServiceManager smanager) throws ServiceException
    {
        super.service(smanager);
        _resolver = (AmetysObjectResolver) smanager.lookup(AmetysObjectResolver.ROLE);
        _readAccessHelper = (ReadAccessHelper) smanager.lookup(ReadAccessHelper.ROLE);
    }
    
    @Override
    public void initialize() throws Exception
    {
        // will be called after #enableLogging, so getLogger() will not return null
        _logger = new AvalonLoggerAdapter(getLogger());
    }
    
    @Override
    public Map act(Redirector redirector, SourceResolver resolver, Map objectModel, String source, Parameters parameters) throws Exception
    {
        Request request = ObjectModelHelper.getRequest(objectModel);
        
        Map<String, Object> result = new HashMap<>();
        request.setAttribute(JSonReader.OBJECT_TO_READ, result);
        
        String coreName = parameters.getParameter("coreName");
        String objectIdsAsString = request.getParameter("ids");
        
        Map<String, Map<String, Object>> responseMap = new LinkedHashMap<>();
        result.put("response", responseMap);
        List<String> unresolvedIds = new ArrayList<>();
        result.put("unresolvedIds", unresolvedIds);


        // Retrieve the current workspace.
        String currentWsp = RequestAttributeWorkspaceSelector.getForcedWorkspace(request);
        
        try
        {
            // Force the workspace.
            String solrCorePrefix = Config.getInstance().getValue("cms.solr.core.prefix");
            if (coreName.startsWith(solrCorePrefix))
            {
                String workspaceName = coreName.substring(solrCorePrefix.length());
                RequestAttributeWorkspaceSelector.setForcedWorkspace(request, workspaceName);
                _act(objectIdsAsString, responseMap, unresolvedIds);
            }
            else
            {
                throw new IllegalArgumentException("The core name '" + coreName + "' does not start with the prefix '" + solrCorePrefix + "'");
            }
        }
        finally
        {
            // Restore context
            RequestAttributeWorkspaceSelector.setForcedWorkspace(request, currentWsp);
        }
        
        return EMPTY_MAP;
    }
    
    private void _act(String objectIdsAsString, Map<String, Map<String, Object>> responseMap, List<String> unresolvedIds)
    {
        if (objectIdsAsString == null)
        {
            throw new IllegalArgumentException("{} was called with no parameter 'ids'. It is very likely that this request has exceeded the Tomcat maximum POST size. ");
        }
        String[] objectIds = StringUtils.split(objectIdsAsString, ',');
        _logger.info("Start retrieving allowed users for {} ametys object id(s)", objectIds.length);
        for (String objectId : objectIds)
        {
            AmetysObject ametysObject;
            try
            {
                ametysObject = _resolver.resolveById(objectId);
            }
            catch (AmetysRepositoryException e)
            {
                unresolvedIds.add(objectId);
                _logger.info("The object with id '{}' cannot be retrieved.", objectId, e);
                continue;
            }
            
            try
            {
                AllowedUsers allowedUsersObj = _readAccessHelper.allowedUsers(ametysObject);
                
                Boolean anonymous = allowedUsersObj.isAnonymousAllowed();
                Boolean anyConnected = allowedUsersObj.isAnyConnectedUserAllowed();
                Set<GroupIdentity> allowedGroups = allowedUsersObj.getAllowedGroups();
                Set<GroupIdentity> deniedGroups = allowedUsersObj.getDeniedGroups();
                
                List<String> allowedGroupsStr = _groupsAsStrings(allowedGroups);
                List<String> deniedGroupsStr = _groupsAsStrings(deniedGroups);
                List<String> allowedUsers = _usersAsStrings(allowedUsersObj.getAllowedUsers());
                List<String> deniedUsers = _usersAsStrings(allowedUsersObj.getDeniedUsers());
                
                Map<String, Object> unresolvedAllowedUsers = new LinkedHashMap<>();
                unresolvedAllowedUsers.put("anonymous", anonymous);
                unresolvedAllowedUsers.put("anyConnected", anyConnected);
                unresolvedAllowedUsers.put("allowedGroups", allowedGroupsStr);
                unresolvedAllowedUsers.put("deniedGroups", deniedGroupsStr);
                unresolvedAllowedUsers.put("allowedUsers", allowedUsers);
                unresolvedAllowedUsers.put("deniedUsers", deniedUsers);
                responseMap.put(objectId, unresolvedAllowedUsers);
            }
            catch (Exception e)
            {
                unresolvedIds.add(objectId);
                _logger.error("An unexpected exception occured when trying to get read access of object with id '{}'.", objectId, e);
            }
        }
        
        _logger.info("End retrieving allowed users for {} ametys objects ids. {} id(s) could not be resolved.", objectIds.length, unresolvedIds.size());
    }
    
    private List<String> _groupsAsStrings(Collection<GroupIdentity> groups)
    {
        if (groups == null)
        {
            return Collections.EMPTY_LIST;
        }
        
        return groups.stream()
                    .map(GroupIdentity::groupIdentityToString)
                    .collect(Collectors.toList());
    }
    
    private List<String> _usersAsStrings(Collection<UserIdentity> users)
    {
        if (users == null)
        {
            return Collections.EMPTY_LIST;
        }
        
        return users.stream()
                    .map(UserIdentity::userIdentityToString)
                    .collect(Collectors.toList());
    }
}