/*
 *  Copyright 2017 Anyware Services
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */
package org.ametys.plugins.bpm.right;

import java.util.Collections;
import java.util.Map;
import java.util.Set;

import org.ametys.core.group.GroupIdentity;
import org.ametys.core.right.AccessController;
import org.ametys.core.user.CurrentUserProvider;
import org.ametys.core.user.UserIdentity;
import org.ametys.plugins.bpm.BPMWorkflowManager;
import org.ametys.plugins.bpm.jcr.JCRWorkflow;
import org.ametys.plugins.bpm.jcr.JCRWorkflowProcess;
import org.ametys.plugins.explorer.resources.ResourceCollection;
import org.ametys.plugins.repository.AmetysObject;
import org.ametys.plugins.repository.AmetysObjectResolver;
import org.apache.avalon.framework.service.ServiceException;
import org.apache.avalon.framework.service.ServiceManager;
import org.apache.avalon.framework.service.Serviceable;

/**
 * Access controller for BPM Workflow processes
 */
public class BPMAccessController implements AccessController, Serviceable
{
    private static final String BPM_WORKFLOWS_PATH = "/ametys:plugins/" + BPMWorkflowManager.BPM_ROOT_NODE + "/" + BPMWorkflowManager.BPMWORKFLOW_ROOT_NODE + "/";
    private CurrentUserProvider _currentUserProvider;
    private BPMWorkflowManager _bpmWorkflowManager;
    private AmetysObjectResolver _resolver;

    public void service(ServiceManager manager) throws ServiceException
    {
        _currentUserProvider = (CurrentUserProvider) manager.lookup(CurrentUserProvider.ROLE);
        _bpmWorkflowManager = (BPMWorkflowManager) manager.lookup(BPMWorkflowManager.ROLE);
        _resolver = (AmetysObjectResolver) manager.lookup(AmetysObjectResolver.ROLE);
    }

    public boolean isSupported(Object object)
    {
        return object instanceof AmetysObject && ((AmetysObject) object).getPath().startsWith(BPM_WORKFLOWS_PATH);
    }

    public AccessResult getPermission(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object)
    {
        JCRWorkflowProcess process = null;
        if (object instanceof JCRWorkflowProcess)
        {
            process = (JCRWorkflowProcess) object;
        }
        if (object instanceof ResourceCollection)
        {
            AmetysObject parent = ((ResourceCollection) object).getParent();
            if (parent instanceof JCRWorkflowProcess)
            {
                process = (JCRWorkflowProcess) parent;
            }
        }
        
        if (process == null)
        {
            return AccessResult.UNKNOWN;
        }
        
        if (process.getCreator().equals(_currentUserProvider.getUser()))
        {
            return AccessResult.USER_ALLOWED;
        }
        
        String workflowId = process.getWorkflow();
        JCRWorkflow workflow = _resolver.resolveById(workflowId);

        return _bpmWorkflowManager.isUserInWorkflowVariables(workflow) ? AccessResult.USER_ALLOWED : AccessResult.UNKNOWN;
    }

    public AccessResult getReadAccessPermission(UserIdentity user, Set<GroupIdentity> userGroups, Object object)
    {
        return getPermission(user, userGroups, null, object);
    }

    public Map<String, AccessResult> getPermissionByRight(UserIdentity user, Set<GroupIdentity> userGroups, Object object)
    {
        return Collections.EMPTY_MAP;
    }

    public AccessResult getPermissionForAnonymous(String rightId, Object object)
    {
        return AccessResult.UNKNOWN;
    }
    
    
    public AccessResult getReadAccessPermissionForAnonymous(Object object)
    {
        return AccessResult.UNKNOWN;
    }
    
    public AccessResult getPermissionForAnyConnectedUser(String rightId, Object object)
    {
        return AccessResult.UNKNOWN;
    }
    
    public AccessResult getReadAccessPermissionForAnyConnectedUser(Object object)
    {
        return AccessResult.UNKNOWN;
    }
    
    public Map<UserIdentity, AccessResult> getPermissionByUser(String rightId, Object object)
    {
        return Collections.EMPTY_MAP;
    }
    
    public Map<UserIdentity, AccessResult> getReadAccessPermissionByUser(Object object)
    {
        return getPermissionByUser(null, object);
    }
    
    public Map<GroupIdentity, AccessResult> getPermissionByGroup(String rightId, Object object)
    {
        return Collections.EMPTY_MAP;
    }
    
    public Map<GroupIdentity, AccessResult> getReadAccessPermissionByGroup(Object object)
    {
        return Collections.EMPTY_MAP;
    }
    
    public boolean hasUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups)
    {
        return hasUserAnyPermissionOnWorkspace(workspacesContexts, user, userGroups, null);
    }
    
    public boolean hasUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups, String rightId)
    {
        return false;
    }
    
    public boolean hasAnonymousAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts)
    {
        return false;
    }
    
    public boolean hasAnonymousAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId)
    {
        return false;
    }
    
    public boolean hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts)
    {
        return false;
    }
    
    public boolean hasAnyConnectedUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId)
    {
        return false;
    }

}