/*
 *  Copyright 2021 Anyware Services
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */
package org.ametys.plugins.joboffer.right;

import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;

import org.apache.avalon.framework.service.ServiceException;
import org.apache.avalon.framework.service.ServiceManager;
import org.apache.avalon.framework.service.Serviceable;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang3.ArrayUtils;

import org.ametys.cms.contenttype.ContentTypesHelper;
import org.ametys.cms.repository.Content;
import org.ametys.core.group.GroupIdentity;
import org.ametys.core.right.AccessController;
import org.ametys.core.user.UserIdentity;
import org.ametys.plugins.joboffer.JobOfferConstants;

/**
 * {@link AccessController} so responsible of a job offer can access and handle the applications
 *
 */
public class ApplicationAccessController implements AccessController, Serviceable
{
    /** ContentTypes Helper */
    protected ContentTypesHelper _cTypeHelper;
    
    public void service(ServiceManager smanager) throws ServiceException
    {
        _cTypeHelper = (ContentTypesHelper) smanager.lookup(ContentTypesHelper.ROLE);
    }
    
    /**
     * Get the rights for person in charge of a application content
     * @return the list of allowed rights
     */
    protected List<String> getApplicationRights()
    {
        return List.of(
                "Workflow_Right_Application_Edit",
                "Workflow_Right_Application_Shortlist", 
                "Workflow_Right_Application_Disapprove");
    }
    
    /**
     * Determines if the current user is in charge of the current application
     * @param user the user
     * @param content the application content
     * @return true if the current user is in charge
     */
    protected boolean isInCharge(UserIdentity user, Content content)
    {
        UserIdentity[] personsInCharge = getPersonInCharge(content);
        return personsInCharge != null && ArrayUtils.contains(personsInCharge, user);
    }   
    
    /**
     * Get the persons in charge of a application
     * @param content the application content
     * @return the persons in charge or null if not found or empty
     */
    protected UserIdentity[] getPersonInCharge(Content content)
    {
        if (content.hasDefinition(JobOfferConstants.JOB_APPLICATION_ATTRIBUTE_PATH_PERSON_IN_CHARGE))
        {
            return content.getValue(JobOfferConstants.JOB_APPLICATION_ATTRIBUTE_PATH_PERSON_IN_CHARGE);
        }
        
        return null;
    }
    
    public boolean isSupported(Object object)
    {
        return object instanceof Content && _cTypeHelper.isInstanceOf((Content) object, JobOfferConstants.JOB_APPLICATION_CONTENT_TYPE);
    }
    
    public AccessResult getPermission(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object)
    {
        if (object instanceof Content && isInCharge(user, (Content) object))
        {
            return getApplicationRights().contains(rightId) ? AccessResult.USER_ALLOWED : AccessResult.UNKNOWN;
        }
        
        return AccessResult.UNKNOWN;
    }

    public AccessResult getReadAccessPermission(UserIdentity user, Set<GroupIdentity> userGroups, Object object)
    {
        if (object instanceof Content && isInCharge(user, (Content) object))
        {
            return AccessResult.USER_ALLOWED;
        }
        
        return AccessResult.UNKNOWN;
    }

    /**
     * If creator, access to a list of rights
     */
    public Map<String, AccessResult> getPermissionByRight(UserIdentity user, Set<GroupIdentity> userGroups, Object object)
    {
        Map<String, AccessResult> permissionByRight = new HashMap<>();
        
        if (isInCharge(user, (Content) object))
        {
            for (String rightId : getApplicationRights())
            {
                permissionByRight.put(rightId, AccessResult.USER_ALLOWED);
            }
        }
        
        return permissionByRight;
    }

    public AccessResult getPermissionForAnonymous(String rightId, Object object)
    {
        return AccessResult.UNKNOWN;
    }

    public AccessResult getReadAccessPermissionForAnonymous(Object object)
    {
        return AccessResult.UNKNOWN;
    }

    public AccessResult getPermissionForAnyConnectedUser(String rightId, Object object)
    {
        return AccessResult.UNKNOWN;
    }

    public AccessResult getReadAccessPermissionForAnyConnectedUser(Object object)
    {
        return AccessResult.UNKNOWN;
    }

    /**
     * If right requested is in the list, the creator is added the list of USER_ALLOWED
     */
    public Map<UserIdentity, AccessResult> getPermissionByUser(String rightId, Object object)
    {
        Map<UserIdentity, AccessResult> permissionByUser = new HashMap<>();
        
        if (getApplicationRights().contains(rightId))
        {
            UserIdentity[] personInCharge = getPersonInCharge((Content) object);
            if (personInCharge != null)
            {
                for (UserIdentity userIdentity : personInCharge)
                {
                    permissionByUser.put(userIdentity, AccessResult.USER_ALLOWED);
                }
            }
        }
            
        return permissionByUser;
    }

    public Map<UserIdentity, AccessResult> getReadAccessPermissionByUser(Object object)
    {
        Map<UserIdentity, AccessResult> readPermissionByUser = new HashMap<>();
        
        UserIdentity[] personInCharge = getPersonInCharge((Content) object);
        if (personInCharge != null)
        {
            for (UserIdentity userIdentity : personInCharge)
            {
                readPermissionByUser.put(userIdentity, AccessResult.USER_ALLOWED);
            }
        }
            
        return readPermissionByUser;
    }

    public Map<GroupIdentity, AccessResult> getPermissionByGroup(String rightId, Object object)
    {
        return MapUtils.EMPTY_MAP;
    }

    public Map<GroupIdentity, AccessResult> getReadAccessPermissionByGroup(Object object)
    {
        return MapUtils.EMPTY_MAP;
    }

    public boolean hasUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups, String rightId)
    {
        return false;
    }

    public boolean hasUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups)
    {
        return false;
    }

    public boolean hasAnonymousAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId)
    {
        return false;
    }

    public boolean hasAnonymousAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts)
    {
        return false;
    }

    public boolean hasAnyConnectedUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId)
    {
        return false;
    }

    public boolean hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts)
    {
        return false;
    }

}