<?php
/**
 * Virtual File System: Access Control
 *
 * @author gERD Schaufelberger <gerd@php-tools.net>
 * @package WB
 * @subpackage vfs
 */

WBClass::load('WBVFS',
            'WBLog'
            );

/**
 * Virtual File System: Access Control
 *
 * @version 0.2.0
 * @package WB
 * @subpackage vfs
 */
class WBVFS_AccessControl extends WBStdClass
{
    /**
     * File
     * @var WBVFS_File
     */
    private $file;

    /**
     * File
     * @var WBVFS_Mime
     */
    private $mime;

    /**
     * @var array
     */
    private $acr    =   null;

    /**
     * Logger
     * @var WBLog
     */
    private $log;

    /**
     * Constructor
     *
     * @param array $parameter
     */
    public function __construct($parameter = array())
    {
        $this->log  =   WBLog::start(__CLASS__);
    }

    /**
     * Set File and Mime Handler
     *
     * @param WBVFS_File
     * @param WBVFS_Mime
     */
    public function setVFSFile($file, $mime)
    {
        $this->file =   $file;
        $this->mime =   $mime;
    }

    /**
     * Check Permissions 4 Request
     *
     * @param WBRequest
     * @param string minor mime
     * @return bool
     */
    public function isRequestGranted($req, $mimeMinor)
    {
        $this->initRules();

        $hdl    =   substr(get_class($this->mime), strlen('WBVFS_Mime_'));
        $msg    =   array(
                        'vfsfile'   =>  $this->file->getId(),
                        'mime'      =>  $this->file->getMime(),
                        'handler'   =>  $hdl,
                        'access'    =>  '',
                        );

        foreach ($this->acr as $acr) {
            /** @var WBVFS_AccessControlRule */
            $acr->setRequestMimeMinor($mimeMinor);
            if (!$acr->isRequestGranted($req)) {
                $msg['access']  =   'denied';
                $this->log->warn($msg);
                return false;
            }
        }

        $msg['access']  =   'allowed';
        $this->log->notice($msg);
        return true;
    }

    /**
     * Initialize Rules
     *
     * Load config file "vfs/acl/config" and create rules objects from defined rules
     * Run only once.
     */
    private function initRules()
    {
        if (is_array($this->acr)) {
            return;
        }

        /** @var WBConfig */
        $config =   WBClass::create('WBConfig');
        $config->load('vfs/acl/config');
        $rules  =   $config->get('vfs/accesscontrol');
        $this->acr  =   array();
        foreach ($rules as $r) {
            if (!is_array($r)) {
                $r  =   array(
                            'name'      => $r,
                            'params'    =>  array()
                        );
            }
            if (!isset($r['params'])) {
                $r['params']    =   array();
            }

            /** @var WBVFS_AccessControlRule */
            $acr    =   WBClass::create('WBVFS_AccessControlRule_' . $r['name']);
            $acr->setVFSFile($this->file, $this->mime);
            $acr->setLogger($this->log);
            $acr->setConfig($r['params']);

            $this->acr[]    =   $acr;
        }
    }
}