<?php
/**
 * Virtual File System: Access Control
 *
 * @author gERD Schaufelberger <gerd@php-tools.net>
 * @package WB
 * @subpackage vfs
 */

WBClass::load('WBVFS',
            'WBLog'
            );

/**
 * Virtual File System: Access Control
 *
 * See configuration "vfs/acl/config"
 *
 * @version 0.4.0
 * @package WB
 * @subpackage vfs
 */
class WBVFS_AccessControl extends WBStdClass
{
    /**
     * File
     * @var WBVFS_File
     */
    private $file;

    /**
     * File
     * @var WBVFS_Mime
     */
    private $mime;

    /**
     * List of Access Control Rules
     * @var array
     */
    private $acr    =   null;

    /**
     * Logger
     * @var WBLog
     */
    private $log;

    /**
     * ACL Configuration
     * @var WBConfig
     */
    private $config;

    /**
     * Constructor
     *
     * Load config file "vfs/acl/config"
     * @param array $parameter
     */
    public function __construct($parameter = array())
    {
        /** @var WBConfig */
        $this->config =   WBClass::create('WBConfig');
        $this->config->load('vfs/acl/config');

        $this->log  =   WBLog::start(__CLASS__);
    }

    /**
     * Inject Clause to Exclude Protected Folder
     *
     * See config vfs/default/protected/path in "vfs/acl/config"
     *
     * Add clause to array in case there is protected path
     *
     * @param array clause
     * @return bool true when clause was added
     */
    public function injectProtected2Clause(&$clause = array())
    {
        $protected  =   $this->config->get('vfs/default/protected/path', '');
        if (empty($protected)) {
            return false;
        }
        $clause[]   =   array(
                                'table'     =>  WBDatasource::TABLE_VFSDIR,
                                'field'     =>  'path',
                                'relation'  =>  'not_begins',
                                'value'     =>  $protected
                            );
        return true;
    }

    /**
     * Tell if Directory Node is Protected
     *
     * See config vfs/default/protected/path in "vfs/acl/config"
     *
     *
     * @return bool true if protected
     */
    public function isNodeProtected($node)
    {
        $protected  =   $this->config->get('vfs/default/protected/path', '');
        if (empty($protected)) {
            return false;
        }

        if ($node['path'] == $protected) {
            return true;
        }
        return false;
    }

    /**
     * Set File and Mime Handler
     *
     * @param WBVFS_File
     * @param WBVFS_Mime
     */
    public function setVFSFile($file, $mime)
    {
        $this->file =   $file;
        $this->mime =   $mime;
    }

    /**
     * Check Permissions 4 Request
     *
     * @param WBRequest
     * @param string minor mime
     * @return bool
     */
    public function isRequestGranted($req, $mimeMinor)
    {
        $this->initRules();

        $hdl    =   substr(get_class($this->mime), strlen('WBVFS_Mime_'));
        $msg    =   array(
                        'vfsfile'   =>  $this->file->getId(),
                        'mime'      =>  $this->file->getMime(),
                        'handler'   =>  $hdl,
                        'access'    =>  '',
                        );

        foreach ($this->acr as $acr) {
            /** @var WBVFS_AccessControlRule */
            $acr->setRequestMimeMinor($mimeMinor);
            if (!$acr->isRequestGranted($req)) {
                $msg['access']  =   'denied';
                $this->log->warn($msg);
                return false;
            }
        }

        $msg['access']  =   'allowed';
        $this->log->notice($msg);
        return true;
    }

    /**
     * Initialize Rules
     *
     * Create rules objects from defined rules
     * Run only once.
     */
    private function initRules()
    {
        if (is_array($this->acr)) {
            return;
        }

        $rules  =   $this->config->get('vfs/accesscontrol');
        $this->acr  =   array();
        foreach ($rules as $r) {
            if (!is_array($r)) {
                $r  =   array(
                            'name'      => $r,
                            'params'    =>  array()
                        );
            }
            if (!isset($r['params'])) {
                $r['params']    =   array();
            }

            /** @var WBVFS_AccessControlRule */
            $acr    =   WBClass::create('WBVFS_AccessControlRule_' . $r['name']);
            $acr->setVFSFile($this->file, $this->mime);
            $acr->setLogger($this->log);
            $acr->setConfig($r['params']);

            $this->acr[]    =   $acr;
        }
    }
}