<?php
/**
 * Virtual File System: Access Control Rule: User Group 4 Path
 *
 * @author gERD Schaufelberger <gerd@php-tools.net>
 * @package WB
 * @subpackage vfs
 */

WBClass::load('WBVFS_AccessControlRule'
        , 'WBUser'
        , 'WBDatasource_Table'
    );

/**
 * Virtual File System: Access Control Rule:  User Group 4 Path
 *
 * @version 0.1.0
 * @package WB
 * @subpackage vfs
 */
class WBVFS_AccessControlRule_UserGroup4Path extends WBVFS_AccessControlRule
{
    /**
     * Configuration parameters
     *
     * - path: path begins with...
     * - group: group the user has to be member
     *
     *
     * @var array
     */
    protected $config   =   array(
                                    'path'  =>  '',
                                    'group' =>  ''
                                );

    /**
     * @var WBDatasource_Table
     */
    protected $table;

    /**
     * 2nc Constructor
     *
     * Called after configuration was set
     */
    protected function init()
    {
        /** @var WBConfig */
        $config =   WBClass::create('WBConfig');
        $config->load('vfs');
        $this->config['treetable']  =   $config->get('dir/treetable');
        $this->config['treecolumn'] =   $config->get('dir/treecolumn');

        $this->table    =   WBClass::create('WBDatasource_Table');
    }

    /**
     * Check Permissions 4 Request
     *
     * @param WBRequest
     * @return bool
     */
    public function isRequestGranted($req)
    {
        if (empty($this->config['path'])) {
            $this->log->debug($this->getLogMsg($this::GRANT_ALLOW, 'Empty config'));
            return true;
        }

        /** @var WBUser_Auth */
        $user   =   WBUser::getCurrent();
        if ($this->file->getUserId() == $user->getId()) {
            $this->log->debug($this->getLogMsg($this::GRANT_ALLOW, sprintf('File is owned by current user %s, group and path do not matter.', $user->getId())));
            return false;
        }

        $did    =   $this->file->getDirId();
        $dir    =   $this->table->get($this->config['treetable'], $did);
        if (empty($dir)) {
            $this->log->debug($this->getLogMsg($this::GRANT_DENY, 'File is not in any folder'));
            return false;
        }

        $dir    =   $dir[0];
        if (0 != strncmp($dir[$this->config['treecolumn']], $this->config['path'], strlen($this->config['path']))) {
            $this->log->debug($this->getLogMsg($this::GRANT_ALLOW, 'Folder is not protected'));
            return true;
        }

        // check if user is in group
        if (!$user->isInGroup($this->config['group'])) {
            $this->log->debug($this->getLogMsg($this::GRANT_DENY, sprintf('Dir %s - current user %s is NOT in group %s', $did, $user->getId(), $this->config['group'])));
            return false;
        }

        // well also check mandator
        $mid    =   $user->getMandatorId();
        if (empty($mid)) {
            $this->log->debug($this->getLogMsg($this::GRANT_ALLOW, sprintf('Dir %s - current user %s is in group %s and user is mandator master', $did, $user->getId(), $this->config['group'])));
            return true;
        }

        $storage    =   $user->getStorageModule();
        $storage->load($this->file->getUserId());
        $data   =   $storage->get();
        if (sprintf('mandator-vfs-%s', $mid) != $data['nickname']) {
            $this->log->debug($this->getLogMsg($this::GRANT_DENY, sprintf('User %s is wrong mandator',$user->getId())));
            return false;
        }

        $this->log->debug($this->getLogMsg($this::GRANT_ALLOW, sprintf('Dir %s - current user %s is in group %s and mandator matches', $did, $user->getId(), $this->config['group'])));
        return true;
    }
}