<?php
// Copyright (C) 2010 Combodo SARL
//
//   This program is free software; you can redistribute it and/or modify
//   it under the terms of the GNU General Public License as published by
//   the Free Software Foundation; version 3 of the License.
//
//   This program is distributed in the hope that it will be useful,
//   but WITHOUT ANY WARRANTY; without even the implied warranty of
//   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
//   GNU General Public License for more details.
//
//   You should have received a copy of the GNU General Public License
//   along with this program; if not, write to the Free Software
//   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

/**
 * Specific to the addon 'user management by profile'
 * Was developed for testing purposes only 
 *
 * @author      Erwan Taloc <erwan.taloc@combodo.com>
 * @author      Romain Quetiez <romain.quetiez@combodo.com>
 * @author      Denis Flaven <denis.flaven@combodo.com>
 * @license     http://www.opensource.org/licenses/gpl-3.0.html LGPL
 */

require_once('../application/application.inc.php');
require_once('../application/itopwebpage.class.inc.php');

require_once('../application/startup.inc.php');


function ComputeObjectProjections($oPage, $oObject)
{
	// Load the classes for a further usage
	//
	$aClasses = MetaModel::GetClasses();
	
	// Load the dimensions for a further usage
	//
	$aDimensions = array();
	$oDimensionSet = new DBObjectSet(DBObjectSearch::FromOQL("SELECT URP_Dimensions"));
	while ($oDimension = $oDimensionSet->Fetch())
	{
		$aDimensions[$oDimension->GetKey()] = $oDimension; 
	}
	
	// Load the class projections for a further usage
	//
	$aClassProj = array();
	$oClassProjSet = new DBObjectSet(DBObjectSearch::FromOQL("SELECT URP_ClassProjection"));
	while ($oClassProj = $oClassProjSet->Fetch())
	{
		$aClassProjs[$oClassProj->Get('class')][$oClassProj->Get('dimensionid')] = $oClassProj; 
	}
	
	// Setup display structure
	//
	$aDisplayConfig = array();
	foreach ($aDimensions as $iDimension => $oDimension)
	{
		$aDisplayConfig['dim'.$oDimension->GetKey()] = array('label' => $oDimension->GetName(), 'description' => $oDimension->Get('description'));
	}
	
	// Load objects
	//
	$aDisplayData = array();
	$sClass = get_class($oObject);
	$aObjectProj = array();
	foreach ($aDimensions as $iDimension => $oDimension)
	{
		// #@# to be moved, may be time consuming
		$oDimension->CheckProjectionSpec($aClassProjs[$sClass][$iDimension], $sClass);

		$aValues = $aClassProjs[$sClass][$iDimension]->ProjectObject($oObject);
		if (is_null($aValues))
		{
			$sValues = htmlentities(Dict::S('UI:UserManagement:AnyObject'));
		}
		else
		{
			$sValues = implode(', ', $aValues);
		}
		$oObjectProj['dim'.$oDimension->GetKey()] = $sValues;
	}

	$aDisplayData[] = $oObjectProj;

	$oPage->table($aDisplayConfig, $aDisplayData);
}


function ComputeUserProjections($oPage, $oUser)
{
	// Load the profiles for a further usage
	//
	$aProfiles = array();
	$oProfileSet = new DBObjectSet(DBObjectSearch::FromOQL("SELECT URP_Profiles"));
	while ($oProfile = $oProfileSet->Fetch())
	{
		$aProfiles[$oProfile->GetKey()] = $oProfile; 
	}
	
	// Load the dimensions for a further usage
	//
	$aDimensions = array();
	$oDimensionSet = new DBObjectSet(DBObjectSearch::FromOQL("SELECT URP_Dimensions"));
	while ($oDimension = $oDimensionSet->Fetch())
	{
		$aDimensions[$oDimension->GetKey()] = $oDimension; 
	}
	
	// Load the profile projections for a further usage
	//
	$aProPro = array();
	$oProProSet = new DBObjectSet(DBObjectSearch::FromOQL("SELECT URP_ProfileProjection"));
	while ($oProPro = $oProProSet->Fetch())
	{
		$aProPros[$oProPro->Get('profileid')][$oProPro->Get('dimensionid')] = $oProPro; 
	}
	
	// Setup display structure
	//
	$aDisplayConfig = array();
	$aDisplayConfig['profile'] = array('label' => Dict::S('UI:UserManagement:Profile'), 'description' => Dict::S('UI:UserManagement:Profile+'));
	foreach ($aDimensions as $iDimension => $oDimension)
	{
		$aDisplayConfig['dim'.$oDimension->GetKey()] = array('label' => $oDimension->GetName(), 'description' => $oDimension->Get('description'));
	}
	
	// Create a record per profile
	//
	$aDisplayData = array();
	$oUserProfileSet = new DBObjectSet(DBObjectSearch::FromOQL("SELECT URP_UserProfile WHERE userid = :user->id"), array(), array('user' => $oUser));
	while ($oUserProfile = $oUserProfileSet->Fetch())
	{
		$iProfile = $oUserProfile->Get('profileid');
		$oProfile = $aProfiles[$iProfile];

		$aUserProfileProj = array();
		$aUserProfileProj['profile'] = $oProfile->GetName();
		foreach ($aDimensions as $iDimension => $oDimension)
		{
			// #@# to be moved, may be time consuming
			$oDimension->CheckProjectionSpec($aProPros[$iProfile][$iDimension], get_class($oUser));

			$aValues = $aProPros[$iProfile][$iDimension]->ProjectUser($oUser);
			if (is_null($aValues))
			{
				$sValues = htmlentities(Dict::S('UI:UserManagement:AnyObject'));
			}
			else
			{
				$sValues = implode(', ', $aValues);
			}
			$aUserProfileProj['dim'.$oDimension->GetKey()] = $sValues;
		}
	
		$aDisplayData[] = $aUserProfileProj;
	}

	$oPage->table($aDisplayConfig, $aDisplayData);
}


function ComputeUserRights($oPage, $oUser, $oObject)
{
	// Set the stage
	//
	$iUser = $oUser->GetKey();
	$sClass = get_class($oObject);
	$iPKey = $oObject->GetKey();
	$oInstances = DBObjectSet::FromArray($sClass, array($oObject));
	$aPermissions = array(
		UR_ALLOWED_NO => '<span style="background-color: #ffdddd;">UR_ALLOWED_NO</span>',
		UR_ALLOWED_YES => '<span style="background-color: #ddffdd;">UR_ALLOWED_YES</span>',
		UR_ALLOWED_DEPENDS => '<span style="">UR_ALLOWED_DEPENDS</span>',
	);
	$aActions = array(
		UR_ACTION_READ => Dict::S('UI:UserManagement:Action:Read'),
		UR_ACTION_MODIFY => Dict::S('UI:UserManagement:Action:Modify'),
		UR_ACTION_DELETE => Dict::S('UI:UserManagement:Action:Delete'),
		UR_ACTION_BULK_READ => Dict::S('UI:UserManagement:Action:BulkRead'),
		UR_ACTION_BULK_MODIFY => Dict::S('UI:UserManagement:Action:BulkModify'),
		UR_ACTION_BULK_DELETE => Dict::S('UI:UserManagement:Action:BulkDelete'),
	);
	$aAttributeActions = array(
		UR_ACTION_READ => Dict::S('UI:UserManagement:Action:Read'),
		UR_ACTION_MODIFY => Dict::S('UI:UserManagement:Action:Modify'),
		UR_ACTION_BULK_READ => Dict::S('UI:UserManagement:Action:BulkRead'),
		UR_ACTION_BULK_MODIFY => Dict::S('UI:UserManagement:Action:BulkModify'),
	);

	// Determine allowed actions for the object
	//
	$aDisplayData = array();
	foreach($aActions as $iActionCode => $sActionDesc)
	{
		$iPermission = UserRights::IsActionAllowed($sClass, $iActionCode, $oInstances, $iUser);
		$aDisplayData[] = array(
			'action' => $sActionDesc,
			'permission' => $aPermissions[$iPermission],
		);
	}	
	$aDisplayConfig = array();
	$aDisplayConfig['action'] = array('label' => Dict::S('UI:UserManagement:Action'), 'description' => Dict::S('UI:UserManagement:Action+'));
	$aDisplayConfig['permission'] = array('label' => Dict::S('UI:UserManagement:Permission'), 'description' => Dict::S('UI:UserManagement:Permission+'));
	$oPage->p('<h3>'.Dict::S('UI:UserManagement:Actions').'</h3>');
	$oPage->table($aDisplayConfig, $aDisplayData);


	// Determine allowed actions for the object
	//
	$aDisplayData = array();
	foreach(MetaModel::ListAttributeDefs($sClass) as $sAttCode => $oAttDef)
	{
		if (!$oAttDef->IsDirectField()) continue;

		foreach($aAttributeActions as $iActionCode => $sActionDesc)
		{
			$iPermission = UserRights::IsActionAllowedOnAttribute($sClass, $sAttCode, $iActionCode, $oInstances, $iUser);
			$aDisplayData[] = array(
				'attribute' => $sAttCode,
				'action' => $sActionDesc,
				'permission' => $aPermissions[$iPermission],
			);
		}
	}
	$oPage->p('<h3>'.Dict::S('UI:UserManagement:Attributes').'</h3>');
	if (count($aDisplayData) > 0)
	{
		$aDisplayConfig = array();
		$aDisplayConfig['attribute'] = array('label' => 'Attribute', 'description' => '');
		$aDisplayConfig['action'] = array('label' => 'Action', 'description' => '');
		$aDisplayConfig['permission'] = array('label' => 'Permission', 'description' => '');
		$oPage->table($aDisplayConfig, $aDisplayData);
	}
	else
	{
		$oPage->p('<em>none</em>');
	}

	// Determine allowed stimuli
	//
	$aDisplayData = array();
	foreach(MetaModel::EnumStimuli($sClass) as $sStimulusCode => $oStimulus)
	{
		$iPermission = UserRights::IsStimulusAllowed($sClass, $sStimulusCode, $oInstances, $iUser);
		$aDisplayData[] = array(
			'stimulus' => $sStimulusCode,
			'permission' => $aPermissions[$iPermission],
		);
	}
	$oPage->p('<h3>Stimuli</h3>');
	if (count($aDisplayData) > 0)
	{
		$aDisplayConfig = array();
		$aDisplayConfig['stimulus'] = array('label' => 'Stimulus', 'description' => '');
		$aDisplayConfig['permission'] = array('label' => 'Permission', 'description' => '');
		$oPage->table($aDisplayConfig, $aDisplayData);
	}
	else
	{
		$oPage->p('<em>none</em>');
	}
}


require_once('../application/loginwebpage.class.inc.php');
LoginWebPage::DoLogin(); // Check user rights and prompt if needed

// Display the menu on the left
$oContext = new UserContext();
$oAppContext = new ApplicationContext();
$iActiveNodeId = utils::ReadParam('menu', -1);
$currentOrganization = utils::ReadParam('org_id', 1);
$iUser = utils::ReadParam('user_id', -1);
$sObjectClass = utils::ReadParam('object_class', '');
$iObjectId = utils::ReadParam('object_id', 0);

$oPage = new iTopWebPage("iTop user management - user status", $currentOrganization);
$oPage->no_cache();


if ($iUser == -1)
{
	$oPage->p('Missing parameter "user_id" - current user is '.UserRights::GetUserId());
}
else
{
	$oPage->p('<h2>How are the user rights computed?</h2>');

	$oPage->p('<h3>1st, find the profiles that apply</h3>');
	$oPage->p('<p>Project the current object in every existing dimension</p>');
	$oPage->p('<p>Project the observed profile in every existing dimension (might depend on the user)</p>');
	$oPage->p('<p>If an overlap is found in any dimension, then the profile applies</p>');

	$oPage->p('<h3>2nd, interpret the profiles</h3>');
	$oPage->p('<p>Note: granting rights for specific attributes is not fully implemented. It is still not taking into account the inheritance of rights AND the UI will not take that information into account!</p>');
	$oPage->p('<p>Actions: looks into URP_ActionGrant for a permission (yes or no) and goes up into the class hierarchy until an answer is found, defaults to <em>no</em></p>');
	$oPage->p('<p>Stimuli: looks into URP_StimulusGrant for a permission (yes or no), defaults to <em>no</em></p>');
	

	$oPage->p('<h3>3rd, keep the most permissive one</h3>');
	$oPage->p('<p>If one profile says YES, then the answer is YES</p>');
	

	$oUser = MetaModel::GetObject('URP_Users', $iUser);

	$oPage->p('<h2>Projections for user '.$oUser->GetName().'</h2>');
	ComputeUserProjections($oPage, $oUser);

	if (strlen($sObjectClass) != 0)
	{
		$oObject = MetaModel::GetObject($sObjectClass, $iObjectId);

		$oPage->p('<h2>Projections for object '.$oObject->GetName().'</h2>');
		ComputeObjectProjections($oPage, $oObject);

		$oPage->p('<h2>Resulting rights</h2>');
		ComputeUserRights($oPage, $oUser, $oObject);
	}
}

$oPage->output();

?>