<?php

	class kPermissionsHelper extends kHelper {
	
		/**
		 * Current set of permissions for group being edited
		 *
		 * @var Array
		 */
		var $Permissions = Array();
		
		function LoadPermissions($prefix)
		{
			$object =& $this->Application->recallObject($prefix.'-perm', null, Array('skip_autoload' => true));
			
			$foreign_key = $this->Application->getUnitOption($prefix.'-perm', 'ForeignKey');
			$foreign_value = $this->Application->GetVar($prefix.'_id');
			$sql = 'SELECT *
					FROM '.$object->TableName.'
					WHERE '.$foreign_key.' = '.$foreign_value;
			$permissions = $this->Conn->Query($sql, 'Permission');
			
			$this->Permissions = Array();
			foreach ($permissions as $perm_name => $perm_options) {
				$perm_record['value'] = $perm_options['PermissionValue'];
				$perm_record['id'] = $perm_options['PermissionId'];
				$this->Permissions[$perm_name] = $perm_record;
			}
		}
		
		function getPermissionValue($perm_name)
		{
			 return getArrayValue($this->Permissions, $perm_name) ? $this->Permissions[$perm_name]['value'] : 0;
		}
		
		function getPermissionID($perm_name)
		{
			return getArrayValue($this->Permissions, $perm_name) ? $this->Permissions[$perm_name]['id'] : 0;
		}
		
		/**
		 * This is old permission like ADMIN or LOGIN
		 *
		 * @param string $section_name
		 * @param string $perm_name
		 * @return bool
		 */
		function isOldPermission($section_name, $perm_name)
		{
			return $section_name == 'in-portal:root' && $perm_name != 'view';
		}
		
		/**
		 * Returns permission names to check based on event name and item prefix (main item or subitem)
		 *
		 * @param kEvent $event
		 * @return Array
		 */
		function getPermissionByEvent(&$event, $perm_mapping)
		{
			$top_prefix = $event->getEventParam('top_prefix');
		
			$pefix_type = ($top_prefix == $event->Prefix) ? 'self' : 'subitem';
			$perm_mapping = getArrayValue($perm_mapping, $event->Name);
			
			if (!$perm_mapping[$pefix_type]) {
				trigger_error('Permission mappings not defined for event <b>'.$top_prefix.' <- '.$event->Prefix.':'.$event->Name.'</b>', E_USER_ERROR);
			}
			
			if ($perm_mapping[$pefix_type] === true) {
				// event is defined in mapping but is not checked by permissions
				return true;
			}
			
			return explode('|', $perm_mapping[$pefix_type]);
		}
		
		/**
		 * Checks permissions of user
		 *
		 * @param kEvent $event
		 */
		function CheckPermission(&$event, $perm_mapping)
		{
			$section = $event->getSection();
			if (preg_match('/^CATEGORY:(.*)/', $section)) {
				return $this->CheckCategoryPermission($event, $perm_mapping);
			}
			
			$top_prefix = $event->getEventParam('top_prefix');
			$check_perms = $this->getPermissionByEvent($event, $perm_mapping);
			
			if ($check_perms === true) {
				// event is defined in mapping but is not checked by permissions
				return true;
			}
			
			$perm_status = false;
			foreach ($check_perms as $perm_name) {
				// check if at least one of required permissions is set
				$perm_name = $section.'.'.$perm_name;
				$perm_status = $this->Application->CheckPermission($perm_name, 1);
				if (($perm_name == $section.'.add') && $perm_status && ($top_prefix == $event->Prefix)) {
					// main item, add permission allowed, but ID is > 0, then deny permission
					// how to get id here
				}
				if ($perm_status) {
					return $perm_status;
				}
			}
			
			if (!$perm_status) {
				if ($this->Application->isDebugMode()) {
					// for debugging purposes
					$event->SetRedirectParam('section', $section);
					$event->SetRedirectParam('main_prefix', $top_prefix);
					$event->SetRedirectParam('event_name', $event->Name);
					$event->SetRedirectParam('next_template', $this->Application->GetVar('t'));
				}
				$event->status = erPERM_FAIL;
			}
			return $perm_status;
		}
		
		/**
		 * Check permissions
		 *
		 * @param kEvent $event
		 */
		function CheckCategoryPermission(&$event, $event_perm_mapping)
		{
			// would be better to check this too, but we have no such ermission for now
			/*if ($event->Name == 'OnRateProduct') {
				return $this->Application->CheckPermission('PRODUCT.RATE', 0);
			}*/
			
			// mapping between specific permissions and common permissions
			$perm_mapping = Array('add' => 'ADD', 'edit' => 'MODIFY', 'delete' => 'DELETE', 'view' => 'VIEW');

			$top_prefix = $event->getEventParam('top_prefix');
			$event_handler =& $this->Application->recallObject($event->Prefix.'_EventHandler');
			if ($event->Prefix != $top_prefix) {
				$top_event = new kEvent($top_prefix.':'.$event->Name);
				$id = $event_handler->getPassedID($top_event);
			}
			else {
				$id = $event_handler->getPassedID($event);
			}
			
			$item_prefix = $this->Application->getUnitOption($top_prefix, 'PermItemPrefix');
			
			// 1. get primary category of category item
			$id_field = $this->Application->getUnitOption($top_prefix, 'IDField');
			$table_name = $this->Application->getUnitOption($top_prefix, 'TableName');
			$ci_table = $this->Application->getUnitOption($top_prefix.'-ci', 'TableName');
			
			if (!$id) {
				// item being created -> check by current (before editing started, saved in OnPreCreate event) category permissions
				$category_id = $this->Application->RecallVar('m_cat_id');
			}
			else {
				// item being edited -> check by it's primary category permissions
				$sql = 'SELECT ci.CategoryId
						FROM '.$table_name.' main_table
						LEFT JOIN '.$ci_table.' ci ON ci.ItemResourceId = main_table.ResourceId
						WHERE (main_table.'.$id_field.' = '.$id.') AND (ci.PrimaryCat = 1)';
				$category_id = $this->Conn->GetOne($sql);
			}
			
			if ((substr($event->Name, 0, 9) == 'OnPreSave') || ($event->Name == 'OnSave')) {
				if ($event_handler->isNewItemCreate($event)) {
					return $this->Application->CheckPermission($item_prefix.'.ADD', 0, $category_id);
				}
				else {
					return $this->Application->CheckPermission($item_prefix.'.ADD', 0, $category_id) || $this->Application->CheckPermission($item_prefix.'.MODIFY', 0, $category_id);
				}
			}
			
			$perm_status = false;
			$check_perms = $this->getPermissionByEvent($event, $event_perm_mapping);
			
			if ($check_perms === true) {
				// event is defined in mapping but is not checked by permissions
				return true;
			}
			
			foreach ($check_perms as $perm_name) {
				// check if at least one of required permissions is set
				if (!isset($perm_mapping[$perm_name])) {
					// not mapped permission (e.g. advanced:approve) -> skip
					continue;
				}
				$perm_name = $item_prefix.'.'.$perm_mapping[$perm_name];
				echo 'event_name: '.$event->Name.'; permission: '.$perm_name.'<br />';
				$perm_status = $this->Application->CheckPermission($perm_name, 0, $category_id);
				
				if ($perm_status) {
					return $perm_status;
				}
			}
			
			if (!$perm_status) {
				$event->SetRedirectParam('index_file', 'index.php');	// because called from browse.php
				if ($this->Application->isDebugMode()) {
					// for debugging purposes
					$event->SetRedirectParam('section', $event->getSection());
					$event->SetRedirectParam('main_prefix', $top_prefix);
					$event->SetRedirectParam('event_name', $event->Name);
					$event->SetRedirectParam('next_template', $this->Application->GetVar('t'));
				}
				$event->status = erPERM_FAIL;
			}
			return $perm_status;
		}
	}

?>