/*
 * Copyright (C) 2005-2010 Alfresco Software Limited.
 *
 * This file is part of Alfresco
 *
 * Alfresco is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * Alfresco is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with Alfresco. If not, see .
 */
package org.alfresco.repo.avm.locking;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.model.WCMAppModel;
import org.alfresco.repo.domain.avm.AVMLockDAO;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.service.cmr.attributes.AttributeService;
import org.alfresco.service.cmr.attributes.DuplicateAttributeException;
import org.alfresco.service.cmr.avm.AVMBadArgumentException;
import org.alfresco.service.cmr.avm.locking.AVMLockingException;
import org.alfresco.service.cmr.avm.locking.AVMLockingService;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.search.ResultSet;
import org.alfresco.service.cmr.search.SearchService;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.util.ParameterCheck;
import org.alfresco.wcm.util.WCMUtil;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
/**
 * Implementation of the lock service.
 * 
 * @author Derek Hulley, janv
 */
public class AVMLockingServiceImpl implements AVMLockingService
{
    public static final String KEY_AVM_LOCKS = ".avm_locks";
    public static final String KEY_LOCK_OWNER = "lock-owner";
    private static final String ROLE_CONTENT_MANAGER = "ContentManager";
    private static final Log logger = LogFactory.getLog(AVMLockingServiceImpl.class);
    private String webProjectStore;
    private SearchService searchService;
    private AttributeService attributeService;
    private AuthorityService authorityService;
    private PersonService personService;
    private NodeService nodeService;
    
    private AVMLockDAO avmLockDAO;
    /**
     * @param webProjectStore The webProjectStore to set
     */
    public void setWebProjectStore(String webProjectStore)
    {
        this.webProjectStore = webProjectStore;
    }
    /**
     * @param attributeService                  the service to persist attributes
     */
    public void setAttributeService(AttributeService attributeService)
    {
        this.attributeService = attributeService;
    }
    /**
     * @param authorityService                  the service to check validity of usernames
     */
    public void setAuthorityService(AuthorityService authorityService)
    {
        this.authorityService = authorityService;
    }
    /**
     * @param personService                     checks validity of person names
     */
    public void setPersonService(PersonService personService)
    {
        this.personService = personService;
    }
    
    public void setSearchService(SearchService searchService)
    {
        this.searchService = searchService;
    }
    
    public void setNodeService(NodeService nodeService)
    {
        this.nodeService = nodeService;
    }
    
    public void setAvmLockDAO(AVMLockDAO avmLockDAO)
    {
        this.avmLockDAO = avmLockDAO;
    }
    
    /**
     * Appends the lock owner to the lock data.
     */
    private HashMap createLockAttributes(String lockOwner, Map lockData)
    {
        HashMap lockAttributes = new HashMap(lockData);
        lockAttributes.put(KEY_LOCK_OWNER, lockOwner);
        return lockAttributes;
    }
    /**
     * {@inheritDoc}
     */
    public void lock(String avmStore, String path, String lockOwner, Map lockData)
    {
        ParameterCheck.mandatoryString("avmStore", avmStore);
        ParameterCheck.mandatoryString("path", path);
        ParameterCheck.mandatoryString("lockOwner", lockOwner);
        path = AVMLockingServiceImpl.normalizePath(path);
        
        if (!authorityService.authorityExists(lockOwner) &&
            !personService.personExists(lockOwner))
        {
            throw new AVMBadArgumentException("Not an Authority: " + lockOwner);
        }
        
        LockState lockState = getLockState(avmStore, path, lockOwner);
        switch (lockState)
        {
        case LOCK_NOT_OWNER:
            throw new AVMLockingException("avmlockservice.locked", path, lockOwner);
        case NO_LOCK:
            // Lock it, assuming that the lock doesn't exist (concurrency-safe).
            try
            {
                HashMap lockAttributes = createLockAttributes(lockOwner, lockData);
                attributeService.createAttribute(
                        lockAttributes,
                        KEY_AVM_LOCKS, avmStore, path);
            }
            catch (DuplicateAttributeException e)
            {
                String currentLockOwner = getLockOwner(avmStore, path);
                // Should trigger a retry, hence we pass the exception out
                throw new AVMLockingException(e, "avmlockservice.locked", path, currentLockOwner);
            }
            break;
        case LOCK_OWNER:
            // Nothing to do
            break;
        }
    }
    /**
     * {@inheritDoc}
     */
    public boolean modifyLock(
            String avmStore, String path, String lockOwner,
            String newAvmStore, String newPath,
            Map lockData)
    {
        ParameterCheck.mandatoryString("avmStore", avmStore);
        ParameterCheck.mandatoryString("path", path);
        ParameterCheck.mandatoryString("lockOwner", lockOwner);
        ParameterCheck.mandatoryString("newAvmStore", newAvmStore);
        ParameterCheck.mandatoryString("newPath", newPath);
        path = AVMLockingServiceImpl.normalizePath(path);
        newPath = AVMLockingServiceImpl.normalizePath(newPath);
        LockState currentLockState = getLockState(avmStore, path, lockOwner);
        switch (currentLockState)
        {
        case LOCK_NOT_OWNER:
        case LOCK_OWNER:
            // Remove the lock first
            attributeService.removeAttribute(KEY_AVM_LOCKS, avmStore, path);
            HashMap lockAttributes = createLockAttributes(lockOwner, lockData);
            attributeService.setAttribute(
                    lockAttributes,
                    KEY_AVM_LOCKS, newAvmStore, newPath);
            return true;
        case NO_LOCK:
            // Do nothing
            return false;
        default:
            throw new IllegalStateException("Unexpected enum constant");
        }
    }
    /**
     * {@inheritDoc}
     */
    public String getLockOwner(String avmStore, String path)
    {
        ParameterCheck.mandatoryString("path", path);
        path = AVMLockingServiceImpl.normalizePath(path);
        Map lockAttributes = getLockData(avmStore, path);
        if (lockAttributes == null)
        {
            return null;
        }
        else if (!lockAttributes.containsKey(KEY_LOCK_OWNER))
        {
            logger.warn("AVM lock does not have a lock owner: " + avmStore + "-" + path);
            return null;
        }
        return lockAttributes.get(KEY_LOCK_OWNER);
    }
    /**
     * {@inheritDoc}
     */
    @SuppressWarnings("unchecked")
    public Map getLockData(String avmStore, String path)
    {
        ParameterCheck.mandatoryString("avmStore", avmStore);
        ParameterCheck.mandatoryString("path", path);
        path = AVMLockingServiceImpl.normalizePath(path);
        Map lockAttributes = (Map) attributeService.getAttribute(
                KEY_AVM_LOCKS, avmStore, path);
        return lockAttributes;
    }
    /**
     * {@inheritDoc}
     */
    public LockState getLockState(String avmStore, String path, String lockOwner)
    {
        ParameterCheck.mandatoryString("avmStore", avmStore);
        ParameterCheck.mandatoryString("lockOwner", lockOwner);
        path = AVMLockingServiceImpl.normalizePath(path);
        
        String currentLockOwner = getLockOwner(avmStore, path);
        if (currentLockOwner == null)
        {
            return LockState.NO_LOCK;
        }
        else if (currentLockOwner.equals(lockOwner))
        {
            return LockState.LOCK_OWNER;
        }
        else
        {
            return LockState.LOCK_NOT_OWNER;
        }
    }
    /**
     * {@inheritDoc}
     */
    public void removeLock(String avmStore, String path)
    {
        ParameterCheck.mandatoryString("avmStore", avmStore);
        ParameterCheck.mandatoryString("path", path);
        path = AVMLockingServiceImpl.normalizePath(path);
        attributeService.removeAttribute(KEY_AVM_LOCKS, avmStore, path);
    }
    /**
     * {@inheritDoc}
     */
    public void removeLocks(String avmStore)
    {
        ParameterCheck.mandatoryString("avmStore", avmStore);
        
        attributeService.removeAttributes(KEY_AVM_LOCKS, avmStore);
    }
    
    /**
     * {@inheritDoc}
     */
    public void removeLocks(String avmStore, String dirPath, final Map lockDataToMatch)
    {
        ParameterCheck.mandatoryString("avmStore", avmStore);
        ParameterCheck.mandatory("lockDataToMatch", lockDataToMatch);
        
        final String dirPathStart;
        if (dirPath == null)
        {
            dirPathStart = null;
        }
        else
        {
            dirPath = normalizePath(dirPath);
            if (! dirPath.endsWith("/"))
            {
                dirPath = dirPath + '/';
            }
            
            dirPathStart = dirPath;
        }
        
        // optimised to delete with single DB query
        avmLockDAO.removeLocks(avmStore, dirPathStart, lockDataToMatch);
    }
    /**
     * {@inheritDoc}
     */
    public void removeLocks(String avmStore, final Map lockDataToMatch)
    {
        removeLocks(avmStore, null, lockDataToMatch);
    }
    /**
     * {@inheritDoc}
     */
    public boolean hasAccess(String webProject, String avmPath, String lockOwner)
    {
        if (personService.getPerson(lockOwner) == null && !authorityService.authorityExists(lockOwner))
        {
            return false;
        }
        if (authorityService.isAdminAuthority(lockOwner))
        {
            return true;
        }
        StoreRef storeRef = new StoreRef(this.webProjectStore);
        ResultSet results = searchService.query(
                storeRef,
                SearchService.LANGUAGE_LUCENE,
                "@wca\\:avmstore:\"" + webProject + '"');
        try
        {
            if (results.getNodeRefs().size() == 1)
            {
                return hasAccess(webProject, results.getNodeRefs().get(0), avmPath, lockOwner);
            }
            return false;
        }
        finally
        {
            results.close();
        }
    }
    /**
     * {@inheritDoc}
     */
    public boolean hasAccess(NodeRef webProjectRef, String avmPath, String lockOwner)
    {
        if (personService.getPerson(lockOwner) == null &&
            !authorityService.authorityExists(lockOwner))
        {
            return false;
        }
        if (authorityService.isAdminAuthority(lockOwner))
        {
            return true;
        }
        String webProject = (String)nodeService.getProperty(webProjectRef, WCMAppModel.PROP_AVMSTORE);
        return hasAccess(webProject, webProjectRef, avmPath, lockOwner);
    }
    private boolean hasAccess(String webProject, NodeRef webProjectRef, String avmPath, String lockOwner)
    {
        String[] storePath = avmPath.split(":");
        if (storePath.length != 2)
        {
            throw new AVMBadArgumentException("Malformed AVM Path : " + avmPath);
        }
        
        if (logger.isDebugEnabled())
           logger.debug(
                   "Testing lock access on path: " + avmPath +
                   " for user: " + lockOwner + " in webproject: " + webProject);
        
        // check if a lock exists at all for this path in the specified webproject id
        String path = normalizePath(storePath[1]);
        
        Map lockData = getLockData(webProject, path);
        
        if (lockData == null)
        {
            if (logger.isDebugEnabled())
                logger.debug(" GRANTED: No lock found.");
            return true;
        }
        
        String currentLockOwner = lockData.get(KEY_LOCK_OWNER);
        String currentLockStore = lockData.get(WCMUtil.LOCK_KEY_STORE_NAME);
        
        
        // locks are ignored in a workflow store
        if (storePath[0].contains("--workflow"))
        {
            if (logger.isDebugEnabled())
                logger.debug(" GRANTED: Workflow store path.");
            return true;
        }
        
        // locks are specific to a store - no access if the stores are different
        if (! ((currentLockStore != null) && (currentLockStore.equals(storePath[0]))))
        {
            if (logger.isDebugEnabled())
                logger.debug(" DENIED: Store on path and lock (" + currentLockStore + ") do not match.");
            return false;
        }
        
        // check for content manager role - we allow access to all managers within the same store
        // TODO as part of WCM refactor, consolidate with WebProject.getWebProjectUserRole
        StringBuilder query = new StringBuilder(128);
        query.append("+PARENT:\"").append(webProjectRef).append("\" ");
        query.append("+TYPE:\"").append(WCMAppModel.TYPE_WEBUSER).append("\" ");
        query.append("+@").append(NamespaceService.WCMAPP_MODEL_PREFIX).append("\\:username:\"");
        query.append(lockOwner);
        query.append("\"");
        ResultSet resultSet = searchService.query(
                new StoreRef(this.webProjectStore),
                SearchService.LANGUAGE_LUCENE,
                query.toString());
        List nodes = resultSet.getNodeRefs();
        resultSet.close();
        
        if (nodes.size() == 1)
        {
            String userrole = (String)nodeService.getProperty(nodes.get(0), WCMAppModel.PROP_WEBUSERROLE);
            if (ROLE_CONTENT_MANAGER.equals(userrole))
            {
                if (logger.isDebugEnabled())
                {
                    logger.debug("GRANTED: Store match and user is ContentManager role in webproject.");
                }
                return true;
            }
        }
        else if (nodes.size() == 0)
        {
        	logger.warn("hasAccess: user role not found for " + lockOwner);
        }
        else
        {
            logger.warn("hasAccess: more than one user role found for " + lockOwner);
        }
        
        // finally check the owner of the lock against the specified authority
        if (AuthorityType.getAuthorityType(currentLockOwner) == AuthorityType.EVERYONE)
        {
            if (logger.isDebugEnabled())
                logger.debug(" GRANTED: Authority EVERYONE matched lock owner.");
            return true;
        }
        
        if (checkAgainstAuthority(lockOwner, currentLockOwner))
        {
            if (logger.isDebugEnabled())
                logger.debug(" GRANTED: User matched as lock owner.");
            return true;
        }
        
        if (logger.isDebugEnabled())
            logger.debug(" DENIED: User did not match as lock owner.");
        return false;
    }
    /**
     * Helper function that checks the transitive closure of authorities for user.
     */
    private boolean checkAgainstAuthority(String user, String authority)
    {
        if (user.equalsIgnoreCase(authority))
        {
            return true;
        }
        Set containing = authorityService.getContainingAuthorities(null, user, false);
        for (String parent : containing)
        {
            if (parent.equalsIgnoreCase(authority))
            {
                return true;
            }
        }
        return false;
    }
    
    /**
     * Utility to get relative paths into canonical lock form
     * 
     * - remove first forward slash
     * - multiple forward slashes collapsed into single foward slash
     * 
     * @param path The incoming path.
     * @return The normalized path.
     */
    public static String normalizePath(String path)
    {
        path = path.toLowerCase(); // note: enables optimised removal of locks (based on path dir start)
        
        while (path.startsWith("/"))
        {
            path = path.substring(1);
        }
        while (path.endsWith("/"))
        {
            path = path.substring(0, path.length() - 1);
        }
        return path.replaceAll("/+", "/");
    }
}