/*
 * Copyright (C) 2005-2013 Alfresco Software Limited.
 *
 * This file is part of Alfresco
 *
 * Alfresco is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * Alfresco is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with Alfresco. If not, see .
 */
package org.alfresco.repo.domain.permissions;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.repo.cache.SimpleCache;
import org.alfresco.repo.cache.TransactionalCache;
import org.alfresco.repo.cache.lookup.EntityLookupCache;
import org.alfresco.repo.cache.lookup.EntityLookupCache.EntityLookupCallbackDAO;
import org.alfresco.repo.domain.CrcHelper;
import org.alfresco.repo.domain.qname.QNameDAO;
import org.alfresco.repo.security.permissions.ACEType;
import org.alfresco.repo.security.permissions.PermissionReference;
import org.alfresco.repo.security.permissions.impl.SimplePermissionReference;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.namespace.QName;
import org.alfresco.util.Pair;
import org.springframework.dao.ConcurrencyFailureException;
import org.springframework.extensions.surf.util.ParameterCheck;
/**
 * Abstract implementation for ACL crud DAO.
 * 
 * This provides basic services such as caching, but defers to the underlying implementation
 * for CRUD operations for:
 * 
 *     alf_access_control_list
 *     alf_acl_member
 *     alf_acl_change_set
 *     alf_access_control_entry
 *     alf_permission
 *     alf_authority
 *     
 * Also, following are currently unused:
 *     
 *     alf_ace_context
 *     alf_authority_alias
 *     
 *     
 * 
 * @author janv
 * @since 3.4
 */
public abstract class AbstractAclCrudDAOImpl implements AclCrudDAO
{
    private static final String CACHE_REGION_ACL = "Acl";
    private static final String CACHE_REGION_AUTHORITY = "Authority";
    private static final String CACHE_REGION_PERMISSION = "Permission";
    
    private final AclEntityCallbackDAO aclEntityDaoCallback;
    private final AuthorityEntityCallbackDAO authorityEntityDaoCallback;
    private final PermissionEntityCallbackDAO permissionEntityDaoCallback;
    
    private QNameDAO qnameDAO;
    private static int batchSize = 500;
    
    public void setQnameDAO(QNameDAO qnameDAO)
    {
        this.qnameDAO = qnameDAO;
    }
    
    public void setBatchSize(int batchSizeOverride)
    {
        batchSize = batchSizeOverride;
    }
    
    /**
     * Cache for the ACL entity:
     * KEY: ID (ACL)
     * VALUE: AclEntity
     * VALUE KEY: None
     */
    private EntityLookupCache aclEntityCache;
    
    /**
     * Backing transactional cache to allow read-through requests to be honoured
     */
    private TransactionalCache aclEntityTransactionalCache;
    
    
    /**
     * Cache for the Authority entity:
     * KEY: ID (Authority)
     * VALUE: AuthorityEntity
     * VALUE KEY: Name
     */
    private EntityLookupCache authorityEntityCache;
    
    /**
     * Cache for the Permission entity:
     * KEY: ID (Permission)
     * VALUE: PermissionEntity
     * VALUE KEY: PermissionEntity (compound key: qnameId + name)
     */
    private EntityLookupCache permissionEntityCache;
    
    /**
     * Set the cache to use for alf_access_control_list lookups (optional).
     * 
     * @param aclEntityCache            the cache of IDs to AclEntities
     */
    public void setAclEntityCache(TransactionalCache aclEntityCache)
    {
        this.aclEntityCache = new EntityLookupCache(
                aclEntityCache,
                CACHE_REGION_ACL,
                aclEntityDaoCallback);
        this.aclEntityTransactionalCache = aclEntityCache;
    }
    
    /**
     * Set the cache to use for alf_authority lookups (optional).
     * 
     * @param authorityEntityCache      the cache of IDs to AclEntities
     */
    public void setAuthorityEntityCache(SimpleCache authorityEntityCache)
    {
        this.authorityEntityCache = new EntityLookupCache(
                authorityEntityCache,
                CACHE_REGION_AUTHORITY,
                authorityEntityDaoCallback);
    }
    
    /**
     * Set the cache to use for alf_permission lookups (optional).
     * 
     * @param permissionEntityCache     the cache of IDs to PermissionEntities
     */
    public void setPermissionEntityCache(SimpleCache permissionEntityCache)
    {
        this.permissionEntityCache = new EntityLookupCache(
                permissionEntityCache,
                CACHE_REGION_PERMISSION,
                permissionEntityDaoCallback);
    }
    
    
    /**
     * Default constructor.
     * 
     * This sets up the DAO accessors to bypass any caching to handle the case where the caches are not
     * supplied in the setters.
     */
    public AbstractAclCrudDAOImpl()
    {
        this.aclEntityDaoCallback = new AclEntityCallbackDAO();
        this.aclEntityCache = new EntityLookupCache(aclEntityDaoCallback);
        
        this.authorityEntityDaoCallback = new AuthorityEntityCallbackDAO();
        this.authorityEntityCache = new EntityLookupCache(authorityEntityDaoCallback);
        
        this.permissionEntityDaoCallback = new PermissionEntityCallbackDAO();
        this.permissionEntityCache = new EntityLookupCache(permissionEntityDaoCallback);
    }
    
    //
    // Access Control List (ACL)
    //
    
    public AclEntity createAcl(AclEntity entity)
    {
        ParameterCheck.mandatory("entity", entity);
        
        ParameterCheck.mandatory("entity.aclId", entity.getAclId());
        ParameterCheck.mandatory("entity.aclVersion", entity.getAclVersion());
        
        entity.setVersion(0L);
        
        Pair entityPair = aclEntityCache.getOrCreateByValue(entity);
        return entityPair.getSecond();
    }
    
    public Acl getAcl(Long id)
    {
        return getAclImpl(id);
    }
    
    private AclEntity getAclImpl(Long id)
    {
        if (id == null)
        {
            return null;
        }
        Pair entityPair = aclEntityCache.getByKey(id);
        if (entityPair == null)
        {
            return null;
        }
        return entityPair.getSecond();
    }
    
    @Override
    public void setCheckAclConsistency()
    {
        aclEntityTransactionalCache.setDisableSharedCacheReadForTransaction(true);
    }
    public AclUpdateEntity getAclForUpdate(long id)
    {
        AclEntity acl = getAclImpl(id);
        if (acl == null)
        {
            return null;
        }
        
        // copy for update
        AclUpdateEntity aclEntity = new AclUpdateEntity();
        aclEntity.setId(acl.getId());
        aclEntity.setVersion(acl.getVersion());
        aclEntity.setAclChangeSetId(acl.getAclChangeSetId());
        aclEntity.setAclId(acl.getAclId());
        aclEntity.setAclType(acl.getAclType());
        aclEntity.setAclVersion(acl.getAclVersion());
        aclEntity.setInheritedAcl(acl.getInheritedAcl());
        aclEntity.setInherits(acl.getInherits());
        aclEntity.setInheritsFrom(acl.getInheritsFrom());
        aclEntity.setLatest(acl.isLatest());
        aclEntity.setVersioned(acl.isVersioned());
        aclEntity.setRequiresVersion(acl.getRequiresVersion());
        
        return aclEntity;
    }
    
    public List getAclsThatInheritFromAcl(long aclEntityId)
    {
        // not cached
        return getAclEntitiesThatInheritFromAcl(aclEntityId);
    }
    
    public Long getLatestAclByGuid(String aclGuid)
    {
        // not cached
        return getLatestAclEntityByGuid(aclGuid);
    }
    
    public List getADMNodesByAcl(long aclEntityId, int maxResults)
    {
        return getADMNodeEntityIdsByAcl(aclEntityId, maxResults);
    }
    
    public void updateAcl(AclUpdateEntity entity)
    {
        ParameterCheck.mandatory("entity", entity);
        ParameterCheck.mandatory("entity.id", entity.getId());
        ParameterCheck.mandatory("entity.aclVersion", entity.getAclVersion());
        ParameterCheck.mandatory("entity.version", entity.getVersion());
        
        int updated = aclEntityCache.updateValue(entity.getId(), entity);
        if (updated < 1)
        {
            aclEntityCache.removeByKey(entity.getId());
            throw new ConcurrencyFailureException("AclEntity with ID (" + entity.getId() + ") no longer exists or has been updated concurrently");
        }
    }
    
    public void deleteAcl(long id)
    {
        Pair entityPair = aclEntityCache.getByKey(id);
        if (entityPair == null)
        {
            return;
        }
        
        int deleted = aclEntityCache.deleteByKey(id);
        if (deleted < 1)
        {
            aclEntityCache.removeByKey(id);
            throw new ConcurrencyFailureException("AclEntity with ID " + id + " no longer exists");
        }
    }
    
    /**
     * Callback for alf_access_control_list DAO
     */
    private class AclEntityCallbackDAO implements EntityLookupCallbackDAO
    {
        private final Pair convertEntityToPair(AclEntity entity)
        {
            if (entity == null)
            {
                return null;
            }
            else
            {
                return new Pair(entity.getId(), entity);
            }
        }
        
        public Serializable getValueKey(AclEntity value)
        {
            return null;
        }
        
        public Pair createValue(AclEntity value)
        {
            AclEntity entity = createAclEntity(value);
            return convertEntityToPair(entity);
        }
        
        public Pair findByKey(Long key)
        {
            AclEntity entity = getAclEntity(key);
            return convertEntityToPair(entity);
        }
        
        public Pair findByValue(AclEntity value)
        {
            if ((value != null) && (value.getId() != null))
            {
                return findByKey(value.getId());
            }
            return null;
        }
        
        public int updateValue(Long key, AclEntity value)
        {
            return updateAclEntity(value);
        }
        
        public int deleteByKey(Long key)
        {
            return deleteAclEntity(key);
        }
        
        public int deleteByValue(AclEntity value)
        {
            throw new UnsupportedOperationException("deleteByValue");
        }
    }
    
    protected abstract AclEntity createAclEntity(AclEntity entity);
    protected abstract AclEntity getAclEntity(long id);
    protected abstract List getAclEntitiesThatInheritFromAcl(long idOfAcl);
    protected abstract Long getLatestAclEntityByGuid(String aclGuid);
    protected abstract int updateAclEntity(AclEntity entity);
    protected abstract int updateAceEntity(AceEntity updatedAceEntity);
    protected abstract int deleteAclEntity(long id);
    
    protected abstract List getADMNodeEntityIdsByAcl(long aclEntityId, int maxResults);
    
    //
    // ACL Member
    //
    
    public void addAclMembersToAcl(long aclId, List aceIds, int depth)
    {
        ParameterCheck.mandatory("aceIds", aceIds);
        
        List newMembers = new ArrayList(aceIds.size());
        
        for (Long aceId : aceIds)
        {
            AclMemberEntity newMember = new AclMemberEntity();
            newMember.setAclId(aclId);
            newMember.setAceId(aceId);
            newMember.setPos(depth);
            
            AclMemberEntity result = createAclMemberEntity(newMember);
            newMembers.add(result);
        }
    }
    
    public void addAclMembersToAcl(long aclId, List> aceIdsWithDepths)
    {
        ParameterCheck.mandatory("aceIdsWithDepths", aceIdsWithDepths);
        
        List newMembers = new ArrayList(aceIdsWithDepths.size());
        
        for (Pair aceIdWithDepth : aceIdsWithDepths)
        {
            AclMemberEntity newMember = new AclMemberEntity();
            newMember.setAclId(aclId);
            newMember.setAceId(aceIdWithDepth.getFirst());
            newMember.setPos(aceIdWithDepth.getSecond());
            
            AclMemberEntity result = createAclMemberEntity(newMember);
            newMembers.add(result);
        }
    }
    
    public List getAclMembersByAcl(long idOfAcl)
    {
        List entities = getAclMemberEntitiesByAcl(idOfAcl);
        List result = new ArrayList(entities.size());
        result.addAll(entities);
        return result;
    }
    
    public List getAclMembersByAclForUpdate(long idOfAcl)
    {
        List members = getAclMemberEntitiesByAcl(idOfAcl);
        List membersForUpdate = new ArrayList(members.size());
        for (AclMemberEntity member : members)
        {
            AclMemberEntity newMember = new AclMemberEntity();
            newMember.setId(member.getId());
            newMember.setVersion(member.getVersion());
            newMember.setAceId(member.getAceId());
            newMember.setAclId(member.getAclId());
            newMember.setPos(member.getPos());
            membersForUpdate.add(newMember);
        }
        return membersForUpdate;
    }
    
    public List getAclMembersByAuthority(String authorityName)
    {
        List entities = getAclMemberEntitiesByAuthority(authorityName);
        List result = new ArrayList(entities.size());
        result.addAll(entities);
        return result;
    }
    
    public void updateAclMember(AclMemberEntity entity)
    {
        ParameterCheck.mandatory("entity", entity);
        ParameterCheck.mandatory("entity.id", entity.getId());
        ParameterCheck.mandatory("entity.version", entity.getVersion());
        ParameterCheck.mandatory("entity.aceId", entity.getAceId());
        ParameterCheck.mandatory("entity.aclId", entity.getAclId());
        ParameterCheck.mandatory("entity.pos", entity.getPos());
        
        int updated = updateAclMemberEntity(entity);
        
        if (updated < 1)
        {
            aclEntityCache.removeByKey(entity.getId());
            throw new ConcurrencyFailureException("AclMemberEntity with ID (" + entity.getId() + ") no longer exists or has been updated concurrently");
        }
    }
    
    public int deleteAclMembers(List aclMemberIds)
    {
        int totalDeletedCount = 0;
        
        if (aclMemberIds.size() == 0)
        {
            return 0;
        }
        else if (aclMemberIds.size() <=  batchSize)
        {
            totalDeletedCount = deleteAclMemberEntities(aclMemberIds);
        }
        else
        {
            Iterator idIterator = aclMemberIds.iterator();
            List batchIds = new ArrayList(batchSize);
            
            while (idIterator.hasNext())
            {
                Long id = idIterator.next();
                batchIds.add(id);
                
                if (batchIds.size() == batchSize || (! idIterator.hasNext()))
                {
                    int batchDeletedCount = deleteAclMemberEntities(batchIds);
                    
                    totalDeletedCount = totalDeletedCount + batchDeletedCount;
                    batchIds.clear();
                }
            }
        }
        
        // TODO manually update the cache
        
        return totalDeletedCount;
    }
    
    public int deleteAclMembersByAcl(long idOfAcl)
    {
        return deleteAclMemberEntitiesByAcl(idOfAcl);
    }
    
    protected abstract AclMemberEntity createAclMemberEntity(AclMemberEntity entity);
    protected abstract List getAclMemberEntitiesByAcl(long idOfAcl);
    protected abstract List getAclMemberEntitiesByAuthority(String authorityName);
    protected abstract int updateAclMemberEntity(AclMemberEntity entity);
    protected abstract int deleteAclMemberEntities(List aclMemberIds);
    protected abstract int deleteAclMemberEntitiesByAcl(long idOfAcl);
    protected abstract AclMemberEntity getAclMemberEntity(long aclId, long aceId, int pos);
    
    //
    // ACL Change Set
    //
    
    public Long createAclChangeSet()
    {
        return createAclChangeSetEntity();
    }
    
    @Override
    public void updateAclChangeSet(Long aclChangeSetEntityId, long commitTimeMs)
    {
        int updated = updateChangeSetEntity(aclChangeSetEntityId, commitTimeMs);
        if (updated != 1)
        {
            throw new ConcurrencyFailureException("Update by ID should delete exactly 1: " + aclChangeSetEntityId);
        }
    }
    public AclChangeSetEntity getAclChangeSet(Long changeSetId)
    {
        return getAclChangeSetEntity(changeSetId);
    }
    
    public void deleteAclChangeSet(Long changeSetId)
    {
        int deleted = deleteAclChangeSetEntity(changeSetId);
        if (deleted != 1)
        {
            aclEntityCache.removeByKey(changeSetId);
            throw new ConcurrencyFailureException("Deleted by ID should delete exactly 1: " + changeSetId);
        }
    }
    
    protected abstract Long createAclChangeSetEntity();
    protected abstract AclChangeSetEntity getAclChangeSetEntity(Long changeSetId);
    protected abstract int deleteAclChangeSetEntity(Long id);
    protected abstract int updateChangeSetEntity(Long id, long commitTimeMs);
    
    //
    // Access Control Entry (ACE)
    //
    
    public Ace createAce(Permission permission, Authority authority, ACEType type, AccessStatus accessStatus)
    {
        ParameterCheck.mandatory("permission", permission);
        ParameterCheck.mandatory("authority", authority);
        ParameterCheck.mandatory("type", type);
        ParameterCheck.mandatory("accessStatus", accessStatus);
        
        AceEntity entity = new AceEntity();
        
        entity.setApplies(type.getId()); // note: 'applies' stores the ACE type
        entity.setAllowed((accessStatus == AccessStatus.ALLOWED) ? true : false);
        entity.setAuthorityId(authority.getId());
        entity.setPermissionId(permission.getId());
        
        long aceId = createAceEntity(entity);
        
        entity.setVersion(0L);
        entity.setId(aceId);
        
        return entity;
    }
    
    public Ace getAce(Permission permission, Authority authority, ACEType type, AccessStatus accessStatus)
    {
        ParameterCheck.mandatory("permission", permission);
        ParameterCheck.mandatory("authority", authority);
        ParameterCheck.mandatory("type", type);
        ParameterCheck.mandatory("accessStatus", accessStatus);
        
        return getAceEntity(permission.getId(),
                            authority.getId(),
                            ((accessStatus == AccessStatus.ALLOWED) ? true : false), 
                            type);
    }
    
    public Ace getAce(long aceEntityId)
    {
        return getAceEntity(aceEntityId);
    }
    
    public Ace getOrCreateAce(Permission permission, Authority authority, ACEType type, AccessStatus accessStatus)
    {
        Ace entity = getAce(permission, authority, type, accessStatus);
        if (entity == null)
        {
            entity = createAce(permission, authority, type, accessStatus);
        }
        return entity;
    }
    
    public List getAcesByAuthority(long authorityId)
    {
        return (List)getAceEntitiesByAuthority(authorityId);
    }
    
    public List