<?php
/**
 * 
 * Part of Core..
 * 
 */
require_once 'Pman.php';

class Pman_Admin_GroupRights extends Pman
{
    function getAuth() {
        parent::getAuth(); // load company!
        $au = $this->getAuthUser();
        if (!$au) {
            $this->jerror("LOGIN-NOAUTH", "Not authenticated", array('authFailure' => true));
        }
        
        if ($au->company()->comptype !='OWNER') {
            $this->jerr("Error", "only company owners can manage groups");
        }
        
        $this->authUser = $au;
        return true;
    }
    
    // perms - any table that can be modified by the user should be listed here..
    // without it, our perms manager should deny writing via the web interface...
    
    // FOR PERMS - SEE THE DATAOBJECT!
    
    function get($v, $opts = Array())
    {
        // must recieve a group..
        if (!isset($_GET['group_id']) || (int)$_GET['group_id'] < 0) {
            $this->jerr("NO GROUP");
        }
        
        if (!$this->checkPerm('E')) { // editing groups..
            $this->jerr("PERMISSION DENIED");
        }
        
        $g = DB_DataObject::Factory('core_group');
        if (!$g->get($_GET['group_id'])) {
            $this->jerr("group is invalid");
        }
        //print_r($g);
         //   DB_DataObject::debugLevel(1);
        $p = DB_DataObject::factory('core_group_right');
        $p->group_id = (int)$_GET['group_id'];
        $p->find();
        $cur = array();
    
        while ($p->fetch()) {
            $cur[$p->rightname] = clone($p);
        }
        
//        print_r($cur);exit;
        
        $e = -1;
        $ar = array();
        // echo "<PRE>"; print_r($p->defaultPermData() );
        foreach($p->defaultPermData() as $k => $defdata) {
            
            if (empty($defdata[0])) { // no admin data available..
                continue;
            }
            if (!isset($cur[$k])) {
                // then there is no current access right for it..
                //DB_DataObject::debugLevel(1);
                $gr = DB_DataObject::factory('core_group_right');
                $gr->group_id = (int)$_GET['group_id'];
                $gr->rightname = $k;
                $gr->accessmask = $g->type == 2 ? '' : $defdata[1]; // set to defaults.. unless it's a contact group.
                $gr->insert();
                $cur[$k] = clone($gr);
            }
            
            $short = explode('.',$k);
            $ar[] = array(
                'id' => $cur[$k]->id * 1, //
                'rightname' => $k,
                'descript' => isset($defdata[2]) ? $defdata[2] : '' ,
                'accessmask' => $cur[$k]->accessmask,
                'FullMask' => $defdata[0],
                'group_id' => (int)$_GET['group_id'],
                'shortname' => $short[0]
            );
                
        }
        
        if (isset($_GET['_sort'])) {
            foreach ($ar as $key => $row) {
                $shortname[$key]  = $row['shortname'];
                $descript[$key] = $row['descript'];
            }

            array_multisort($shortname, SORT_ASC, $descript, SORT_ASC, $ar);        
        }
        
        $this->jdata($ar);
        
         
    }
    
    
    // post.. 
    function post($v)
    {
        if (!isset($_POST['group_id']) || (int)$_POST['group_id'] < 0) {
            $this->jerr("NO GROUP");
        }
        
        if (!$this->checkPerm('E')) { // editing groups..
            $this->jerr("PERMISSION DENIED");
        }
        
        // add or update..
        if (!empty($_POST['dataUpdate'])) {
            foreach($_POST['dataUpdate'] as $id => $ac) {
                $id  = (int)$id;
                $p = DB_DataObject::factory('core_group_right');
                $p->group_id = (int)$_POST['group_id'];
                if (!$p->get($id)) {
                    $this->jerr("could not find gid:{$p->group_id} and $id");
                    continue; // errro cond.
                }
                $po = clone($p);
                $p->accessmask = $ac;
                $p->validate(); // ensure that the basic perms can not be removed
                $p->update($po);
            }
        }
        if (!empty($_POST['dataAdd'])) {
            foreach($_POST['dataAdd'] as $perm => $ac) {
                $p = DB_DataObject::factory('core_group_right');
                $p->group_id = (int)$_POST['group_id'];
                $p->rightname = $perm;
                $p->accessmask = $ac;
                $p->validate(); // ensure that the basic perms can not be removed
                $p->insert();
            }
        }
        $this->jok("done");
        
        
        
    }
    
    function checkPerm($lvl)
    {
        return $this->hasPerm('Core.Groups', $lvl);
    }
    
}