<?php
/*
	FusionPBX
	Version: MPL 1.1

	The contents of this file are subject to the Mozilla Public License Version
	1.1 (the "License"); you may not use this file except in compliance with
	the License. You may obtain a copy of the License at
	http://www.mozilla.org/MPL/

	Software distributed under the License is distributed on an "AS IS" basis,
	WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
	for the specific language governing rights and limitations under the
	License.

	The Original Code is FusionPBX

	The Initial Developer of the Original Code is
	Mark J Crane <markjcrane@fusionpbx.com>
	Copyright (C) 2016	All Rights Reserved.
*/

/**
 * permission class
 *
 * @method string add
 * @method string delete
 * @method string exists
 */
if (!class_exists('permissions')) {
	class permissions {

		/**
		 * Add the permission
		 * @var string $permission
		 */
		public function add($permission, $type) {
			//add the permission if it is not in array
			if (!$this->exists($permission)) {
				$_SESSION["permissions"][$permission] = $type;
			}
		}

		/**
		 * Remove the permission
		 * @var string $permission
		 */
		public function delete($permission, $type) {
			if ($this->exists($permission)) {
				if ($type === "temp") {
					if ($_SESSION["permissions"][$permission] === "temp") {
						unset($_SESSION["permissions"][$permission]);
					}
				}
				else {
					if ($_SESSION["permissions"][$permission] !== "temp") {
						unset($_SESSION["permissions"][$permission]);
					}
				}
			}
		}

		/**
		 * Check to see if the permission exists
		 * @var string $permission
		 */
		public function exists($permission_name) {

			//if run from command line then return true
			if (defined('STDIN') && empty($_SESSION["permissions"])) {
				return true;
			}

			//define permissions global variable
			global $permissions;

			if (empty($permissions) && empty($_SESSION["permissions"])) {
				//define additional global variables
				global $groups, $domain_uuid, $user_uuid;

				//get the groups assigned to the user
				if (empty($groups)) {
					$group = new groups;
					$groups = $group->assigned($domain_uuid, $user_uuid);
				}

				//get the permissions assigned to the user through the assigned groups
				$permission = new permissions;
				$permissions = $permission->assigned($domain_uuid, $groups);
			}

			if (empty($permissions)) {
				$permissions = $_SESSION["permissions"] ?? [];
			}

			//set default to false
			$result = false;

			//search for the permission
			if (!empty($permissions) && !empty($permission_name)) {
				foreach($permissions as $key => $value) {
					if ($key == $permission_name) {
						$result = true;
						break;
					}
				}
			}

			//return the result
			return $result;
		}

		/**
		 * get the assigned permissions
		 * @var array $groups
		 */
		public function assigned($domain_uuid, $groups) {
			//groups not provided return false
			if (empty($groups)) {
				return false;
			}

			//get the permissions assigned to the user through the assigned groups
			$x = 0;
			$sql = "select distinct(permission_name) from v_group_permissions ";
			$sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) ";
			foreach ($groups as $field) {
				if (!empty($field['group_name'])) {
					$sql_where_or[] = "group_name = :group_name_".$x;
					$parameters['group_name_'.$x] = $field['group_name'];
					$x++;
				}
			}
			if (!empty($sql_where_or)) {
				$sql .= "and (".implode(' or ', $sql_where_or).") ";
			}
			$sql .= "and permission_assigned = 'true' ";
			$parameters['domain_uuid'] = $domain_uuid;
			$database = new database;
			$permissions = $database->select($sql, $parameters, 'all');
			unset($sql, $parameters, $result);
			return $permissions;
		}

		/**
		 * save the assigned permissions to a session
		 */
		public function session($domain_uuid, $groups) {
			$permissions = $this->assigned($domain_uuid, $groups);
			if (!empty($permissions)) {
				foreach ($permissions as $row) {
					$_SESSION['permissions'][$row["permission_name"]] = true;
					$_SESSION["user"]["permissions"][$row["permission_name"]] = true;
				}
			}
		}

	}
}

//examples
	/*
	//add the permission
		$p = new permissions;
		$p->add($permission);
	//delete the permission
		$p = new permissions;
		$p->delete($permission);
	*/

?>