package gr.cite.annotation.web.authorization;

import gr.cite.annotation.authorization.AffiliatedAuthorizationRequirement;
import gr.cite.annotation.authorization.AffiliatedResource;
import gr.cite.commons.web.authz.handler.AuthorizationHandler;
import gr.cite.commons.web.authz.handler.AuthorizationHandlerContext;
import gr.cite.commons.web.authz.policy.AuthorizationRequirement;
import gr.cite.commons.web.oidc.principal.MyPrincipal;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component("affiliatedAuthorizationHandler")
public class AffiliatedAuthorizationHandler extends AuthorizationHandler<AffiliatedAuthorizationRequirement> {

	private final CustomPermissionAttributesConfiguration myConfiguration;

	@Autowired
	public AffiliatedAuthorizationHandler(CustomPermissionAttributesConfiguration myConfiguration) {
		this.myConfiguration = myConfiguration;
	}

	@Override
	public int handleRequirement(AuthorizationHandlerContext context, Object resource, AuthorizationRequirement requirement) {
		AffiliatedAuthorizationRequirement req = (AffiliatedAuthorizationRequirement) requirement;
		if (req.getRequiredPermissions() == null)
			return ACCESS_NOT_DETERMINED;

		AffiliatedResource rs = (AffiliatedResource) resource;

		boolean isAuthenticated = ((MyPrincipal) context.getPrincipal()).isAuthenticated();
		if (!isAuthenticated)
			return ACCESS_NOT_DETERMINED;

		if (myConfiguration.getMyPolicies() == null)
			return ACCESS_NOT_DETERMINED;

		int hits = 0;
		Boolean entityAffiliated = rs != null && rs.getAffiliated() != null ? rs.getAffiliated() : null;

		for (String permission : req.getRequiredPermissions()) {
			CustomPermissionAttributesProperties.MyPermission policy = myConfiguration.getMyPolicies().get(permission);
			boolean hasPermission = policy != null && policy.getEntityAffiliated() != null && policy.getEntityAffiliated() && entityAffiliated != null && entityAffiliated;
			if (hasPermission) hits += 1;
		}
		if ((req.getMatchAll() && req.getRequiredPermissions().size() == hits) || (!req.getMatchAll() && hits > 0))
			return ACCESS_GRANTED;

		return ACCESS_NOT_DETERMINED;
	}

	@Override
	public Class<? extends AuthorizationRequirement> supporting() {
		return AffiliatedAuthorizationRequirement.class;
	}

}