<?php
/**
 * EGroupware admin - admin command: give or remove run rights from a given account and application
 *
 * @link http://www.egroupware.org
 * @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
 * @package admin
 * @copyright (c) 2007-16 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
 * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
 * @version $Id$
 */

use EGroupware\Api;

/**
 * admin command: give or remove run rights from a given account and application
 */
class admin_cmd_acl extends admin_cmd
{
	/**
	 * Constructor
	 *
	 * @param boolean|array $allow true=give rights, false=remove rights, or array with all params
	 * @param string|int $account =null account name or id
	 * @param array|string $app =null app-name
	 * @param string $location =null ACL location.  Usually a user or group ID, but may also be any app-specific string
	 * @param int $rights =null ACL rights.  See Api\ACL.
	 */
	function __construct($allow,$account=null,$app=null,$location=null,$rights=null)
	{
		if (!is_array($allow))
		{
			$allow = array(
				'allow' => $allow,
				'account' => $account,
				'app' => $app,
				'location' => $location,
				'rights' => (int)$rights
			);
		}

		// Make sure we only deal with real add/remove changes

		admin_cmd::__construct($allow);
	}

	/**
	 * give or remove run rights from a given account and application
	 *
	 * @param boolean $check_only =false only run the checks (and throw the exceptions), but not the command itself
	 * @return string success message
	 * @throws Api\Exception\NoPermission\Admin
	 * @throws Api\Exception\WrongUserinput(lang("Unknown account: %1 !!!",$this->account),15);
	 * @throws Api\Exception\WrongUserinput(lang("Application '%1' not found (maybe not installed or misspelled)!",$name),8);
	 */
	protected function exec($check_only=false)
	{
		$account_id = admin_cmd::parse_account($this->account);


		list($app) = admin_cmd::parse_apps(array($this->app));
		$location = $this->location;
		$rights = (int)$this->rights;


		$old_rights = (int)$GLOBALS['egw']->acl->get_specific_rights_for_account($account_id, $location, $app);
		$new_rights = max(0,$old_rights + (($this->allow ? 1 : -1) * $rights));

		$this->set = $new_rights;
		$this->old = $old_rights;
		if ($check_only) return true;

		//echo "account=$this->account, account_id=$account_id, apps: ".implode(', ',$apps)."\n";
		admin_cmd::_instanciate_acl($account_id);

		if ($new_rights)
		{
			admin_cmd::$acl->add_repository($app,$location,$account_id,$new_rights);
		}
		else
		{
			admin_cmd::$acl->delete_repository($app,$location,$account_id);
		}
		return lang('Applications run rights updated.');
	}

	/**
	 * Return a title / string representation for a given command, eg. to display it
	 *
	 * @return string
	 */
	function __tostring()
	{
		$rights = $this->rights;
		$location = lang($this->location);

		if($this->location == 'run')
		{
			$rights = lang('run');
		}
		$names = Api\Hooks::single(array(
			'location' => 'acl_rights'
		), $this->app);
		if($names[$rights])
		{
			$rights = lang($names[$rights]);
		}

		if(is_numeric($this->location))
		{
			$location = admin_cmd::display_account($this->location);
		}
		return lang('%1 %2 rights for %3 on %4 to %5',
			$this->allow ? lang('Grant') : lang('Remove'),
			$rights,
			admin_cmd::display_account($this->account),
			$this->app,
			$location
		);
	}
}