<?php
/**
 * Set Permission control using an ini file per group basis.
 * Works hand in hand with Auth Component
 * 
 * INI naming scheme
 *      permissions.ini
 * 
 * INI Content
 *      [PluginName.ControllerName]
 *      action = group_id,group_id2
 * 
 * Copy this to your app/config/permissions.ini:
 * 
 
; 1 = Admin
; 2 = User
[ControllerName]
index = 
add = 1,2
edit = 1,2
delete = 1,2

 * 
 * @author PrometSource www.prometsource.com
 */
class PermissionComponent extends Object 
{
    var $controller;
    var $permissions = array();
    var $group_id = 0;
    
    var $components = array('Session', 'Auth');
    
    
    function startup(&$controller) {
        $this->controller = $controller;
        
        // Let's see if Auth is enabled. If not, let Auth do his job first
        if (!$this->Session->check('Auth')) {
            return false;
        }
        
        $this->group_id = 0;
        if ($this->Auth->user('group_id'))
            $this->group_id = $this->Auth->user('group_id');
        
        try { // Start parsing the ini file            
            $tmp = $this->readINI();
            
            // Check for plugin names 
            if (!empty($controller->plugin)) {
                $name = Inflector::camelize($controller->plugin) . '.' . $controller->name;
            } else {
                $name = $controller->name;
            }
            
            if (isset($tmp[$name])) {
                $this->permissions = $tmp[$name];
            }
            
        }catch (Exception $e) { // Write this to /tmp/logs/error.log            
            $this->log('PermissionComponent: ' . $e->getMessage());
        }
        
        if (!$this->isAllowed()) {
            $this->Session->setFlash('You are not authorized to access that location.', 'default', array(), 'auth');
            
            // redirect to the last page accessed
            // this is still buggy specially in complex redirections
            $url = $controller->referer(null, true);
            $controller->redirect($url, null, true);
        }
        
    }
    
    /**
     * Checkes if a the action is allowed
     *
     * @return boolean
     */
    function isAllowed() {
        if (empty($this->permissions)) {
            return true;
        }
        
        if (array_key_exists($this->controller->action, $this->permissions)) {
            
            // Action is public
            if (empty($this->permissions[$this->controller->action])) {
                return true;
            }
            
            // Action should be tested with user groups
            $groups = explode(',', $this->permissions[$this->controller->action]);
            
            if (in_array($this->group_id, $groups)) {
                return true;
            }
        } else {
            return true;
        }
        
        return false;        
    }
    
    private function readINI() {
        $ini_file = ROOT . DS . APP_DIR . DS . 'config' . DS . 'permissions.ini';
        if (!is_file($ini_file)) {
            throw new Exception($ini_file . ' is missing.');
        }
        
        return parse_ini_file($ini_file, true);
    }
    
}