#!/bin/bash

# Get an application setting
#
# usage: ynh_app_setting_get --app=app --key=key
# | arg: -a, --app=     - the application id
# | arg: -k, --key=     - the setting to get
#
# Requires YunoHost version 2.2.4 or higher.
ynh_app_setting_get() {
    # Declare an array to define the options of this helper.
    local legacy_args=ak
    local -A args_array=( [a]=app= [k]=key= )
    local app
    local key
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"

    if [[ $key =~ (unprotected|protected|skipped)_ ]]; then
        yunohost app setting $app $key
    else
        ynh_app_setting "get" "$app" "$key"
    fi
}

# Set an application setting
#
# usage: ynh_app_setting_set --app=app --key=key --value=value
# | arg: -a, --app=     - the application id
# | arg: -k, --key=     - the setting name to set
# | arg: -v, --value=   - the setting value to set
#
# Requires YunoHost version 2.2.4 or higher.
ynh_app_setting_set() {
    # Declare an array to define the options of this helper.
    local legacy_args=akv
    local -A args_array=( [a]=app= [k]=key= [v]=value= )
    local app
    local key
    local value
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"

    # Manage old legacy unprotected,protectedskipped
    if [[ $key =~ (unprotected|protected|skipped)_ ]]; then
        yunohost app setting $app $key -v $value
    else
        ynh_app_setting "set" "$app" "$key" "$value"
    fi
}

# Delete an application setting
#
# usage: ynh_app_setting_delete --app=app --key=key
# | arg: -a, --app=     - the application id
# | arg: -k, --key=     - the setting to delete
#
# Requires YunoHost version 2.2.4 or higher.
ynh_app_setting_delete() {
    # Declare an array to define the options of this helper.
    local legacy_args=ak
    local -A args_array=( [a]=app= [k]=key= )
    local app
    local key
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"

    # Fucking legacy permission management.
    # We need this because app temporarily set the app as unprotected to configure it with curl...
    if [[ "$key" =~ (unprotected|skipped|protected)_ ]]; then
        yunohost app setting $app $key -d
    else
        ynh_app_setting "delete" "$app" "$key"
    fi
}

# Small "hard-coded" interface to avoid calling "yunohost app" directly each
# time dealing with a setting is needed (which may be so slow on ARM boards)
#
# [internal]
#
ynh_app_setting()
{
    ACTION="$1" APP="$2" KEY="$3" VALUE="${4:-}" python2.7 - <<EOF
import os, yaml, sys
app, action = os.environ['APP'], os.environ['ACTION'].lower()
key, value = os.environ['KEY'], os.environ.get('VALUE', None)
setting_file = "/etc/yunohost/apps/%s/settings.yml" % app
assert os.path.exists(setting_file), "Setting file %s does not exists ?" % setting_file
with open(setting_file) as f:
    settings = yaml.load(f)
if action == "get":
    if key in settings:
        print(settings[key])
else:
    if action == "delete":
        if key in settings:
            del settings[key]
    elif action == "set":
        if key in ['redirected_urls', 'redirected_regex']:
            value = yaml.load(value)
        settings[key] = value
    else:
        raise ValueError("action should either be get, set or delete")
    with open(setting_file, "w") as f:
        yaml.safe_dump(settings, f, default_flow_style=False)
EOF
}

# Check availability of a web path
#
# example: ynh_webpath_available --domain=some.domain.tld --path_url=/coffee
#
# usage: ynh_webpath_available --domain=domain --path_url=path
# | arg: -d, --domain=      - the domain/host of the url
# | arg: -p, --path_url=    - the web path to check the availability of
#
# Requires YunoHost version 2.6.4 or higher.
ynh_webpath_available () {
    # Declare an array to define the options of this helper.
    local legacy_args=dp
    local -A args_array=( [d]=domain= [p]=path_url= )
    local domain
    local path_url
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"

    yunohost domain url-available $domain $path_url
}

# Register/book a web path for an app
#
# example: ynh_webpath_register --app=wordpress --domain=some.domain.tld --path_url=/coffee
#
# usage: ynh_webpath_register --app=app --domain=domain --path_url=path
# | arg: -a, --app=         - the app for which the domain should be registered
# | arg: -d, --domain=      - the domain/host of the web path
# | arg: -p, --path_url=    - the web path to be registered
#
# Requires YunoHost version 2.6.4 or higher.
ynh_webpath_register () {
    # Declare an array to define the options of this helper.
    local legacy_args=adp
    local -A args_array=( [a]=app= [d]=domain= [p]=path_url= )
    local app
    local domain
    local path_url
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"

    yunohost app register-url $app $domain $path_url
}

# Create a new permission for the app
#
# example: ynh_permission_create --permission admin --url /admin --additional_urls 'domain.tld/otherurl /superadmin' --allowed alice bob --label 'My app admin'
#
# usage: ynh_permission_create --permission "permission" [--url "url"] [--additional_urls "second-url" [ "other-url" ]] [--auth_header true|false]
#                                                        [--allowed group1 [ group2 ]] [--label "label"] [--show_tile true|false]
#                                                        [--protected true|false]
# | arg: permission - the name for the permission (by default a permission named "main" already exist)
# | arg: url                - (optional) URL for which access will be allowed/forbidden
# | arg: additional_urls    - (optional) List of additional URL for which access will be allowed/forbidden
# | arg: auth_header        - (optional) Define for the URL of this permission, if SSOwat pass the authentication header to the application. Default is true
# | arg: allowed            - (optional) A list of group/user to allow for the permission
# | arg: label              - (optional) Define a name for the permission. This label will be shown on the SSO and in the admin.
# |                                      Default is "APP_LABEL (permission name)".
# | arg: show_tile          - (optional) Define if a tile will be shown in the SSO
# | arg: protected          - (optional) Define if this permission is protected. If it is protected the administrator
# |                             won't be able to add or remove the visitors group of this permission.
# |                             By default it's 'true' (for the permission different than 'main').
#
# If provided, 'url' is assumed to be relative to the app domain/path if they
# start with '/'.  For example:
#    /                             -> domain.tld/app
#    /admin                        -> domain.tld/app/admin
#    domain.tld/app/api            -> domain.tld/app/api
#
# 'url' can be later treated as a regex if it starts with "re:".
# For example:
#    re:/api/[A-Z]*$               -> domain.tld/app/api/[A-Z]*$
#    re:domain.tld/app/api/[A-Z]*$ -> domain.tld/app/api/[A-Z]*$
#
# Requires YunoHost version 3.7.0 or higher.
ynh_permission_create() {
    # Declare an array to define the options of this helper.
    local legacy_args=puAhaltP
    declare -A args_array=( [p]=permission= [u]=url= [A]=additional_urls= [h]=auth_header= [a]=allowed= [l]=label= [t]=show_tile= [P]=protected= )
    local permission
    local url
    local additional_urls
    local auth_header
    local allowed
    local label
    local show_tile
    local protected
    ynh_handle_getopts_args "$@"
    url=${url:-}
    additional_urls=${additional_urls:-}
    auth_header=${auth_header:-}
    allowed=${allowed:-}
    label=${label:-}
    show_tile=${show_tile:-}
    protected=${protected:-}

    if [[ -n $url ]]
    then
        url=",url='$url'"
    fi

    if [[ -n $additional_urls ]]
    then
        additional_urls=",additional_urls=['${additional_urls//';'/"','"}']"
    fi

    if [[ -n $auth_header ]]
    then
        if [ $auth_header == "true" ]
        then
            auth_header=",auth_header=True"
        else
            auth_header=",auth_header=False"
        fi
    fi

    if [[ -n $allowed ]]; then
        allowed=",allowed=['${allowed//';'/"','"}']"
    fi

    if [[ -n ${label:-} ]]; then
        label=",label='$label'"
    else
        label=",label='$YNH_APP_LABEL ($permission)'"
    fi

    if [[ -n ${show_tile:-} ]]; then
        if [ $show_tile == "true" ]; then
            show_tile=",show_tile=True"
        else
            show_tile=",show_tile=False"
        fi
    fi

    if [[ -n ${protected:-} ]]; then
        if [ $protected == "true" ]; then
            protected=",protected=True"
        else
            protected=",protected=False"
        fi
    fi

    yunohost tools shell -c "from yunohost.permission import permission_create; permission_create('$app.$permission' $url $additional_urls $auth_header $allowed $label $show_tile $protected , sync_perm=False)"
}

# Remove a permission for the app (note that when the app is removed all permission is automatically removed)
#
# example: ynh_permission_delete --permission=editors
#
# usage: ynh_permission_delete --permission="permission"
# | arg: -p, --permission=      - the name for the permission (by default a permission named "main" is removed automatically when the app is removed)
#
# Requires YunoHost version 3.7.0 or higher.
ynh_permission_delete() {
    # Declare an array to define the options of this helper.
    local legacy_args=p
    local -A args_array=( [p]=permission= )
    local permission
    ynh_handle_getopts_args "$@"

    yunohost tools shell -c "from yunohost.permission import permission_delete; permission_delete('$app.$permission', sync_perm=False)"
}

# Check if a permission exists
#
# usage: ynh_permission_exists --permission=permission
# | arg: -p, --permission=      - the permission to check
# | exit: Return 1 if the permission doesn't exist, 0 otherwise
#
# Requires YunoHost version 3.7.0 or higher.
ynh_permission_exists() {
    # Declare an array to define the options of this helper.
    local legacy_args=p
    local -A args_array=( [p]=permission= )
    local permission
    ynh_handle_getopts_args "$@"

    yunohost user permission list --short | grep --word-regexp --quiet "$app.$permission"
}

# Redefine the url associated to a permission
#
# usage: ynh_permission_url --permission "permission" [--url "url"] [--add_url "new-url" [ "other-new-url" ]] [--remove_url "old-url" [ "other-old-url"]]
#                                                     [--auth_header true|false][--clear_urls]
# | arg: permission         - the name for the permission (by default a permission named "main" is removed automatically when the app is removed)
# | arg: url                - (optional) URL for which access will be allowed/forbidden.
# |                                      Note that if you want to remove url you can pass an empty sting as arguments ("").
# | arg: add_url            - (optional) List of additional url to add for which access will be allowed/forbidden.
# | arg: remove_url         - (optional) List of additional url to remove for which access will be allowed/forbidden
# | arg: auth_header        - (optional) Define for the URL of this permission, if SSOwat pass the authentication header to the application
# | arg: clear_urls         - (optional) Clean all urls (url and additional_urls)
#
# Requires YunoHost version 3.7.0 or higher.
ynh_permission_url() {
    # Declare an array to define the options of this helper.
    local legacy_args=puarhc
    declare -A args_array=([p]=permission= [u]=url= [a]=add_url= [r]=remove_url= [h]=auth_header= [c]=clear_urls)
    local permission
    local url
    local add_url
    local remove_url
    local auth_header
    local clear_urls
    ynh_handle_getopts_args "$@"
    url=${url:-}
    add_url=${add_url:-}
    remove_url=${remove_url:-}
    auth_header=${auth_header:-}
    clear_urls=${clear_urls:-}

    if [[ -n $url ]]
    then
        url=",url='$url'"
    fi

    if [[ -n $add_url ]]
    then
        add_url=",add_url=['${add_url//';'/"','"}']"
    fi

    if [[ -n $remove_url ]]; then
        remove_url=",remove_url=['${remove_url//';'/"','"}']"
    fi

    if [[ -n $auth_header ]]; then
        if [ $auth_header == "true" ]; then
            auth_header=",auth_header=True"
        else
            auth_header=",auth_header=False"
        fi
    fi

    if [[ -n $clear_urls ]] && [ $clear_urls -eq 1 ]
    then
        clear_urls=",clear_urls=True"
    fi

    yunohost tools shell -c "from yunohost.permission import permission_url; permission_url('$app.$permission' $url $add_url $remove_url $auth_header $clear_urls )"
}


# Update a permission for the app
#
# usage: ynh_permission_update --permission "permission" [--add "group" ["group" ...]] [--remove  "group" ["group" ...]]
#                                                        [--label "label"] [--show_tile true|false] [--protected true|false]
# | arg: permission         - the name for the permission (by default a permission named "main" already exist)
# | arg: add                - the list of group or users to enable add to the permission
# | arg: remove             - the list of group or users to remove from the permission
# | arg: label              - (optional) Define a name for the permission. This label will be shown on the SSO and in the admin.
# | arg: show_tile          - (optional) Define if a tile will be shown in the SSO
# | arg: protected          - (optional) Define if this permission is protected. If it is protected the administrator
# |                                      won't be able to add or remove the visitors group of this permission.
#
# Requires YunoHost version 3.7.0 or higher.
ynh_permission_update() {
    # Declare an array to define the options of this helper.
    local legacy_args=parlsp
    declare -A args_array=( [p]=permission= [a]=add= [r]=remove= [l]=label= [t]=show_tile= [P]=protected= )
    local permission
    local add
    local remove
    local label
    local show_tile
    local protected
    ynh_handle_getopts_args "$@"
    add=${add:-}
    remove=${remove:-}
    label=${label:-}
    show_tile=${show_tile:-}
    protected=${protected:-}

    if [[ -n $add ]]
    then
        add=",add=['${add//';'/"','"}']"
    fi
    if [[ -n $remove ]]
    then
        remove=",remove=['${remove//';'/"','"}']"
    fi

    if [[ -n $label ]]
    then
        label=",label='$label'"
    fi

    if [[ -n $show_tile ]]; then
        if [ $show_tile == "true" ]; then
            show_tile=",show_tile=True"
        else
            show_tile=",show_tile=False"
        fi
    fi

    if [[ -n $protected ]]; then
        if [ $protected == "true" ]; then
            protected=",protected=True"
        else
            protected=",protected=False"
        fi
    fi

    yunohost tools shell -c "from yunohost.permission import user_permission_update; user_permission_update('$app.$permission' $add $remove $label $show_tile $protected , force=True, sync_perm=False)"
}

# Check if a permission has an user
#
# example: ynh_permission_has_user --permission=main --user=visitors
#
# usage: ynh_permission_has_user --permission=permission --user=user
# | arg: -p, --permission=  - the permission to check
# | arg: -u, --user=        - the user seek in the permission
# | exit: Return 1 if the permission doesn't have that user or doesn't exist, 0 otherwise
#
# Requires YunoHost version 3.7.1 or higher.
ynh_permission_has_user() {
    local legacy_args=pu
    # Declare an array to define the options of this helper.
    local -A args_array=( [p]=permission= [u]=user= )
    local permission
    local user
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"

    if ! ynh_permission_exists --permission=$permission
    then
        return 1
    fi

    yunohost user permission info "$app.$permission" | grep --word-regexp --quiet "$user"
}