/*
    * UserGroup.java
    *
    * Created on May 24, 2004, 2:37 PM
    */
   
   package gov.bnl.gums.userGroup;
   
   import gov.bnl.gums.GridUser;
  import gov.bnl.gums.configuration.ConfigElement;
  import gov.bnl.gums.configuration.Configuration;
  import gov.bnl.gums.util.RWLock;
  
  import java.util.*;
  import java.util.regex.Matcher;
  import java.util.regex.Pattern;
  
  import javax.persistence.CascadeType;
  import javax.persistence.DiscriminatorColumn;
  import javax.persistence.DiscriminatorType;
  import javax.persistence.Entity;
  import javax.persistence.Inheritance;
  import javax.persistence.InheritanceType;
  import javax.persistence.OneToMany;
  
  import org.apache.log4j.Logger;
  
  /** 
   * An interface that defines a group of people, which GUMS will associate to a 
   * mapping policy. An implementation could take/manage a list of users in
   * any way it wanted, or it could combine different groups.
   *
   * @author Gabriele Carcassi, Jay Packard
   */
  @Entity
  @Inheritance(strategy=InheritanceType.SINGLE_TABLE)
  @DiscriminatorColumn(
      name="type",
      discriminatorType=DiscriminatorType.STRING
  )
  public abstract class UserGroup extends ConfigElement {
      protected static String[] accessTypes = {"write", "read all", "read self"};
      private static Logger log = Logger.getLogger(UserGroup.class);
      
  	protected List<Pattern> dnFqanPatternList = new ArrayList<Pattern>();
  	protected List<Pattern> dnPatternList = new ArrayList<Pattern>();
  	protected Date patternListLastUpdated = null;
  	protected RWLock patternRWLock = new RWLock();
  	protected int secondsBetweenPatternRefresh = 30;
  	protected boolean hasCache = false;
  	protected int accessIndex = 2;
  	protected String access = accessTypes[accessIndex];
  
  	// persistent variables
  	protected Date lastUpdate;
  	protected Set<GridUser> members = new HashSet<GridUser>();
  	
  	/**
  	 * Create a new user group.  This empty constructor is needed by the XML Digestor.
  	 */
  	public UserGroup() {
  	}
  
  	/**
  	 * Create a new user group with a configuration and a name.
  	 * 
  	 * @param configuration
  	 * @param name
  	 */
  	public UserGroup(Configuration configuration, String name) {
  		super(configuration, name);
  	}
      
  	public void clearCachedItems() {
  		if (hasCache)
  			members.clear();
  	}
  	
      public ConfigElement clone(Configuration conf, boolean allowReplace) {
      	UserGroup userGroup = (UserGroup)super.clone(conf, allowReplace);
     		userGroup.setMembers(new HashSet<GridUser>(members));
      	return userGroup;
      }
  	
  	/**
  	 * Getter for property access, that determines what a member of this
  	 * user group has access to in GUMS.
  	 * 
  	 * @return access as string
  	 */
  	public String getAccess() {
      	return access;
      }
      
  	public Date getLastUpdate() {
  		return lastUpdate;
  	}
      
      /**
      * Returns the list of user identities that are part of the group.
      * <p>
      * Some UserGroups, however, could be defined by a rule that doesn't
      * allow listing. For example, a group could be 'all the users
      * with a DOEGrids certificate'. Though one could argue whether or
      * not is a good idea to have such a group, one can implement one
      * and throw an UnsupportedOperationException. This will make it
      * impossible for GUMS to create a grid-mapfile, but would still
      * allow direct user to account mapping through a call-out.
      * @return a List of GridUser objects representing the user certificate DN.
      */
 	@OneToMany(cascade=CascadeType.ALL, mappedBy="userGroup") 
 	@org.hibernate.annotations.Cascade(org.hibernate.annotations.CascadeType.DELETE_ORPHAN)
 	public Set<GridUser> getMembers() {
 		return members;
 	}
     
     /**
      * @return true if this group allows at least read all access
      */
     public boolean hasReadAllAccess() {
     	return (accessIndex<=1);
     }
 
 	/**
      * @return true if this group allows at least read self access
      */
     public boolean hasReadSelfAccess() {
     	return (accessIndex<=2);
     }
 	/**
      * @return true if this group allows write access (admin privileges)
      */
     public boolean hasWriteAccess() {
     	return (accessIndex==0);
     }
 
 	public boolean isMember(GridUser user) {
 		return isMember(user, false);
 	}
     
     /**
      * Determines whether the given user identity is part of the group.
      * <p>
      * @param user - a grid user
      * @return true if it's in the group
      */
 	public boolean isMember(GridUser user, boolean ignoreFqan) {
     	boolean returnVal = false;
 		
 		Calendar cal = Calendar.getInstance();
 		cal.add(Calendar.SECOND, -secondsBetweenPatternRefresh);
     	if (patternListLastUpdated == null || patternListLastUpdated.before(cal.getTime()))
     		refreshPatternList();
         	
        	try {
         	patternRWLock.getReadLock();
     		Iterator<Pattern> it;
     		if (ignoreFqan)
     			it = dnPatternList.iterator();
     		else
     			it = dnFqanPatternList.iterator();
 	    	while (it.hasNext()) {
 	    		Pattern p = (Pattern)it.next();
 	    		Matcher m;
 	    		if (ignoreFqan)
 	    			m = p.matcher(user.getDn());
 	    		else
 	    			m = p.matcher(user.toString());
 	    		if (log.isTraceEnabled())
 	    			log.trace("trying to match user "+user+" against "+m.toString());
 	    		if (m.matches()) {
 	    			returnVal = true;
 	    			break;
 	    		}
 	    	}
 		}
 		catch(Exception e) {
 			log.error(e);
 		}
 		finally {
 			patternRWLock.releaseLock();
 		}
     	
         return returnVal;
     }
 
     /**
      * Calculate efficient pattern matcher of all current members
      */
     public void refreshPatternList() {
     	patternRWLock.getWriteLock();
     	try {
     		log.debug("refreshed pattern list for usergroup "+getName());
     		dnPatternList.clear();
     		dnFqanPatternList.clear();
 	 		synchronized(members) {
 		 		Iterator<GridUser> it = members.iterator();
 		 		while (it.hasNext()) 
 		 		{
 		 			GridUser itUser = it.next();
 		 			Pattern p = Pattern.compile(itUser.getDn());
 		 			dnPatternList.add(p);
 		 			p = Pattern.compile(itUser.toString());
 		 			dnFqanPatternList.add(p);
 		 		}
 	 		}
 	 		patternListLastUpdated = Calendar.getInstance().getTime();
 		}
 		catch(Exception e) {
 			log.error(e);
 		}
 		finally {
 			patternRWLock.releaseLock();
 		}
     }
 
     @ConfigFieldAnnotation(label="GUMS Access", help="GUMS access by members of this user group", choices="write, read all, read self", order=4)
     public void setAccess(String access) {
     	for(int i=0; i<accessTypes.length; i++) {
     		if ( accessTypes[i].equalsIgnoreCase(access) ) {
     			this.access = access;
     			this.accessIndex = i;
     			return;
     		}
     	}
     	throw new RuntimeException("Invalid access type: "+access);
     }
     
     public void setLastUpdate(Date lastUpdate) {
 		this.lastUpdate = lastUpdate;
 	}
 
     private void setMembers(Set<GridUser> members) {
     	if (members==null)
     		return;
     	this.members = members;
     	for (GridUser m: members)
     		m.setUserGroup(this);
 	}
 
 	/** 
      * Updates the local list of the users from the source of the group.
      * <p>
      * Most user groups will get the information from a separate database
      * accessible via WAN. For that reason, the user group will maintain a
      * local cache with the list of members, which can be updated through
      * this method.
      */
 	public final void updateMembers() {
 		synchronized(members) {
 			members.clear();
 			members.addAll(retrieveMembers());
 			for (GridUser gu: members)
 				gu.setUserGroup(this);
 		}
 		refreshPatternList();
     }
 	
 	protected abstract Set<GridUser> retrieveMembers();
 }