Unify/framework/unify/permissionManager.js

/*

	Copyright (c) 2020, 2023, The Unified Company.

	This code is part of Unify.

	This program is free software; you can redistribute it and/or modify
	it under the terms of the ESA Software Community License - Strong Copyleft LICENSE,
	as published by the ESA.
	See the ESA Software Community License - Strong Copyleft LICENSE, for more details.

	https://unifyjs.org 

*/


import unify		 			from '../unify/unify.js';

import userPermission		 	from '../unify/userPermission.js';

import validator				from '../unify/validator.js';


class visitor{

	value	= 2.0;
	
	label	= "Member";

	color	= "black";
	
	type	= "userGroup";
	
}


export default class permissionManager{

	__className			= "permissionManager";

	permissions	= new Array();



	addPermission( user, type ) {

		var currentPermission	= new userPermission( user, type, "allow" );
		
		this.permissions.push( currentPermission );

	}

	allow( user, type ) {

		// If the user is not signed in and this method has this.user as first argument
		// user == false, to prevent that everybody gets access:
		if( !user ) {

			return false;

		}

		this.addPermission( user, type );

		//this.permissions[ user.id ] = currentPermission; // performance upgrade
		
	}

	callPermissionMethod( object ) {

		var clone = object.simpleClone();

		if( object.type == "table" && !object.updated ) {

			object.get();

		}

		object.permissionManager.permissions = new Array();

		object.permissions = new Array(); // this is the working one

		object.permission( clone );

	}
	
	noPermissionsWarning( object ) {

		if( object.permissionManager.permissions.length == 0 ) {

			if( object.debug ) {

				console.log("No permissions are set for this object, All request are rejected..");

			}
		}

	}

	createVisitor(  ) {
	
		var table 					= new global.user();
		
		table.username.value		= "Visitor";

		table.id 					= 0;

		table.groups				= new visitor();

		return table;
	
	}

	isAllowed( user, type, object ) {

		if( !user ) {

			// todo: do this in the core
			user	= this.createVisitor(  );

		}

		if( object.permission ) {

			this.callPermissionMethod( object );

			this.noPermissionsWarning( object );

		} 

		var permission 		= new userPermission( user, type );
		
		if( this.permissions.length == 0 ) {
		
			return false;
		
		}

		var isPermitted = this.checkPermissions( permission );

		if( isPermitted ) {

			return true;

		} else {
		
			return false;

		}

	}

	checkPermissions( permissionB ) {

		for( var c = 0; c < this.permissions.length; c++ ) {
		
			var permission	= this.permissions[c];

			if( this.checkPermission( permission, permissionB ) ) {
			
				return true;
			
			}
			
		}

		return false;

	}

	checkCollectionPermission( permission, permissionB ) {
	
		var permissionA 		= new userPermission( permissionB.userObject, permission.type, permissionB.userObject );

		if( this.comparePermission( permissionA, permissionB ) ) {
		
			return true;
		
		}
	
	/*
		var users 	=  collection.querySelect();

		for(var b = 0; b<users.length; b++) {
		
			var permissionA = {};
			
			permissionA.type	= permission.type;
			permissionA.policy	= permission.policy;
			permissionA.userObject	= users[b];

			if( this.comparePermission( permissionA, permissionB ) ) {
			
				return true;
			
			}
		}

	*/
	
	}

	checkRenderObjectPermissionUser( permissionA, permissionB, validator ) {

		if( currentUser.value ) {
					
			var permissionA 		= new userPermission();
			
			permissionA.type		= permission.type;

			permissionA.policy		= permission.policy;

			permissionA.userObject	= currentUser[ b ];
			
			
			if( this.comparePermission( permissionA, permissionB ) ) {
			
				validator.isValid = true;
			
			}
			
		}

	}


	
	checkRenderobjectPermission( permission, permissionB ) {
	
		var userObject	= permission.userObject;

		var users 		= userObject.rows;

		var validator	= new validator();
		
		for( var b = 0; b < users.length; b++ ) {
			
			var currentUser = users[b];

			this.checkRenderObjectPermissionUser( permissionA, permissionB, validator );

			if( validator.isValid ) {

				return true;

			}

		}

	}
	
	checkUserGroupPermission( permission, permissionB ) {
	
		var user 		= permissionB.userObject;

		var userGroup	= permission.userObject;

		if(!user.groups) {

			return false;
		}

		//console.log(user);

		if( user.groups.value != userGroup.value ) {

			return false;

		}

		if( permissionB.type != permission.type ) {

			return false;

		}

		return true;
		
	}

	isDefined( userObject, validator ) {

		if( !userObject ) {
		
			validator.isValid	= false;
		
		}

	}

	isUserPlaceholder( userObject, validator ) {

		if( userObject == "userplaceholder" ) {

			validator.isValid	= false;

		}

	}
	
	validateVisitor( permission, permissionB, validator ) {

		if( !permissionB.userObject ) {

			if( permission.userObject.__className == "visitor" ) {

				validator.isValid	= true;

			} else {

				validator.isValid	= false;

			}

		}

	}

	compareUser( permission, permissionB, validator ) {

		if( this.comparePermission( permission, permissionB ) ) {
		
			validator.isValid	= true;
		
		}

	}

	compareCollection( permission, permissionB, validator ) {

		if( this.checkCollectionPermission( permission, permissionB ) ) {
		
			validator.isValid	= true;
		
		}

	}

	compareRenderCollection( permission, permissionB, validator ) {

		
		if( this.checkRenderobjectPermission( permission, permissionB ) ) {
		
			validator.isValid	= true;
		
		}

	}

	compareUserGroup( permission, permissionB, validator ) {

		if( this.checkUserGroupPermission( permission, permissionB ) ) {
		
			validator.isValid	= true;
		
		}

	}

	validateObjects( userObject, validator ) {

		this.isDefined( userObject, validator );

		this.isUserPlaceholder( userObject, validator );

	}

	compareObjects( userObject, permission, permissionB, validator ) {

		switch( userObject.getClassName() ) {

			case "user":

				this.compareUser( permission, permissionB, validator );
			
			break;

			case "userObject":

				this.compareUser( permission, permissionB, validator );
			
			break;
			
			case "collection":
			
				this.compareCollection( permission, permissionB, validator );
				
			break;
			
			default:
			
				if( userObject.type == "renderCollection") {

					this.compareRenderCollection( permission, permissionB, validator );

				}
				
				if ( userObject.type == "userGroup") { 
				
					this.compareUserGroup( permission, permissionB, validator );

				}

				if ( userObject.isUser ) { 
				
					this.compareUser( permission, permissionB, validator );

				}

		}

		return validator;

	}

	checkPermission( permission, permissionB ) {
	
		var userObject 		= permission.userObject;

		var validator		= new Object();

		validator.isValid	= true;

		this.validateObjects( userObject, validator );

		this.validateVisitor( permission, permissionB, validator );
		

		if( !validator.isValid ) {

			return false;

		}

		validator.isValid	= false;

		unify.extend( userObject );

		this.compareObjects( userObject, permission, permissionB, validator );

		return validator.isValid;

	}
	
	comparePermission( permissionA, permissionB ) {

		if( permissionA.userObject.id == 0 ) {

			return false;

		}

		if( permissionA.userObject.id != permissionB.userObject.id ) {

			return false;

		}

		if( permissionA.type != permissionB.type ) {

			return false;

		}

		if( permissionA.policy != "allow" ) {

			return false;

		}

		return true;

	}
	
	deny( user, type ) {

		var currentPermission 			= new userPermission( user, type );

		this.permissions.push( currentPermission );

	}

}