<?php defined('SYSPATH') or die('No direct access allowed.');

/**
 * Auth driver.
 *
 * @package    lnApp
 * @category   Classes
 * @author     Deon George
 * @copyright  (c) 2014 Deon George
 * @license    http://dev.leenooks.net/license.html
 */
abstract class lnApp_Auth_ORM extends Kohana_Auth_ORM {
	/**
	 * We need to override Kohana's __construct(), for tasks, which attempt to open a session
	 * and probably dont have access to PHP sessions path.
	 * Tasks dont need sessions anyway?
	 */
	public function __construct($config = array()) {
		// Save the config in the object
		$this->_config = $config;

		if (PHP_SAPI !== 'cli')
			parent::__construct($config);
	}

	/**
	 * Logs a user in.
	 *
	 * @param   string   username
	 * @param   string   password
	 * @param   boolean  enable autologin
	 * @return  boolean
	 */
	protected function _login($user,$password,$remember) {
		if (! is_object($user)) {
			$username = $user;

			// Load the user
			$user = ORM::factory($this->_model);
			$user->where('email','=',$username)->find();

			// If no user loaded, return
			if (! $user->loaded())
				return FALSE;
		}

		// Create a hashed password
		if (is_string($password))
			$password = $this->hash($password);

		// If we have the right password, we'll check the status of the account
		if ($user->password === $password AND $user->active) {
			// Record our session ID, we may need to update our DB when we get a new ID
			$oldsess = session_id();

			// Finish the login
			$this->complete_login($user);

			// Do we need to update databases with our new sesion ID
			$sct = Kohana::$config->load('config')->session_change_trigger;
			if (session_id() != $oldsess AND count($sct))
				foreach ($sct as $t => $c)
					if (Config::module_exist($t))
						foreach (ORM::factory(ucwords($t))->where($c,'=',$oldsess)->find_all() as $o)
							$o->set('session_id',session_id())
								->update();

//@TODO
			if (! $user->has_any('group',ORM::factory('Group',array('name'=>'Registered Users'))->list_childgrps(TRUE)))
				HTTP::redirect(URL::link('user','account/activate'));

			return TRUE;
		}

		// Login failed
		return FALSE;
	}

	/**
	 * Determine if a user is authorised to view an account
	 *
	 * @param Model_Account Account Ojbect to validate if the current user has access
	 * @return boolean TRUE if authorised, FALSE if not.
	 */
	public function authorised(Model_Account $ao) {
		return (($uo = $this->get_user()) AND $uo->loaded() AND ($uo == $ao OR in_array($ao->id,$uo->RTM->customers($uo->RTM))));
	}

	public function get_groups() {
		return is_null($x=$this->get_user()) ? ORM::factory('Group')->where('id','=',0)->find_all() : $x->groups();
	}

	// Override Kohana Auth requirement to have a hash_key
	public function hash($str) {
		switch ($this->_config['hash_method']) {
			case '' : return $str;
			case 'md5': return md5($str);
			default: return hash_hmac($this->_config['hash_method'], $str, $this->_config['hash_key']);
		}
	}

	/**
	 * OSB authentication is controlled via database queries.
	 *
	 * This method can be used to test two situations:
	 * 1) Is the user logged in? ($role == FALSE)
	 * 2) Can the user run the current controller->action ($role == TRUE)
	 *
	 * @param   boolean If authentication should be done for this module:method (ie: controller:action).
	 * @return  boolean
	 */
	public function logged_in($role=NULL,$debug=NULL) {
		$status = FALSE;

		// If we are a CLI, we are not logged in
		if (PHP_SAPI === 'cli')
			return $status;

		// Get the user from the session
		$uo = $this->get_user();

		// If we are not a valid user object, then we are not logged in
		if (is_object($uo) AND ($uo instanceof Model_Account) AND $uo->loaded())
			if (! empty($role)) {
				if (($x = Request::current()->mmo()) instanceof Model)
					// If the role has the authorisation to run the method
					foreach ($x->group->find_all() as $go)
						if ($go->id == 0 OR $uo->has_any('group',$go->list_childgrps(TRUE))) {
							$status = TRUE;
							break;
						}

			// There is no role, so the method should be allowed to run as anonymous
			} else
				$status = TRUE;

		return $status;
	}
}
?>