<?php defined('SYSPATH') or die('No direct access allowed.');

/**
 * Auth driver.
 *
 * @package    lnAuth
 * @category   Classes
 * @author     Deon George
 * @copyright  (c) 2014 Deon George
 * @license    http://dev.leenooks.net/license.html
 */
abstract class lnAuth_Auth_ORM extends lnApp_Auth_ORM {
	/**
	 * Get the user that a token applies to
	 *
	 * This will check that the token is valid (not expired and for the request)
	 *
	 * @param $token The token
	 * @return Model_Account|NULL The user that the token is valid for.
	 */
	protected function _get_token_user($token) {
		// This has been implemented, as we sometimes we seem to come here twice
		static $uo = NULL;

		if (! is_null($uo))
			return $uo;

		$mmto = ORM::factory('Module_Method_Token',array('token'=>$token));

		// Ignore the token if it doesnt exist.
		if ($mmto->loaded()) {
			// Check that the token is for this URI
			$mo = ORM::factory('Module',array('name'=>Request::current()->controller()));
			$mmo = $mo->module_method
				->where('name','=',strtolower(Request::current()->directory() ? sprintf('%s:%s',Request::current()->directory(),Request::current()->action()) : Request::current()->action()))
				->find();

			// Ignore the token if this is not the right method.
			if ($mmo->id == $mmto->method_id) {
				if (! is_null($mmto->date_expire) AND $mmto->date_expire < time()) {
					SystemMessage::factory()
						->title(_('Token Not Valid'))
						->type('warning')
						->body(_('Token expired'));

					Session::instance()->delete('token');
					$mmto->delete();

				} elseif (! is_null($mmto->uses) AND $mmto->uses < 1) {
					SystemMessage::factory()
						->title(_('Token Not Valid'))
						->type('warning')
						->body(_('Token expired'));

					Session::instance()->delete('token');
					$mmto->delete();

				} else {
					// If this is a usage count token, reduce the count.
					if (! is_null($mmto->uses))
						$mmto->uses -= 1;

					// Record the date this token was used
					$mmto->date_last = time();
					$mmto->save();

					Session::instance()->set('token',$token);

					$uo = ORM::factory($this->_model,$mmto->account_id);
					$uo->log(sprintf('Token %s used for method %s [%s]',$mmto->token,$mmto->module_method->id,Request::current()->param('id')));
				}
			}
		}

		return $uo;
	}

	/**
	 * Authentication is controlled via database queries.
	 *
	 * This method can be used to test two situations:
	 * 1) Is the user logged in? ($role == FALSE)
	 * 2) Can the user run the current controller->action ($role == TRUE)
	 *
	 * @param   boolean If authentication should be done for this module:method (ie: controller:action).
	 * @return  boolean
	 */
	public function logged_in($role=NULL,$debug=NULL) {
		$status = FALSE;

		// If we are a CLI, we are not logged in
		if (PHP_SAPI === 'cli')
			return $status;

		// Get the user from the session
		$uo = $this->get_user();

		// If we are not a valid user object, then we are not logged in
		if (is_object($uo) AND ($uo instanceof Model_Account) AND $uo->loaded())
			if (! empty($role)) {
				if (($x = Request::current()->mmo()) instanceof Model)
					// If the role has the authorisation to run the method
					foreach ($x->group->find_all() as $go)
						if ($go->id == 0 OR $uo->has_any('group',$go->list_childgrps(TRUE))) {
							$status = TRUE;
							break;
						}

			// There is no role, so the method should be allowed to run as anonymous
			} else
				$status = TRUE;

		return $status;
	}
}
?>