<?php

use Phalcon\Events\Event,
    Phalcon\Mvc\User\Plugin,
    Phalcon\Mvc\Dispatcher,
    Phalcon\Acl;

    class security extends Plugin
    {

        public function getAcl()
        {

            if (!isset($this->persistent->acl)) {

                $acl = new Phalcon\Acl\Adapter\Memory();

                $acl->setDefaultAction(Phalcon\Acl::DENY);

                //Register roles
                $roles = array(
                    "admin"    => new Phalcon\Acl\Role('Admin'),
                    'user'     => new Phalcon\Acl\Role('User'),
                    'staff'    => new Phalcon\Acl\Role('Staff'),
                    'new_user' => new Phalcon\Acl\Role('New User'),
                    'guests'   => new Phalcon\Acl\Role('Guests')
                );

                foreach ($roles as $role) {
                    $acl->addRole($role);
                }

                //Public area resources
                $publicResources = $this->getPublicResources();

                foreach ($publicResources as $resource => $actions) {
                    $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
                }

                //Grant access to public areas
                foreach ($roles as $role) {
                    foreach ($publicResources as $resource => $actions) {
                        foreach ($actions as $action){
                            $acl->allow($role->getName(), $resource, $action);
                        }
                    }
                }
///////////////////////////////////////////////////////////////////////
                $usersResources = $this->getUsersResources();

                foreach ($usersResources as $resource => $actions) {
                    $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
                }

                array_pop($roles);
                foreach($roles as $role){
                    foreach ($usersResources as $resource => $actions) {
                        foreach ($actions as $action){
                            $acl->allow($role->getName(), $resource, $action);
                        }
                    }
                }

                ////////////////////////////////////////////////////

                //Private area resources
                $adminResources = $this->getAdminResources();

                foreach ($adminResources as $resource => $actions) {
                    $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
                }
                //Grant acess to private area to role Admin
                foreach ($adminResources as $resource => $actions) {
                    foreach ($actions as $action){
                        $acl->allow('Admin', $resource, $action);
                    }
                }

                //The acl is stored in session, APC would be useful here too
                $this->persistent->acl = $acl;
            }

            return $this->persistent->acl;
        }


        public function getAdminResources(){
            return array(
                "projects"=>array("index", "add","delete","edit","sort", "index", "check"),
                "users"=>array("add","delete","edit","sort", "index","update"),
                "parser" => array('index','pars','delete', 'update', 'add'),
                "request" => array('index','delete', 'update', 'add'),
                "message" => array('index','delete', 'update', 'add'),
                "fields" => array('index','delete', 'update', 'add'),
                "brief_blocks" => array('index'),
                "brief" => array('index','delete', 'update', 'add'),
                "trash" => array('index','delete', 'update', 'add'),

            );
        }

        public function getUsersResources(){
            return array(
                "email_templates" => array("index", "delete", "update", "add", "ajax"),
                "user"=>array("account"),
                "event_email" => array("checkAjaxData","index", "delete", "update", "add"),
                "standard_email" => array("index", "delete", "update", "add", "getuserslike","seriesOfLetters"),
                "customers_email" => array( "index","delete", "update"),
                "delivery" => array("index", "add", "update", "moreinfo", "delete", "getCampaignList","customers_add_one"),
                "price_parser" => array("index", "sort", "deleteLink",
                    "updateLink", "competitorsRel", "checkReg", "updateParser", "sections", "sectionsIndex",
                    "competitors", "competitorsAdd", "competitorsUpdate", "competitorsDelete", "addBrandManagers",
                    "parse", "add", "update", "moreinfo", "delete", "deleteBrandManagers", "approveLink")
            );
        }

        public function getPublicResources(){
            return array(
                    'page' => array('index','login',"logout", "downloadImages"),
                    'index' => array('index', "downloadImages"),
                    "user"=>array("check","logout",'login','registration','chosenProject'),
                    "events" => array("eventMailer"),
                    "price_parser" => array("forIframe","sectionsChoose","competitorsChoose", "selectAllRows", "sendEmailReport"),
                    "project" => array("index"),
                    "message" => array('set'),
                    "request" => array('set'),
                    "fields" => array('set'),
                    'iframs' => array('pdfPrice'),
                    "brief_blocks" => array('delete', 'update', 'add','updateFields'),
                    "brief" => array("getBriefFormData")


            );
        }


        /**
         * This action is executed before execute any action in the application
         */
        public function check(Dispatcher $dispatcher)
        {


            $controller = $dispatcher->getControllerName();
            $action = $dispatcher->getActionName();

            $acl = $this->getAcl();
            if ($this->session->get("user-status")){
                $status = $this->session->get("user-status");
            } else {
                $status = 'Guests';
            }

            $allowed = $acl->isAllowed($status, $controller, $action);

            if ($allowed) {
                return true;
            } else {
                return false;
            }

        }

}