import logging

from flask.ext.principal import (identity_loaded, UserNeed, Permission,
                                 Identity, identity_changed)
from collections import namedtuple
from functools import partial

from data import model
from app import app


logger = logging.getLogger(__name__)


_ResourceNeed = namedtuple('resource', ['type', 'namespace', 'name', 'role'])
_RepositoryNeed = partial(_ResourceNeed, 'repository')
_OrganizationNeed = namedtuple('organization', ['orgname', 'role'])
_TeamNeed = namedtuple('orgteam', ['orgname', 'teamname', 'role'])


class QuayDeferredPermissionUser(Identity):
  def __init__(self, id, auth_type=None):
    super(QuayDeferredPermissionUser, self).__init__(id, auth_type)

    self._permissions_loaded = False

  def can(self, permission):
    if not self._permissions_loaded:
      logger.debug('Loading user permissions after deferring.')
      user_object = model.get_user(self.id)

      # Add the user specific permissions
      user_grant = UserNeed(user_object.username)
      self.provides.add(user_grant)

      # Every user is the admin of their own 'org'
      user_namespace = _OrganizationNeed(user_object.username, 'admin')
      self.provides.add(user_namespace)

      # Add repository permissions
      for perm in model.get_all_user_permissions(user_object):
        grant = _RepositoryNeed(perm.repository.namespace,
                                perm.repository.name, perm.role.name)
        logger.debug('User added permission: {0}'.format(grant))
        self.provides.add(grant)

      # Add namespace permissions derived
      for team in model.get_org_wide_permissions(user_object):
        grant = _OrganizationNeed(team.organization.username, team.role.name)
        logger.debug('Organization team added permission: {0}'.format(grant))
        self.provides.add(grant)

        team_grant = _TeamNeed(team.organization.username, team.name,
                               team.role.name)
        logger.debug('Team added permission: {0}'.format(team_grant))
        self.provides.add(team_grant)

      self._permissions_loaded = True

    return super(QuayDeferredPermissionUser, self).can(permission)


class ModifyRepositoryPermission(Permission):
  def __init__(self, namespace, name):
    admin_need = _RepositoryNeed(namespace, name, 'admin')
    write_need = _RepositoryNeed(namespace, name, 'write')
    org_admin_need = _OrganizationNeed(namespace, 'admin')
    super(ModifyRepositoryPermission, self).__init__(admin_need, write_need,
                                                     org_admin_need)


class ReadRepositoryPermission(Permission):
  def __init__(self, namespace, name):
    admin_need = _RepositoryNeed(namespace, name, 'admin')
    write_need = _RepositoryNeed(namespace, name, 'write')
    read_need = _RepositoryNeed(namespace, name, 'read')
    org_admin_need = _OrganizationNeed(namespace, 'admin')
    super(ReadRepositoryPermission, self).__init__(admin_need, write_need,
                                                   read_need, org_admin_need)


class AdministerRepositoryPermission(Permission):
  def __init__(self, namespace, name):
    admin_need = _RepositoryNeed(namespace, name, 'admin')
    org_admin_need = _OrganizationNeed(namespace, 'admin')
    super(AdministerRepositoryPermission, self).__init__(admin_need,
                                                         org_admin_need)


class CreateRepositoryPermission(Permission):
  def __init__(self, namespace):
    admin_org = _OrganizationNeed(namespace, 'admin')
    create_repo_org = _OrganizationNeed(namespace, 'creator')
    super(CreateRepositoryPermission, self).__init__(admin_org,
                                                     create_repo_org)


class UserPermission(Permission):
  def __init__(self, username):
    user_need = UserNeed(username)
    super(UserPermission, self).__init__(user_need)


class AdministerOrganizationPermission(Permission):
  def __init__(self, org_name):
    admin_org = _OrganizationNeed(org_name, 'admin')
    super(AdministerOrganizationPermission, self).__init__(admin_org)


class OrganizationMemberPermission(Permission):
  def __init__(self, org_name):
    admin_org = _OrganizationNeed(org_name, 'admin')
    repo_creator_org = _OrganizationNeed(org_name, 'creator')
    org_member = _OrganizationNeed(org_name, 'member')
    super(OrganizationMemberPermission, self).__init__(admin_org, org_member,
                                                       repo_creator_org)


class ViewTeamPermission(Permission):
  def __init__(self, org_name, team_name):
    team_admin = _TeamNeed(org_name, team_name, 'admin')
    team_creator = _TeamNeed(org_name, team_name, 'creator')
    team_member = _TeamNeed(org_name, team_name, 'member')
    admin_org = _OrganizationNeed(org_name, 'admin')    
    super(ViewTeamPermission, self).__init__(team_admin, team_creator,
                                             team_member, admin_org)


@identity_loaded.connect_via(app)
def on_identity_loaded(sender, identity):
  logger.debug('Identity loaded: %s' % identity)
  # We have verified an identity, load in all of the permissions

  if isinstance(identity, QuayDeferredPermissionUser):
    logger.debug('Deferring permissions for user: %s' % identity.id)

  elif identity.auth_type == 'username':
    switch_to_deferred = QuayDeferredPermissionUser(identity.id, 'username')
    identity_changed.send(app, identity=switch_to_deferred)

  elif identity.auth_type == 'token':
    logger.debug('Loading permissions for token: %s' % identity.id)
    token_data = model.load_token_data(identity.id)

    repo_grant = _RepositoryNeed(token_data.repository.namespace,
                                 token_data.repository.name,
                                 token_data.role.name)
    logger.debug('Delegate token added permission: {0}'.format(repo_grant))
    identity.provides.add(repo_grant)

  else:
    logger.error('Unknown identity auth type: %s' % identity.auth_type)