using System;
using System.Collections.Generic;
using System.IO;
using Laserfiche.RepositoryAccess;
using System.Security.AccessControl;

namespace AssignEntryRights
{
    class Program
    {
        static string lfserver = "";
        static string lfrepository = "";
        static string lfusername = "";
        static string lfpassword = "";
        static string csvPath = "";

        static void Main(string[] args)
        {
            try
            {
                for (int i = 0; i < args.Length; i++)
                {
                    string argNameLower = args[i].ToLower();

                    if (argNameLower == "-server")
                    {
                        lfserver = args[i + 1];
                        i++;
                    }
                    else if (argNameLower == "-repo")
                    {
                        lfrepository = args[i + 1];
                        i++;
                    }
                    else if (argNameLower == "-username")
                    {
                        lfusername = args[i + 1];
                        i++;
                    }
                    else if (argNameLower == "-password")
                    {
                        lfpassword = args[i + 1];
                        i++;
                    }
                    else if (argNameLower == "-csvpath")
                    {
                        csvPath = args[i + 1];
                        i++;
                    }
                    else
                        throw new Exception("Unknown option " + args[i]);
                }

                if (string.IsNullOrEmpty(lfserver))
                    throw new Exception("no server specified");

                if (string.IsNullOrEmpty(lfrepository))
                    throw new Exception("no repository specified");

                if (string.IsNullOrEmpty(csvPath))
                    throw new Exception("no csvpath specified");

                Run();
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex.Message);
                Console.WriteLine("Usage:");
                Console.WriteLine("AssignEntryRights -server <server> -repo <repository> [-username <username>] [-password <password>] -csvPath <path to csv file>");
            }
        }

        class RightsRow
        {
            public EntryInfo entry;
            public AccountInfo account;
            public EntryRights right;
            public EntryAccessScope scope;
            public AccessControlType type;
        }

        // Rights:
        /*
        Browse = 1,
        Read = 2,
        WriteContent = 4,
        AddPage = 8,
        Rename = 16,
        RemovePage = 32,
        Freeze = 64,
        Annotate = 128,
        SeeThroughRedactions = 256,
        SeeAnnotations = 512,
        SetReviewDate = 1024,
        WriteMetadata = 2048,
        CreateFolder = 4096,
        CreateDocument = 8192,
        SetEventDate = 16384,
        Close = 32768,
        Delete = 65536,
        ReadPermissions = 131072,
        ChangePermissions = 262144,
        TakeOwnership = 524288,
        FullControl = 1048575
        */

        // Scopes:
        /*
        ThisEntry = 0,
        Folders = 1,
        All = 2,
        NotThisEntry = 3,
        FoldersOnly = 4,
        DocumentsOnly = 5,
        Immediate = 6,
        ImmediateChildren = 7,
        ImmediateDocuments = 8
        */

        // path account right1|right2 scope allow
        static void Run()
        {
            RepositoryRegistration rr = new RepositoryRegistration(lfserver, lfrepository);

            using (Session session = new Session())
            {
                if (!string.IsNullOrEmpty(lfusername))
                    session.LogIn(lfusername, lfpassword, rr);
                else
                    session.LogIn(rr);

                List<RightsRow> rightsRows = new List<RightsRow>();

                var reader = new StreamReader(File.OpenRead(csvPath));

                List<string> columns = new List<string>();
                columns.Add("account");
                columns.Add("action");
                columns.Add("rights");
                columns.Add("scope");
                columns.Add("path");

                while (!reader.EndOfStream)
                {
                    var line = reader.ReadLine();
                    var values = line.Split(',');

                    if (string.IsNullOrEmpty(line) || line.StartsWith("#"))
                        continue;

                    if (values == null || values.Length != columns.Count)
                        throw new Exception("Invalid line: " + line);

                    Dictionary<string, string> rowValues = new Dictionary<string, string>();

                    for (int colIndex = 0; colIndex < columns.Count; colIndex++)
                    {
                        rowValues[columns[colIndex]] = values[colIndex].Trim();
                    }

                    RightsRow rightsRow = new RightsRow();
                    rightsRow.entry = Entry.GetEntryInfo(rowValues["path"], session);
                    rightsRow.account = Account.GetInfo(rowValues["account"], session);

                    string[] rights = rowValues["rights"].Split('|');
                    foreach (string right in rights)
                    {
                        rightsRow.right |= (EntryRights)Enum.Parse(typeof(EntryRights), right);
                    }

                    rightsRow.scope = (EntryAccessScope)Enum.Parse(typeof(EntryAccessScope), rowValues["scope"]);

                    if (rowValues["action"].ToLower() == "allow")
                        rightsRow.type = AccessControlType.Allow;
                    else if (rowValues["action"].ToLower() == "deny")
                        rightsRow.type = AccessControlType.Deny;
                    else
                        throw new Exception(String.Format("Invalid action '{0}'", rowValues["action"]));

                    rightsRows.Add(rightsRow);
                }

                foreach (RightsRow rightsRow in rightsRows)
                {
                    EntrySecurity accessRights = rightsRow.entry.GetAccessControl();

                    EntryAccessRule existingRule = null;

                    foreach (EntryAccessRule rule in accessRights.GetAccessRules(true, false))
                    {
                        if (rule.AccountReference.ToSecurityIdentifier() == rightsRow.account.Sid && rule.EntryAccessScope == rightsRow.scope && rule.AccessControlType == rightsRow.type)
                        {
                            existingRule = rule;
                            break;
                        }
                    }

                    AccountReference trustee = new AccountReference(rightsRow.account.Sid, session);
                    if (existingRule != null)
                        accessRights.RemoveAccessRule(existingRule);

                    EntryAccessRule newRule = new EntryAccessRule(trustee, rightsRow.right, rightsRow.type );

                    accessRights.AddAccessRule(newRule);

                    rightsRow.entry.SetAccessControl(accessRights);
                    rightsRow.entry.Save();
                }
            }
        }
    }
}