#!/bin/python3
import os
import sys
import logging
import requests
import json
import argparse

from subject import main

from lib import digest

logging.basicConfig(format='%(levelname)s\t- %(message)s')
logger = logging.getLogger()
logger.setLevel(logging.INFO)

state = main(sys.argv)

BASE_DIR = os.path.join(os.path.expanduser('~'), '.sio/')

#session file - document name - +/- -  role - permission
def aclDoc(args):
    parser = argparse.ArgumentParser()

    parser.add_argument("-k", '--key', nargs=1, help="Path to the key file")
    parser.add_argument("-r", '--repo', nargs=1, help="Address:Port of the repository")
    parser.add_argument("-v", '--verbose', help="Increase verbosity", action="store_true")

    parser.add_argument('session', nargs='?', default=None)
    parser.add_argument('name', nargs='?',default=None)
    parser.add_argument('change', nargs='?',default=None)
    parser.add_argument('role', nargs='?',default=None)
    parser.add_argument('permission', nargs='?',default=None)

    args = parser.parse_args()

    #Check number of arguments
    if not args.session or not args.role or not args.permission or not args.change or not args.name:
        logger.error("Need session file, document name, +/- , role and permission.")
        sys.exit(1)

    # Check for session file
    if (not os.path.isfile(BASE_DIR + args.session)):
        logger.error("File '" + args.session + "' not found.")
        sys.exit(1)

    # Get session file content
    with open(BASE_DIR + args.session, 'r') as f:
        args.session = json.load(f)

    # Get roles in session
    try:
        req = requests.get(f'http://{state['REP_ADDRESS']}/role/session/list', headers={'Authorization': args.session['token']})
        req.raise_for_status()
    except requests.exceptions.RequestException as errex:
        logger.error("Failed to obtain response from server.")
        sys.exit(-1)

    # Validate role name
    roles = req.json()
    if args.role not in roles.items():
        logger.error("Role does not exist.")
        sys.exit(1)

    # Check permission
    if args.permission not in ['ROLE_ACL', 'SUBJECT_NEW', 'SUBJECT_DOWN', 'SUBJECT_UP', 'DOC_NEW']:
        logger.error("Permission is not valid.")
        sys.exit(1)

    # Check change operation
    if args.change == '+':
        change = 'add'
    elif args.change == '-':
        change = 'remove'
    else:
        logger.error("Invalid change operation (+ or -).")
        sys.exit(1)

    document_handle = digest.get_hash(bytes(args.name, encoding='utf-8'))

    payload = {'document_handle' : document_handle, 'role' : args.role, 'perm' : args.permission, 'operation' : change}

    try:
        req = requests.post(f'http://{state['REP_ADDRESS']}/file/acl', 
                            json=json.dumps(payload),
                            headers={'Authorization': args.session['token']})
        req.raise_for_status()
    except requests.exceptions.RequestException as errex:
        logger.error("Failed to obtain response from server.")
        sys.exit(-1)

    # Operation success
    logger.info("ACL changed succesfully.")

if __name__ == '__main__':
    aclDoc(sys.argv[1:])