from repoze.decsec.interfaces import Everyone
from repoze.decsec.interfaces import Authenticated
from repoze.decsec.interfaces import Allow
from repoze.decsec.interfaces import Deny

def initialize(global_conf, middleware):
    """ Hook point: hook.initialize """
    pass

users = {
    'chrism@agendaless.com':'chris',
    'paul@agendaless.com':'paul',
    'tseaver@agendaless.com':'tres',
    }

groups = {
    'cynics':['chris'],
    'agendaless':['chris', 'paul', 'tres'],
    }

class Place:
    def __init__(self, path, protected_by, acl):
        self.path = path
        self.protected_by = protected_by
        self.acl = acl

permissions = [ 'read', 'write' ]
any = permissions

def ACE(action, principal, permission):
    return {'action':action, 'principal':principal, 'permission':permission}

allow_cynics_to_any = ACE(Allow, 'cynics', any)
allow_agendaless_to_any = ACE(Allow, 'agendaless',  any)
allow_authenticated_to_write = ACE(Allow, Authenticated, 'write')
allow_everyone_to_read = ACE(Allow, Everyone, 'read')

places = [
    Place('/cynics', 'write', [allow_cynics_to_any]),
    Place('/authenticated', 'write', [allow_authenticated_to_write]),
    Place('/', 'read', [allow_agendaless_to_any, allow_everyone_to_read]),
    ]
    
def before_check(environ):
    pass

def request_principals(environ):
    userid = users.get(environ.get('REMOTE_USER'))
    if userid is None:
        return []
    result = [userid]
    for groupname, members in groups.items():
        if userid in members:
            result.append(groupname)
    return result

def request_acl(environ):
    path = environ['PATH_INFO']
    for place in places:
        if path.startswith(place.path):
            return place.acl
    return [{'action':Deny, 'principal':Everyone, 'permission':any}]

def request_permission(environ):
    path = environ['PATH_INFO']
    for place in places:
        if path.startswith(place.path):
            return place.protected_by
        
def after_check(environ):
    pass