<?php
/**
 * Copyright 2026, Dreytac <dreytac@hobbyhome.net>
 * 
 * This file is part of Kirby Permissions.
 *
 * Kirby Permissions is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License version 3 as published by the Free Software Foundation.
 *
 * Kirby Permissions is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License along with Kirby Permissions. If not, see <https://www.gnu.org/licenses/>. 
 */

Kirby::plugin(
	name: "hobbyhome/permissions",
	extends: [
		"options" => [
			"excludeAdmin" => true,
			"inherit" => true,
		],
		"blueprints" => [
			"fields/permission-user" => __DIR__ . "/blueprints/fields/permission-user.yml",
			"fields/permission-access" => __DIR__ . "/blueprints/fields/permission-access.yml",
		],
		"hooks" => [
			"page.render:before" => function ($contentType, $data, $page) {
				if (!$page->hasPerm()) {
					go(site()->errorPage(), 403);
				}

				return $data;
			},
			"permissions.page:check" => function ($permission, $page, $field = "permissionAccess", $inherit = null) {
				$permission = hasPerm($page, $field);

				if ($permission) {
					if (is_null($inherit)) {
						$inherit = option("hobbyhome.permissions.inherit");
					}

					if ($inherit) {
						// We're inheriting permissions.
						// Ensure user has access to parent pages.
						foreach ($page->parents() as $parent) {
							if (!hasPerm($parent, $field)) {
								$permission = false;
								break;
							}
						}
					}
				}

				return $permission;
			}
		],
		"pageMethods" => [
			"hasPerm" => function ($field = "permissionAccess", $inherit = null) {
				$permission = false;

				return kirby()->apply("permissions.page:check", ["permission" => $permission, "page" => $this, "field" => $field, "inherit" => $inherit], "permission");
			},
		],
		"siteMethods" => [
			"getPermissionTags" => function() {
				$userPermissions = kirby()->users()->pluck("permissionUser", ",", true);
				$accessPermissions = $this->index(true)->pluck("permissionAccess", ",", true);

				$availablePermissions = A::merge($userPermissions, $accessPermissions);

				return $availablePermissions;
			},
		],
	],
	info: [
		"authors" => [[
			"name" => "Dreytac",
			"email" => "dreytac@hobbyhome.net",
			"homepage" => "https://hobbyhome.net",
		]],
		"license" => "AGPL-3.0-only",
		"version" => "1.0.0",
	],
);

/**
 * Check if a user has the permission set on $object->$field().
 */
function hasPerm($object, $field = "permissionAccess") {
	$hasPerm = false;

	if ($object->$field()->isEmpty()) {
		// Permission is not restricted.
		$hasPerm = true;
	} elseif ($user = kirby()->user()) {
		if (option("hobbyhome.permissions.excludeAdmin") and $user->role()->isAdmin()) {
			// User is an admin and excluded from permission checks.
			$hasPerm = true;
		} else {
			// Get user permissions.
			$userPermissions = $user->permissionUser()->split();

			// Get object permissions.
			$objectPermissions = $object->$field()->split();

			// Check if at least one object permission is in the list of user permissions.
			foreach ($objectPermissions as $permission) {
				if (A::has($userPermissions, $permission, true)) {
					$hasPerm = true;
					break;
				}
			}
		}
	}

	return $hasPerm;
}