##############################################################################
#
# Copyright (c) 2002-2005 Nexedi SARL and Contributors. All Rights Reserved.
#                         Jean-Paul Smets-Solanes <jp@nexedi.com>
#                         Kevin Deldycke <kevin_AT_nexedi_DOT_com>
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsability of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# garantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
#
##############################################################################

from AccessControl import ClassSecurityInfo
from Products.CMFCore.utils import getToolByName
from Products.CMFCore.utils import _checkPermission
from Products.CMFCore.exceptions import AccessControl_Unauthorized
from Globals import PersistentMapping
from Acquisition import aq_base

#from Products.ERP5.Core.Node import Node

from Products.ERP5Type import Permissions, PropertySheet, Constraint, Interface
from Products.ERP5Type.Utils import assertAttributePortalType
from Products.ERP5Type.XMLObject import XMLObject

try:
  from Products import PluggableAuthService
  from Products.ERP5Security.ERP5UserManager import ERP5UserManager
except ImportError:
  PluggableAuthService = None

try:
  from AccessControl.AuthEncoding import pw_encrypt
except ImportError:
  pw_encrypt = lambda pw:pw

try:
  from AccessControl.AuthEncoding import pw_validate
except ImportError:
  pw_validate = lambda reference, attempt: reference == attempt
      

#class Person(Node, XMLObject):
class Person(XMLObject):
    """
      An Person object holds the information about
      an person (ex. you, me, someone in the company,
      someone outside of the company, a member of the portal,
      etc.).

      Person objects can contain Coordinate objects
      (ex. Telephone, Url) as well a documents of various types.

      Person objects can be synchronized accross multiple
      sites.

      Person objects inherit from the Node base class
      (one of the 5 base classes in the ERP5 universal business model)
    """

    meta_type = 'ERP5 Person'
    portal_type = 'Person'
    add_permission = Permissions.AddPortalContent
    isPortalContent = 1
    isRADContent = 1

    # Declarative security
    security = ClassSecurityInfo()
    security.declareObjectProtected(Permissions.AccessContentsInformation)

    # Declarative properties
    property_sheets = ( PropertySheet.Base
                      , PropertySheet.XMLObject
                      , PropertySheet.CategoryCore
                      , PropertySheet.DublinCore
                      , PropertySheet.Reference
                      , PropertySheet.Person
                      , PropertySheet.Login
                      , PropertySheet.Mapping
                      , PropertySheet.Task
                      )

    def _setTitle(self, value):
      """
        Here we see that we must define a notion
        of priority in the way fields are updated
      """
      if value != self.getTitle():
        self.title = value

    security.declareProtected(Permissions.AccessContentsInformation,
                              'getTitle')
    def getTitle(self, **kw):
      """
        Returns the title if it exists or a combination of
        first name and last name
      """
      if self.title == '':
        name_list = []
        if self.getFirstName() not in (None, ''):
          name_list.append(self.getFirstName())
        if self.getMiddleName() not in (None, ''):
          name_list.append(self.getMiddleName())
        if self.getLastName() not in (None, ''):
          name_list.append(self.getLastName())
        return ' '.join(name_list)
      else:
        return self.title

    security.declareProtected(Permissions.AccessContentsInformation,
                              'title_or_id')
    def title_or_id(self):
      return self.getTitleOrId()

    def _setFirstName(self, value):
      """
        Update Title if first_name is modified
      """
      self._baseSetFirstName(value)
      name_list = []
      if self.getFirstName(): name_list.append(self.getFirstName())
      if self.getLastName(): name_list.append(self.getLastName())
      if name_list: self._setTitle(' '.join(name_list))

    def _setLastName(self, value):
      """
        Update Title if last_name is modified
      """
      self._baseSetLastName(value)
      name_list = []
      if self.getFirstName(): name_list.append(self.getFirstName())
      if self.getLastName(): name_list.append(self.getLastName())
      if name_list: self._setTitle(' '.join(name_list))

    security.declareProtected('Manage users', 'setReference')
    def setReference(self, value):
      """
        Set the user id. This method is defined explicitly, because:

        - we want to apply a different permission

        - we want to prevent duplicated user ids, but only when
          PAS _AND_ ERP5UserManager are used
      """
      if value:
        acl_users = getToolByName(self, 'acl_users')
        if PluggableAuthService is not None and isinstance(acl_users,
              PluggableAuthService.PluggableAuthService.PluggableAuthService):
          plugin_list = acl_users.plugins.listPlugins(
              PluggableAuthService.interfaces.plugins.IUserEnumerationPlugin)
          for plugin_name, plugin_value in plugin_list:
            if isinstance(plugin_value, ERP5UserManager):
              user_list = acl_users.searchUsers(id=value,
                                                exact_match=True)
              if len(user_list) > 0:
                raise RuntimeError, 'user id %s already exist' % (value,)
              break
      self._setReference(value)
      self.reindexObject()
      # invalid the cache for ERP5Security
      portal_caches = getToolByName(self.getPortalObject(), 'portal_caches')
      portal_caches.clearCache(cache_factory_list=('erp5_content_short', ))

    security.declareProtected(Permissions.SetOwnPassword, 'checkPassword')
    def checkPassword(self, value) :
      """
        Check the password, usefull when changing password
      """      
      if value is not None :
        return pw_validate(self.getPassword(), value)
      return False

    def _setEncodedPassword(self, value, format='default'):
      password = getattr(aq_base(self), 'password', None)
      if password is None:
        password = self.password = PersistentMapping()
      self.password[format] = value

    security.declarePublic('setPassword')
    def setEncodedPassword(self, value, format='default'):
      """
        Set an already encoded password.
      """
      if not _checkPermission(Permissions.SetOwnPassword, self):
        raise AccessControl_Unauthorized('setEncodedPassword')
      self._setEncodedPassword(value, format=format)
      self.reindexObject()

    def _setPassword(self, value):
      self.password = PersistentMapping()
      self._setEncodedPassword(pw_encrypt(value))

    security.declarePublic('setPassword')
    def setPassword(self, value) :
      """
        Set the password, only if the password is not empty.
      """
      if value is not None:
        if not _checkPermission(Permissions.SetOwnPassword, self):
          raise AccessControl_Unauthorized('setPassword')
        self._setPassword(value)
        self.reindexObject()

    security.declareProtected(Permissions.AccessContentsInformation, 'getPassword')
    def getPassword(self, *args, **kw):
      """
        Retrieve password in desired format.

        getPassword([default], [format='default'])

        default (anything)
          Value to return if no passord is set on context.
          Default: None
        format (string)
          String defining the format in which the password is expected.
          If passowrd is not available in that format, KeyError will be
          raised.
          Default: 'default'
      """
      marker = []
      password = getattr(aq_base(self), 'password', marker)
      if password is marker:
        if len(args):
          password = args[0]
        else:
          password = None
      else:
        format = kw.get('format', 'default')
        # Backward compatibility: if it's not a PersistentMapping instance,
        # assume it's a monovalued string, which corresponds to default
        # password encoding.
        if isinstance(password, PersistentMapping):
          password = password.get(format, marker)
          if password is marker:
            if len(args):
              password = args[0]
            else:
              password = None
        else:
          if format != 'default':
            password = None
      return password

    # Time management
    security.declareProtected(Permissions.AccessContentsInformation, 
                              'getAvailableTime')
    def getAvailableTime(self, *args, **kw):
      """
      Calculate available time for a person

      See SimulationTool.getAvailableTime
      """
      assignment_list = self.contentValues(portal_type='Assignment')
      calendar_uid_list = []
      for assignment in assignment_list:
        calendar_uid_list.extend(assignment.getCalendarUidList())
      kw['node'] = [self.getUid()] + calendar_uid_list

      portal_simulation = getToolByName(self, 'portal_simulation')
      return portal_simulation.getAvailableTime(*args, **kw)

    security.declareProtected(Permissions.AccessContentsInformation, 
                              'getAvailableTimeSequence')
    def getAvailableTimeSequence(self, *args, **kw):
      """
      Calculate available time for a person in a sequence
      
      See SimulationTool.getAvailableTimeSequence
      """
      assignment_list = self.contentValues(portal_type='Assignment')
      calendar_uid_list = []
      for assignment in assignment_list:
        calendar_uid_list.extend(assignment.getCalendarUidList())
      kw['node'] = [self.getUid()] + calendar_uid_list

      portal_simulation = getToolByName(self, 'portal_simulation')
      return portal_simulation.getAvailableTimeSequence(*args, **kw)

    # Notifiation API
    security.declareProtected(Permissions.AccessContentsInformation, 
                              'notifyMessage')
    def notifyMessage(self, message):
      """
      This method can only be called with proxy roles.

      A per user preference allows for deciding how to be notified.
      - by email
      - by SMS (if meaningful)
      - daily
      - weekly
      - instantly

      notification is handled as an activity
      """