#!/usr/bin/perl -w -I/opt/eprints/perl_lib

######################################################################
#
#  This file is part of GNU EPrints 2.
#  
#  Copyright (c) 2000-2004 University of Southampton, UK. SO17 1BJ.
#  
#  EPrints 2 is free software; you can redistribute it and/or modify
#  it under the terms of the GNU General Public License as published by
#  the Free Software Foundation; either version 2 of the License, or
#  (at your option) any later version.
#  
#  EPrints 2 is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.
#  
#  You should have received a copy of the GNU General Public License
#  along with EPrints 2; if not, write to the Free Software
#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
#
######################################################################

=pod

=head1 NAME

B<import_permissions> - build the permissions index from ArchiveConfig

=head1 SYNOPSIS

B<import_permissions> I<repository_id> [B<options>]

=head1 DESCRIPTION

Import permissions into the permissions database using the configuration defined in the repository config.

=head1 ARGUMENTS

=over 8

=item I<repository_id> 

The ID of the EPrint repository to use.

=back

=head1 OPTIONS

=over 8

=item B<--help>

Print a brief help message and exit.

=item B<--man>

Print the full manual page and then exit.

=item B<--quiet>

Be vewwy vewwy quiet. This option will supress all output unless an error occurs.

=item B<--verbose>

Explain in detail what is going on.
May be repeated for greater effect.

=item B<--version>

Output version information and exit.

=item B<--nopurge>

Do not purge the existing records from the subject table before importing this file. Rather than do this, it's probably easier to export the current subjects as XML, then combine in your new file and reimport it.

=item B<--force>

Don't ask before making the changes.

=back   

=head1 AUTHOR

This is part of this EPrints 2 system. EPrints 2 is developed by Christopher Gutteridge.

=head1 VERSION

EPrints Version: eprints-2-cvs-2006-06-27

=head1 CONTACT

For more information goto B<http://www.eprints.org/> which give information on mailing lists and the like.

Chris Gutteridge may be contacted at B<support@eprints.org>

Should you need a real world address for some reason, EPrints can be contacted in the real world at

 EPrints c/o Christopher Gutteridge
 Department of Electronics and Computer Science
 University of Southampton
 SO17 1BJ
 United Kingdom

=head1 COPYRIGHT

This file is part of GNU EPrints 2.

Copyright (c) 2000-2004 University of Southampton, UK. SO17 1BJ.

EPrints 2 is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

EPrints 2 is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with EPrints 2; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA


=cut

use Getopt::Long;
use Pod::Usage;
use strict;

use EPrints;

my $xml = 0;
my $version = 0;
my $verbose = 0;
my $quiet = 0;
my $force = 0;
my $purge = 1;
my $help = 0;
my $man = 0;

GetOptions( 
	'help|?' => \$help,
	'man' => \$man,
	'force' => \$force , 
	'version' => \$version,
	'verbose+' => \$verbose,
	'silent' => \$quiet,
	'quiet' => \$quiet,
	'purge!' => \$purge
) || pod2usage( 2 );
EPrints::Utils::cmd_version( "import_permissions" ) if $version;
pod2usage( 1 ) if $help;
pod2usage( -exitstatus => 0, -verbose => 2 ) if $man;
pod2usage( 2 ) if( scalar @ARGV != 2 && scalar @ARGV != 1 ); 

my $noise = 1;
$noise = 0 if( $quiet );
$noise = 1+$verbose if( $verbose );

# Set STDOUT to auto flush (without needing a \n)
$|=1;

my $session = new EPrints::Session( 1, $ARGV[0], $noise );
exit( 1 ) unless defined $session;

my %MACROS = (
	'@subscription' => [qw( EDIT_USER_SUBSCRIPTIONS )],
	'@set_password' => [qw( EDIT_USER_PASSWORD )],
	'@deposit' => [qw( CREATE_EPRINT_INBOX DERIVE_EPRINT_CLONE DERIVE_EPRINT_VERSION EDIT_EPRINT_INBOX MOVE_EPRINT_INBOX_BUFFER REQUEST_EPRINT_DELETION )],
	'@change_email' => [qw( EDIT_USER_EMAIL )],
	'@change_user' => [qw( LOGIN_USER LOGOUT_USER EDIT_USER )],
	'@editor' => [qw( DELETE_EPRINT_INBOX DELETE_EPRINT_BUFFER DELETE_EPRINT_ARCHIVE DELETE_EPRINT_DELETION EDIT_EPRINT_INBOX EDIT_EPRINT_BUFFER EDIT_EPRINT_ARCHIVE EDIT_EPRINT_DELETION EDIT_EPRINT_INBOX_ALL EDIT_EPRINT_BUFFER_ALL EDIT_EPRINT_ARCHIVE_ALL EDIT_EPRINT_DELETION_ALL MOVE_EPRINT_INBOX_BUFFER MOVE_EPRINT_BUFFER_INBOX MOVE_EPRINT_BUFFER_ARCHIVE MOVE_EPRINT_ARCHIVE_BUFFER MOVE_EPRINT_ARCHIVE_DELETION MOVE_EPRINT_DELETION_ARCHIVE )],
	'@staff_view' => [qw( VIEW_EPRINT_ALL VIEW_EPRINT_FILES_ALL )],
	'@edit_subject' => [qw( EDIT_ARCHIVE_SUBJECTS )],
	'@edit_user' => [qw( DELETE_USER EDIT_USER_FULL )],
);
my %PRIVS = (
	'eprint.owner' => [qw( VIEW_EPRINT_INBOX VIEW_EPRINT_BUFFER VIEW_EPRINT_ARCHIVE VIEW_EPRINT_DELETION EDIT_EPRINT_INBOX MOVE_EPRINT_INBOX_BUFFER REQUEST_EPRINT_DELETION )],
	'user.owner' => [qw( EDIT_USER_SUBSCRIPTIONS VIEW_USER VIEW_USER_CONTRIBUTIONS LOGOUT_USER )],
	'anonymous' => [qw( LOGIN_USER REGISTER_USER VALIDATE_USER VIEW_PAGES_BROWSE VIEW_PAGES_STATIC )],
	'usertype.admin' => [qw( EDIT_ARCHIVE_PRIVILEGES )],
);

my $userauth = $session->get_repository->get_conf( "userauth" );
my $db = $session->get_database;

# Clear the existing tables
if( 0 and $purge ) {
	my $input;
	unless( $force ) {
		print "Purging existing permissions database\n";
		print "Continue (yes/no): ";
		$input = <STDIN>;
		chomp( $input );
		if( $input ne "yes" )
		{
			print "Leaving existing entries (some may be overwritten).\n\n";
		}
	}
	if( $force or $input eq "yes" ) {
		$db->do( "DELETE FROM user_groups" );
		$db->do( "DELETE FROM user_permissions" );
	}
}

# Add all the macros
while( my ($group, $privs) = each %MACROS ) {
	foreach my $priv (@$privs) {
		print "Giving $group $priv\n" if $noise >= 2;
		$db->add_roles( $priv, undef, undef, $group );
	}	
}

# Add all the default privileges
while( my ($role, $privs) = each %PRIVS ) {
	foreach my $priv (@$privs) {
		print "Giving $role $priv\n" if $noise >= 2;
		$db->add_roles( $priv, undef, undef, $role );
	}	
}

# Add all the user types
while( my ($type, $setup) = each %$userauth ) {
	my $privs = $setup->{ "priv" };
	$type = "usertype.$type";
	foreach my $priv (@$privs) {
		$priv = "\@$priv";
		print "Adding $type to $priv\n" if $noise >= 2;
		$db->add_roles( $priv, undef, undef, $type );
	}
}

$session->terminate();
print "Exiting normally.\n" if( $noise >= 2 );
exit;
