<?php

class SyncUsers {

	private $_fromStorage;
	private $_toStorage;
	private $_errors = array();

	public function __construct($fromStorage, $toStorage) {
		$this->_fromStorage = $fromStorage;
		$this->_toStorage = $toStorage;
	}

	/**
	 * Sync user.
	 * 
	 * @return bool or -int if error @see getSyncUserErrorMsg($errCode);
	 */
	public function syncUser($usrLogin) {
		$syncGroups = true;
		$syncDisabled = true;
		$usrFrom = $this->_fromStorage->getUser($usrLogin);
		$usrTo = $this->_toStorage->getUser($usrLogin);
		$usrFromDisabled = null;
		$usrToDisabeld = null;
		if (!$usrFrom) throw new Exception("Użytkownik '{$usrLogin}' nie istnieje w bazie danych");

		DBG::_('DBG_SU', true, 'usrFrom', $usrFrom, __CLASS__, __FUNCTION__, __LINE__);
		DBG::_('DBG_SU', true, 'usrTo', $usrTo, __CLASS__, __FUNCTION__, __LINE__);

		$usrFromDisabled = $this->_fromStorage->isDisabled($usrFrom);
		if (!$usrTo && true === $usrFromDisabled) {
			throw new Exception("Użytkownik '{$usrLogin}' nie istnieje w bazie LDAP. Jest zablokowany bazie danych, więc nie ma potrzeby tworzenia go w bazie LDAP.");
		}

		if (!$usrTo) {
			$this->_toStorage->createUser($usrFrom);
			$usrTo = $this->_toStorage->getUser($usrLogin);
			if (!$usrTo) throw new Exception("Nie udało się utworzyć użytkownika '{$usrLogin}' w bazie LDAP");
			$this->syncExistingUser($usrLogin, $usrFrom, $usrTo);
		}
		else if (true !== $usrFromDisabled) {
			$this->syncExistingUser($usrLogin, $usrFrom, $usrTo);
		}

		{// $syncDisabled
			$usrTo = $this->_toStorage->getUser($usrLogin);
			if (!$usrTo) throw new Exception("Użytkownik '{$usrLogin}' nie istnieje w bazie LDAP");

			$usrToDisabeld = $this->_toStorage->isDisabled($usrTo);
			if (null === $usrFromDisabled) throw new Exception("Nieznany status blokady dla użytkownika '{$usrLogin}' w bazie danych");
			if (null === $usrToDisabeld) throw new Exception("Nieznany status blokady dla użytkownika '{$usrLogin}' w bazie LDAP");

			if ($usrFromDisabled !== $usrToDisabeld) {
				if (!$this->_toStorage->setDisabled($usrLogin, $usrFromDisabled)) {
					throw new Exception("Nie udało się ustawić statusu blokady dla użytkownika '{$usrLogin}'");
				}
			}
		}

		{// $syncGroups
			$groupsFrom = $this->_fromStorage->getUserGroups($usrLogin);
			$groupsTo = $this->_toStorage->getUserGroups($usrLogin);
			$groupsTodo = $this->getSyncUserGroupsTodoList($usrLogin);
			DBG::_('DBG_SU', '>0', 'groupsTodo', $groupsTodo, __CLASS__, __FUNCTION__, __LINE__);
			DBG::_('DBG_SU', '>0', 'groupsFrom', $groupsFrom, __CLASS__, __FUNCTION__, __LINE__);
			DBG::_('DBG_SU', '>0', 'groupsTo', $groupsTo, __CLASS__, __FUNCTION__, __LINE__);

			if (!empty($groupsTodo)) {
				foreach ($groupsTodo as $kGroupID => $vBool) {
					if ($vBool) {
						$this->_toStorage->addUserGroup($usrLogin, $groupsFrom[$kGroupID]);
					}
					else {
						$this->_toStorage->removeUserGroup($usrLogin, $groupsTo[$kGroupID]);
					}
				}
			}
		}

		{// clean up members by apple-generateduid
			$groupsTo = $this->_toStorage->getGroupsByUserUid($usrLogin);
			$groupsTodo = $this->getCleanupSyncUserGroupsByUidTodoList($usrLogin);
			DBG::_('DBG_SU', '>0', "groupsTodo Cleanup member uid's usrFromDisabeld(" . (($usrFromDisabled)? 'true' : 'false') . ")", $groupsTodo, __CLASS__, __FUNCTION__, __LINE__);

			if (!empty($groupsTodo)) {
				foreach ($groupsTodo as $kGroupID => $vBool) {
					if ($vBool) {
						//$syncTodoList[] = "Dodaj '{$usrLogin}' do grupy {$kGroupID}";
					}
					else {
						$this->_toStorage->removeUserUidFromGroup($usrLogin, $groupsTo[$kGroupID]);
					}
				}
			}
		}

		$this->_fromStorage->setSyncUserDate($usrLogin);
		$this->_toStorage->setSyncUserDate($usrLogin);

		if ($this->hasErrors()) {
			return false;
		}
		return true;
	}

	public function forceSyncUserAliasList($usrLogin) {
		$usrFrom = $this->_fromStorage->getUser($usrLogin);
		$usrTo = $this->_toStorage->getUser($usrLogin);
		if (!$usrFrom) throw new Exception("Użytkownik '{$usrLogin}' nie istnieje w bazie danych");
		if (!$usrTo) throw new Exception("Użytkownik '{$usrLogin}' nie istnieje w bazie LDAP");

		DBG::_('DBG_SU', true, 'usrFrom', $usrFrom, __CLASS__, __FUNCTION__, __LINE__);
		DBG::_('DBG_SU', true, 'usrTo', $usrTo, __CLASS__, __FUNCTION__, __LINE__);
		$this->_toStorage->forceReplaceAliasList($usrLogin, $usrFrom->aliasesList);
		return true;
	}

	public function syncExistingUser($usrLogin, ObjectUser $usrFrom, ObjectUser $usrTo) {
		if (!$usrFrom) return false;
		if (!$usrTo) return false;

		$updateData = array();
		if ($usrFrom->name != $usrTo->name) $updateData['name'] = $usrFrom->name;
		{// check aliasesList
			$diffFromTo = array_diff($usrFrom->aliasesList, $usrTo->aliasesList);
			$diffToFrom = array_diff($usrTo->aliasesList, $usrFrom->aliasesList);
			if (!empty($diffFromTo) || !empty($diffToFrom)) {
				$updateData['aliasesList'] = array();
				$updateData['aliasesList']['add'] = $diffFromTo;
				$updateData['aliasesList']['remove'] = $diffToFrom;
			}
		}
		if ($usrFrom->phone != $usrTo->phone) $updateData['phone'] = $usrFrom->phone;
		if ($usrFrom->homeEmail != $usrTo->homeEmail) $updateData['homeEmail'] = $usrFrom->homeEmail;
		if ($usrFrom->homePhone != $usrTo->homePhone) $updateData['homePhone'] = $usrFrom->homePhone;
		if ($usrFrom->employeeType != $usrTo->employeeType) $updateData['employeeType'] = $usrFrom->employeeType;

		if ($this->_fromStorage->isPasswordChanged($usrLogin)) $updateData['password'] = $usrFrom->password;

		$updated = $this->_toStorage->updateUser($usrLogin, $updateData);
		if (!$updated) {
			$errors = $this->_toStorage->getRawErrorsList();
			foreach ($errors as $vErr) {
				$this->setError($vErr->code, $vErr->msg, $vErr->dbgMsg);
			}
			throw new Exception("TODO: update user {$usrLogin} from Database to Ldap");
		}
	}

	public function getSyncUserTodoList($usrLogin) {
		$syncGroups = true;
		$syncDisabled = true;
		$syncTodoList = array();
		$usrFrom = $this->_fromStorage->getUser($usrLogin);
		$usrTo = $this->_toStorage->getUser($usrLogin);
		DBG::_('DBG_SU', true, 'usrFrom', ($usrFrom)? $usrFrom->exportData() : null, __CLASS__, __FUNCTION__, __LINE__);
		DBG::_('DBG_SU', true, 'usrTo', ($usrTo)? $usrTo->exportData() : null, __CLASS__, __FUNCTION__, __LINE__);

		if (!$usrFrom) {
			$syncTodoList[] = "Użytkownik {$usrLogin} nie istnieje w bazie danych";
			return $syncTodoList;
		}
		$usrFromDisabled = $this->_fromStorage->isDisabled($usrFrom);

		if (!$usrTo && true === $usrFromDisabled) {
			throw new Exception("Użytkownik '{$usrLogin}' nie istnieje w bazie LDAP. Jest zablokowany bazie danych, więc nie ma potrzeby tworzenia go w bazie LDAP.");
		}

		if (!$usrTo) {
			$syncDisabled = false;
			$syncTodoList[] = "Utwórz użytkownika '{$usrLogin}' w bazie LDAP";
		}
		else if (true !== $usrFromDisabled) {
			//throw new Exception("Użytkownik '{$usrLogin}' jest zablokowany bazie danych, więc nie ma potrzeby aktualizacji jego danych w bazie LDAP.");
			$updateData = array();
			if ($usrFrom->name != $usrTo->name) $updateData['name'] = $usrFrom->name;
			//if ($usrFrom->email != $usrTo->email) $updateData['email'] = $usrFrom->email;
			{// check aliasesList
				$diffFromTo = array_diff($usrFrom->aliasesList, $usrTo->aliasesList);
				$diffToFrom = array_diff($usrTo->aliasesList, $usrFrom->aliasesList);
				DBG::_('DBG_SU', '>2', "aliasesList: from:", $usrFrom->aliasesList, __CLASS__, __FUNCTION__, __LINE__);
				DBG::_('DBG_SU', '>2', "aliasesList: to:", $usrTo->aliasesList, __CLASS__, __FUNCTION__, __LINE__);
				DBG::_('DBG_SU', '>2', "aliasesList: diff from,to:", $diffFromTo, __CLASS__, __FUNCTION__, __LINE__);
				DBG::_('DBG_SU', '>2', "aliasesList: diff to,from:", $diffToFrom, __CLASS__, __FUNCTION__, __LINE__);
				if (!empty($diffFromTo) || !empty($diffToFrom)) {
					$updateData['aliasy'] = array();
					if (!empty($diffFromTo)) $updateData['aliasy'][] = "dodaj (" . implode(", ", $diffFromTo) . ")";
					if (!empty($diffToFrom)) $updateData['aliasy'][] = "usuń (" . implode(", ", $diffToFrom) . ")";
					$updateData['aliasy'] = implode(" / ", $updateData['aliasy']);
				}
				DBG::_('DBG_SU', '>2', "aliasesList: updateData:", $updateData['aliasesList'], __CLASS__, __FUNCTION__, __LINE__);
			}
			if ($usrFrom->phone != $usrTo->phone) $updateData['phone'] = $usrFrom->phone;
			if ($usrFrom->homeEmail != $usrTo->homeEmail) $updateData['homeEmail'] = $usrFrom->homeEmail;
			if ($usrFrom->homePhone != $usrTo->homePhone) $updateData['homePhone'] = $usrFrom->homePhone;
			if ($usrFrom->employeeType != $usrTo->employeeType) $updateData['employeeType'] = $usrFrom->employeeType;
			if ($this->_fromStorage->isPasswordChanged($usrLogin)) $updateData['password'] = '*****';

			foreach ($updateData as $key => $val) {
				$syncTodoList[] = "Aktualizuj {$key}: {$val}";
			}
		}

		if ($syncDisabled && $usrTo && $usrFrom) {
			$usrToDisabeld = $this->_toStorage->isDisabled($usrTo);

			if ($usrFromDisabled === null || $usrToDisabeld === null) {
				$syncTodoList[] = "Status blokady '{$usrLogin}' nieznany w bazie danych lub LDAP";
				return $syncTodoList;
			}

			if ($usrFromDisabled !== $usrToDisabeld) {
				$syncTodoList[] = "Ustawienie statusu blokady '{$usrLogin}' na '" . (($usrFromDisabled)? 'true' : 'false') . "'";
			}
		}

		{// $syncGroups
			$groupsTodo = $this->getSyncUserGroupsTodoList($usrLogin);
			DBG::_('DBG_SU', '>0', "groupsTodo usrFromDisabeld(" . (($usrFromDisabled)? 'true' : 'false') . ")", $groupsTodo, __CLASS__, __FUNCTION__, __LINE__);

			if (!empty($groupsTodo)) {
				foreach ($groupsTodo as $kGroupID => $vBool) {
					if ($vBool) {
						$syncTodoList[] = "Dodaj '{$usrLogin}' do grupy {$kGroupID}";
					}
					else {
						$syncTodoList[] = "Usuń '{$usrLogin}' z grupy {$kGroupID}";
					}
				}
			}
		}

		{// clean up members by apple-generateduid
			$groupsTodo = $this->getCleanupSyncUserGroupsByUidTodoList($usrLogin);
			DBG::_('DBG_SU', '>0', "groupsTodo Cleanup member uid's usrFromDisabeld(" . (($usrFromDisabled)? 'true' : 'false') . ")", $groupsTodo, __CLASS__, __FUNCTION__, __LINE__);

			if (!empty($groupsTodo)) {
				foreach ($groupsTodo as $kGroupID => $vBool) {
					if ($vBool) {
						//$syncTodoList[] = "Dodaj '{$usrLogin}' do grupy {$kGroupID}";
					}
					else {
						$syncTodoList[] = "Usuń `uid` usera '{$usrLogin}' z grupy {$kGroupID}";
					}
				}
			}
		}
		return $syncTodoList;
	}

	/**
	 * @returns array $groupsTodo - groups todo list:
	 *   'com.apple.access_mail' => true - add to this group
	 *   'com.apple.access_mail' => false - remove from this group
	 */
	public function getSyncUserGroupsTodoList($usrLogin) {
		$groupsTodo = array();// `guid` => true (add), false (remove)
		$usrFrom = $this->_fromStorage->getUser($usrLogin);
		$usrFromDisabled = $this->_fromStorage->isDisabled($usrFrom);
		$groupsFrom = $this->_fromStorage->getUserGroups($usrLogin);
		$groupsTo = $this->_toStorage->getUserGroups($usrLogin);
		foreach ($groupsTo as $kUid => $vName) {
			$groupsTodo[$kUid] = false;
		}

		if (true === $usrFromDisabled) {
			// remove all groups
		} else {
			foreach ($groupsFrom as $kUid => $vGroup) {
				if (isset($groupsTodo[$kUid])) {
					unset($groupsTodo[$kUid]);
				} else {
					$groupsTodo[$kUid] = true;
				}
			}
		}
		return $groupsTodo;
	}

	public function getCleanupSyncUserGroupsByUidTodoList($usrLogin) {
		$groupsTodo = array();// `guid` => true (add), false (remove)
		$groupsTo = $this->_toStorage->getGroupsByUserUid($usrLogin);
		DBG::_('DBG_SU', '>0', "CleanupAppleMemberUidTodoList user groups by apple-generateduid({$usrAppleUid})", $userGroupsLdap, __CLASS__, __FUNCTION__, __LINE__);

		$usrFrom = $this->_fromStorage->getUser($usrLogin);
		$usrFromDisabled = $this->_fromStorage->isDisabled($usrFrom);
		$groupsFrom = $this->_fromStorage->getUserGroups($usrLogin);
		foreach ($groupsTo as $kUid => $vName) {
			$groupsTodo[$kUid] = false;
		}

		if (true === $usrFromDisabled) {
			// remove all groups
		} else {
			foreach ($groupsFrom as $kUid => $vGroup) {
				if (isset($groupsTodo[$kUid])) {
					unset($groupsTodo[$kUid]);
				} else {
					$groupsTodo[$kUid] = true;
				}
			}
		}
		DBG::_('DBG_SU', '>0', "CleanupAppleMemberUidTodoList groupsTodo apple-generateduid({$usrAppleUid})", $groupsTodo, __CLASS__, __FUNCTION__, __LINE__);
		return $groupsTodo;
	}

	public function getSyncGroupTodoList($idGroup, $syncNestedGroups = false) {
		$syncTodoList = array();
		$groupFrom = $this->_fromStorage->getGroup($idGroup);
		$groupTo = $this->_toStorage->getGroup($idGroup);

		if (!$groupFrom) {
			$syncTodoList[] = "Grupa {$idGroup} nie istnieje w bazie danych";
			return $syncTodoList;
		}
		if (!$groupTo) {
			$syncTodoList[] = "Utwórz grupę {$idGroup} w bazie LDAP";
			return $syncTodoList;
		}
		$updateData = array();
		if (empty($groupTo->realName) && $groupFrom->realName != $groupTo->realName) {
			$updateData['realName'] = $groupFrom->realName;
		}
		foreach ($updateData as $key => $val) {
			$syncTodoList[] = "Aktualizuj {$key}: {$val}";
		}

		if ($syncNestedGroups) {
			if (!empty($groupTo->nestedGroups) || !empty($groupFrom->nestedGroups)) {
				$groupsTodo = array();
				if (!empty($groupTo->nestedGroups)) {
					foreach ($groupTo->nestedGroups as $kUid => $vGroup) {
						$groupsTodo[$kUid] = false;
					}
				}
				if (!empty($groupFrom->nestedGroups)) {
					foreach ($groupFrom->nestedGroups as $kUid => $vGroup) {
						if (isset($groupsTodo[$kUid])) {
							unset($groupsTodo[$kUid]);
						} else {
							$groupsTodo[$kUid] = true;
						}
					}
				}

				if (!empty($groupsTodo)) {
					foreach ($groupsTodo as $kIdGroup => $vBool) {
						if ($vBool) {
							$syncTodoList[] = "Dodaj grupę '{$kIdGroup}' do grupy '{$idGroup}' w bazie LDAP";
						}
						else {
							$syncTodoList[] = "Usuń grupę '{$kIdGroup}' z grupy '{$idGroup}' w bazie LDAP";
						}
					}
				}
			}

			$fromParentGroups = $groupFrom->getParentGroups();
			$toParentGroups = $groupTo->getParentGroups();

			{
				$groupsTodo = array();
				if (!empty($toParentGroups)) {
					foreach ($toParentGroups as $kUid => $vGroup) {
						$groupsTodo[$kUid] = false;
					}
				}
				if (!empty($fromParentGroups)) {
					foreach ($fromParentGroups as $kUid => $vGroup) {
						if (isset($groupsTodo[$kUid])) {
							unset($groupsTodo[$kUid]);
						} else {
							$groupsTodo[$kUid] = true;
						}
					}
				}

				if (!empty($groupsTodo)) {
					foreach ($groupsTodo as $kIdGroup => $vBool) {
						if ($vBool) {
							$syncTodoList[] = "Dodaj grupę nadrzędną '{$kIdGroup}' do grupy '{$idGroup}' w bazie LDAP";// == add $idGroup to $kIdGroup
						}
						else {
							$groupTest = $this->_fromStorage->getGroup($kIdGroup);
							if ($groupTest) {
								$syncTodoList[] = "Usuń grupę nadrzędną '{$kIdGroup}' z grupy '{$idGroup}' w bazie LDAP";// == remove $idGroup from $kIdGroup
							} else {
								//$syncTodoList[] = "Keep parent group '{$kIdGroup}' in group '{$idGroup}' in toStorage, because that group dont exists in fromStorage";
							}
						}
					}
				}
			}
		}

		return $syncTodoList;
	}

	/**
	 * Sync user.
	 * 
	 * @return bool or -int if error @see getSyncUserErrorMsg($errCode);
	 */
	public function syncGroup($idGroup, $syncNestedGroups = false) {
		$groupFrom = $this->_fromStorage->getGroup($idGroup);
		$groupTo = $this->_toStorage->getGroup($idGroup);

		DBG::_('DBG_SU', '>0', 'groupFrom', $groupFrom, __CLASS__, __FUNCTION__, __LINE__);
		DBG::_('DBG_SU', '>0', 'groupTo', $groupTo, __CLASS__, __FUNCTION__, __LINE__);

		if (!$groupFrom) throw new Exception("Grupa [{$idGroup}] nie istnieje w bazie danych");
		if (!$groupTo) {

			$this->_toStorage->createGroup($groupFrom);

			$groupTo = $this->_toStorage->getGroup($idGroup);
			if (!$groupTo) throw new Exception("Nie udało się utworzyć grupy [{$idGroup}] w bazie LDAP");
			$this->syncExistingGroup($idGroup, $groupFrom, $groupTo, $syncNestedGroups);
		}
		else {// $groupFrom && $groupTo
			$this->syncExistingGroup($idGroup, $groupFrom, $groupTo, $syncNestedGroups);
		}

		$this->_fromStorage->setSyncGroupDate($idGroup);
		$this->_toStorage->setSyncGroupDate($idGroup);

		return true;
	}

	public function syncExistingGroup($groupID, ObjectGroup $groupFrom, ObjectGroup $groupTo, $syncNestedGroups = false) {
		if (!$groupFrom) throw new Exception("Nie podano grupy z bazy danych!");
		if (!$groupTo) throw new Exception("Nie podano grupy z bazy LDAP!");

		$updateData = array();
		if (empty($groupTo->realName) && $groupFrom->realName != $groupTo->realName) {
			$updateData['realName'] = $groupFrom->realName;
		}

		//if ($groupFrom->employeeType != $groupTo->employeeType) $updateData['employeeType'] = $groupFrom->employeeType;
		$updated = $this->_toStorage->updateGroup($groupTo, $updateData);
		if (!$updated) {
			$errors = $this->_toStorage->getRawErrorsList();
			foreach ($errors as $vErr) {
				$this->setError($vErr->code, $vErr->msg, $vErr->dbgMsg);
			}
			throw new Exception("TODO: update group [{$groupID}] from fromStorage to toStorage");
		}

		if ($syncNestedGroups) {
			$synced = $this->syncNestedGroups($groupID, $groupFrom, $groupTo);
			if (!$synced) {
				$this->setError(1, "Error: sync nested groups for group '{$groupID}' from fromStorage to toStorage", '(' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . ')');
				return false;
			}
			$synced = $this->syncParentGroups($groupID, $groupFrom, $groupTo);
			if (!$synced) {
				$this->setError(1, "Error: sync parent groups for group '{$groupID}' from fromStorage to toStorage", '(' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . ')');
				return false;
			}
		}
		return true;
	}

	public function syncNestedGroups($groupID, $groupFrom = null, $groupTo = null) {
		if (!$groupFrom) $groupFrom = $this->_fromStorage->getGroup($groupID);
		if (!$groupTo) $groupTo = $this->_toStorage->getGroup($groupID);

		DBG::_('DBG_SU', '>0', "groupFrom (hasNestedGroups:" . (!empty($groupFrom->nestedGroups)) . ")", $groupFrom, __CLASS__, __FUNCTION__, __LINE__);
		DBG::_('DBG_SU', '>0', "groupTo (hasNestedGroups:" . (!empty($groupTo->nestedGroups)) . ")", $groupTo, __CLASS__, __FUNCTION__, __LINE__);

		if (empty($groupFrom->nestedGroups) && empty($groupTo->nestedGroups)) {
			// nothing to do
			return true;
		}
		else {
			/*
					[nestedGroups] => Array(
							[2981] => stdClass Object(
									[primaryKey] => 2981
									[type] => STANOWISKO
									[realName] => [2981] Kierownik ds. Rozwoju Biznesu
									[zasobID] => 2981
									[zasobDESC] => Kierownik ds. Rozwoju Biznesu
			*/
			/**
			 * $groupsTodo - groups todo list:
			 *   'com.apple.access_mail' => true - add to this group
			 *   'com.apple.access_mail' => false - remove from this group
			 */
			$groupsTodo = array();
			if (!empty($groupTo->nestedGroups)) {
				foreach ($groupTo->nestedGroups as $kUid => $vGroup) {
					$groupsTodo[$kUid] = false;
				}
			}
			if (!empty($groupFrom->nestedGroups)) {
				foreach ($groupFrom->nestedGroups as $kUid => $vGroup) {
					if (isset($groupsTodo[$kUid])) {
						unset($groupsTodo[$kUid]);
					} else {
						$groupsTodo[$kUid] = true;
					}
				}
			}
			DBG::_('DBG_SU', '>0', "groupsTodo", $groupsTodo, __CLASS__, __FUNCTION__, __LINE__);

			if (!empty($groupsTodo)) {
				foreach ($groupsTodo as $kGroupID => $vBool) {
					if ($vBool) {
						$this->_toStorage->addNestedGroup($groupID, $kGroupID);
					}
					else {
						$this->_toStorage->removeNestedGroup($groupID, $kGroupID);
					}
				}
			}
		}

		if ($this->hasErrors()) {
			return false;
		}
		return true;
	}

	public function syncParentGroups($groupID, $groupFrom = null, $groupTo = null) {
		if (!$groupFrom) $groupFrom = $this->_fromStorage->getGroup($groupID);
		if (!$groupTo) $groupTo = $this->_toStorage->getGroup($groupID);

		DBG::_('DBG_SU', '>0', "groupFrom (hasNestedGroups:" . (!empty($groupFrom->nestedGroups)) . ")", $groupFrom, __CLASS__, __FUNCTION__, __LINE__);
		DBG::_('DBG_SU', '>0', "groupTo (hasNestedGroups:" . (!empty($groupTo->nestedGroups)) . ")", $groupTo, __CLASS__, __FUNCTION__, __LINE__);

		$fromParentGroups = $groupFrom->getParentGroups();
		$toParentGroups = $groupTo->getParentGroups();

		if (empty($fromParentGroups) && empty($toParentGroups)) {
			return true;
		}
		else {

			/*
					[nestedGroups] => Array(
							[2981] => stdClass Object(
									[primaryKey] => 2981
									[type] => STANOWISKO
									[realName] => [2981] Kierownik ds. Rozwoju Biznesu
									[zasobID] => 2981
									[zasobDESC] => Kierownik ds. Rozwoju Biznesu
			*/

			/**
			 * $groupsTodo - groups todo list:
			 *   'com.apple.access_mail' => true - add to this group
			 *   'com.apple.access_mail' => false - remove from this group
			 */

			$groupsTodo = array();
			if (!empty($toParentGroups)) {
				foreach ($toParentGroups as $kUid => $vGroup) {
					$groupsTodo[$kUid] = false;
				}
			}
			if (!empty($fromParentGroups)) {
				foreach ($fromParentGroups as $kUid => $vGroup) {
					if (isset($groupsTodo[$kUid])) {
						unset($groupsTodo[$kUid]);
					} else {
						$groupsTodo[$kUid] = true;
					}
				}
			}

			DBG::_('DBG_SU', '>0', "groupsTodo", $groupsTodo, __CLASS__, __FUNCTION__, __LINE__);

			if (!empty($groupsTodo)) {
				foreach ($groupsTodo as $kGroupID => $vBool) {
					if ($vBool) {
						//$syncTodoList[] = "Add parent group '{$kGroupID}' to group '{$groupID}' in toStorage";// == add $groupID to $kGroupID
						$this->_toStorage->addNestedGroup($kGroupID, $groupID);
						// TODO: add try catch to prevent resend exception
						if (0) {
							$this->setError(1, "Error: group '{$kGroupID}' add to group '{$groupID}' in toStorage", '(' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . ')');
						}
					}
					else {
						$groupTest = $this->_fromStorage->getGroup($kGroupID);
						if ($groupTest) {
							//$syncTodoList[] = "Remove parent group '{$kGroupID}' from group '{$groupID}' in toStorage";// == remove $groupID from $kGroupID
							$this->_toStorage->removeNestedGroup($kGroupID, $groupID);
							// TODO: add try catch to prevent resend exception
							if (0) {
								$this->setError(1, "Error: group '{$kGroupID}' remove from group '{$groupID}' in toStorage", '(' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . ')');
							}
						} else {
							//$syncTodoList[] = "Keep parent group '{$kGroupID}' in group '{$groupID}' in toStorage, because that group dont exists in fromStorage";
						}
					}
				}
			}
		}

		if ($this->hasErrors()) {
			return false;
		}
		return true;
	}


	private function setError($code, $msg, $dbgMsg) {
		$this->_errors[] = (object)array('code'=>$code, 'msg'=>$msg, 'dbgMsg'=>$dbgMsg);
	}

	public function hasErrors() {
		return !empty($this->_errors);
	}

	public function getErrorsMsgList() {
		$msgList = array();
		foreach ($this->_errors as $vErr) {
			$msgList[] = "Error {$vErr->code}: {$vErr->msg}";
		}
		return $msgList;
	}

	public function getErrorsMsgListWithDbg() {
		$msgList = array();
		foreach ($this->_errors as $vErr) {
			$msgList[] = "Error {$vErr->code}: {$vErr->msg} (DBG:{$vErr->dbgMsg})";
		}
		return $msgList;
	}

}