<?php


class UsersLdapHelper {

	public static function getUser($userName, $allAttrs = false, $onyFirstAttr = false) {
		$ldapUsers = array();

		//$attrMap = array('uid', 'apple-generateduid', 'givenName', 'uidNumber', 'cn', 'mail', 'apple-user-mailattribute');// (givenName, sn) = cn
		$attrMap = array();
		$attrMap['uid'] = 'uid';
		$attrMap['apple-generateduid'] = 'apple-generateduid';
		$attrMap['givenName'] = 'givenName';
		$attrMap['uidNumber'] = 'uidNumber';
		$attrMap['cn'] = 'cn';
		$attrMap['mail'] = 'mail';
		$attrMap['carLicense'] = 'carLicense';

		Lib::loadClass('LDAP');
		$ldap = LDAP::getInstance();

		$filter = (false !== strpos($userName, '@'))? "(mail={$userName})" : "(uid={$userName})";
		$filter = "(&(objectClass=apple-user){$filter})";// apple-user posixAccount inetOrgPerson
		//$filter = "(&(objectClass=inetOrgPerson){$filter})";
		$attributes = array();
		$res = $ldap->search($filter, 'cn=users', $attributes);
		$entry = $ldap->first_entry($res);
		while ($entry) {
			$attrs = $ldap->get_attributes($entry);
			DBG::_('DBG_L', '>0', "attrs", $attrs, __CLASS__, __FUNCTION__, __LINE__);
			$userObj = new stdClass();
			if ($allAttrs) {
				for ($i = 0; $i < $attrs['count']; $i++) {
					$vAttrName = $attrs[$i];
					$vAttrVal = $attrs[$vAttrName];
					if (is_array($vAttrVal) && !empty($vAttrVal)) {
//						$userObj->{$vAttrName} = $vAttrVal[0];
						if (!$onyFirstAttr && !empty($vAttrVal['count']) && $vAttrVal['count'] > 1) {
							$userObj->{$vAttrName} = array();
							for ($j = 0; $j < $vAttrVal['count']; $j++) {
								$userObj->{$vAttrName}[] = $vAttrVal[$j];
							}
						} else {
							$userObj->{$vAttrName} = $vAttrVal[0];
						}
					}
				}
			} else {
				foreach ($attrMap as $kAttrName => $vFldName) {
					$vAttrVal = V::get($kAttrName, '', $attrs);
					if (is_array($vAttrVal) && !empty($vAttrVal)) {
						if (!empty($vAttrVal['count']) && $vAttrVal['count'] > 1) {
							$userObj->{$vFldName} = array();
							for ($j = 0; $j < $vAttrVal['count']; $j++) {
								$userObj->{$vFldName}[] = $vAttrVal[$j];
							}
						} else {
							$userObj->{$vFldName} = $vAttrVal[0];
						}
					}
				}
			}
			$ldapUsers[] = $userObj;

			$entry = $ldap->next_entry($entry);
		}
		$ldap->free_result($res);

		return $ldapUsers;
	}

	public static function getUsersAll() {
		$allLdapUsers = array();

		$attrMap = array('uid', 'apple-generateduid', 'givenName', 'uidNumber', 'cn', 'mail', 'carLicense');// (givenName, sn) = cn

		Lib::loadClass('LDAP');
		$ldap = LDAP::getInstance();

		$filter = "(objectClass=apple-user)";// apple-user posixAccount inetOrgPerson
		$attributes = array();
		$res = $ldap->search($filter, 'cn=users', $attributes);
		$entry = $ldap->first_entry($res);
		while ($entry) {
			$attrs = $ldap->get_attributes($entry);
			$userObj = new stdClass();
			foreach ($attrMap as $vAttrName) {
				$vAttrVal = V::get($vAttrName, '', $attrs);
				if (is_array($vAttrVal) && !empty($vAttrVal)) {
					$userObj->{$vAttrName} = $vAttrVal[0];
				}
			}
			$allLdapUsers[] = $userObj;

			$entry = $ldap->next_entry($entry);
		}
		$ldap->free_result($res);

		return $allLdapUsers;
	}

	public static function getUserGroups($userName, $authLDAPSubGroupDepth = 3) {
		$userLdapGroups = array();

		$attrMap = array('apple-generateduid'=>'appleUID', 'gidNumber'=>'gidNumber', 'cn'=>'cn', 'apple-group-realname'=>'name');// (givenName, sn) = cn

		if (!Config::getConfFile('default_ldap')) {
			return array_merge(
				array_map(function ($group) {
					return (object)[
						'appleUID' => $group->ID, // 'EBE2DE46-1B11-4793-BBAB-A47486B60E6C',
						'gidNumber' => $group->ID, // '1025',
						'cn' => "{$group->ID}_{$group->DESC}", // 'workgroup',
						'name' => "[{$group->ID}] {$group->DESC}", // 'Workgroup',
					];
				}, User::getGroups(),
				[ (object)[
					'appleUID' => '1025', // 'EBE2DE46-1B11-4793-BBAB-A47486B60E6C',
					'gidNumber' => '1025',
					'cn' => 'workgroup',
					'name' => 'Workgroup',
				] ]
			));
			//   array (
			//     'appleUID' => 'EBE2DE46-1B11-4793-BBAB-A47486B60E6C',
			//     'gidNumber' => '1025',
			//     'cn' => 'workgroup',
			//     'name' => 'Workgroup',
			//   ),
		}
		Lib::loadClass('LDAP');
		$ldap = LDAP::getInstance();

		$lastLoopFound = array();
		for ($i = 0; $i <= $authLDAPSubGroupDepth; $i++) {
			$userLdapGroupsAdd = array();

			if ($i == 0) {
				$filter = "(&(objectClass=apple-group)(memberUid={$userName}))";
			} else {
				$queryOrArr = array();
				foreach ($lastLoopFound as $vAppleUid) {
					$queryOrArr[] = "apple-group-nestedgroup={$vAppleUid}";
				}
				if (!empty($queryOrArr)) {
					$queryOr = '(|(' . implode(')(', $queryOrArr) . '))';
					$filter = "(&(objectClass=apple-group){$queryOr})";
				} else {
					break;
				}
			}

			$attributes = array();
			$res = $ldap->search($filter, 'cn=groups', $attributes);
			DBG::_('DBG_L', '>0', "search", $filter, __CLASS__, __FUNCTION__, __LINE__);
			$entry = $ldap->first_entry($res);
			while ($entry) {
				$attrs = $ldap->get_attributes($entry);
				DBG::_('DBG_L', '>0', "user({$userName})", $attrs, __CLASS__, __FUNCTION__, __LINE__);

				$groupObj = new stdClass();
				foreach ($attrMap as $kAttrName => $vField) {
					$vAttrVal = V::get($kAttrName, '', $attrs);
					if (is_array($vAttrVal) && !empty($vAttrVal)) {
						$groupObj->{$vField} = $vAttrVal[0];
					}
				}

				if ($groupObj->cn && $groupObj->gidNumber) {
					$userLdapGroupsAdd[$groupObj->gidNumber] = $groupObj;
				} else {
					DBG::_(true, true, "Error: brak cn lub apple-generateduid", $attrs, __CLASS__, __FUNCTION__, __LINE__);
				}

				$entry = $ldap->next_entry($entry);
			}
			$ldap->free_result($res);

			if (empty($userLdapGroupsAdd)) {
				break;
			} else {
				DBG::_('DBG_L', '>0', "userLdapGroupsAdd(".count($userLdapGroupsAdd).")", $userLdapGroupsAdd, __CLASS__, __FUNCTION__, __LINE__);
				$lastLoopFound = array();
				foreach ($userLdapGroupsAdd as $kAppleID => $vGroup) {
					$userLdapGroups[$kAppleID] = $vGroup;
					$lastLoopFound[] = $vGroup->appleUID;
				}
				//$lastLoopFound = array_keys($userLdapGroupsAdd);
			}
		}
		DBG::log($userLdapGroups, 'array', '$userLdapGroups');
		return $userLdapGroups;
	}

	public static function getUserGroupsByAppleUid($userUid, $authLDAPSubGroupDepth = 3) {
		$userLdapGroups = array();

		$attrMap = array('apple-generateduid'=>'appleUID', 'gidNumber'=>'gidNumber', 'cn'=>'cn');// (givenName, sn) = cn

		Lib::loadClass('LDAP');
		$ldap = LDAP::getInstance();

		$lastLoopFound = array();
		for ($i = 0; $i <= $authLDAPSubGroupDepth; $i++) {
			$userLdapGroupsAdd = array();

			if ($i == 0) {
				$filter = "(&(objectClass=apple-group)(apple-group-memberguid={$userUid}))";
			} else {
				$queryOrArr = array();
				foreach ($lastLoopFound as $vAppleUid) {
					$queryOrArr[] = "apple-group-nestedgroup={$vAppleUid}";
				}
				if (!empty($queryOrArr)) {
					$queryOr = '(|(' . implode(')(', $queryOrArr) . '))';
					$filter = "(&(objectClass=apple-group){$queryOr})";
				} else {
					break;
				}
			}

			$attributes = array();
			$res = $ldap->search($filter, 'cn=groups', $attributes);
			DBG::_('DBG_L', '>0', "search", $filter, __CLASS__, __FUNCTION__, __LINE__);
			$entry = $ldap->first_entry($res);
			while ($entry) {
				$attrs = $ldap->get_attributes($entry);
				DBG::_('DBG_L', '>0', "user({$userUid})", $attrs, __CLASS__, __FUNCTION__, __LINE__);

				$groupObj = new stdClass();
				foreach ($attrMap as $kAttrName => $vField) {
					$vAttrVal = V::get($kAttrName, '', $attrs);
					if (is_array($vAttrVal) && !empty($vAttrVal)) {
						$groupObj->{$vField} = $vAttrVal[0];
					}
				}

				if ($groupObj->cn && $groupObj->gidNumber) {
					$userLdapGroupsAdd[$groupObj->gidNumber] = $groupObj;
				} else {
					DBG::_(true, true, "Error: brak cn lub apple-generateduid", $attrs, __CLASS__, __FUNCTION__, __LINE__);
				}

				$entry = $ldap->next_entry($entry);
			}
			$ldap->free_result($res);

			if (empty($userLdapGroupsAdd)) {
				break;
			} else {
				DBG::_('DBG_L', '>0', "userLdapGroupsAdd(".count($userLdapGroupsAdd).")", $userLdapGroupsAdd, __CLASS__, __FUNCTION__, __LINE__);
				$lastLoopFound = array();
				foreach ($userLdapGroupsAdd as $kAppleID => $vGroup) {
					$userLdapGroups[$kAppleID] = $vGroup;
					$lastLoopFound[] = $vGroup->appleUID;
				}
				//$lastLoopFound = array_keys($userLdapGroupsAdd);
			}
		}

		return $userLdapGroups;
	}

	public static function getGroupsByAppleUids($appleUids, $allAttrs = false) {
		$allLdapGroups = array();
		if (empty($appleUids)) return $allLdapGroups;

		$attrMap = array('apple-generateduid'=>'appleUID', 'gidNumber'=>'gidNumber', 'cn'=>'cn');// (givenName, sn) = cn
		$attrMap['apple-group-realname'] = 'realName';
		$attrMap['apple-group-nestedgroup'] = 'nestedGroups';

		Lib::loadClass('LDAP');
		$ldap = LDAP::getInstance();

		$filters = array();
		foreach ($appleUids as $vAppleUid) $filters[] = "(apple-generateduid={$vAppleUid})";
		$filter = "(&(objectClass=apple-group)(|" . implode("", $filters) . "))";
		$attributes = array();
		$res = $ldap->search($filter, 'cn=groups', $attributes);
		$entry = $ldap->first_entry($res);
		while ($entry) {
			$attrs = $ldap->get_attributes($entry);

			$groupObj = new stdClass();

			if ($allAttrs) {
				for ($i = 0; $i < $attrs['count']; $i++) {
					$vAttrName = $attrs[$i];
					$vFldName = V::get($vAttrName, $vAttrName, $attrMap);
					$vAttrVal = $attrs[$vAttrName];
					if (is_array($vAttrVal) && !empty($vAttrVal)) {
						if ($vAttrVal['count'] > 1) {
							$groupObj->{$vFldName} = array();
							for ($j = 0; $j < $vAttrVal['count']; $j++) {
								$groupObj->{$vFldName}[] = $vAttrVal[$j];
							}
						} else {
							$groupObj->{$vFldName} = $vAttrVal[0];
						}
					}
				}
			} else {
				foreach ($attrMap as $kAttrName => $vFldName) {
					$vAttrVal = V::get($kAttrName, '', $attrs);
					if (is_array($vAttrVal) && !empty($vAttrVal)) {
						if ($vAttrVal['count'] > 1) {
							$groupObj->{$vFldName} = array();
							for ($j = 0; $j < $vAttrVal['count']; $j++) {
								$groupObj->{$vFldName}[] = $vAttrVal[$j];
							}
						} else {
							$groupObj->{$vFldName} = $vAttrVal[0];
						}
					}
				}
			}


			if ($groupObj->cn && $groupObj->appleUID) {
				$allLdapGroups[$groupObj->appleUID] = $groupObj;
			} else {
				DBG::_(true, true, "Error: brak cn lub apple-generateduid", array('attrs'=>$attrs, 'groupObj'=>$groupObj), __CLASS__, __FUNCTION__, __LINE__);
			}

			$entry = $ldap->next_entry($entry);
		}
		$ldap->free_result($res);

		return $allLdapGroups;
	}

	public static function getParentGroupsByAppleUID($appleUid, $allAttrs = false) {
		$allLdapGroups = array();
		if (!$appleUid) return $allLdapGroups;

		$attrMap = array('apple-generateduid'=>'appleUID', 'gidNumber'=>'gidNumber', 'cn'=>'cn');// (givenName, sn) = cn
		$attrMap['apple-group-realname'] = 'realName';
		$attrMap['apple-group-nestedgroup'] = 'nestedGroups';

		Lib::loadClass('LDAP');
		$ldap = LDAP::getInstance();

		$filters = array();
		$filter = "(&(objectClass=apple-group)(apple-group-nestedgroup={$appleUid}))";
		$attributes = array();
		$res = $ldap->search($filter, 'cn=groups', $attributes);
		$entry = $ldap->first_entry($res);
		while ($entry) {
			$attrs = $ldap->get_attributes($entry);

			$groupObj = new stdClass();

			if ($allAttrs) {
				for ($i = 0; $i < $attrs['count']; $i++) {
					$vAttrName = $attrs[$i];
					$vFldName = V::get($vAttrName, $vAttrName, $attrMap);
					$vAttrVal = $attrs[$vAttrName];
					if (is_array($vAttrVal) && !empty($vAttrVal)) {
						if ($vAttrVal['count'] > 1) {
							$groupObj->{$vFldName} = array();
							for ($j = 0; $j < $vAttrVal['count']; $j++) {
								$groupObj->{$vFldName}[] = $vAttrVal[$j];
							}
						} else {
							$groupObj->{$vFldName} = $vAttrVal[0];
						}
					}
				}
			} else {
				foreach ($attrMap as $kAttrName => $vFldName) {
					$vAttrVal = V::get($kAttrName, '', $attrs);
					if (is_array($vAttrVal) && !empty($vAttrVal)) {
						if ($vAttrVal['count'] > 1) {
							$groupObj->{$vFldName} = array();
							for ($j = 0; $j < $vAttrVal['count']; $j++) {
								$groupObj->{$vFldName}[] = $vAttrVal[$j];
							}
						} else {
							$groupObj->{$vFldName} = $vAttrVal[0];
						}
					}
				}
			}

			if ($groupObj->cn && $groupObj->appleUID) {
				$allLdapGroups[$groupObj->appleUID] = $groupObj;
			} else {
				DBG::_(true, true, "Error: brak cn lub apple-generateduid", array('attrs'=>$attrs, 'groupObj'=>$groupObj), __CLASS__, __FUNCTION__, __LINE__);
			}

			$entry = $ldap->next_entry($entry);
		}
		$ldap->free_result($res);

		return $allLdapGroups;
	}

	public static function getGroupsByID($groupID, $allAttrs = false) {
		$allLdapGroups = array();

		$attrMap = array('apple-generateduid'=>'appleUID', 'gidNumber'=>'gidNumber', 'cn'=>'cn');// (givenName, sn) = cn
		$attrMap['apple-group-realname'] = 'realName';
		$attrMap['apple-group-nestedgroup'] = 'nestedGroups';

		Lib::loadClass('LDAP');
		$ldap = LDAP::getInstance();
		if (!$ldap) {
			return []; // TODO: fetch user groups from zasoby
		}

		$filter = "(&(objectClass=apple-group)(|(cn={$groupID}-*)(cn={$groupID}_*)))";
		$attributes = array();
		$res = $ldap->search($filter, 'cn=groups', $attributes);
		$entry = $ldap->first_entry($res);
		while ($entry) {
			$attrs = $ldap->get_attributes($entry);

			$groupObj = new stdClass();

			if ($allAttrs) {
				for ($i = 0; $i < $attrs['count']; $i++) {
					$vAttrName = $attrs[$i];
					$vFldName = V::get($vAttrName, $vAttrName, $attrMap);
					$vAttrVal = $attrs[$vAttrName];
					if (is_array($vAttrVal) && !empty($vAttrVal)) {
						if ($vAttrVal['count'] > 1) {
							$groupObj->{$vFldName} = array();
							for ($j = 0; $j < $vAttrVal['count']; $j++) {
								$groupObj->{$vFldName}[] = $vAttrVal[$j];
							}
						} else {
							$groupObj->{$vFldName} = $vAttrVal[0];
						}
					}
				}
			} else {
				foreach ($attrMap as $kAttrName => $vFldName) {
					$vAttrVal = V::get($kAttrName, '', $attrs);
					if (is_array($vAttrVal) && !empty($vAttrVal)) {
						if ($vAttrVal['count'] > 1) {
							$groupObj->{$vFldName} = array();
							for ($j = 0; $j < $vAttrVal['count']; $j++) {
								$groupObj->{$vFldName}[] = $vAttrVal[$j];
							}
						} else {
							$groupObj->{$vFldName} = $vAttrVal[0];
						}
					}
				}
			}


			if ($groupObj->cn && $groupObj->appleUID) {
				$allLdapGroups[$groupObj->appleUID] = $groupObj;
			} else {
				DBG::_(true, true, "Error: brak cn lub apple-generateduid", array('attrs'=>$attrs, 'groupObj'=>$groupObj), __CLASS__, __FUNCTION__, __LINE__);
			}

			$entry = $ldap->next_entry($entry);
		}
		$ldap->free_result($res);

		return $allLdapGroups;
	}

	public static function getGroupsAll($allAttrs = false) { // used only in TypespecialVariable for field 'DEFAULT_ACL_GROUP'
		$allLdapGroups = array();

		$attrMap = array('apple-generateduid'=>'appleUID', 'gidNumber'=>'gidNumber', 'cn'=>'cn');// (givenName, sn) = cn
		$attrMap['apple-group-realname'] = 'realName';
		$attrMap['apple-group-nestedgroup'] = 'nestedGroups';

		Lib::loadClass('LDAP');
		$ldap = LDAP::getInstance();
		if (!$ldap) {
			return []; // TODO: fetch all groups from zasoby
		}

		$filter = "(objectClass=apple-group)";
		$attributes = array();
		$res = $ldap->search($filter, 'cn=groups', $attributes);
		$entry = $ldap->first_entry($res);
		while ($entry) {
			$attrs = $ldap->get_attributes($entry);

			$groupObj = new stdClass();

			if ($allAttrs) {
				for ($i = 0; $i < $attrs['count']; $i++) {
					$vAttrName = $attrs[$i];
					$vFldName = V::get($vAttrName, $vAttrName, $attrMap);
					$vAttrVal = $attrs[$vAttrName];
					if (is_array($vAttrVal) && !empty($vAttrVal)) {
						if ($vAttrVal['count'] > 1) {
							$groupObj->{$vFldName} = array();
							for ($j = 0; $j < $vAttrVal['count']; $j++) {
								$groupObj->{$vFldName}[] = $vAttrVal[$j];
							}
						} else {
							$groupObj->{$vFldName} = $vAttrVal[0];
						}
					}
				}
			} else {
				foreach ($attrMap as $kAttrName => $vFldName) {
					$vAttrVal = V::get($kAttrName, '', $attrs);
					if (is_array($vAttrVal) && !empty($vAttrVal)) {
						if ($vAttrVal['count'] > 1) {
							$groupObj->{$vFldName} = array();
							for ($j = 0; $j < $vAttrVal['count']; $j++) {
								$groupObj->{$vFldName}[] = $vAttrVal[$j];
							}
						} else {
							$groupObj->{$vFldName} = $vAttrVal[0];
						}
					}
				}
			}


			if ($groupObj->cn && $groupObj->appleUID) {
				$allLdapGroups[$groupObj->appleUID] = $groupObj;
			} else {
				DBG::_(true, true, "Error: brak cn lub apple-generateduid", array('attrs'=>$attrs, 'groupObj'=>$groupObj), __CLASS__, __FUNCTION__, __LINE__);
			}

			$entry = $ldap->next_entry($entry);
		}
		$ldap->free_result($res);

		return $allLdapGroups;
	}

}