#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# folderauth.py
#
#
# sets the authorizations of folders
# current authorizations are not removed, only new ones are added and existing
# rules might be updated
#
# CSV-Format
# Column 1 is the full path to the folder
# Column 2 is the principal type
# Column 3 is the principal id
# Column 4 is the access setting (read, full)


import argparse
import csv
import os
import json
import subprocess
import sys
from sharedfunctions import callrestapi, getfolderid, file_accessible


def addRule(data):

    if debug: print("Rule data: "+str(data))
    rst = callrestapi('authorization/rules','post',data=data,returnResponse=True)

    if rst.status_code==201:
        print("  done")

    elif rst.status_code==400 and json.loads(rst.text)['errorCode']==1177:
        print("  rule already exists, skiping")

    elif (400 <= rst.status_code <=599):
        print("http response code: "+ str(rst.status_code))
        print("ret.text: "+rst.text)
        sys.exit()



parser = argparse.ArgumentParser(description="Apply bulk auths from a CSV file to folders and contents")
parser.add_argument("-f","--file", help="Full path to CSV file.",required='True')
parser.add_argument("-d","--debug", help="Turn debug on", action='store_true', default=False)

args = parser.parse_args()
file=args.file
debug=args.debug

if not file_accessible(file,'r'):
    print("Can not open file.")
    sys.exit(1)

with open(file, 'rt') as f:
    filecontents = csv.reader(f)
    for row in filecontents:
        print("Adding rule: "+str(row))
        folderpath=row[0]
        principaltype=row[1]
        principalname=row[2]
        accesscontrol=row[3]

        folderid=getfolderid(folderpath)
        folderuri=folderid[0]

        if accesscontrol=="full":
            permissions = ["create","read","update","delete","secure","add","remove"]
        elif accesscontrol=="read":
            permissions = ["read"]
        else:
            print("Unkown access control: "+accesscontrol)

        data = {
            'type': 'grant',
            'objectUri': '/folders/folders/'+folderuri,
            'principalType': principaltype,
            'principal': principalname,
            'permissions': permissions
        }
        addRule(data)

        data = {
            'type': 'grant',
            'containerUri': '/folders/folders/'+folderuri,
            'principalType': principaltype,
            'principal': principalname,
            'permissions': permissions
        }
        addRule(data)