<?php

namespace Qs;

class Acl
{
    const RESOURCE_ALL = '__ALL_RESOURCES__';

    const PRIVILEGE_READ  = 'read';
    const PRIVILEGE_WRITE = 'write';

    /**
     * @var array [
     *  'company'     => ['read', 'write],
     *  'individuals' => 'read'
     * ]
     */
    private $rules = [];

    public function __construct(array $rules)
    {
        $this->setRules($rules);
    }

    public function isAllowed($resource, $privilege = null)
    {
        return $this->_isAllowed(self::RESOURCE_ALL, $privilege) || $this->_isAllowed($resource, $privilege);
    }

    private function _isAllowed($resource, $privilege = null)
    {
        if (null === $privilege) {
            return array_key_exists($resource, $this->rules);
        }
        return array_key_exists($resource, $this->rules) && in_array($privilege, $this->rules[$resource]);
    }

    private function setRules(array $rules)
    {
        $this->rules = [];
        foreach ($rules as $rule) {
            foreach ((array) $rule['resource'] as $resource) {
                $this->rules[$resource] = (array) $rule['privilege'];
            }
        }
        return $this;
    }

    public function isAllowedMenuItem(array $page)
    {
        if (!empty($page['sub'])) {
            // allow parent page if there is access to the child
            return true;
        }
        return self::isAllowedPage($page);
    }

    public function isAllowedPage(array $page)
    {
        if (empty($page['aclResource'])) {
            return $this->isAllowed(self::RESOURCE_ALL);
        }
        return $this->isAllowed($page['aclResource']);
    }
}