--[[
- @author Bruno Massa
- @file user.module.lua
- Enable the user registration and login system.
]]

--[[
- Determine whether the user has a given privilege.
-
- All permission checks in Ajato should go through this function. This
- way, we guarantee consistent behavior, and ensure that the superuser
- can perform all actions.
-
- @param string
-   String, The permission, such as "administer nodes", being checked for
- @param account
-   Table, (optional) The account to check, if not given use currently
-   logged in user.
- @return
-   Boolean, TRUE if the current user has the requested permission
]]
function user_access(string, account)
  local perm = {}

  return function(string, account)
  if not account then
    account = user
  end

  -- User #1 has all privileges:
  if account['uid'] == 1 then
    return true
  end

  -- To reduce the number of SQL queries, we cache the user's permissions
  -- in a static variable.
  if not perm[account['uid']] then
    -- Get all
    local roles = {}
    if account['roles'] then
      for row in pairs(account['roles']) do
        roles[#roles + 1] = row
      end
    end
    roles = table.concat(roles, ',')

    result = db_query([[SELECT DISTINCT(p.perm) FROM {role} r
      INNER JOIN {permission} p ON p.rid = r.rid WHERE r.rid IN (%s)]],
      roles)

    local perms = {}
    if result then
      for row in db_rows(result) do
        perms[#perms + 1] = row['perm']
      end
    end
    perm[account['uid']] = table.concat(perms, ', ')
  end

  if perm[account['uid']] then
    return strpos(perm[account['uid']], string ..', ') ~= FALSE;
  end

  return false
  end
end; user_access = user_access()