# -*- coding: utf-8 -*-
##############################################################################
#
# Copyright (c) 2006 Nexedi SARL and Contributors. All Rights Reserved.
#                    Ivan Tyagov <ivan@nexedi.com>
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsability of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# garantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
#
##############################################################################

import os
import tempfile
from AccessControl import ClassSecurityInfo
from Products.ERP5Type.Globals import InitializeClass, DTMLFile
from Products.CMFCore.utils import getToolByName
from Products.ERP5Type.Tool.BaseTool import BaseTool
from Products.ERP5Type import Permissions
from AccessControl.SecurityManagement import setSecurityManager
from Products.ERP5 import _dtmldir
from Products.ERP5.Tool.LogMixin import LogMixin
from Products.ERP5Type.Utils import _setSuperSecurityManager
from App.config import getConfiguration
from AccessControl import Unauthorized
from Products.ERP5Type.Cache import CachingMethod
from Products.ERP5Type import tarfile

_MARKER = []

class IntrospectionTool(LogMixin, BaseTool):
  """
    This tool provides both local and remote introspection.
  """

  id = 'portal_introspections'
  title = 'Introspection Tool'
  meta_type = 'ERP5 Introspection Tool'
  portal_type = 'Introspection Tool'

  security = ClassSecurityInfo()

  security.declareProtected(Permissions.ManagePortal, 'manage_overview')
  manage_overview = DTMLFile('explainIntrospectionTool', _dtmldir )

  #
  #   Remote menu management
  #
  security.declareProtected(Permissions.AccessContentsInformation,
                            'getFilteredActionDict')
  def getFilteredActionDict(self, user_name=_MARKER):
    """
      Returns menu items for a given user
    """
    portal = self.getPortalObject()
    is_portal_manager = getToolByName(portal, 
      'portal_membership').checkPermission(Permissions.ManagePortal, self)
    downgrade_authenticated_user = user_name is not _MARKER and is_portal_manager
    if downgrade_authenticated_user:
      # downgrade to desired user
      original_security_manager = _setSuperSecurityManager(self, user_name)

    # call the method implementing it
    erp5_menu_dict = getToolByName(portal, 'portal_actions').listFilteredActionsFor(portal)

    if downgrade_authenticated_user:
      # restore original Security Manager
      setSecurityManager(original_security_manager)

    # Unlazyfy URLs and other lazy values so that it can be marshalled
    result = {}
    for key, action_list in erp5_menu_dict.items():
      result[key] = map(lambda action:dict(action), action_list)

    return result

  security.declareProtected(Permissions.AccessContentsInformation,
                           'getModuleItemList')
  def getModuleItemList(self, user_name=_MARKER):
    """
      Returns module items for a given user
    """
    portal = self.getPortalObject()
    is_portal_manager = getToolByName(portal, 
      'portal_membership').checkPermission(Permissions.ManagePortal, self)
    downgrade_authenticated_user = user_name is not _MARKER and is_portal_manager
    if downgrade_authenticated_user:
      # downgrade to desired user
      original_security_manager = _setSuperSecurityManager(self, user_name)

    # call the method implementing it
    erp5_module_list = portal.ERP5Site_getModuleItemList()

    if downgrade_authenticated_user:
      # restore original Security Manager
      setSecurityManager(original_security_manager)

    return erp5_module_list

  #
  #   Local file access
  #
  def _getLocalFile(self, REQUEST, RESPONSE, file_path, 
                         tmp_file_path='/tmp/', compressed=1):
    """
      It should return the local file compacted as tar.gz.
    """
    if file_path.startswith('/'):
      raise IOError, 'The file path must be relative not absolute'
    instance_home = getConfiguration().instancehome
    file_path = os.path.join(instance_home, file_path)
    if not os.path.exists(file_path):
      raise IOError, 'The file: %s does not exist.' % file_path

    if compressed:
      tmp_file_path = tempfile.mktemp(dir=tmp_file_path)
      tmp_file = tarfile.open(tmp_file_path,"w:gz")
      tmp_file.add(file_path)
      tmp_file.close()
      RESPONSE.setHeader('Content-type', 'application/x-tar')
    else:
      tmp_file_path = file_path

    f = open(tmp_file_path)
    try:
      RESPONSE.setHeader('Content-Length', os.stat(tmp_file_path).st_size)
      RESPONSE.setHeader('Content-Disposition', \
                 'attachment;filename="%s.tar.gz"' % file_path.split('/')[-1])
      for data in f:
        RESPONSE.write(data)
    finally:
      f.close()

    if compressed:
      os.remove(tmp_file_path)

    return ''

  security.declareProtected(Permissions.ManagePortal, 'getAccessLog')
  def getAccessLog(self,  compressed=1, REQUEST=None):
    """
      Get the Access Log.
    """
    if REQUEST is not None:
      response = REQUEST.RESPONSE
    else:
      return "FAILED"

    return self._getLocalFile(REQUEST, response, 
                               file_path='log/Z2.log', 
                               compressed=1) 

  security.declareProtected(Permissions.ManagePortal, 'getAccessLog')
  def getEventLog(self,  compressed=1, REQUEST=None):
    """
      Get the Access Log.
    """
    if REQUEST is not None:
      response = REQUEST.RESPONSE
    else:
      return "FAILED"

    return self._getLocalFile(REQUEST, response,
                               file_path='log/event.log',
                               compressed=1)

  security.declareProtected(Permissions.ManagePortal, 'getAccessLog')
  def getDataFs(self,  compressed=1, REQUEST=None):
    """
      Get the Access Log.
    """
    if REQUEST is not None:
      response = REQUEST.RESPONSE
    else:
      return "FAILED"

    return self._getLocalFile(REQUEST, response,
                               file_path='var/Data.fs',
                               compressed=1)

  #
  #   Instance variable definition access
  #
  security.declareProtected(Permissions.ManagePortal, '_loadExternalConfig')
  def _loadExternalConfig(self):
    """
      Load configuration from one external file, this configuration 
      should be set for security reasons to prevent people access 
      forbidden areas in the system.
    """
    def cached_loadExternalConfig():
      import ConfigParser
      config = ConfigParser.ConfigParser()
      config.readfp(open('/etc/erp5.cfg'))
      return config     

    cached_loadExternalConfig = CachingMethod(cached_loadExternalConfig,
                                id='IntrospectionTool__loadExternalConfig',
                                cache_factory='erp5_content_long')
    return  cached_loadExternalConfig()

  security.declareProtected(Permissions.ManagePortal, '_getZopeConfigurationFile')
  def _getZopeConfigurationFile(self, relative_path="", mode="r"):
    """
     Get a configuration file from the instance using relative path
    """
    if ".." in relative_path or relative_path.startswith("/"):
      raise Unauthorized("In Relative Path, you cannot use .. or startwith / for security reason.")

    instance_home = getConfiguration().instancehome
    file_path = os.path.join(instance_home, relative_path)
    if not os.path.exists(file_path):
      raise IOError, 'The file: %s does not exist.' % file_path

    return open(file_path, mode)
    

  security.declareProtected(Permissions.ManagePortal, 'getSoftwareHome')
  def getSoftwareHome(self):
    """
      EXPERIMENTAL - DEVELOPMENT

      Get the value of SOFTWARE_HOME for zopectl startup script
      or from zope.conf (whichever is most relevant)
    """
    return getConfiguration().softwarehome

  security.declareProtected(Permissions.ManagePortal, 'setSoftwareHome')
  def setSoftwareHome(self, relative_path):
    """
      EXPERIMENTAL - DEVELOPMENT

      Set the value of SOFTWARE_HOME for zopectl startup script
      or from zope.conf (whichever is most relevant)

      Rationale: multiple versions of ERP5 / Zope can be present
      at the same time on the same system

      WARNING: the list of possible path should be protected 
      if possible (ex. /etc/erp5/software_home)
    """
    config = self._loadExternalConfig()
    allowed_path_list = config.get("main", "zopehome").split("\n")
    base_zope_path = config.get("base", "base_zope_path").split("\n")
    path = "%s/%s/lib/python" % (base_zope_path,relative_path)
  
    if path not in allowed_path_list:
      raise Unauthorized("You are setting one Unauthorized path as Zope Home.")

    config_file = self._getZopeConfigurationFile("bin/zopectl")
    new_file_list = []
    for line in config_file:
      if line.startswith("SOFTWARE_HOME="):
        # Only comment the line, so it can easily reverted 
        new_file_list.append("#%s" % (line))
        new_file_list.append('SOFTWARE_HOME="%s"\n' % (path))
      else:
        new_file_list.append(line)

    config_file.close()

    # reopen file for write
    config_file = self._getZopeConfigurationFile("bin/zopectl", "w")
    config_file.write("".join(new_file_list))
    config_file.close()
    return 

  security.declareProtected(Permissions.ManagePortal, 'getPythonExecutable')
  def getPythonExecutable(self):
    """
      Get the value of PYTHON for zopectl startup script
      or from zope.conf (whichever is most relevant)
    """
    config_file = self._getZopeConfigurationFile("bin/zopectl")
    new_file_list = []
    for line in config_file:
      if line.startswith("PYTHON="):
        return line.replace("PYTHON=","")

    # Not possible get configuration from the zopecl
    return None
    
  security.declareProtected(Permissions.ManagePortal, 'setPythonExecutable')
  def setPythonExecutable(self, path):
    """
      Set the value of PYTHON for zopectl startup script
      or from zope.conf (whichever is most relevant)

      Rationale: some day Zope will no longer use python2.4

      WARNING: the list of possible path should be protected 
      if possible (ex. /etc/erp5/python)
    """
    config = self._loadExternalConfig()
    allowed_path_list = config.get("main", "python").split("\n")

    if path not in allowed_path_list:
      raise Unauthorized("You are setting one Unauthorized path as Python.")

    config_file = self._getZopeConfigurationFile("bin/zopectl")
    new_file_list = []
    for line in config_file:
      if line.startswith("PYTHON="):
        # Only comment the line, so it can easily reverted 
        new_file_list.append("#%s" % (line))
        new_file_list.append('PYTHON="%s"\n' % (path))
      else:
        new_file_list.append(line)

    config_file.close()    
    # reopen file for write
    config_file = self._getZopeConfigurationFile("bin/zopectl", "w")
    config_file.write("".join(new_file_list))
    config_file.close()
    return 

  security.declareProtected(Permissions.ManagePortal, 'getProductPathList')
  def getProductPathList(self):
    """
      Get the value of SOFTWARE_HOME for zopectl startup script
      or from zope.conf (whichever is most relevant)
    """
    return getConfiguration().products

  security.declareProtected(Permissions.ManagePortal, 'setProductPath')
  def setProductPath(self, relative_path):
    """
      Set the value of SOFTWARE_HOME for zopectl startup script
      or from zope.conf (whichever is most relevant)

      Rationale: multiple versions of Products can be present
      on the same system

      relative_path is usually defined by a number of release 
       (ex. 5.4.2)

      WARNING: the list of possible path should be protected 
      if possible (ex. /etc/erp5/product)
    """
    config = self._loadExternalConfig()
    allowed_path_list = config.get("main", "products").split("\n")
    base_product_path_list = config.get("base", "base_product_path").split("\n")
    if len(base_product_path_list) == 0:
      raise Unauthorized(
             "base_product_path_list is not defined into configuration.")

    base_product_path = base_product_path_list[0]
    path = base_product_path + relative_path

    if path not in allowed_path_list:
      raise Unauthorized(
               "You are setting one Unauthorized path as Product Path (%s)." \
               % (path))

    if path not in allowed_path_list:
      raise Unauthorized("You are setting one Unauthorized path as Product Path.")

    config_file = self._getZopeConfigurationFile("etc/zope.conf")
    new_file_list = []
    for line in config_file:
      new_line = line
      if line.strip(" ").startswith("products %s" % (base_product_path)):
        # Only comment the line, so it can easily reverted 
        new_line = "#%s" % (line)
      new_file_list.append(new_line)
    # Append the new line.
    new_file_list.append("products %s\n" % (path))
    config_file.close()    

    # reopen file for write
    config_file = self._getZopeConfigurationFile("etc/zope.conf", "w")
    config_file.write("".join(new_file_list))
    config_file.close()
    return 

  security.declareProtected(Permissions.ManagePortal, 'updateSVNProductList')
  def updateSVNProductList(self, path_list, revision=None):
    """
      Allow developers to create local products from the SVN
      in order to play with recent versions of the system

      Rationale: we can not do more than that or we take too
      much risks for security. Large projects should simply use
      buildout installer (server level) and build a complex custom
      software home or product home
    """
    # XXX (rafael) it better use (and extend if needed) the portal_subversions.
    if self.getSystemSignatureDict()["pysvn"] is None:
      raise 
    raise NotImplementedError 

  #
  #   Library signature
  #
  # XXX this function can be cached to prevent disk access.
  security.declareProtected(Permissions.ManagePortal, 'getSystemSignatureDict')
  def getSystemSignatureDict(self):
    """
      Returns a dictionnary with all versions of installed libraries

      {
         'python': '2.4.3'
       , 'pysvn': '1.2.3'
       , 'ERP5' : "5.4.3"       
      }
      NOTE: consider using autoconf / automake tools ?
    """
    def tuple_to_format_str(t):
       return '.'.join([str(i) for i in t])
    from Products import ERP5 as erp5_product
    erp5_product_path =  erp5_product.__file__.split("/")[:-1]
    erp5_version = open("/".join((erp5_product_path) + ["VERSION.txt"])).read().strip()
    zope_version = open(getConfiguration().softwarehome + "/version.txt").read().strip()

    from sys import version_info
    # Get only x.x.x numbers.
    py_version = tuple_to_format_str(version_info)
    try:
      import pysvn
      # Convert tuple to x.x.x format
      pysvn_version =  tuple_to_format_str(pysvn.version)
    except:
      pysvn_version = None
    
    return {
            "python" : py_version , 
            "pysvn"  : pysvn_version ,
            "erp5"   : erp5_version.replace("ERP5 ", ""),
            "zope"   : zope_version.replace("Zope ", "")
           }

InitializeClass(IntrospectionTool)