<?php
namespace Sookon\Authentication;

use Zend\Permissions\Acl\Acl;
use Zend\Permissions\Acl\Role\GenericRole as Role;
use Zend\Permissions\Acl\Resource\GenericResource as Resource;
use Sookon\Helpers\View as view;

class AclAuthorize
{
	public $acl;
	public $role;
	
	function __construct(Acl &$acl)
	{			
		$this->acl = $acl;
		
		$this->loadAuthorize();
		
		$acl = $this->acl;
	}
	
	public function loadAuthorize()
	{
		$this->role = new \stdClass();
		$this->role->guest = 'guest';
		
		$this->role->staff = 'member';
		
		$this->role->admin = 'administrator';
		
		$roleGuest = new Role($this->role->guest);
		
		$this->acl->addRole($roleGuest);
		$this->acl->addRole(new Role($this->role->staff), $roleGuest);
		$this->acl->addRole(new Role($this->role->admin));
		
		$this->authorizeGuest();
		$this->authorizestaff();
		$this->authorizeAdministrator();
	}
	
	public function authorizeGuest()
	{
		$this->acl->deny($this->role->guest);
		
		$this->acl->allow($this->role->guest,'Application\Controller\Account',array('login','register','logout','forgotpassword','getpassword','captcha'));
		$this->acl->allow($this->role->guest,'Application\Controller\Service',array('upload','thumb'));
		
		$this->acl->allow($this->role->guest,'Application\Controller\Index');
		$this->acl->allow($this->role->guest,'Article\Controller\Article',array('index','view'));
		$this->acl->allow($this->role->guest,'Article\Controller\Category',array('index','list'));
		
		$this->acl->allow($this->role->guest,'Metadata\Controller\Index');
	}
	
	public function authorizestaff()
	{
		$this->acl->allow($this->role->staff,'Application\Controller\Index',array('index'));
		$this->acl->allow($this->role->staff,'Application\Controller\Account',array('index'));
		$this->acl->allow($this->role->staff,'Application\Controller\Service',array('upload','delatt','thumb'));
		
	}
	
	public function authorizeAdministrator()
	{
		$this->acl->allow($this->role->admin);
	}
}