/*******************************************************************************
 * Copyright 2019 UChicago Argonne, LLC.
 * (c.f. AUTHORS, LICENSE)
 *
 * This file is part of the Argo containers project.
 * For more info, see https://xgitlab.cels.anl.gov/argo/containers
 *
 * SPDX-License-Identifier: BSD-3-Clause
*******************************************************************************/

#ifndef __ACL_H__
#define __ACL_H__

#include "utils.hpp"
#include "defaults.hpp"
#include <map>

using std::map;

#define INVALID_UID	0xffffffff

#ifndef DEFAULT_ACL_CONTROL
#define DEFAULT_ACL_CONTROL	true;  //for tests
#endif


enum Acl_token
{
	ACL_DUMMY,

	ACL_ENABLE_SYSLOG_DEBUG,
	ACL_DISABLE_SYSLOG_INFO,
	ACL_DISABLE_SYSLOG_WARNING,
	ACL_DISABLE_SYSLOG_ERROR,

	ACL_REMOVE_PROCESS,  //from a container
	ACL_ADD_PROCESS,     //to a container


};

class Acl
{
	private:
		string _config_file;
		uid_t _uid;

		map<Acl_token, bool> _single_value_privileges;


		bool _syslog_enable_debug;
		bool _syslog_disable_info;
		bool _syslog_disable_warning;
		bool _syslog_disable_error;

		//These below are not meant to be used
		Acl(const Acl& orig){}
		Acl& operator = (const Acl& orig){ return *this;} 

		void check_config_file();

	public:

		/*uid=-1 means the real uid of the process will be used*/
		Acl(string config_path=DEFAULT_ACL_CONFIG, uid_t uid=INVALID_UID);
		~Acl();

		inline uid_t get_uid() const {return _uid;}

		bool is_allowed(Acl_token token);

		template <typename T>
		bool is_allowed_on(Acl_token token, T& args);

};


template <typename T>
bool Acl::is_allowed_on(Acl_token token, T& args)
{
	return false;
}


#endif //__ACL_H__