(in-package :org.unknownlamer.acl.acl)

;;; Access Groups
(defclass acl-listable ()
  ()
  (:documentation "Superclass of all items able to be placed onto an acl"))

(defclass user (acl-listable)
  ((groups :documentation "Groups in which the user is a member"))
  (:documentation "ACL User"))

;; DESIGN: should this be or contain a cl-container?
(defclass access-group (user)
  ((members :documentation "Members of the access group"))
  (:documentation "Group of acl-listable items that is itself
  listable on an acl"))

;;; Permissions
(defclass standard-permission-class (standard-class)
  ()
  (:documentation "Permission metaclass"))

(defclass permission ()
  ((negative-p :documentation "Negative permission flag. If true
  then the permission is inverted (e.g. negative read = disallow
  read)"))
  (:documentation "Superclass of all permissions")
  (:metaclass standard-permission-class))

(defmacro defpermission (permission-name)
  "Define a permission with name `permission-name'"
  `(defclass ,permission-name (permission)
     ()
     (:metaclass standard-permission-class)))

(defgeneric get-permission (name)
  (:documentation "Return the permission class for permission `name'"))

(defgeneric has-permission-p (user permission acl)
  (:documentation "Determine whether `user' has `permission' in `acl'"))

;;; Access Lists
(defclass acl-entry ()
  ((item :documentation "ACL Entry (User/Group)")
   (permissions :documentation "List of permissions item has"))
  (:documentation "ACL Entry; Associates a user and a set of permissions"))

;; DESIGN: should this be or contain a cl-container?
(defclass acl ()
  ((valid-permissions :documentation "List of valid permissions
  classes for the ACL")
   (entries :documentation "ACL Entries"))
  (:documentation "Access Control List Container"))

(defgeneric add-entry (item permissions acl)
  (:documentation "Adds item to acl with listed permissions"))

(defgeneric remove-entry! (item acl)
  (:documentation "Remove item from acl"))