include "modelling.alh"
include "library.alh"

Element core = ?

Void function main():
	// Initialize the Core Formalism
	String core_location
	String admin_group
	String admin_user

	core_location = "models/CoreFormalism"

	// Create the Model itself and make public
	core = instantiate_model(import_node(core_location))

	// Create admin group
	admin_group = instantiate_node(core, "Group", "")
	instantiate_attribute(core, admin_group, "name", "admin")

	// Create admin user
	admin_user = instantiate_node(core, "User", "")
	instantiate_attribute(core, admin_user, "name", get_username())
	instantiate_attribute(core, admin_user, "admin", True)

	// Create link between admin user and group
	instantiate_link(core, "ownedBy", "", admin_group, admin_user)
	instantiate_link(core, "belongsTo", "", admin_user, admin_group)

	// Add the core formalism already
	core_model = instantiate_node(core, "Model", "")
	instantiate_attribute(core, core_model, "name", "CoreFormalism")
	instantiate_attribute(core, core_model, "location", core_location)
	instantiate_attribute(core, core_model, "permissions", "330")

	// Make necessary links for the formalism to the owners
	instantiate_link(core, "group", "", core_model, admin_group)
	instantiate_link(core, "owner", "", core_model, admin_user)

	// Switch all new users to the user_function
	// This accesses the bootstrap level, so do not change this unless you know what you are doing
	Element root
	root = read_root()
	dict_del(root["__hierarchy"], "__IP")
	dict_add(root["__hierarchy"], "__IP", user_function)

	// Call this for ourselves as well
	user_function_skip_init(admin_user)

	// Done, so finish up
	// Admin user will have been deleted by the user_function as usual
	// Note that if there are no admin users left, it will be very difficult to manage, as nobody will have admin permissions!
	return !

Integer function get_relation_to_model(user_id : String, model_id : String):
		if (set_in(allAssociationDestinations(core, model_id, "owner"), user_id)):
			// We are the owner
			return 0!
		else:
			String group_id
			group_id = set_pop(allAssociationDestinations(core, model_id, "group"))
			if (set_in(allAssociationDestinations(core, user_id, "belongsTo"), group_id)):
				// We are in the owning group
				return 1!
			else:
				// We are not related whatsoever
				return 2!

Boolean function allow_read(user_id : String, model_id : String):
	if (read_attribute(core, user_id, "admin")):
		// Is admin, so always allow
		return True!
	else:
		// Check permissions
		String permission
		permission = string_get(read_attribute(core, model_id, "permissions"), get_relation_to_model(user_id, model_id))
		if (bool_or(permission == "1", permission == "3")):
			return True!
		else:
			return False!

Boolean function allow_write(user_id : String, model_id : String):
	if (read_attribute(core, user_id, "admin")):
		// Is admin, so always allow
		return True!
	else:
		// Check permissions
		String permission
		permission = string_get(read_attribute(core, model_id, "permissions"), get_relation_to_model(user_id, model_id))
		if (bool_or(permission == "2", permission == "3")):
			return True!
		else:
			return False!

Void function user_function():
	// Add user to Core Formalism
	String user_id
	user_id = instantiate_node(core, "User", "")
	instantiate_attribute(core, user_id, "name", get_username())
	instantiate_attribute(core, user_id, "admin", False)

	// Now call with user created
	user_function_skip_init(user_id)

	// User destroyed already, so just stop execution
	return !

Void function user_function_skip_init(user_id : String)
	Boolean do_continue

	do_continue = True

	while (do_continue):
		// TODO model management interface with access control restrictions

	// Delete user from Core Formalism
	return !