# Copyright 2001-2004 Six Apart. This code cannot be redistributed without
# permission from www.movabletype.org.
#
# $Id: Author.pm,v 1.25 2004/04/29 02:42:57 ezra Exp $

package MT::Author;
use strict;

use MT::Object;
@MT::Author::ISA = qw( MT::Object );
__PACKAGE__->install_properties({
    columns => [
        'id', 'name', 'nickname', 'password', 'type', 'email',
        'url', 'can_create_blog', 'hint', 'created_by',
        'can_view_log', 'public_key', 'preferred_language',
	'remote_auth_username', 'remote_auth_token'
    ],
    indexes => {
	created_on => 1,
        name => 1,
        email => 1,
	type => 1,
    },
    datasource => 'author',
    primary_key => 'id',
});

# Valid "type" codes:
use constant AUTHOR => 1;
use constant COMMENTER => 2;

use constant APPROVED => 1;
use constant BLOCKED => 2;
use constant PENDING => 3;

use Exporter;
*import = \&Exporter::import;
use vars qw(@EXPORT_OK %EXPORT_TAGS);
@EXPORT_OK = qw(AUTHOR COMMENTER APPROVED BLOCKED PENDING);
%EXPORT_TAGS = (constants => [qw(AUTHOR COMMENTER APPROVED BLOCKED PENDING)]);

sub set_password {
    my $auth = shift;
    my($pass) = @_;
    my @alpha = ('a'..'z', 'A'..'Z', 0..9);
    my $salt = join '', map $alpha[rand @alpha], 1..2;
    $auth->column('password', crypt $pass, $salt);
}

sub is_valid_password {
    my $auth = shift;
    my($pass, $crypted) = @_;
    $pass ||= '';
    my $real_pass = $auth->column('password');
    return $crypted ? $real_pass eq $pass :
                      crypt($pass, $real_pass) eq $real_pass;
}

sub is_email_hidden {
    my $auth = shift;
    return ($auth->email =~ /^[0-9a-f]{40}$/i) ? 1 : 0;
}

# The two permissions can_comment and can_not_comment form the
# three-state "status" variable:
# can_comment   can_not_comment | status
#    0             0            | pending
#    1             0            | approved
#    0             1            | blocked

# Existing comments of a user are made visible only if the 
# user is coming from "pending" status.

sub set_commenter_perm {
    my $this = shift;
    my ($blog_id, $action) = @_;
    return $this->error("Can't approve/block non-COMMENTER author")
	if ($this->type ne COMMENTER);

    require MT::Permission;
    my %perm_spec = (author_id => $this->id(),
		     blog_id => $blog_id);
    my $perm = MT::Permission->load(\%perm_spec);
    if (!$perm) {
	$perm = MT::Permission->new();
	$perm->set_values(\%perm_spec);
    }
    my $was_pending = !$perm->can_comment() && !$perm->can_not_comment();
    if ($action eq 'approve') {
	$perm->can_comment(1);
	$perm->can_not_comment(0);
    } elsif ($action eq 'block') {
	$perm->can_not_comment(1);
	$perm->can_comment(0);
    }
    $perm->save() || $this->error("The approval could not be committed.");

    if ($was_pending) {
	require MT::Comment;
	my @cmnts = MT::Comment->load({commenter_id => $this->id()});
	
	for my $cmnt (@cmnts) {
	    if ($action eq 'approve') {
		$cmnt->visible($action eq 'approve');
		$cmnt->save();
	    } elsif ($action eq 'block') {
		$cmnt->remove();
	    }
	}
    }
    return 1;
}

sub status {
    my $this = shift;
    my ($blog_id) = @_;
    require MT::Permission;
    my $perm = MT::Permission->load({author_id=>$this->id, blog_id=>$blog_id});
    return PENDING if !$perm;
    return BLOCKED if $perm->can_not_comment();
    return APPROVED if $perm->can_comment();
    return PENDING;
}

sub approve {
    my $this = shift;
    my ($blog_id) = @_;
    $this->set_commenter_perm($blog_id, 'approve');
}

sub block {
    my $this = shift;
    my ($blog_id) = @_;
    $this->set_commenter_perm($blog_id, 'block');
}

sub remove {
    my $auth = shift;
    require MT::Permission;
    ## We need to loop twice over the permissions: first gather, then
    ## remove, so as not to throw our gathering out of whack by removing
    ## while we gather. :)
    my $iter = MT::Permission->load_iter({ author_id => $auth->id });
    my @perms;
    while (my $perms = $iter->()) {
        push @perms, $perms;
    }
    ## The iterator is finished, so we can safely remove.
    for my $perms (@perms) {
        $perms->remove;
    }
    $auth->SUPER::remove;
}

1;
__END__

=head1 NAME

MT::Author - Movable Type author record

=head1 SYNOPSIS

    use MT::Author;
    my $author = MT::Author->new;
    $author->name('Foo Bar');
    $author->set_password('secret');
    $author->save
        or die $author->errstr;

    my $author = MT::Author->load($author_id);

=head1 DESCRIPTION

An I<MT::Author> object represents a user in the Movable Type system. It
contains profile information (name, nickname, email address, etc.), global
permissions settings (blog creation, activity log viewing), and authentication
information (password, public key). It does not contain any per-blog
permissions settings--for those, look at the I<MT::Permission> object.

=head1 USAGE

As a subclass of I<MT::Object>, I<MT::Author> inherits all of the
data-management and -storage methods from that class; thus you should look
at the I<MT::Object> documentation for details about creating a new object,
loading an existing object, saving an object, etc.

The following methods are unique to the I<MT::Author> interface:

=head2 $author->set_password($pass)

One-way encrypts I<$pass> with a randomly-generated salt, using the Unix
I<crypt> function, and sets the I<password> data field in the I<MT::Author>
object I<$author>.

Because the password is one-way encrypted, there is B<no way> of recovering
the initial password.

=head2 $author->is_valid_password($check_pass)

Tests whether I<$check_pass> is a valid password for the I<MT::Author> object
I<$author> (ie, whether it matches the password originally set using
I<set_password>). This check is done by one-way encrypting I<$check_pass>,
using the same salt used to encrypt the original password, then comparing the
two encrypted strings for equality.

=head1 DATA ACCESS METHODS

The I<MT::Author> object holds the following pieces of data. These fields can
be accessed and set using the standard data access methods described in the
I<MT::Object> documentation.

=over 4

=item * id

The numeric ID of the author.

=item * name

The username of the author. This is the username used to log in to the system.

=item * nickname

The author nickname. This is not displayed anywhere in the system unless you
use a C<E<lt>$MTEntryAuthorNickname$E<gt>> tag.

=item * password

The author's password, one-way encrypted. If you wish to check the validity of
a password, you should use the I<is_valid_password> method, above.

=item * email

The author's email address.

=item * url

The author's homepage URL.

=item * hint

The answer to the question used when recovering the user's password. Currently
this is the birthplace of the author, though this may change in the future.

=item * can_create_blog

A boolean flag specifying whether the author has permission to create a new
blog in the system.

=item * can_view_log

A boolean flag specifying whether the author has permission to view the global
system activity log.

=item * created_by

The author ID of the author who created this author. For the initial author
created by the F<mt-load.cgi> program, this author ID is undefined.

=item * public_key

The author's ASCII-armoured public key, to be used in the future for verifying
incoming email messages.

=back

=head1 DATA LOOKUP

In addition to numeric ID lookup, you can look up or sort records by any
combination of the following fields. See the I<load> documentation in
I<MT::Object> for more information.

=over 4

=item * name

=item * email

=back

=head1 NOTES

=over 4

=item *

When you remove an author using I<MT::Author::remove>, in addition to removing
the author record, all of the author's permissions (I<MT::Permission> objects)
will be removed, as well.

=back

=head1 AUTHOR & COPYRIGHTS

Please see the I<MT> manpage for author, copyright, and license information.

=cut