"""Privilege checks for resources"""
import logging
from functools import partial

from .authspec import privileges_fulfill_specs


logger = logging.getLogger(__name__)


can_view = partial(
    privileges_fulfill_specs,
    resource_spec=(
        "(OR group:resource:view-resource system:resource:view "
        "    system:inbredset:view-case-attribute)"),
    system_spec="(OR system:system-wide:data:view system:resource:view)")


can_edit = partial(
    privileges_fulfill_specs,
    resource_spec=(
        "(OR "
        "  (AND group:resource:view-resource group:resource:edit-resource) "
        "  (AND system:resource:view system:resource:edit) "
        "  (AND system:inbredset:view-case-attribute "
        "       system:inbredset:edit-case-attribute))"),
    system_spec=(
        "(OR "
        "  (AND system:system-wide:data:view system:system-wide:data:edit) "
        "  (AND system:resource:view system:resource:edit))"))


can_create = partial(
    privileges_fulfill_specs,
    resource_spec=("(OR group:resource:create-resource "
                   "    system:inbredset:create-case-attribute)"),
    system_spec="(OR system:system-wide:data:create)")


can_delete = partial(
    privileges_fulfill_specs,
    resource_spec=(
        "(OR "
        "  (AND group:resource:view-resource "
        "       group:resource:edit-resource group:resource:delete-resource) "
        "  (AND system:inbredset:view-case-attribute "
        "       system:inbredset:edit-case-attribute "
        "       system:inbredset:delete-case-attribute) "
        "  (AND system:resource:view system:resource:edit "
        "       system:resource:delete))"),
    system_spec=(
        "(OR "
        "  (AND system:system-wide:data:view system:system-wide:data:edit "
        "       system:system-wide:data:delete) "
        "  (AND system:resource:view system:resource:edit "
        "       system:resource:delete))"))


can_apply_or_reject_edit = partial(
    privileges_fulfill_specs,
    resource_spec=(
        "(AND system:inbredset:view-case-attribute "
        "     system:inbredset:edit-case-attribute "
        "     system:inbredset:delete-case-attribute "
        "     system:inbredset:apply-case-attribute-edit "
        "     system:inbredset:reject-case-attribute-edit)"),
    system_spec=(
        "(AND system:system-wide:inbredset:view-case-attribute "
        "     system:system-wide:inbredset:edit-case-attribute "
        "     system:system-wide:inbredset:delete-case-attribute "
        "     system:system-wide:inbredset:apply-case-attribute-edit "
        "     system:system-wide:inbredset:reject-case-attribute-edit)"))