class AuthD::Request
	IPC::JSON.message CheckPermission, 9 do
		property user       : Int32 | String
		property service    : String
		property resource   : String

		def initialize(@user, @service, @resource)
		end

		def handle(authd : AuthD::Service, fd : Int32)
			# Get currently logged user.
			logged_user = authd.get_logged_user? fd
			if logged_user.nil?
				return Response::Error.new "you must be logged"
			end

			unless logged_user.admin
				return Response::Error.new "unauthorized (not admin)"
			end

			user = case u = @user
			when .is_a? Int32
				authd.users_per_uid.get? u.to_s
			else
				authd.users_per_login.get? u
			end

			if user.nil?
				return Response::Error.new "no such user"
			end

			service = @service
			service_permissions = user.permissions[service]?

			if service_permissions.nil?
				return Response::PermissionCheck.new service, @resource, user.uid, User::PermissionLevel::None
			end

			resource_permissions = service_permissions[@resource]?

			if resource_permissions.nil?
				return Response::PermissionCheck.new service, @resource, user.uid, User::PermissionLevel::None
			end

			return Response::PermissionCheck.new service, @resource, user.uid, resource_permissions
		end
	end
	AuthD.requests << CheckPermission

	IPC::JSON.message SetPermission, 10 do
		property shared_key : String

		property user       : Int32 | String
		property service    : String
		property resource   : String
		property permission : ::AuthD::User::PermissionLevel

		def initialize(@shared_key, @user, @service, @resource, @permission)
		end

		def handle(authd : AuthD::Service, fd : Int32)
			unless @shared_key == authd.configuration.shared_key
				return Response::Error.new "unauthorized"
			end

			user = authd.users_per_uid.get? @user.to_s

			if user.nil?
				return Response::Error.new "no such user"
			end

			service = @service
			service_permissions = user.permissions[service]?

			if service_permissions.nil?
				service_permissions = Hash(String, User::PermissionLevel).new
				user.permissions[service] = service_permissions
			end

			if @permission.none?
				service_permissions.delete @resource
			else
				service_permissions[@resource] = @permission
			end

			authd.users_per_uid.update user.uid.to_s, user

			Response::PermissionSet.new user.uid, service, @resource, @permission
		end
	end
	AuthD.requests << SetPermission
end