class AuthD::Request
	IPC::JSON.message CheckPermission, 9 do
		property shared_key : String? = nil
		property token      : String? = nil

		property user       : Int32 | String
		property service    : String
		property resource   : String

		def initialize(@shared_key, @user, @service, @resource)
		end

		def handle(authd : AuthD::Service)
			authorized = false

			if key = @shared_key
				if key == authd.configuration.shared_key
					authorized = true
				else
					return Response::Error.new "invalid key provided"
				end
			end

			if token = @token
				user = authd.get_user_from_token token

				if user.nil?
					return Response::Error.new "token does not match user"
				end

				if user.login != @user && user.uid != @user
					return Response::Error.new "token does not match user"
				end

				authorized = true
			end

			unless authorized
				return Response::Error.new "unauthorized"
			end

			user = case u = @user
			when .is_a? Int32
				authd.users_per_uid.get? u.to_s
			else
				authd.users_per_login.get? u
			end

			if user.nil?
				return Response::Error.new "no such user"
			end

			service = @service
			service_permissions = user.permissions[service]?

			if service_permissions.nil?
				return Response::PermissionCheck.new service, @resource, user.uid, User::PermissionLevel::None
			end

			resource_permissions = service_permissions[@resource]?

			if resource_permissions.nil?
				return Response::PermissionCheck.new service, @resource, user.uid, User::PermissionLevel::None
			end

			return Response::PermissionCheck.new service, @resource, user.uid, resource_permissions
		end
	end
	AuthD.requests << CheckPermission

	IPC::JSON.message SetPermission, 10 do
		property shared_key : String

		property user       : Int32 | String
		property service    : String
		property resource   : String
		property permission : ::AuthD::User::PermissionLevel

		def initialize(@shared_key, @user, @service, @resource, @permission)
		end

		def handle(authd : AuthD::Service)
			unless @shared_key == authd.configuration.shared_key
				return Response::Error.new "unauthorized"
			end

			user = authd.users_per_uid.get? @user.to_s

			if user.nil?
				return Response::Error.new "no such user"
			end

			service = @service
			service_permissions = user.permissions[service]?

			if service_permissions.nil?
				service_permissions = Hash(String, User::PermissionLevel).new
				user.permissions[service] = service_permissions
			end

			if @permission.none?
				service_permissions.delete @resource
			else
				service_permissions[@resource] = @permission
			end

			authd.users_per_uid.update user.uid.to_s, user

			Response::PermissionSet.new user.uid, service, @resource, @permission
		end
	end
	AuthD.requests << SetPermission
end