from psdi.server import MXServer;
from psdi.mbo import MboConstants;

## get context
set = None;
group = mbo.getMboSet("MAXGROUP").moveFirst();
user = mbo.getMboSet("MAXUSER").moveFirst();
userid = user.getString("USERID");
personid = user.getString("PERSONID");
needed_set = user.getMboSet("NEEDED_PARAMETERS");
fields = ["APP", "CONDITION", "DFLT_QUERY", "DFLT_SITE", "PARAMETER", "PERSON_GROUP", "QUERY_OWNER", "ROW_TYPE", "SECURITY_GROUP"];

if (group.getBoolean("ISROLE_GRE")):
    if (interactive):
        session = service.webclientsession();
        vapp = mbo.getThisMboSet().getParentApp();
        if (vapp == "SECURGROUP"):
            set = user.getMboSet("ROLE_MEMBERSHIP");
        if (vapp == "USER"):
            set = session.getDataBean("src_roles").getMboSet();
    else:
        set = user.getMboSet("ROLE_MEMBERSHIP");
        vapp = "";
        
    ## set values
    actions = "";
    roles = "";
    action_flag = False;
    role_selected = False;
    
    ## first, make a list of things we don't want to delete
    s = set.moveFirst();
    while (s):
        if (not s.toBeDeleted()):
            prov_set = s.getMboSet("PROVISION");
            p = prov_set.moveFirst();
            while (p):
                n = needed_set.add();
                n.copyValue(p, fields, fields, 11L);
                p = prov_set.moveNext();
        s = set.moveNext();
    
    # # # Now we proceed w/the work # # #
    ## get values
    prov_set = mbo.getMboSet("DEPROVISION");
    action_flag = True;
    process_area = mbo.getString("MAXGROUP.PROCESS_AREA");
    role = mbo.getString("MAXGROUP.ROLE_GRE");
    roles = roles + chr(10) + process_area + " - " + role;
    
    # # # DO THE WORK # # #
    try:
        ## DB objects for querying
        statement = None;
        rs = None;
        conn = None;
        connKey = MXServer.getMXServer().getDBManager().getSystemConnectionKey();
        conn = MXServer.getMXServer().getDBManager().getConnection(connKey);
        statement = conn.createStatement();
        
        # # # Security Group Membership # # #
        prov_set.setWhere("ROW_TYPE = 'SECURITY_GROUP'");
        prov_set.reset();
        p = prov_set.moveFirst();
        msg = "";
        while (p):
            ## see if we need to keep this particular group
            parameter = p.getString("SECURITY_GROUP");
            found = False;
            n = needed_set.moveFirst();
            while (n):
                if (n.getString("SECURITY_GROUP") == parameter and n.getString("ROW_TYPE") == "SECURITY_GROUP"):
                    found = True;
                    break;
                n = needed_set.moveNext();
            
            if (not found):
                msg = msg + str(mbo.getUniqueIDValue()) + "  ";
                try:
                    sql = "DELETE groupuser WHERE groupname = '" + parameter + "' AND userid = '" + userid + "'";
                    msg = msg + chr(10) + sql;
                    # statement.executeUpdate(sql);      
                    action_flag = True;
                except:
                    actions = actions + chr(10) + "FAILED to remove from SECURITY GROUP:  <b>" + parameter + "</b>";
                finally:
                    actions = actions + chr(10) + "Removed from SECURITY GROUP:  <b>" + parameter + "</b>";
            p = prov_set.moveNext();
        
        # if (msg != ""):
        #    service.error("GRE", "MESSAGE", [msg]);
        # # #  Person Group Membership  # # #
        prov_set.setWhere("ROW_TYPE = 'PERSON_GROUP'");
        prov_set.reset();
        p = prov_set.moveFirst();
        
        while (p):
            ## see if we need to keep this particular group
            parameter = p.getString("PERSON_GROUP");
            found = False;
            n = needed_set.moveFirst();
            while (n):
                if (n.getString("PERSON_GROUP") == parameter and n.getString("ROW_TYPE") == "PERSON_GROUP"):
                    found = True;
                    break;
                n = needed_set.moveNext();

            if (not found):                
                try:
                    sql = "DELETE persongroupteam WHERE persongroup = '" + parameter + "' AND respparty = '" + personid + "'";
                    statement.executeUpdate(sql); 
                    action_flag = True;
                except:
                    actions = actions + chr(10) + "FAILED to remove from PERSON GROUP:  <b>" + parameter + "</b>";
                finally:
                    actions = actions + chr(10) + "Removed from PERSON GROUP:  <b>" + parameter + "</b>";
            p = prov_set.moveNext();
        
        # # #      Default Queries      # # #
        prov_set.setWhere("ROW_TYPE = 'DFLT_QUERY'");
        prov_set.reset();
        p = prov_set.moveFirst();
        
        while (p):
            try:
                parameter = p.getString("DFLT_QUERY");
                target = p.getString("APP");
                sql = "DELETE defaultquery WHERE app = '" + target + "' AND userid = '" + userid + "'";
                statement.executeUpdate(sql);      
                action_flag = True;
            except:
                actions = actions + chr(10) + "FAILED to remove default query for application:  <b>" + target + "</b>";
            finally:
                actions = actions + chr(10) + "Removed DEFAULT QUERY for application:  <b>" + target + "</b>";
            p = prov_set.moveNext();

    finally:
        if (rs != None):
            rs.close();
        if (statement != None):
            statement.close();
        if (conn != None):
            conn.close(); 

    # # #  WRAP UP # # # 
    if (vapp == "USER"):
        if (action_flag):
            message = "The user was removed from the following roles:<b>" + chr(10) + roles;
            if (actions == ""):
                actions = chr(10) + "<no incremental actions were required to" + chr(10) + "finalize deprovisioning of the selected roles>";
            message = message + chr(10) + chr(10) + "</b>The following incremental actions were taken to deprovision this user:" + chr(10) + actions;
            session.showMessageBox("GRE", "MESSAGE", [message]);
        else:
            session.showMessageBox("GRE", "MESSAGE", ["This user is already fully deprovisioned for the following roles<b>" + roles + "</b>"]);