//-----------------------------------------------------------------------
// <copyright file="Saml2AuthorizationDecisionStatement.cs" company="Microsoft">
//     Copyright (c) Microsoft Corporation.  All rights reserved.
// </copyright>
//-----------------------------------------------------------------------

namespace System.IdentityModel.Tokens
{
    using System;
    using System.Collections.Generic;
    using System.Collections.ObjectModel;
    
    /// <summary>
    /// Represents the AuthzDecisionStatement specified in [Saml2Core, 2.7.4].
    /// </summary>
    public class Saml2AuthorizationDecisionStatement : Saml2Statement
    {
        /// <summary>
        /// The empty URI reference, which may be used with the meaning 
        /// "the start of the current document" for the Resource property.
        /// </summary>
        public static readonly Uri EmptyResource = new Uri(string.Empty, UriKind.Relative);

        private Collection<Saml2Action> actions = new Collection<Saml2Action>();
        private Saml2Evidence evidence;
        private SamlAccessDecision decision;
        private Uri resource;

        /// <summary>
        /// Initializes a new instance of the <see cref="Saml2AuthorizationDecisionStatement"/> class from
        /// a resource and decision.
        /// </summary>
        /// <param name="resource">The <see cref="Uri"/> of the resource to be authorized.</param>
        /// <param name="decision">The <see cref="SamlAccessDecision"/> in use.</param>
        public Saml2AuthorizationDecisionStatement(Uri resource, SamlAccessDecision decision)
            : this(resource, decision, null)
        {
        }

        /// <summary>
        /// Initializes a new instance of the <see cref="Saml2AuthorizationDecisionStatement"/> class from
        /// a resource and decision.
        /// </summary>
        /// <param name="resource">The <see cref="Uri"/> of the resource to be authorized.</param>
        /// <param name="decision">The <see cref="SamlAccessDecision"/> in use.</param>
        /// <param name="actions">Collection of <see cref="Saml2Action"/> specifications.</param>
        public Saml2AuthorizationDecisionStatement(Uri resource, SamlAccessDecision decision, IEnumerable<Saml2Action> actions)
        {
            if (null == resource)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("resource");
            }

            // This check is making sure the resource is either a well-formed absolute uri or
            // an empty relative uri before passing through to the rest of the constructor.
            if (!(resource.IsAbsoluteUri || resource.Equals(EmptyResource)))
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("resource", SR.GetString(SR.ID4121));
            }

            if (decision < SamlAccessDecision.Permit || decision > SamlAccessDecision.Indeterminate)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("decision"));
            }

            this.resource = resource;
            this.decision = decision;

            if (null != actions)
            {
                foreach (Saml2Action action in actions)
                {
                    this.actions.Add(action);
                }
            }
        }

        /// <summary>
        /// Gets of set the set of <see cref="Saml2Action"/> authorized to be performed on the specified
        /// resource. [Saml2Core, 2.7.4]
        /// </summary>
        public Collection<Saml2Action> Actions
        {
            get { return this.actions; }
        }

        /// <summary>
        /// Gets or sets the <see cref="SamlAccessDecision"/> rendered by the SAML authority with respect to the 
        /// specified resource. [Saml2Core, 2.7.4]
        /// </summary>
        public SamlAccessDecision Decision
        {
            get
            { 
                return this.decision; 
            }

            set
            {
                if (value < SamlAccessDecision.Permit || value > SamlAccessDecision.Indeterminate)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("value"));
                }

                this.decision = value;
            }
        }

        /// <summary>
        /// Gets or sets a set of <see cref="Saml2Evidence"/> that the SAML authority relied on in making 
        /// the decision. [Saml2Core, 2.7.4]
        /// </summary>
        public Saml2Evidence Evidence
        {
            get { return this.evidence; }
            set { this.evidence = value; }
        }

        /// <summary>
        /// Gets or sets a URI reference identifying the resource to which access 
        /// authorization is sought. [Saml2Core, 2.7.4]
        /// </summary>
        /// <remarks>
        /// In addition to any absolute URI, the Resource may also be the 
        /// empty URI reference, and the meaning is defined to be "the start
        /// of the current document". [Saml2Core, 2.7.4]
        /// </remarks>
        public Uri Resource
        {
            get 
            { 
                return this.resource; 
            }

            set
            {
                if (null == value)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value");
                }

                if (!(value.IsAbsoluteUri || value.Equals(EmptyResource)))
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("value", SR.GetString(SR.ID4121));
                }

                this.resource = value;
            }
        }
    }
}