<?php
/* -*- tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*
# ***** BEGIN LICENSE BLOCK *****
# This file is part of InDefero, an open source project management application.
# Copyright (C) 2008-2011 Céondo Ltd and contributors.
#
# InDefero is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# InDefero is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
#
# ***** END LICENSE BLOCK ***** */

/**
 * This classes is a plugin which allows to synchronise access rights
 * between indefero and monotone usher setups.
 */
class IDF_Plugin_SyncMonotone
{
    /**
     * Entry point of the plugin.
     */
    static public function entry($signal, &$params)
    {
        $plug = new IDF_Plugin_SyncMonotone();
        switch ($signal) {
        case 'IDF_Project::created':
            $plug->processProjectCreate($params['project']);
            break;
        case 'IDF_Project::membershipsUpdated':
            $plug->processMembershipsUpdated($params['project']);
            break;
        case 'IDF_Project::preDelete':
            $plug->processProjectDelete($params['project']);
            break;
        case 'IDF_Key::postSave':
            $plug->processKeyCreate($params['key']);
            break;
        case 'IDF_Key::preDelete':
            $plug->processKeyDelete($params['key']);
            break;
        case 'mtnpostpush.php::run':
            $plug->processSyncTimeline($params['project']);
            break;
        }
    }

    /**
     * Initial steps to setup a new monotone project:
     *
     *  1) run mtn db init to initialize a new database underknees
     *     'mtn_repositories'
     *  2) create a new server key in the same directory
     *  3) create a new client key for IDF and store it in the project conf
     *  4) setup the configuration
     *  5) add the database as new local server in the usher configuration
     *  6) reload the running usher instance so it acknowledges the new server
     *
     * The initial right setup happens in processMembershipsUpdated()
     *
     * @param IDF_Project
     */
    function processProjectCreate($project)
    {
        if ($project->getConf()->getVal('scm') != 'mtn') {
            return;
        }

        if (Pluf::f('mtn_db_access', 'local') == 'local') {
            return;
        }

        $projecttempl = Pluf::f('mtn_repositories', false);
        if ($projecttempl === false) {
            throw new IDF_Scm_Exception(
                 __('"mtn_repositories" must be defined in your configuration file.')
            );
        }

        $usher_config = Pluf::f('mtn_usher_conf', false);
        if (!$usher_config || !is_writable($usher_config)) {
            throw new IDF_Scm_Exception(
                 __('"mtn_usher_conf" does not exist or is not writable.')
            );
        }

        $mtnpostpush = realpath(dirname(__FILE__) . '/../../../scripts/mtn-post-push');
        if (!file_exists($mtnpostpush)) {
            throw new IDF_Scm_Exception(sprintf(
                __('Could not find mtn-post-push script "%s".'), $mtnpostpush
            ));
        }

        // check some static configuration files
        $confdir = Pluf::f('mtn_confdir', false);
        if ($confdir === false) {
            $confdir = dirname(__FILE__).'/SyncMonotone/';
        }
        $confdir_contents = array(
             'monotonerc.in',
             'remote-automate-permissions.in',
             'hooks.d/',
             // this is linked and not copied to be able to update
             // the list of read-only commands on upgrades
             'hooks.d/indefero_authorize_remote_automate.conf',
             'hooks.d/indefero_authorize_remote_automate.lua',
             'hooks.d/indefero_post_push.conf.in',
             'hooks.d/indefero_post_push.lua',
        );
        if (!$project->private) {
            // this is linked and not copied to be able to update
            // the list of read-only commands on upgrades
            $confdir_contents[] = 'hooks.d/indefero_authorize_remote_automate.conf';
        }

        // check whether we should handle additional files in the config directory
        $confdir_extra_contents = Pluf::f('mtn_confdir_extra', false);
        if ($confdir_extra_contents !== false) {
            $confdir_contents =
                array_merge($confdir_contents, $confdir_extra_contents);
        }
        foreach ($confdir_contents as $content) {
            if (!file_exists($confdir.$content)) {
                throw new IDF_Scm_Exception(sprintf(
                    __('The configuration file %s is missing.'), $content
                ));
            }
        }

        $shortname = $project->shortname;
        $projectpath = sprintf($projecttempl, $shortname);
        if (file_exists($projectpath)) {
            throw new IDF_Scm_Exception(sprintf(
                __('The project path %s already exists.'), $projectpath
            ));
        }

        if (!mkdir($projectpath)) {
            throw new IDF_Scm_Exception(sprintf(
                __('The project path %s could not be created.'), $projectpath
            ));
        }

        //
        // step 1) create a new database
        //
        $dbfile = $projectpath.'/database.mtn';
        $cmd = sprintf('db init -d %s', escapeshellarg($dbfile));
        self::_mtn_exec($cmd);

        //
        // step 2) create a server key
        //
        // try to parse the key's domain part from the remote_url's host
        // name, otherwise fall back to the configured Apache server name
        $server = $_SERVER['SERVER_NAME'];
        $remote_url = Pluf::f('mtn_remote_url');
        if (($parsed = parse_url($remote_url)) !== false &&
            !empty($parsed['host'])) {
            $server = $parsed['host'];
        }

        $serverkey = $shortname.'-server@'.$server;
        $cmd = sprintf('au generate_key --confdir=%s %s ""',
            escapeshellarg($projectpath),
            escapeshellarg($serverkey)
        );
        self::_mtn_exec($cmd);

        //
        // step 3) create a client key, and save it in IDF
        //
        $keydir = Pluf::f('tmp_folder').'/mtn-client-keys';
        if (!file_exists($keydir)) {
            if (!mkdir($keydir)) {
                throw new IDF_Scm_Exception(sprintf(
                    __('The key directory %s could not be created.'), $keydir
                ));
            }
        }

        $clientkey_name = $shortname.'-client@'.$server;
        $cmd = sprintf('au generate_key --keydir=%s %s ""',
            escapeshellarg($keydir),
            escapeshellarg($clientkey_name)
        );
        $keyinfo = self::_mtn_exec($cmd);

        $parsed_keyinfo = array();
        try {
            $parsed_keyinfo = IDF_Scm_Monotone_BasicIO::parse($keyinfo);
        }
        catch (Exception $e) {
            throw new IDF_Scm_Exception(sprintf(
                __('Could not parse key information: %s'), $e->getMessage()
            ));
        }

        $clientkey_hash = $parsed_keyinfo[0][1]['hash'];
        $clientkey_file = $keydir . '/' . $clientkey_name . '.' . $clientkey_hash;
        $clientkey_data = file_get_contents($clientkey_file);

        $project->getConf()->setVal('mtn_client_key_name', $clientkey_name);
        $project->getConf()->setVal('mtn_client_key_hash', $clientkey_hash);
        $project->getConf()->setVal('mtn_client_key_data', $clientkey_data);

        // add the public client key to the server
        $cmd = sprintf('au get_public_key --keydir=%s %s',
            escapeshellarg($keydir),
            escapeshellarg($clientkey_hash)
        );
        $clientkey_pubdata = self::_mtn_exec($cmd);

        $cmd = sprintf('au put_public_key --db=%s %s',
            escapeshellarg($dbfile),
            escapeshellarg($clientkey_pubdata)
        );
        self::_mtn_exec($cmd);

        //
        // step 4) setup the configuration
        //

        // we assume that all confdir entries ending with a slash mean a
        // directory that has to be created, that all files ending on ".in"
        // have to be processed and copied in place and that all other files
        // just need to be symlinked from the original location
        foreach ($confdir_contents as $content) {
            $filepath = $projectpath.'/'.$content;
            if (substr($content, -1) == '/') {
                if (!mkdir($filepath)) {
                    throw new IDF_Scm_Exception(sprintf(
                        __('Could not create configuration directory "%s"'), $filepath
                    ));
                }
                continue;
            }

            if (substr($content, -3) != '.in') {
                if (!symlink($confdir.$content, $filepath)) {
                    IDF_Scm_Exception(sprintf(
                        __('Could not create symlink "%s"'), $filepath
                    ));
                }
                continue;
            }

            $filecontents = file_get_contents($confdir.'/'.$content);
            $filecontents = str_replace(
                array('%%MTNPOSTPUSH%%', '%%PROJECT%%', '%%MTNCLIENTKEY%%'),
                array($mtnpostpush, $shortname, $clientkey_hash),
                $filecontents
            );

            // remove the .in
            $filepath = substr($filepath, 0, -3);
            if (file_put_contents($filepath, $filecontents, LOCK_EX) === false) {
                throw new IDF_Scm_Exception(sprintf(
                    __('Could not write configuration file "%s"'), $filepath
                ));
            }
        }

        //
        // step 5) read in and append the usher config with the new server
        //
        $usher_rc = file_get_contents($usher_config);
        $parsed_config = array();
        try {
            $parsed_config = IDF_Scm_Monotone_BasicIO::parse($usher_rc);
        }
        catch (Exception $e) {
            throw new IDF_Scm_Exception(sprintf(
                __('Could not parse usher configuration in "%s": %s'),
                $usher_config, $e->getMessage()
            ));
        }

        // ensure we haven't configured a server with this name already
        foreach ($parsed_config as $stanzas) {
            foreach ($stanzas as $stanza_line) {
                if ($stanza_line['key'] == 'server' &&
                    $stanza_line['values'][0] == $shortname) {
                    throw new IDF_Scm_Exception(sprintf(
                        __('usher configuration already contains a server '.
                           'entry named "%s"'),
                        $shortname
                    ));
                }
            }
        }

        $new_server = array(
            array('key' => 'server', 'values' => array($shortname)),
            array('key' => 'local', 'values' => array(
                '--confdir', $projectpath,
                '-d', $dbfile,
                '--timestamps',
                '--ticker=dot'
            )),
        );

        $parsed_config[] = $new_server;
        $usher_rc = IDF_Scm_Monotone_BasicIO::compile($parsed_config);

        // FIXME: more sanity - what happens on failing writes? we do not
        // have a backup copy of usher.conf around...
        if (file_put_contents($usher_config, $usher_rc, LOCK_EX) === false) {
            throw new IDF_Scm_Exception(sprintf(
                __('Could not write usher configuration file "%s"'), $usher_config
            ));
        }

        //
        // step 6) reload usher to pick up the new configuration
        //
        IDF_Scm_Monotone_Usher::reload();
    }

    /**
     * Updates the read / write permissions for the monotone database
     *
     * @param IDF_Project
     */
    public function processMembershipsUpdated($project)
    {
        if ($project->getConf()->getVal('scm') != 'mtn') {
            return;
        }

        if (Pluf::f('mtn_db_access', 'local') == 'local') {
            return;
        }

        $mtn = IDF_Scm_Monotone::factory($project);
        $stdio = $mtn->getStdio();

        $projectpath = self::_get_project_path($project);
        $auth_ids    = self::_get_authorized_user_ids($project);
        $key_ids     = array();
        foreach ($auth_ids as $auth_id) {
            $sql = new Pluf_SQL('user=%s', array($auth_id));
            $keys = Pluf::factory('IDF_Key')->getList(array('filter' => $sql->gen()));
            foreach ($keys as $key) {
                if ($key->getType() != 'mtn')
                    continue;
                $stdio->exec(array('put_public_key', $key->content));
                $key_ids[] = $key->getMtnId();
            }
        }

        $write_permissions = implode("\n", $key_ids);
        $rcfile = $projectpath.'/write-permissions';
        if (file_put_contents($rcfile, $write_permissions, LOCK_EX) === false) {
            throw new IDF_Scm_Exception(sprintf(
                __('Could not write write-permissions file "%s"'), $rcfile
            ));
        }

        if ($project->private) {
            $stanza = array(
                array('key' => 'pattern', 'values' => array('*')),
            );
            foreach ($key_ids as $key_id)
            {
                $stanza[] = array('key' => 'allow', 'values' => array($key_id));
            }
        }
        else {
            $stanza = array(
                array('key' => 'pattern', 'values' => array('*')),
                array('key' => 'allow', 'values' => array('*')),
            );
        }
        $read_permissions = IDF_Scm_Monotone_BasicIO::compile(array($stanza));
        $rcfile = $projectpath.'/read-permissions';
        if (file_put_contents($rcfile, $read_permissions, LOCK_EX) === false) {
            throw new IDF_Scm_Exception(sprintf(
                __('Could not write read-permissions file "%s"'), $rcfile
            ));
        }

        // link / unlink the read-only automate permissions for the project
        $confdir = Pluf::f('mtn_confdir', false);
        if ($confdir === false) {
            $confdir = dirname(__FILE__).'/SyncMonotone/';
        }
        $file = 'hooks.d/indefero_authorize_remote_automate.conf';
        $projectfile = $projectpath.'/'.$file;
        $templatefile = $confdir.'/'.$file;

        $serverRestartRequired = false;
        if ($project->private && file_exists($projectfile) && is_link($projectfile)) {
            if (!unlink($projectfile)) {
                IDF_Scm_Exception(sprintf(
                    __('Could not remove symlink "%s"'), $projectfile
                ));
            }
            $serverRestartRequired = true;
        } else
        if (!$project->private && !file_exists($projectfile)) {
            if (!symlink($templatefile, $projectfile)) {
                throw new IDF_Scm_Exception(sprintf(
                    __('Could not create symlink "%s"'), $projectfile
                ));
            }
            $serverRestartRequired = true;
        }

        if ($serverRestartRequired) {
            // FIXME: we should actually use stopServer() here, but this
            // seems to be ignored when the server should be started
            // again immediately afterwards
            IDF_Scm_Monotone_Usher::killServer($project->shortname);
            IDF_Scm_Monotone_Usher::startServer($project->shortname);
        }
    }

    /**
     * Clean up after a mtn project was deleted
     *
     * @param IDF_Project
     */
    public function processProjectDelete($project)
    {
        if ($project->getConf()->getVal('scm') != 'mtn') {
            return;
        }

        if (Pluf::f('mtn_db_access', 'local') == 'local') {
            return;
        }

        $usher_config = Pluf::f('mtn_usher_conf', false);
        if (!$usher_config || !is_writable($usher_config)) {
            throw new IDF_Scm_Exception(
                 __('"mtn_usher_conf" does not exist or is not writable.')
            );
        }

        $shortname = $project->shortname;
        IDF_Scm_Monotone_Usher::killServer($shortname);

        $projecttempl = Pluf::f('mtn_repositories', false);
        if ($projecttempl === false) {
            throw new IDF_Scm_Exception(
                 __('"mtn_repositories" must be defined in your configuration file.')
            );
        }

        $projectpath = sprintf($projecttempl, $shortname);
        if (file_exists($projectpath)) {
            if (!self::_delete_recursive($projectpath)) {
                throw new IDF_Scm_Exception(sprintf(
                    __('One or more paths underknees %s could not be deleted.'), $projectpath
                ));
            }
        }

        $keydir = Pluf::f('tmp_folder').'/mtn-client-keys';
        $keyname = $project->getConf()->getVal('mtn_client_key_name', false);
        $keyhash = $project->getConf()->getVal('mtn_client_key_hash', false);
        if ($keyname && $keyhash &&
            file_exists($keydir .'/'. $keyname . '.' . $keyhash)) {
            if (!@unlink($keydir .'/'. $keyname . '.' . $keyhash)) {
                throw new IDF_Scm_Exception(sprintf(
                    __('Could not delete client private key %s'), $keyname
                ));
            }
        }

        $usher_rc = file_get_contents($usher_config);
        $parsed_config = array();
        try {
            $parsed_config = IDF_Scm_Monotone_BasicIO::parse($usher_rc);
        }
        catch (Exception $e) {
            throw new IDF_Scm_Exception(sprintf(
                __('Could not parse usher configuration in "%s": %s'),
                $usher_config, $e->getMessage()
            ));
        }

        foreach ($parsed_config as $idx => $stanzas) {
            foreach ($stanzas as $stanza_line) {
                if ($stanza_line['key'] == 'server' &&
                    $stanza_line['values'][0] == $shortname) {
                    unset($parsed_config[$idx]);
                    break;
                }
            }
        }

        $usher_rc = IDF_Scm_Monotone_BasicIO::compile($parsed_config);

        // FIXME: more sanity - what happens on failing writes? we do not
        // have a backup copy of usher.conf around...
        if (file_put_contents($usher_config, $usher_rc, LOCK_EX) === false) {
            throw new IDF_Scm_Exception(sprintf(
                __('Could not write usher configuration file "%s"'), $usher_config
            ));
        }

        IDF_Scm_Monotone_Usher::reload();
    }

    /**
     * Adds the (monotone) key to all monotone projects of this forge
     * where the user of the key has write access to
     */
    public function processKeyCreate($key)
    {
        if ($key->getType() != 'mtn') {
            return;
        }

        if (Pluf::f('mtn_db_access', 'local') == 'local') {
            return;
        }

        foreach (Pluf::factory('IDF_Project')->getList() as $project) {
            $conf = new IDF_Conf();
            $conf->setProject($project);
            $scm = $conf->getVal('scm', 'mtn');
            if ($scm != 'mtn')
                continue;

            $projectpath = self::_get_project_path($project);
            $auth_ids    = self::_get_authorized_user_ids($project);
            if (!in_array($key->user, $auth_ids))
                continue;

            $mtn_key_id = $key->getMtnId();

            // if the project is not defined as private, all people have
            // read access already, so we don't need to write anything
            // and we currently do not check if read-permissions really
            // contains
            //      pattern "*"
            //      allow "*"
            // which is the default for non-private projects
            if ($project->private == true) {
                $read_perms = file_get_contents($projectpath.'/read-permissions');
                $parsed_read_perms = array();
                try {
                    $parsed_read_perms = IDF_Scm_Monotone_BasicIO::parse($read_perms);
                }
                catch (Exception $e) {
                    throw new IDF_Scm_Exception(sprintf(
                        __('Could not parse read-permissions for project "%s": %s'),
                        $shortname, $e->getMessage()
                    ));
                }

                $wildcard_section = null;
                for ($i=0; $i<count($parsed_read_perms); ++$i) {
                    foreach ($parsed_read_perms[$i] as $stanza_line) {
                        if ($stanza_line['key'] == 'pattern' &&
                            $stanza_line['values'][0] == '*') {
                            $wildcard_section =& $parsed_read_perms[$i];
                            break;
                        }
                    }
                }

                if ($wildcard_section == null)
                {
                    $wildcard_section = array(
                        array('key' => 'pattern', 'values' => array('*'))
                    );
                    $parsed_read_perms[] =& $wildcard_section;
                }

                $key_found = false;
                foreach ($wildcard_section as $line)
                {
                    if ($line['key'] == 'allow' && $line['values'][0] == $mtn_key_id) {
                        $key_found = true;
                        break;
                    }
                }

                if (!$key_found) {
                    $wildcard_section[] = array(
                        'key' => 'allow', 'values' => array($mtn_key_id)
                    );
                }

                $read_perms = IDF_Scm_Monotone_BasicIO::compile($parsed_read_perms);

                if (file_put_contents($projectpath.'/read-permissions',
                                      $read_perms, LOCK_EX) === false) {
                    throw new IDF_Scm_Exception(sprintf(
                        __('Could not write read-permissions for project "%s"'), $shortname
                    ));
                }
            }

            $write_perms = file_get_contents($projectpath.'/write-permissions');
            $lines = preg_split("/(\n|\r\n)/", $write_perms, -1, PREG_SPLIT_NO_EMPTY);
            if (!in_array('*', $lines) && !in_array($mtn_key_id, $lines)) {
                $lines[] = $mtn_key_id;
            }
            if (file_put_contents($projectpath.'/write-permissions',
                                  implode("\n", $lines) . "\n", LOCK_EX) === false) {
                throw new IDF_Scm_Exception(sprintf(
                    __('Could not write write-permissions file for project "%s"'),
                    $shortname
                ));
            }

            $mtn = IDF_Scm_Monotone::factory($project);
            $stdio = $mtn->getStdio();
            $stdio->exec(array('put_public_key', $key->content));
        }
    }

    /**
     * Removes the (monotone) key from all monotone projects of this forge
     * where the user of the key has write access to
     */
    public function processKeyDelete($key)
    {
        try {
            if ($key->getType() != 'mtn') {
                return;
            }
        } catch (Exception $e) {
            // bad key type, skip it.
            return;
        }

        if (Pluf::f('mtn_db_access', 'local') == 'local') {
            return;
        }

        foreach (Pluf::factory('IDF_Project')->getList() as $project) {
            $conf = new IDF_Conf();
            $conf->setProject($project);
            $scm = $conf->getVal('scm', 'mtn');
            if ($scm != 'mtn')
                continue;

            $projectpath = self::_get_project_path($project);
            $auth_ids    = self::_get_authorized_user_ids($project);
            if (!in_array($key->user, $auth_ids))
                continue;

            $mtn_key_id = $key->getMtnId();

            // if the project is not defined as private, all people have
            // read access already, so we don't need to write anything
            // and we currently do not check if read-permissions really
            // contains
            //      pattern "*"
            //      allow "*"
            // which is the default for non-private projects
            if ($project->private) {
                $read_perms = file_get_contents($projectpath.'/read-permissions');
                $parsed_read_perms = array();
                try {
                    $parsed_read_perms = IDF_Scm_Monotone_BasicIO::parse($read_perms);
                }
                catch (Exception $e) {
                    throw new IDF_Scm_Exception(sprintf(
                        __('Could not parse read-permissions for project "%s": %s'),
                        $shortname, $e->getMessage()
                    ));
                }

                // while we add new keys only to an existing wild-card entry
                // we remove dropped keys from all sections since the key
                // should be simply unavailable for all of them
                for ($h=0; $h<count($parsed_read_perms); ++$h) {
                    for ($i=0; $i<count($parsed_read_perms[$h]); ++$i) {
                        if ($parsed_read_perms[$h][$i]['key'] == 'allow' &&
                            $parsed_read_perms[$h][$i]['values'][0] == $mtn_key_id) {
                            unset($parsed_read_perms[$h][$i]);
                            continue;
                        }
                    }
                }

                $read_perms = IDF_Scm_Monotone_BasicIO::compile($parsed_read_perms);

                if (file_put_contents($projectpath.'/read-permissions',
                                      $read_perms, LOCK_EX) === false) {
                    throw new IDF_Scm_Exception(sprintf(
                        __('Could not write read-permissions for project "%s"'), $shortname
                    ));
                }
            }

            $write_perms = file_get_contents($projectpath.'/write-permissions');
            $lines = preg_split("/(\n|\r\n)/", $write_perms, -1, PREG_SPLIT_NO_EMPTY);
            for ($i=0; $i<count($lines); ++$i) {
                if ($lines[$i] == $mtn_key_id) {
                    unset($lines[$i]);
                    // the key should actually only exist once in the
                    // file, but we're paranoid
                    continue;
                }
            }
            if (file_put_contents($projectpath.'/write-permissions',
                                  implode("\n", $lines) . "\n", LOCK_EX) === false) {
                throw new IDF_Scm_Exception(sprintf(
                    __('Could not write write-permissions file for project "%s"'),
                    $shortname
                ));
            }

            $mtn = IDF_Scm_Monotone::factory($project);
            $stdio = $mtn->getStdio();
            // if the public key did not sign any revisions, drop it from
            // the database as well
            try {
                if (strlen($stdio->exec(array('select', 'k:' . $mtn_key_id))) == 0) {
                    $stdio->exec(array('drop_public_key', $mtn_key_id));
                }
            } catch (IDF_Scm_Exception $e) {
                if (strpos($e->getMessage(), 'there is no key named') === false)
                    throw $e;
            }
        }
    }

    /**
     * Update the timeline after a push
     *
     */
    public function processSyncTimeline($project_name)
    {
        try {
            $project = IDF_Project::getOr404($project_name);
        } catch (Pluf_HTTP_Error404 $e) {
            Pluf_Log::event(array(
                'IDF_Plugin_SyncMonotone::processSyncTimeline',
                'Project not found.',
                array($project_name, $params)
            ));
            return false; // Project not found
        }

        Pluf_Log::debug(array(
            'IDF_Plugin_SyncMonotone::processSyncTimeline',
            'Project found', $project_name, $project->id
        ));
        IDF_Scm::syncTimeline($project, true);
        Pluf_Log::event(array(
            'IDF_Plugin_SyncMonotone::processSyncTimeline',
            'sync', array($project_name, $project->id)
        ));
    }

    private static function _get_authorized_user_ids($project)
    {
        $mem = $project->getMembershipData();
        $members = array_merge((array)$mem['members'],
                               (array)$mem['owners'],
                               (array)$mem['authorized']);
        $userids = array();
        foreach ($members as $member) {
            $userids[] = $member->id;
        }
        return $userids;
    }

    private static function _get_project_path($project)
    {
        $projecttempl = Pluf::f('mtn_repositories', false);
        if ($projecttempl === false) {
            throw new IDF_Scm_Exception(
                 __('"mtn_repositories" must be defined in your configuration file.')
            );
        }

        $projectpath = sprintf($projecttempl, $project->shortname);
        if (!file_exists($projectpath)) {
            throw new IDF_Scm_Exception(sprintf(
                __('The project path %s does not exists.'), $projectpath
            ));
        }
        return $projectpath;
    }

    private static function _mtn_exec($cmd)
    {
        $fullcmd = sprintf('%s %s %s',
            Pluf::f('idf_exec_cmd_prefix', ''),
            Pluf::f('mtn_path', 'mtn'),
            $cmd
        );

        $output = $return = null;
        exec($fullcmd, $output, $return);
        if ($return != 0) {
            throw new IDF_Scm_Exception(sprintf(
                __('The command "%s" could not be executed.'), $cmd
            ));
        }
        return implode("\n", $output);
    }

    private static function _delete_recursive($path)
    {
        if (is_file($path) || is_link($path)) {
            return @unlink($path);
        }

        if (is_dir($path)) {
            $scan = glob(rtrim($path, '/') . '/*');
            $status = 0;
            foreach ($scan as $subpath) {
                $status |= self::_delete_recursive($subpath);
            }
            $status |= rmdir($path);
            return $status;
        }
    }
}