using Alphaleonis.Win32.Filesystem;
using Security2;
using System;
using System.Linq;
using System.Management.Automation;
using System.Security.AccessControl;

namespace NTFSSecurity
{
    [Cmdlet(VerbsCommon.Add, "NTFSAudit", DefaultParameterSetName = "PathComplex")]
    [OutputType(typeof(FileSystemAccessRule2))]
    public class AddAudit : BaseCmdletWithPrivControl
    {
        private IdentityReference2[] account;
        private FileSystemRights2 accessRights;
        private AuditFlags auditFlags = AuditFlags.Failure | AuditFlags.Success;
        private InheritanceFlags inheritanceFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
        private PropagationFlags propagationFlags = PropagationFlags.None;
        private ApplyTo appliesTo = ApplyTo.ThisFolderSubfoldersAndFiles;
        private bool passThru;

        [Parameter(Mandatory = true, Position = 1, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true, ParameterSetName = "PathSimple")]
        [Parameter(Mandatory = true, Position = 1, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true, ParameterSetName = "PathComplex")]
        [ValidateNotNullOrEmpty]
        [Alias("FullName")]
        public string[] Path
        {
            get { return paths.ToArray(); }
            set
            {
                paths.Clear();
                paths.AddRange(value);
            }
        }

        [Parameter(Mandatory = true, Position = 1, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true, ParameterSetName = "SDSimple")]
        [Parameter(Mandatory = true, Position = 1, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true, ParameterSetName = "SDComplex")]
        [ValidateNotNullOrEmpty]
        public FileSystemSecurity2[] SecurityDescriptor
        {
            get { return securityDescriptors.ToArray(); }
            set
            {
                securityDescriptors.Clear();
                securityDescriptors.AddRange(value);
            }
        }

        [Parameter(Mandatory = true, Position = 2, ValueFromPipelineByPropertyName = true)]
        [Alias("IdentityReference, ID")]
        public IdentityReference2[] Account
        {
            get { return account; }
            set { account = value; }
        }

        [Parameter(Mandatory = true, Position = 2, ValueFromPipelineByPropertyName = true)]
        [Alias("FileSystemRights")]
        public FileSystemRights2 AccessRights
        {
            get { return accessRights; }
            set { accessRights = value; }
        }

        [Parameter(ValueFromPipelineByPropertyName = true)]
        public AuditFlags AuditFlags
        {
            get { return auditFlags; }
            set { auditFlags = value; }
        }

        [Parameter(ValueFromPipelineByPropertyName = true, ParameterSetName = "PathComplex")]
        [Parameter(ValueFromPipelineByPropertyName = true, ParameterSetName = "SDComplex")]
        public InheritanceFlags InheritanceFlags
        {
            get { return inheritanceFlags; }
            set { inheritanceFlags = value; }
        }

        [Parameter(ValueFromPipelineByPropertyName = true, ParameterSetName = "PathComplex")]
        [Parameter(ValueFromPipelineByPropertyName = true, ParameterSetName = "SDComplex")]
        public PropagationFlags PropagationFlags
        {
            get { return propagationFlags; }
            set { propagationFlags = value; }
        }

        [Parameter(ValueFromPipelineByPropertyName = true, ParameterSetName = "PathSimple")]
        [Parameter(ValueFromPipelineByPropertyName = true, ParameterSetName = "SDSimple")]
        public ApplyTo AppliesTo
        {
            get { return appliesTo; }
            set { appliesTo = value; }
        }

        [Parameter]
        public SwitchParameter PassThru
        {
            get { return passThru; }
            set { passThru = value; }
        }

        protected override void BeginProcessing()
        {
            base.BeginProcessing();
        }

        protected override void ProcessRecord()
        {
            if (ParameterSetName.EndsWith("Simple"))
            {
                FileSystemSecurity2.ConvertToFileSystemFlags(appliesTo, out inheritanceFlags, out propagationFlags);
            }

            if (ParameterSetName.StartsWith("Path"))
            {
                FileSystemInfo item = null;

                foreach (var path in paths)
                {
                    try
                    {
                        item = GetFileSystemInfo2(path);
                    }
                    catch (Exception ex)
                    {
                        WriteError(new ErrorRecord(ex, "ReadFileError", ErrorCategory.OpenError, path));
                        continue;
                    }

                    try
                    {
                        FileSystemAuditRule2.AddFileSystemAuditRule(item, account.ToList(), accessRights, auditFlags, inheritanceFlags, propagationFlags);
                    }
                    catch (UnauthorizedAccessException)
                    {
                        try
                        {
                            var ownerInfo = FileSystemOwner.GetOwner(item);
                            var previousOwner = ownerInfo.Owner;

                            FileSystemOwner.SetOwner(item, System.Security.Principal.WindowsIdentity.GetCurrent().User);

                            FileSystemAuditRule2.AddFileSystemAuditRule(item, account.ToList(), accessRights, auditFlags, inheritanceFlags, propagationFlags);

                            FileSystemOwner.SetOwner(item, previousOwner);
                        }
                        catch (Exception ex2)
                        {
                            WriteError(new ErrorRecord(ex2, "AddAceError", ErrorCategory.WriteError, path));
                        }
                    }
                    catch (Exception ex)
                    {
                        WriteError(new ErrorRecord(ex, "AddAceError", ErrorCategory.WriteError, path));
                    }

                    if (passThru == true)
                    {
                        FileSystemAuditRule2.GetFileSystemAuditRules(item, true, true).ForEach(ace => WriteObject(ace));
                    }
                }
            }
            else
            {
                foreach (var sd in securityDescriptors)
                {
                    FileSystemAuditRule2.AddFileSystemAuditRule(sd, account.ToList(), accessRights, auditFlags, inheritanceFlags, propagationFlags);

                    if (passThru == true)
                    {
                        FileSystemAccessRule2.GetFileSystemAccessRules(sd, true, true).ForEach(ace => WriteObject(ace));
                    }
                }
            }

        }
        protected override void EndProcessing()
        {
            base.EndProcessing();
        }
    }
}