require "lib/metaprogramming.nom"
require "lib/control_flow.nom"
require "lib/operators.nom"
require "lib/collections.nom"

# Permission functions
rule (restrict %rules to within %elite-rules) =:
    say "Restricting \(%rules) to within \(%elite-rules)"
    for all (flatten [%elite-rules, %rules]):
        assert ((nomsu's "defs") has key %) "Undefined function: \(%)"
    for all %rules:
        assert (nomsu "check_permission" [%]) ".."
            |You do not have permission to restrict permissions for function: \(%)
        ((nomsu) ->* ["defs",%,"whiteset"]) =:
            dict: [%, yes] for %it in %elite-rules

rule (allow %elite-rules to use %rules) =:
    say "Allowing \(%elite-rules) to use \(%rules)"
    for all (flatten [%elite-rules, %rules]):
        assert ((nomsu's "defs") has key %) "Undefined function: \(%)"
    for %rule in %rules:
        assert (nomsu "check_permission" [%rule]) ".."
            |You do not have permission to grant permissions for function: \(%rule)
        %whiteset =: (nomsu) ->* ["defs",%rule,"whiteset"]
        if (not %whiteset): go to next %rule
        for all %elite-rules: %whiteset -> % = (yes)

rule (forbid %pleb-rules to use %rules) =:
    say "Forbidding \(%pleb-rules) to use \(%rules)"
    for all (flatten [%pleb-rules, %used]):
        assert ((nomsu's "defs") has key %) "Undefined function: \(%)"
    for all %rules:
        assert (nomsu "check_permission" [%]) ".."
            |You do not have permission to grant permissions for function: \%it\
        %whiteset =: (nomsu) ->* ["defs",%,"whiteset"]
        assert %whiteset ".."
            |Cannot individually restrict permissions for \(%) because it is currently
            |available to everyone. Perhaps you meant to use "restrict % to within %" instead?
        for all %pleb-rules: %whiteset's % = (nil)