#!/usr/bin/python2.7

# grouper_find_memberships
# get the list of group members with enable time and disable time, select one of these options:
# all members
# effective (indirect)
# immediate (direct)
# composite
# nonimmediate

import httplib2
import json
import sys,string

def usage():
    print('usage: grouper_find_memberships -g <group> -f <memberFilter>')
    print('-g   group ID path')
    print('-f   memberFilter can be All, Effective, Immediate, Composite, or NonImmediate')
    exit(1)

def main():
    # parse the command line arguments
    if len(sys.argv) != 5:
        usage()
    if sys.argv[1] != '-g':
        usage()
    thisGroup = sys.argv[2]

    if sys.argv[3] != '-f':
        usage()
    thisFilter = string.upper(sys.argv[4])

    # initialize httplib2
    http = httplib2.Http()

    # set the grouper URI (dev or prod), username, password
    grouper_ws_uri = grouperWSParameters(http)

    # get group members with enable/disable dates
    # enabledFlag=A to get all memberships, enabled and disabled
    getMemberships = grouperGetMembershipsWithFilter(http,grouper_ws_uri,thisGroup,'A',thisFilter)

    if getMemberships and getMemberships['WsGetMembershipsResults']['resultMetadata']['resultCode'] == 'SUCCESS':
        memberships = getMemberships['WsGetMembershipsResults'].get('wsMemberships')
        if memberships==None:
            # no members found using this member filter
            print("None")
            exit(0)
        for nmemberships in range(0,len(memberships)):
            membership = memberships[nmemberships]
            enabled = membership['enabled']
            subjectSource = membership['subjectSourceId']
            subjectId = membership['subjectId']
            # grouper date format is YYYY/MM/DD HH:MM:SS.sss
            # if milliseconds is "000" remove milliseconds from enabled time and disabled time
            enabledTime = ''
            disabledTime = ''
            if 'enabledTime' in membership:
                enabledTime = membership['enabledTime']
                if enabledTime[-4:] == '.000':
                    enabledTime = enabledTime[:-4]
            if 'disabledTime' in membership:
                disabledTime = membership['disabledTime']
                if disabledTime[-4:] == '.000':
                    disabledTime = disabledTime[:-4]
            # subjectSource can be idm, g:gsa, or externalUsers
            # which indicates the member type is UNI, group, or external user
            print(subjectSource+","+subjectId+","+enabled+","+enabledTime+","+disabledTime)
    else:
        print(thisGroup + " group not found (does not exist or is not accessible)")

def grouperGetMembershipsWithFilter(http, grouper_ws_uri, groupName, enabledFlag, memberFilter):
    # get group members with enabled/disabled status and enable/disable dates and times
    # enabledFlag can be T/F/A (enabled/disabled/all)
    # use memberFilter=ALL to fetch all members
    # use memberFilter=IMMEDIATE to fetch direct members only
    # date format is YYYY/MM/DD HH:MM:SS.sss
    if enabledFlag == '':
        enabledFlag = 'A'
    if enabledFlag != 'T' and enabledFlag != 'F' and enabledFlag != 'A':
        print("enabledFlag "+enabledFlag+" must be T or F or A")
        exit(1)
    if memberFilter == '':
        memberFilter = 'ALL'
    if memberFilter != 'ALL' and memberFilter != 'EFFECTIVE' and memberFilter != 'IMMEDIATE' and memberFilter != 'COMPOSITE' and memberFilter != 'NONIMMEDIATE':
        print("memberFilter "+memberFilter+" must be ALL or EFFECTIVE or IMMEDIATE or COMPOSITE or NONIMMEDIATE")
        exit(1)
    body = {
      "WsRestGetMembershipsRequest": {
        "memberFilter": memberFilter,
        "wsGroupLookups": [{
          "groupName": groupName
        }],
      "enabled":enabledFlag
      }
    }
    result = grouperWSRequest(http, grouper_ws_uri+"/memberships", "POST", body)
    return result

def grouperWSRequest(http, url, method, body):
    # send a request to the Grouper Web Service
    # method can be GET, POST, or PUT
    content_type = 'application/x-www-form-urlencoded'
    if method == "POST" or method == "PUT":
        content_type = 'text/x-json; charset=UTF-8'

    try:
        resp, content = http.request(uri=url,
            method=method,
            body=json.dumps(body),
            headers={'Content-Type': content_type})
        if resp.status == 200 or resp.status == 201:
            result = json.loads(content.decode('utf-8'))
            return result
    except httplib2.ServerNotFoundError as err:
        print("Unable to connect to Grouper Web Service")
        print(err)
        return None
    # http request failed, print the response status and content
    print("http response status "+str(resp.status))
    print("http response content "+content)
    return None

def grouperWSParameters(http):
    # set the Grouper Web Service username and password
    grouper_username = 'abc1234'
    grouper_password = 'xxxxxxxxxxxxxxxxxxxx'
    http.add_credentials(name=grouper_username, password=grouper_password)

    # the Grouper Web Service URI should point to dev or prod Grouper
    devGrouperURI  = 'https://grouper-dev.cc.columbia.edu/grouper-ws/servicesRest/v2_4_000'
    prodGrouperURI = 'https://grouper.cc.columbia.edu/grouper-ws/servicesRest/v2_4_000'
    return devGrouperURI

if __name__ == '__main__':
    main()