#------------------------------------------------------------
# Information bay directories
#------------------------------------------------------------

{
    use esmith::AccountsDB;
    my $adb = esmith::AccountsDB->open_ro();
    $OUT = "";
    foreach my $ibay ($adb->ibays)
    {
        my %properties = $ibay->props;
        my $key = $ibay->key;
        #------------------------------------------------------------
        # Figure out which combination of parameters to use. If
        # PublicAccess parameter is present, this is e-smith 4.0.
        # Otherwise, it's e-smith 3.0.
        #------------------------------------------------------------

        my $allow;
        my $pass;
        my $satisfy;

        if ($properties{'PublicAccess'})
        {
            if ($properties{'PublicAccess'} eq 'none')
            {
                next;
            }
            elsif ($properties{'PublicAccess'} eq 'local')
            {
                $allow   = "ip $localAccess";
                $pass    = 0;
                $satisfy = 'All';
            }
            elsif ($properties{'PublicAccess'} eq 'local-pw')
            {
                $allow   = "ip $localAccess";
                $pass    = 1;
                $satisfy = 'All';
            }
            elsif ($properties{'PublicAccess'} eq 'global')
            {
                $allow   = 'all granted';
                $pass    = 0;
                $satisfy = 'All';
            }
            elsif ($properties{'PublicAccess'} eq 'global-pw')
            {
                $allow   = 'all granted';
                $pass    = 1;
                $satisfy = 'All';
            }
            elsif ($properties{'PublicAccess'} eq 'global-pw-remote')
            {
                $allow   = "ip $localAccess";
                $pass    = 1;
                $satisfy = 'Any';
            }
        }
        elsif ($properties {'ReadAccess'} eq 'global')
        {
            if ($properties {'UsePassword'} eq 'yes')
            {
                $allow   = 'all granted';
                $pass    = 1;
                $satisfy = 'All';
            }
            else
            {
                $allow   = 'all granted';
                $pass    = 0;
                $satisfy = 'All';
            }
        }
        else
        {
            if ($properties {'UsePassword'} eq 'yes')
            {
                $allow   = "ip $localAccess";
                $pass    = 1;
                $satisfy = 'All';
            }
            else
            {
                $allow   = "ip $localAccess";
                $pass    = 0;
                $satisfy = 'All';
            }
        }

        my $allowOverride = $properties{'AllowOverride'} || "None";
        my $dynamicContent = $properties{'CgiBin'} || "disabled";
        my $followSymLinks = $properties{'FollowSymLinks'} || "disabled";
        my $indexes = $properties{'Indexes'} || "enabled";
        my $sslRequireSSL = $properties{'SSLRequireSSL'} || "disabled";
	# here we force SSL if either a password is asked or DAV is enabled 
	$sslRequireSSL = "enabled" if ($pass == 1);
	$sslRequireSSL = "enabled" if ( ($properties{'ModDav'}||'disabled') eq 'enabled');

        $OUT .= "\n";
        $OUT .= "#------------------------------------------------------------\n";
        $OUT .= "# $key ibay directories ($properties{'Name'})\n";
        $OUT .= "#------------------------------------------------------------\n";

        $OUT .= "\n";
        $OUT .= "<Directory /home/e-smith/files/ibays/$key/html>\n";
        if ($sslRequireSSL eq 'enabled')
        {
            $OUT .= "    SSLRequireSSL\n";
        }
        $OUT .= "    Options None\n";
        $OUT .= "    Options +Indexes\n" if ($indexes eq 'enabled');
        $OUT .= "    Options +FollowSymLinks\n" if ($followSymLinks eq 'enabled');
        if ($dynamicContent eq 'enabled')
        {          
            $OUT .= "    Options +Includes\n";
        }
        else
        {
            $OUT .= "    DirectoryIndex index.shtml index.htm index.html\n";
            $OUT .= "    Options +IncludesNOEXEC\n";
            $OUT .= "    <FilesMatch \"\\.(phar|php|phtml)\$\">\n";
            $OUT .= "        Require all denied\n";
            $OUT .= "    </FilesMatch>\n";
        }
        $OUT .= "    AllowOverride $allowOverride\n";
        if ($pass)
        {
            $OUT .= "    AuthName \"$properties{'Name'}\"\n";
            $OUT .= "    AuthType Basic\n";
            $OUT .= "    AuthBasicProvider external\n";
            $OUT .= "    AuthExternal pwauth\n";
            $OUT .= "    <Require$satisfy>\n";
            $OUT .= "        Require user $key\n";
            $OUT .= "        Require $allow\n";
            $OUT .= "    </Require$satisfy>\n";
        }
	else
	{
            $OUT .= "    Require $allow\n";
	}

        $OUT .= "</Directory>\n";

        $OUT .= "\n";
        $OUT .= "<Directory /home/e-smith/files/ibays/$key/cgi-bin>\n";
        if ($sslRequireSSL eq 'enabled')
        {   
            $OUT .= "    SSLRequireSSL\n";
        }
        if ($dynamicContent eq 'enabled')
        {
            $OUT .= "    Options ExecCGI\n";
        }
        $OUT .= "    AllowOverride None\n";
        if ($pass)
        {
            $OUT .= "    AuthName \"$properties{'Name'}\"\n";
            $OUT .= "    AuthType Basic\n";
            $OUT .= "    AuthBasicProvider external\n";
            $OUT .= "    AuthExternal pwauth\n";
            $OUT .= "    <Require$satisfy>\n";
            $OUT .= "        Require user $key\n";
            $OUT .= "        Require $allow\n";
            $OUT .= "    </Require$satisfy>\n";
        }
        else
        {
            $OUT .= "    Require $allow\n";
        }

        $OUT .= "</Directory>\n";

        $OUT .= "\n";
        $OUT .= "<Directory /home/e-smith/files/ibays/$key/files>\n";
        if ($sslRequireSSL eq 'enabled')
        {   
            $OUT .= "    SSLRequireSSL\n";
        }
        $OUT .= "    AllowOverride None\n";
        if ($pass)
        {
            $OUT .= "    AuthName \"$properties{'Name'}\"\n";
            $OUT .= "    AuthType Basic\n";
            $OUT .= "    AuthBasicProvider external\n";
            $OUT .= "    AuthExternal pwauth\n";
            $OUT .= "    <Require$satisfy>\n";
            $OUT .= "        Require user $key\n";
            $OUT .= "        Require $allow\n";
            $OUT .= "    </Require$satisfy>\n";
        }
        else
        {
            $OUT .= "    Require $allow\n";
        }
        $OUT .= "</Directory>\n";
    }
}
