#!/bin/bash


DIR="/var/local/log/lcmlog-data"


######################
# AUXILIARY FUNCTION #
######################


usage()
{
	echo "Usage: $0 [-i|-l|-u]"
	echo "Use -h option to show the help message."
}


######


method_help()
{
	echo "lcmlog-auth-utils: utility for manage the authorization system of lcmlog-server."
	echo
	echo "Usage: $0 [option]"
	echo
	echo "Options:"
	echo "  -i  Initialization of the folder structure in default directory ($DIR)"
	echo "  -l  See who is authorized in $DIR/auth"
	echo "  -u  Update folders ACL (data and logs)"
	echo
	echo "  -h  Show this help"
}


######


method_init()
{
	if ! [ -d $DIR ]; then
		echo "Folder $DIR not present: you should create it first!"
		exit 0
	else
		# auth folder
		if [ -d $DIR/auth ]; then
			echo "Folder $DIR/auth already present. Exit."
		else
			echo "Setting up auth folder..."
			mkdir $DIR/auth
			touch $DIR/auth/150
			touch $DIR/auth/Admin
			touch $DIR/auth/Valhalla # ex 150
			touch $DIR/auth/Nirvana  # ex admin
			cp /usr/local/src/lcm-unimi/lcmlog-server/auth.toml $DIR/auth/auth.toml
			echo "Completed."
		fi

		# data folder
		if [ -d $DIR/data ]; then
			echo "Folder $DIR/data already present. Exit."
		else
			echo "Setting up data folder..."
			mkdir $DIR/data
			touch $DIR/data/.data
			echo "Completed."
		fi

		# logs folder
		if [ -d $DIR/logs ]; then
			echo "Folder $DIR/logs already present. Exit."
		else
			echo "Setting up logs folder..."
			mkdir $DIR/logs
			touch $DIR/logs/logfile
			echo "Completed."
		fi

		echo
		echo "Now you should add entries in $DIR/auth files and then update folder permissions using -u flag."

	fi
}


######


method_authlookup()
{
	if [ -d $DIR/auth ]; then
		
		echo
		echo -e "\033[1;36mAUTHORIZATIONS in $DIR/auth:\033[00m"
		echo
		
		# look 150
		echo -e "\033[01m150 auth: GET 150, GET Admin, POST 150\033[00m"
		for uid in $(awk '{print $1}' $DIR/auth/150); do
			getent passwd $uid
		done
		echo

		# look admin
		echo -e "\033[01mAdmin auth: GET 150, GET Admin, POST 150, POST Admin, UPDATE\033[00m"
		for uid in $(awk '{print $1}' $DIR/auth/Admin); do
			getent passwd $uid
		done
		echo

		# look ex 150
		echo -e "\033[01mValhalla auth: GET 150, GET Admin\033[00m"
		for uid in $(awk '{print $1}' $DIR/auth/Valhalla); do
			getent passwd $uid
		done
		echo

		# look ex admin
		echo -e "\033[01mNirvana auth: GET 150, GET Admin, POST Admin\033[00m"
		for uid in $(awk '{print $1}' $DIR/auth/Nirvana); do
			getent passwd $uid
		done
		echo
		echo
		
		# look dir permissions
		echo -e "\033[1;36mACL PERMISSIONS:\033[00m"
		echo
		getfacl $DIR/data
		getfacl $DIR/data/.data
		getfacl $DIR/logs

	else
		echo "auth folder not present. Use the -i option to create it."
	fi
}


######


method_updateACL()
{
	if [ -d $DIR/auth ] && [ -d $DIR/data ] && [ -d $DIR/logs ]; then

		method_authlookup

		echo "Do you want to set new permissions? [y|n]"		
		read ANSWER
        while [ -z $ANSWER ]; do
                echo "Yes (y) or no (n)? "
                read ANSWER
        done
        while [ $ANSWER != "y" ] && [ $ANSWER != "n" ]; do
                echo "Yes (y) or no (n)? "
                read ANSWER
                while [ -z $ANSWER ]; do
                        echo  "Yes (y) or no (n)? "
                        read ANSWER
                done
        done
        if [ $ANSWER == "n" ]; then exit 0; fi
        echo

		# remove old permissions
		echo "Removing old permissions..."
		setfacl -b $DIR/data
		setfacl -b $DIR/data/.data
		setfacl -b $DIR/logs

		# add new permissions
		echo "Setting up new permissions..."

		# set 150
		for uid in $(awk '{print $1}' $DIR/auth/150); do
			setfacl -m u:$uid:rwx $DIR/data
			setfacl -m u:$uid:rw $DIR/data/.data
			setfacl -m u:$uid:rwx $DIR/logs
		done

		# set admin
		for uid in $(awk '{print $1}' $DIR/auth/Admin); do
			setfacl -m u:$uid:rwx $DIR/data
			setfacl -m u:$uid:rw $DIR/data/.data
			setfacl -m u:$uid:rwx $DIR/logs
		done
		
		# set ex 150
		for uid in $(awk '{print $1}' $DIR/auth/Valhalla); do
			setfacl -m u:$uid:rx $DIR/data
			setfacl -m u:$uid:r $DIR/data/.data
			setfacl -m u:$uid:rwx $DIR/logs
		done
		
		# set ex admin
		for uid in $(awk '{print $1}' $DIR/auth/Nirvana); do
			setfacl -m u:$uid:rwx $DIR/data
			setfacl -m u:$uid:rw $DIR/data/.data
			setfacl -m u:$uid:rwx $DIR/logs
		done

		echo "Done."
		echo
		echo "New permissions are:"
		method_authlookup
		
	else
		echo "Error: some folders are missing. Use the -i option to create missing folders."
	fi
}


###############
# MAIN SCRIPT #
###############


## ENTRY POINT - INITIALIZATION

# Check number of arguments
if (( $# != 1 )); then
	usage
	exit 1
fi

# Check that the option is only one
# -->   -i   OK
#       -il  NO
if (( ${#1} != 2 )); then
	usage
	exit 1
fi

# Select method from the option
while getopts ":iluh" o; do
	case $o in
		i) method_init;;
		l) method_authlookup;;
		u) method_updateACL;;
		h) method_help;;
		\?) usage && exit 1;;
	esac
done

exit 0