#!/bin/sh

po_domain="alterator-roles"
alterator_api_version=1

. alterator-sh-functions

get_roles(){
	strings=$(rolelst)

	while IFS= read -r str
	do
		str=${str%:*}
		#remove spaces at the beginning and end of a line
		str="$(echo -e "${str}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
		write_enum_item "$str" "$str"
	done <<< $strings
}

get_system_roles(){
	system_roles=()
	for file in /etc/role.d/*.role
	do
		file_name=${file##*/}
		file_name=${file_name%.*}

		while IFS= read -r line
		do
			#read lines for a specific role
			if [[ "$line" =~ ^[[:blank:]]*"$file_name"[[:blank:]]*: ]];then
				system_roles+=("$file_name")
				break
			fi
		done <<< $(cat "$file")
	done

	strings=$(rolelst)

	while IFS= read -r str
	do
		str=${str%:*}
		#remove spaces at the beginning and end of a line
		str="$(echo -e "${str}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"

		for index in ${!system_roles[@]}
		do
			if [ "$str" == "${system_roles[index]}" ];then
				write_enum_item "$str" "$str"
				break
			fi
		done
	done <<< $strings
}

get_privs_for_system_role_from_its_file(){
	privileges=()
	while IFS= read -r line
	do
		#read lines for a specific role
		if [[ "$line" =~ ^[[:blank:]]*"$in_role"[[:blank:]]*: ]];then
			IFS=',' read -r -a array <<< ${line#*:}
			for index in ${!array[@]}
			do
				privileges+=("${array[$index]}")
			done
		fi
	done <<< $(cat /etc/role.d/"$in_role".role)

	for index in ${!privileges[@]}
	do
		#remove spaces at the beginning and end of a line
		priv="$(echo -e "${privileges[$index]}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
		write_enum_item "$priv" "$priv"
	done
}

get_privs_for_system_role_from_other(){
	privileges=()
	while IFS= read -r line
	do
		#read lines for a specific role
		if [[ "$line" =~ ^[[:blank:]]*"$in_role"[[:blank:]]*: ]];then
			IFS=',' read -r -a array <<< ${line#*:}
			for index in ${!array[@]}
			do
				privileges+=("${array[$index]}")
			done
		fi
	done <<< $(cat /etc/role)

	for index in ${!privileges[@]}
	do
		#remove spaces at the beginning and end of a line
		priv="$(echo -e "${privileges[$index]}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
		write_enum_item "$priv" "$priv"
	done

	privileges=()
	role_file="$in_role.role"

	for file in /etc/role.d/*.role
	do
		if [ "${file##*/}" = "$role_file" ];then
			continue
		fi
		while IFS= read -r line
		do
			#read lines for a specific role
			if [[ "$line" =~ ^[[:blank:]]*"$in_role"[[:blank:]]*: ]];then
				IFS=',' read -r -a array <<< ${line#*:}
				for index in ${!array[@]}
				do
					privileges+=("${array[$index]} (${file##*/})")
				done
			fi
		done <<< $(cat "$file")
	done

	for index in ${!privileges[@]}
	do
		#remove spaces at the beginning and end of a line
		priv="$(echo -e "${privileges[$index]}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
		write_enum_item "$priv" "$priv"
	done
}

get_privs_role(){
    privileges=()
	while IFS= read -r line
	do
		#read lines for a specific role
		if [[ "$line" =~ ^[[:blank:]]*"$in_role"[[:blank:]]*: ]];then
			IFS=',' read -r -a array <<< ${line#*:}
			for index in ${!array[@]}
			do
				privileges+=("${array[$index]}")
			done
		fi
	done <<< $(cat /etc/role)

	for index in ${!privileges[@]}
	do
		#remove spaces at the beginning and end of a line
		priv="$(echo -e "${privileges[$index]}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
		write_enum_item "$priv" "$priv"
	done
}

get_privs_role_d(){
	privileges=()

	for file in /etc/role.d/*.role
	do
		while IFS= read -r line
		do
			#read lines for a specific role
			if [[ "$line" =~ ^[[:blank:]]*"$in_role"[[:blank:]]*: ]];then
				IFS=',' read -r -a array <<< ${line#*:}
				for index in ${!array[@]}
				do
					privileges+=("${array[$index]} (${file##*/})")
				done
			fi
		done <<< $(cat "$file")
	done

	for index in ${!privileges[@]}
	do
		#remove spaces at the beginning and end of a line
		priv="$(echo -e "${privileges[$index]}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
		write_enum_item "$priv" "$priv"
	done
}

add_role(){
	line=`roleadd "$in_role" "$in_privilege" 2>&1`

	if [[ "$line" =~ .*"Error".* ]];then
		write_error "$line"
	fi
}

del_role(){
	line=`roledel "$in_role" "$in_privilege" 2>&1`

	if [[ "$line" =~ .*"Error".* ]];then
		write_error "$line"
	fi
}

del_role_d(){
	line=`roledel -f "$in_file" "$in_role" "$in_privilege" 2>&1`

	if [[ "$line" =~ .*"Error".* ]];then
		write_error "$line"
	fi
}

add_role_d(){
	line=`roleadd -f "$in_file" "$in_role" "$in_privilege" 2>&1`

	if [[ "$line" =~ .*"Error".* ]];then
		write_error "$line"
	fi
}

add_system_role(){
	line=`roleadd -S "$in_role" "$in_privilege" 2>&1`

	if [[ "$line" =~ .*"Error".* ]];then
		write_error "$line"
	fi
}

del_system_role(){
	line=`roledel -S "$in_role" "$in_privilege" 2>&1`

	if [[ "$line" =~ .*"Error".* ]];then
		write_error "$line"
	fi
}

get_roles_state(){
	line=`control libnss-role 2>&1`

	if [[ "$line" =~ "enabled" ]];then
		write_bool_param enabled_role_checkbox "true"
	else
		write_bool_param enabled_role_checkbox "false"
	fi
}

set_roles_state(){
	if test_bool "$in_state";then
		control libnss-role enabled
	else
		control libnss-role disabled
	fi
}

on_message(){
	case "$in_action" in
		read)
			case "$in__objects" in
				get_roles_state)
				get_roles_state
			esac
		;;
		write)
			case "$in__objects" in
				add_role)
				add_role
				;;
				del_role)
				del_role
				;;
				add_role_d)
				add_role_d
				;;
				del_role_d)
				del_role_d
				;;
				add_system_role)
				add_system_role
				;;
				del_system_role)
				del_system_role
				;;
				set_roles_state)
				set_roles_state
			esac
		;;
		list)
			case "$in__objects" in
				get_roles)
				get_roles
				;;
				get_privs_role)
				get_privs_role
				;;
				get_privs_role_d)
				get_privs_role_d
				;;
				get_system_roles)
				get_system_roles
				;;
				get_privs_for_system_role_from_its_file)
				get_privs_for_system_role_from_its_file
				;;
				get_privs_for_system_role_from_other)
				get_privs_for_system_role_from_other
			esac
		;;
	esac
}

message_loop
