#!/bin/sh -efu

. girar-sh-functions
. shell-quote
. shell-args

if [ "${1-}" = '--help' ]; then
	echo 'Usage: $PROG person item repo dir'
	exit 0
fi
[ "$#" -ge 4 ] || show_usage 'Not enough arguments.'
[ "$#" -le 4 ] || show_usage 'Too many arguments.'

person="$1"; shift

item="$1"; shift
[ -n "$item" ] ||
	fatal 'Empty item'

repository="$1"; shift
dir="$1"; shift

if GIRAR_USER="$person" girar-check-superuser "$repository"; then
	# no further checks for superuser
	exit 0
fi

acl_packages="$dir/list.packages.$repository"
acl_groups="$dir/list.groups.$repository"

deny()
{
	printf '%s\n' "$*"
	exit 1
}

if [ -z "${item##@*}" ]; then
	item_type='Group'
	item_acl="$acl_groups"
else
	item_type='Project'
	item_acl="$acl_packages"
fi

quote_sed_regexp_variable qitem "$item"
owners="$(sed -n "s/^$qitem[[:space:]]\+//p" "$item_acl")"
[ -n "$owners" ] ||
	deny "$item: $item_type not found in ${item_acl##*/}"

leader="${owners%% *}"
[ -n "$leader" ] ||
	deny "$item: $item_type leader not found in ${item_acl##*/}"

loop=
while [ -n "$leader" -a -z "${leader##@*}" -a "$leader" != "@nobody" ]; do
	grp="$leader"
	quote_sed_regexp_variable qitem "$grp"

	owners="$(sed -n "s/^$qitem[[:space:]]\+//p" "$acl_groups")"
	[ -n "$owners" ] ||
		deny "$grp: Group not found in ${acl_groups##*/}"

	leader="${owners%% *}"
	[ -n "$leader" ] ||
		deny "$grp: Group leader not found in ${acl_groups##*/}"

	[ -z "$loop" -o -n "${loop##* $leader *}" ] ||
		deny "$leader: Group loop detected"

	loop=" $loop $leader "
done

[ "$leader" = "$person" ] ||
	deny "$item: Permission denied, only $leader is allowed to change this acl"
