#!/bin/sh -efu

. gb-sh-functions

fail_if_task_abort_requested

[ -f "task/pocket" ] &&
	exit 0

rc=0

check_acl()
{
	local i="$1" src="$2"; shift 2
	local u out st= a

	list_notifiable_pkg_acl_members "$src" >> report/acl-addressees

	# check author permissions
	u="$(cat gears/$i/userid)"
	GIRAR_USER="$u" gb-x-girar check-perms "$src" "$GB_REPO_NAME" || st=$?
	[ -n "$st" ] || return 0

	# check confirmer permissions
	for a in $(cd acl/$i 2>/dev/null && shopt -s nullglob && set +f && echo [a-z]*); do
		st=
		GIRAR_USER="$a" gb-x-girar check-perms "$src" "$GB_REPO_NAME" || st=$?
		[ -n "$st" ] ||
		{
			echo >&2 "$src: Update approved by $a"
			return 0
		}
	done

	# author is not permitted and nobody approved
	rc=1
	echo >&2 "$src: Operation not permitted"
}

. gb-sh-tmpdir

> $tmpdir/check_acl

# Deal with added packages.
# input: src-N src-EVR src-F src-P src-I
while read -r N EVR F P I; do
	printf '%s\t%s\n' "$I" "$N" >> $tmpdir/check_acl
done < plan/add-src

# Deal with removed/replaced packages.
# input: src1-N src2-F src2-I
while read -r N F I; do
	echo >&2 "$N is replaced with $F from subtask #$I"
	printf '%s\t%s\n' "$I" "$N" >> $tmpdir/check_acl
done < plan/oldsrc2newsrpm

# Deal with explicitly removed packages.
for i in $(package_nums); do
	[ -s gears/$i/copy_repo ] ||
		printf '%s\t%s\n' "$i" "$(cat "gears/$i/package")" >> $tmpdir/check_acl
done

sort -nu < $tmpdir/check_acl > plan/check_acl
while read -r i N; do
	check_acl "$i" "$N"
done < plan/check_acl

sort -u -o report/acl-addressees{,}

if [ "$rc" = 0 ]; then
	rm plan/check_acl
	stamp_echo >&2 'acl check OK'
else
	stamp_echo >&2 'acl check FAILED'
	id=$(cat task/id)
	gb-x-girar task-change-state "$id" EPERM
fi

exit $rc
