#!/usr/bin/perl -w

use strict;
use warnings;
#use File::Find;
use Getopt::Long;
use Pod::Usage;
use File::Basename;
use ALTLinux::ACL;

my $verbose=0;
my $help=0;
my $as_access=1;
my $as_leader=0;
my $not=0;
my $nvr_mode;
my @opt_user;

my $result = GetOptions (
    @ALTLinux::ACL::LONGOPT,
    'quiet'=> sub {$verbose=0},
    "verbose+"  => \$verbose,
    "access"  => sub {$as_access=1},
    "n|no|not"  => sub {$not=1},
    "help"  => \$help,
    "l|leader"  => sub {$as_leader=1; $as_access=0},
    "nvr"  => \$nvr_mode,
    "user=s"  => \@opt_user,
);

if ($help) {
    pod2usage();
}

push @opt_user, ALTLinux::ACL::email2aclname(`rpm --eval '%{packager}'`) unless @opt_user;
print "user=", join(',',@opt_user),"\n" if $verbose;
my @users=map { split(',', $_) } @opt_user;
my $acl = ALTLinux::ACL->new();
while (<>) {
    next if /^\s*$/;
    my @line=split(/\s+/,$_);
    my $name=basename($line[0]);
    next unless $name; # empty line ?
    $name=~s/-[^-]+-[^-]+$// if $nvr_mode;
    my @acl_list=$acl->acl($name);
    warn "$name: the package has no acl\n" unless @acl_list;
    print STDERR "name=$name acl: ",join(',',@acl_list),"\n" if $verbose;
    if ($as_access) {
	my $is_authorized=0;
	foreach my $user (@users) {
	    if ($acl->is_authorized($name,$user)) {
		$is_authorized=1;
		last;
	    }
	}
	print "$_" if $not xor $is_authorized;
    } else {
	my $is_leader=0;
	foreach my $user (@users) {
	    if ($acl->is_leader($name,$user)) {
		$is_leader=1;
		last;
	    }
	}
	print "$_" if $not xor $is_leader;
    }
}

=head1	NAME

altlinux-acl-filter-list-by-access - filter list of names according to altlinux acl.

=head1	SYNOPSIS

B<altlinux-acl-filter-list-by-access>
[B<--nvr>]
[B<-a|--access>]
[B<-l|--leader>]
[B<-n|--not>]
[B<-h|--help>]
[B<-q|--quiet>]
[B<-v|--verbose>]
[B<-u|--user> I<name]>]

=head1	DESCRIPTION

B<altlinux-acl-filter-list-by-access>
is a program that reads STDIN and files given as its arguments
and removes lines with src.rpm names according to acl.
The lines are treated as a text table separated by space class symbols.
The forst column or the column set by --column option is used as input
that is expected to be a src.rpm name.


=head1	OPTIONS

=over

=item	B<-a, --access>

print names that user has access to.

=item	B<-l, --leader>

print names where user is the leader.

=item	B<-n, --not>

Revert filter; print names that user has no access/leadership to.

=item	B<-h, --help>

Display this help and exit.

=item	B<-u, --user> I<name>

ACL user(s). Can be specified multiple times.

=item	B<--nvr>

NVR mode. In this mode, the input is not a srpm name, but
is expected to look like name-version-release.something,
like foo-1.0-alt1, foo-1.0-alt1.log, foo-1.0-alt1.noarch,
foo-1.0-alt1.noarch.patch.

=item	B<-v, --verbose>, B<-q, --quiet>

Verbosity level. Multiple -v increase the verbosity level, -q sets it to 0.

=back

=head1	AUTHOR

Written by Igor Vlasenko <viy@altlinux.org>.

=head1	COPYING

Copyright (c) 2009-2023 Igor Vlasenko, ALT Linux Team.

This is free software; you can redistribute it and/or modify it under the terms
of the GNU General Public License as published by the Free Software Foundation;
either version 2 of the License, or (at your option) any later version.

=cut
