#!/bin/bash


eval $(llxcfg-showvars LDAP_TEACHERS  LDAP_ADMIN)

_die(){

	echo "ERROR: $1" && exit 1

}

_sanity_checks(){

	[ -n "$LDAP_TEACHERS" ] || _die "The LDAP_TEACHER value not present"
	ACL_GROUP=$(echo $LDAP_TEACHERS | cut -d "=" -f2 | cut -d "," -f1 | tr '[:upper:]' '[:lower:]' )
	[ -n "$ACL_GROUP" ] || _die "The ACL group is not present"
	getent group | grep -q "^$ACL_GROUP:"|| _die "Unknown Group: $ACL_GROUP" 
	

	[ -n "$LDAP_ADMIN" ] || _die "The LDAP_ADMIN value not present"
	ACL_ADMIN=$(echo $LDAP_ADMIN | cut -d "=" -f2 | cut -d "," -f1 | tr '[:upper:]' '[:lower:]' )
	[ -n "$ACL_ADMIN" ] || _die "The ACL group is not present"
	getent group | grep -q "^$ACL_ADMIN:"|| _die "Unknown Group: $ACL_ADMIN" 
}


_set_acls(){
	userhome="$1"
	[ ! -d "$userhome" ] && return 0

   	# Reset ACL
   	setfacl -k ${userhome}

   	setfacl -d -m g:${ACL_ADMIN}:rwx ${userhome}
   	setfacl -m g:${ACL_ADMIN}:rwx ${userhome}

   	setfacl -d -m g:${ACL_GROUP}:rwx ${userhome}
   	setfacl -m g:${ACL_GROUP}:rwx ${userhome}

}

_fix_acl_net_share(){
	NETSHARE="/net/share"
	NETGROUPS="/net/groups"
	mkdir -p $NETSHARE
	touch 	$NETSHARE/token_acl
	[ -d "$NETSHARE" ] || mkdir -p "$NETSHARE"
	DCOUNT="$(ls "$NETSHARE" | wc -w)"
	setfacl -k -b -R $NETSHARE || true
	if [ "$DCOUNT" != "0" ]; then
		RECURSIVE="-R"
		setfacl $RECURSIVE -m g:teachers:rwx $NETSHARE || true
		setfacl $RECURSIVE -m g:admin:rwx $NETSHARE || true
		setfacl $RECURSIVE -m g:students:rx $NETSHARE || true
		setfacl $RECURSIVE -m g:www-data:rx $NETSHARE || true
	fi
	setfacl $RECURSIVE -d -m g:www-data:rx $NETSHARE || true
	setfacl $RECURSIVE -d -m g:teachers:rwx $NETSHARE || true
	setfacl $RECURSIVE -d -m g:admin:rwx $NETSHARE || true
	setfacl $RECURSIVE -d -m g:students:rx $NETSHARE || true
	setfacl $RECURSIVE -d -m u::rwx $NETSHARE || true
	setfacl $RECURSIVE -d -m g::--- $NETSHARE || true
	setfacl $RECURSIVE -d -m o::--- $NETSHARE || true
	setfacl $RECURSIVE -d -m m::rwx $NETSHARE || true

	#chmod 755 $NETGROUPS
	
}

function _del_acls()
{
	userhome="$1"
	[ ! -d "$userhome" ] && return 0

        # Reset ACL
        setfacl -k ${userhome}
}

function usage()
{
	echo "Usage:"
	echo "llxcfg-acl PATH [delete|del]"
	echo "llxcfg-acl fix-shared"
}
	



#MAIN
[ $(id -u) -eq 0 ] || _die "You must be root"
[ $# -gt 0 ] || usage
[ $# -le 2 ] || usage

if [ $1 = "fix-shared" ]; then
	_fix_acl_net_share || true
	exit 0	
fi

if [ $# -eq 2 ]; then
	if [ "$2" = "del" ] || [ "$2" = "delete" ]; then
		_del_acls "$1"
	else
		usage
	fi
fi
_sanity_checks
_set_acls "$1"
exit 0
