internal-functions

#!/usr/bin/env bash
source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions"
set -eo pipefail
[[ $DOKKU_TRACE ]] && set -x

cmd-acl-report-all() {
  declare desc="displays a acl report for one or more apps"
  local cmd="acl:report"
  local APP="$1" INFO_FLAG="$2"
  local INSTALLED_APPS

  if [[ -n "$APP" ]] && [[ "$APP" == --* ]]; then
    INFO_FLAG="$APP"
    APP=""
  fi

  if [[ -z "$APP" ]] && [[ -z "$INFO_FLAG" ]]; then
    INFO_FLAG="true"
  fi

  if [[ -z "$APP" ]]; then
    INSTALLED_APPS=$(dokku_apps)
    for app in $INSTALLED_APPS; do
      cmd-acl-report-single "$app" "$INFO_FLAG" | tee || true
    done
  else
    cmd-acl-report-single "$APP" "$INFO_FLAG"
  fi
}

cmd-acl-report-single() {
  declare APP="$1" INFO_FLAG="$2"
  if [[ "$INFO_FLAG" == "true" ]]; then
    INFO_FLAG=""
  fi
  verify_app_name "$APP"
  local flag_map=(
    "--acl-allowed-users: $(ls -1 "$DOKKU_ROOT/$APP/acl" >&2 2>/dev/null || true)"
    "--acl-global-allow-command-line: $DOKKU_ACL_ALLOW_COMMAND_LINE"
    "--acl-global-super-user: $DOKKU_SUPER_USER"
    "--acl-global-user-commands: $DOKKU_ACL_USER_COMMANDS"
    "--acl-global-per-app-commands: $DOKKU_ACL_PER_APP_COMMANDS"
  )

  if [[ -z "$INFO_FLAG" ]]; then
    dokku_log_info2_quiet "${APP} acl information"
    for flag in "${flag_map[@]}"; do
      key="$(echo "${flag#--}" | cut -f1 -d' ' | tr - ' ')"
      dokku_log_verbose "$(printf "%-30s %-25s" "${key^}" "${flag#*: }")"
    done
  else
    local match=false
    local value_exists=false
    for flag in "${flag_map[@]}"; do
      valid_flags="${valid_flags} $(echo "$flag" | cut -d':' -f1)"
      if [[ "$flag" == "${INFO_FLAG}:"* ]]; then
        value=${flag#*: }
        size="${#value}"
        if [[ "$size" -ne 0 ]]; then
          echo "$value" && match=true && value_exists=true
        else
          match=true
        fi
      fi
    done
    [[ "$match" == "true" ]] || dokku_log_fail "Invalid flag passed, valid flags:${valid_flags}"
    [[ "$value_exists" == "true" ]] || dokku_log_fail "not deployed"
  fi
}

fn-acl-check-app() {
  declare APP="$1"

  verify_app_name "$APP"

  if [[ -n "${NAME:-}" ]]; then
    dokku_log_fail "You can only modify ACL using local dokku command on target host"
  fi
}

fn-acl-check-service() {
  declare SERVICE_TYPE="$1" SERVICE="$2"

  local SERVICE_PATH="$DOKKU_LIB_ROOT/services/$SERVICE_TYPE/$SERVICE"
  if ! [[ -d $SERVICE_PATH ]]; then
    dokku_log_fail "Service $SERVICE of type $SERVICE_TYPE does not exist"
  fi

  if [[ -n "${NAME:-}" ]]; then
    dokku_log_fail "You can only modify ACL using local dokku command on target host"
  fi
}

fn-check-app-acl() {
  declare desc="Checks if the current user has an ACL entry for the app"
  declare APP="$1" SSH_NAME="$2"
  local ACL_FILE="$DOKKU_ROOT/$APP/acl/$SSH_NAME"

  if ! (verify_app_name "$APP" 2>/dev/null); then
    dokku_log_fail "User $SSH_NAME does not have permissions to run $CMD on $APP, or $APP does not exist"
  fi

  [[ -f "$ACL_FILE" ]] && return 0

  dokku_log_fail "User $SSH_NAME does not have permissions to run $CMD on $APP, or $APP does not exist"
}

fn-check-service-acl() {
  declare desc="Checks if the current user has an ACL entry for the service"
  declare CMD="$1" SERVICE="$2" SSH_NAME="$3"

  local SERVICE_TYPE="${CMD%%:*}"
  local SERVICE_PATH="$DOKKU_LIB_ROOT/services/$SERVICE_TYPE/$SERVICE"
  local ACL_FILE="$SERVICE_PATH/acl/$SSH_NAME"

  if ! [[ -d $SERVICE_PATH ]]; then
    dokku_log_fail "User $SSH_NAME does not have permissions to run $CMD on $SERVICE, or $SERVICE does not exist"
  fi

  [[ -f "$ACL_FILE" ]] && return 0

  dokku_log_fail "User $SSH_NAME does not have permissions to run $CMD on $SERVICE, or $SERVICE does not exist"
}

fn-acl-is-super-user() {
  declare desc="check if the specified user is a super user"
  declare USERNAME="$1"

  if [[ "$USERNAME" == "$DOKKU_SUPER_USER" ]]; then
    return
  fi

  return 1
}