#!/bin/bash
set -e

# Help Function
show_help() {
    echo "Usage: $(basename "$0") <username> [OPTIONS]"
    echo ""
    echo "Manage user permissions for the 'Film' media library."
    echo ""
    echo "Options:"
    echo "  (No flag) : Read-Only access (Default)"
    echo "  --add     : Add-Only (Can upload, but not delete/rename)"
    echo "  --admin   : Full Control (Can upload and delete everything)"
    echo "  -h, --help: Show this help message"
    echo ""
    echo "Example:"
    echo "  sudo $(basename "$0") spartan-117 --admin"
    exit 0
}

# 1. Parse for Help Flags
if [[ "$1" == "-h" ]] || [[ "$1" == "--help" ]]; then
    show_help
fi

# 2. Basic Usage Check
if [ "$#" -lt 1 ]; then
    show_help
fi

TARGET_USER="$1"
POLICY="$2"
FILM_PATH="/home/film"
GROUP_ADD="film"
GROUP_ADMIN="film-admin"

# 3. Verify User exists
if ! id "$TARGET_USER" &>/dev/null; then
    echo "❌ ERROR: User '$TARGET_USER' does not exist."
    exit 1
fi

# 4. Set Groups based on policy
if [ "$POLICY" = "--admin" ]; then
    echo "  -> Giving '$TARGET_USER' FULL-ADMIN access..."
    usermod -a -G "$GROUP_ADMIN" "$TARGET_USER"
    usermod -a -G "$GROUP_ADD" "$TARGET_USER"
elif [ "$POLICY" = "--add" ]; then
    echo "  -> Giving '$TARGET_USER' ADD-ONLY access..."
    usermod -a -G "$GROUP_ADD" "$TARGET_USER"
else
    echo "  -> Giving '$TARGET_USER' READ-ONLY access..."
fi

# 5. Create the symlink in the user's home
USER_HOME=$(getent passwd "$TARGET_USER" | cut -d: -f6)
if [ -d "$USER_HOME" ]; then
    LINK_PATH="$USER_HOME/Film"
    if [ ! -L "$LINK_PATH" ] && [ ! -e "$LINK_PATH" ]; then
        echo "  -> Linking $FILM_PATH to $LINK_PATH"
        ln -s "$FILM_PATH" "$LINK_PATH"
        chown -h "$TARGET_USER":"$TARGET_USER" "$LINK_PATH"
    fi
else
    echo "  ⚠️ WARNING: Home directory '$USER_HOME' not found. Skipping symlink."
fi

echo "✅ User '$TARGET_USER' access policy updated."
exit 0
