#!/usr/bin/python3
#
# This file is part of FreedomBox.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#
"""
Helper for security configuration
"""

import argparse

from plinth.modules.security import (ACCESS_CONF_FILE, ACCESS_CONF_SNIPPET,
                                     ACCESS_CONF_SNIPPETS)


def parse_arguments():
    """Return parsed command line arguments as dictionary"""
    parser = argparse.ArgumentParser()
    subparsers = parser.add_subparsers(dest='subcommand', help='Sub command')

    subparsers.add_parser(
        'enable-restricted-access',
        help='Restrict console login to users in admin or sudo group')
    subparsers.add_parser(
        'disable-restricted-access',
        help='Don\'t restrict console login to users in admin or sudo group')

    subparsers.required = True
    return parser.parse_args()


def subcommand_enable_restricted_access(_):
    """Restrict console login to users in admin or sudo group."""
    with open(ACCESS_CONF_FILE, 'r') as conffile:
        lines = conffile.readlines()

    is_upgrading = False

    with open(ACCESS_CONF_FILE, 'w') as conffile:
        for line in lines:
            if line.strip() in ACCESS_CONF_SNIPPETS:
                conffile.write(ACCESS_CONF_SNIPPET + '\n')
                is_upgrading = True
            else:
                conffile.write(line)

    if not is_upgrading:
        with open(ACCESS_CONF_FILE, 'a') as conffile:
            conffile.write(ACCESS_CONF_SNIPPET + '\n')


def subcommand_disable_restricted_access(_):
    """Don't restrict console login to users in admin or sudo group."""
    with open(ACCESS_CONF_FILE, 'r') as conffile:
        lines = conffile.readlines()

    with open(ACCESS_CONF_FILE, 'w') as conffile:
        for line in lines:
            if line.strip() not in ACCESS_CONF_SNIPPETS:
                conffile.write(line)


def main():
    """Parse arguments and perform all duties"""
    arguments = parse_arguments()

    subcommand = arguments.subcommand.replace('-', '_')
    subcommand_method = globals()['subcommand_' + subcommand]
    subcommand_method(arguments)


if __name__ == '__main__':
    main()