#!/bin/bash

set -e
set -u

die() {
  echo "ERROR: $*" >&2
  exit 1
}

request_confirmation() {
  if [[ "${FORCE_UPGRADE}" = "true" ]] ; then
    echo "Forcing as requested via environment variable FORCE_UPGRADE."
    return
  fi

  while true; do
    echo -n "Should the upgrade continue? (yes/no): "
    read -r answer
    case "${answer,,}" in
      yes)
        echo "Continue as requested."
        break
        ;;
      no)
        die "Aborted as requested."
        ;;
      * )
        echo "Please answer 'yes' or 'no'."
        ;;
    esac
    unset answer
  done
}

echo "INFO: Checking DB users which are admins (master or superuser) and have 'lawful_intercept' permissions..."

TMPFILE=$(mktemp -t ngcp-admins-lawful_intercept-XXXXXXXXXX)

mysql --defaults-extra-file="/etc/mysql/sipwise_extra.cnf" \
      --table -e 'select id,login,is_master,is_superuser,lawful_intercept from billing.admins where lawful_intercept=1 and (is_master=1 or is_superuser=1);' &>"${TMPFILE}"

if [[ -s "${TMPFILE}" ]]; then
  echo "WARNING: The following admin users (master|superuser) were detected as"
  echo "         having lawful_intercept permissions:"
  sed 's/^/         /' "${TMPFILE}"
  echo
  echo "         Please note that these users will not be able to log in the panel"
  echo "         due to regulatory restrictions, so please consider removing the"
  echo "         permission for lawful_intercept, or otherwise keep it but"
  echo "         remove them as admins, or inform the customer about the problem."
  echo
  echo "         This capability can be removed with the following command:"
  echo
  echo "           mysql -e 'update billing.admins set lawful_intercept=0 where login=\"USERNAME\"'"
  echo
  request_confirmation
  echo
else
  echo "INFO: No admins (master|superuser) with lawful_intercept permissions detected, all OK"
fi

exit 0
