#!/bin/bash

set -e
set -u

request_confirmation() {
  if [[ "${FORCE_UPGRADE}" = "true" ]] ; then
    echo "Forcing as requested via environment variable FORCE_UPGRADE."
    return
  fi

  echo "REQUEST_CONFIRMATION"
}

echo "INFO: Checking DB users which are admins (master or superuser) and have 'lawful_intercept' permissions..."

TMPFILE=$(mktemp -t ngcp-admins-lawful_intercept-XXXXXXXXXX)

mysql --defaults-extra-file="/etc/mysql/sipwise_extra.cnf" \
      --table -e 'select id,login,is_master,is_superuser,lawful_intercept from billing.admins where lawful_intercept=1 and (is_master=1 or is_superuser=1);' &>"${TMPFILE}"

if [[ -s "${TMPFILE}" ]]; then
  echo "WARNING: The following admin users (master|superuser) were detected as"
  echo "         having lawful_intercept permissions:"
  sed 's/^/         /' "${TMPFILE}"
  echo
  echo "         Please note that these users will not be able to log in the panel"
  echo "         due to regulatory restrictions, so please consider removing the"
  echo "         permission for lawful_intercept, or otherwise keep it but"
  echo "         remove them as admins, or inform the customer about the problem."
  echo
  echo "         This capability can be removed with the following command:"
  echo
  echo "           mysql -e 'update billing.admins set lawful_intercept=0 where login=\"USERNAME\"'"
  echo
  request_confirmation
  echo
else
  echo "INFO: No admins (master|superuser) with lawful_intercept permissions detected, all OK"
fi

exit 0
