#!/usr/bin/env ruby

require 'active_samba_ldap'
require 'active_samba_ldap/command'

include ActiveSambaLdap::GetTextSupport

argv, opts, options = ActiveSambaLdap::Command.parse_options do |opts, options|
  options.members_to_add = nil
  options.members_to_delete = nil

  opts.banner += " GROUP_NAME"

  opts.on("-a", "--add-members=MEMBER1,MEMBER2,MEBMER3", Array,
          _("add members (comma delimited)")) {|options.members_to_add|}
  opts.on("-d", "--delete-members=MEMBER1,MEMBER2,MEBMER3", Array,
          _("delete members (comma delimited)")) {|options.members_to_delete|}
end

name = nil
if argv.size == 1
  name = argv.first
else
  $stderr.puts opts
  exit 1
end

unless Process.uid.zero?
  $stderr.puts(_("need root authority."))
  exit 1
end

ActiveSambaLdap::Base.establish_connection("update")

class Group < ActiveSambaLdap::Group
  ldap_mapping :recommended_classes => []
end

class User < ActiveSambaLdap::User
  ldap_mapping :recommended_classes => []
end

class Computer < ActiveSambaLdap::Computer
  ldap_mapping :recommended_classes => []
end

unless Group.exists?(name)
  $stderr.puts(_("group doesn't exist: %s") % name)
  exit 1
end
group = Group.find(name)

if options.members_to_add and options.members_to_delete
  duplicated_members = options.members_to_add & options.members_to_delete
  unless duplicated_members.empty?
    format = _("there are duplicated members in adding and deleting members: %s")
    $stderr.puts(format % duplicated_members.join(", "))
    exit 1
  end
end

if options.members_to_add
  users = []
  computers = []
  options.members_to_add.each do |member|
    if /\$$/ =~ member
      computers << Computer.find(member)
    else
      users << User.find(member)
    end
  end
  group.users.concat(users)
  group.computers.concat(computers)
end

if options.members_to_delete
  users = []
  computers = []
  options.members_to_delete.each do |member|
    if /\$$/ =~ member
      computers << Computer.find(member)
    else
      users << User.find(member)
    end
  end
  group.users -= users
  group.computers -= computers
end

unless group.save
  group.errors.each_full do |message|
    $stderr.puts(message)
  end
  exit 1
end

ActiveSambaLdap::Base.restart_nscd

ActiveSambaLdap::Base.clear_active_connections!