#!/bin/bash
# Crafty Permission Checker Script
# Checks for permission issues that could break plugin functionality

echo "Crafty Permission Check - $(date)"
echo "================================"

# Base directory
CRAFTY_DIR="/home/hutson/crafty/data/servers"

# Check if running on docker-host2
if [ "$(hostname)" != "docker-host2" ]; then
    echo "⚠️  This script should be run on docker-host2"
    echo "   Use: ssh docker-host2 '~/check-crafty-permissions.sh'"
    exit 1
fi

# Function to check permissions
check_permissions() {
    local issues_found=0

    # Check for files not owned by root group
    echo -e "\n📁 Checking file ownership..."
    wrong_group=$(find "$CRAFTY_DIR" -type f ! -group root 2>/dev/null)
    if [ ! -z "$wrong_group" ]; then
        echo "❌ Files with incorrect group (should be 'root'):"
        echo "$wrong_group" | head -10
        issues_found=$((issues_found + 1))
    else
        echo "✅ All files have correct group ownership (root)"
    fi

    # Check for directories not owned by root group
    echo -e "\n📁 Checking directory ownership..."
    wrong_dir_group=$(find "$CRAFTY_DIR" -type d ! -group root 2>/dev/null)
    if [ ! -z "$wrong_dir_group" ]; then
        echo "❌ Directories with incorrect group (should be 'root'):"
        echo "$wrong_dir_group" | head -10
        issues_found=$((issues_found + 1))
    else
        echo "✅ All directories have correct group ownership (root)"
    fi

    # Check for directories without setgid bit
    echo -e "\n🔒 Checking setgid bit on directories..."
    no_setgid=$(find "$CRAFTY_DIR" -type d ! -perm -g+s 2>/dev/null)
    if [ ! -z "$no_setgid" ]; then
        echo "⚠️  Directories without setgid bit (may cause future issues):"
        echo "$no_setgid" | head -10
        issues_found=$((issues_found + 1))
    else
        echo "✅ All directories have setgid bit set"
    fi

    # Check for files that crafty user can't read (excluding temp files)
    echo -e "\n📖 Checking read permissions..."
    unreadable=$(find "$CRAFTY_DIR" -type f ! -perm -g+r ! -name "*.tmp" 2>/dev/null)
    if [ ! -z "$unreadable" ]; then
        echo "❌ Files that crafty user can't read:"
        echo "$unreadable" | head -10
        issues_found=$((issues_found + 1))
    else
        echo "✅ All files are readable by crafty user"
    fi

    return $issues_found
}

# Function to fix permissions
fix_permissions() {
    echo -e "\n🔧 Fixing permissions..."

    # Fix ownership
    sudo chown -R hutson:root "$CRAFTY_DIR"

    # Fix directory permissions (2775 = rwxrwsr-x)
    sudo find "$CRAFTY_DIR" -type d -exec chmod 2775 {} \;

    # Fix file permissions (664 = rw-rw-r--)
    sudo find "$CRAFTY_DIR" -type f -exec chmod 664 {} \;

    echo "✅ Permissions fixed!"
}

# Main execution
echo "Checking Crafty server permissions..."
check_permissions
result=$?

if [ $result -gt 0 ]; then
    echo -e "\n⚠️  Found $result permission issue(s)!"
    echo -n "Would you like to fix them automatically? (y/n): "
    read -r response
    if [[ "$response" =~ ^[Yy]$ ]]; then
        fix_permissions
        echo -e "\n🔄 Re-checking permissions..."
        check_permissions
        if [ $? -eq 0 ]; then
            echo -e "\n✅ All permission issues resolved!"
        else
            echo -e "\n❌ Some issues remain. You may need to restart the Crafty container."
        fi
    else
        echo -e "\nTo fix manually, run:"
        echo "sudo chown -R hutson:root $CRAFTY_DIR"
        echo "sudo find $CRAFTY_DIR -type d -exec chmod 2775 {} \;"
        echo "sudo find $CRAFTY_DIR -type f -exec chmod 664 {} \;"
    fi
else
    echo -e "\n✅ No permission issues found!"
fi

echo -e "\n================================"
echo "Check complete - $(date)"