#!/bin/bash

# Reset access rights of a netatalk archive
#
# The archive should be in subfolders named after read/write and readonly groups
# like this: /var/local/netatalk/files_administered_by_admins/admin/users/
#
# Also, the file /etc/local/volumes should contain something like the following
# (indicating the root of all netatalk folders):
#
# NDIR="/var/local/netatalk"
#

[ -f /etc/local/volumes ] || exit 1
. /etc/local/volumes
[ "x$NDIR" = "x" ] && exit 1

if [ $# -eq 0 ]; then
	echo "Usage: $0 <base directory> <read user/group> <write user/group> [create]"
	exit 1
	fi

if [ "x$1" = "x" ]; then
	echo "$0: base directory missing"
	exit 1
	fi
VOL=$NDIR/$1

if [ "x$2" = "x" ]; then
	echo "$0: read group missing"
	exit 1
	fi
ALL=$2

if [ "x$3" = "x" ]; then
	echo "$0: write group missing"
	exit 1
	fi
GRP=$3

GRPUSER="admin"
id $GRP >/dev/null && GRPUSER=$GRP

if [ "x$4" != "x" ]; then
	if [ "x$4" == "xcreate" ]; then
		mkdir -p $VOL/$ALL/$GRP || exit
	else
		echo "Usage: $0 <base directory> <read user/group> <write user/group> [create]"
		exit 1
	fi
fi

test -d $VOL/$ALL/$GRP || exit
test -d $VOL/$ALL/$GRP/.AppleDouble || mkdir $VOL/$ALL/$GRP/.AppleDouble
test -d $VOL/$ALL/$GRP/.AppleDesktop || mkdir $VOL/$ALL/$GRP/.AppleDesktop
chown root:$ALL $VOL/$ALL
chown $GRPUSER:$ALL $VOL/$ALL/$GRP
chmod u=rwX,g=rXs,o= $VOL/$ALL
chmod u=rwX,g=rXs,o= $VOL/$ALL/$GRP
echo "People in group $GRP has read/write access through AppleShare"
test $GRP = $ALL || echo "People in group $ALL has read access through AppleShare"
echo "Others have no access"
echo -n "Checking permissions..."
chown -R :$GRP $VOL/$ALL/$GRP \
    && chmod -R u=rwX,g=rwXs,o=rX $VOL/$ALL/$GRP \
    && chmod u=rwX,g=rXs,o=rX $VOL/$ALL/$GRP
echo "."