#!/usr/bin/python3
#
# This file is part of FreedomBox.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#
"""
Helper for security configuration
"""

import argparse

ACCESS_CONF_FILE = '/etc/security/access.conf'
ACCESS_CONF_SNIPPET = '-:ALL EXCEPT root fbx (admin) (sudo):ALL'


def parse_arguments():
    """Return parsed command line arguments as dictionary"""
    parser = argparse.ArgumentParser()
    subparsers = parser.add_subparsers(dest='subcommand', help='Sub command')

    subparsers.add_parser(
        'enable-restricted-access',
        help='Restrict console login to users in admin or sudo group')
    subparsers.add_parser(
        'disable-restricted-access',
        help='Don\'t restrict console login to users in admin or sudo group')

    subparsers.required = True
    return parser.parse_args()


def subcommand_enable_restricted_access(_):
    """Restrict console login to users in admin or sudo group."""
    with open(ACCESS_CONF_FILE, 'r') as conffile:
        lines = conffile.readlines()

    for line in lines:
        if ACCESS_CONF_SNIPPET == line.strip():
            return

    with open(ACCESS_CONF_FILE, 'a') as conffile:
        conffile.write(ACCESS_CONF_SNIPPET + '\n')


def subcommand_disable_restricted_access(_):
    """Don't restrict console login to users in admin or sudo group."""
    with open(ACCESS_CONF_FILE, 'r') as conffile:
        lines = conffile.readlines()

    with open(ACCESS_CONF_FILE, 'w') as conffile:
        for line in lines:
            if ACCESS_CONF_SNIPPET != line.strip():
                conffile.write(line)


def main():
    """Parse arguments and perform all duties"""
    arguments = parse_arguments()

    subcommand = arguments.subcommand.replace('-', '_')
    subcommand_method = globals()['subcommand_' + subcommand]
    subcommand_method(arguments)


if __name__ == '__main__':
    main()
