# -*- coding: utf-8 -*-
#
# Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2021 All Rights Reserved
#
# Licensed under CLOUD LINUX LICENSE AGREEMENT
# http://cloudlinux.com/docs/LICENCE.TXT
#
import dataclasses
import json
import os
import pathlib
from pathlib import Path

from clcommon import ClPwd

from clcagefslib.io import write_via_tmp

DOCROOTS_ISOLATED_BASE = Path("/var/clwebisolate/users")


@dataclasses.dataclass
class UserConfig:
    enabled_websites: list[str] = dataclasses.field(default_factory=list)


def load_user_config(user: str) -> UserConfig:
    path = _get_user_config_path(user)
    if not path.exists():
        return UserConfig()

    try:
        return UserConfig(**json.loads(path.read_text()))
    except json.JSONDecodeError:
        return UserConfig()


def save_user_config(user: str, config: UserConfig | None) -> None:
    path = _get_user_config_path(user)
    if not config or not config.enabled_websites:
        path.unlink(missing_ok=True)
        return

    path.parent.mkdir(parents=True, exist_ok=True)
    write_via_tmp(str(path.parent), str(path), json.dumps(dataclasses.asdict(config), indent=4))

    # Set ownership and permissions so user can read their config (but not write)
    # root:user_group with 0o640 = owner (root) can read/write, group (user_group) can read only
    # User can read via group membership but cannot write because group has no write permission
    pw = ClPwd().get_pw_by_name(user)
    os.chown(path, os.getuid(), pw.pw_gid)  # root:user_group
    os.chmod(path, 0o640)  # rw-r-----


def _get_user_config_path(user: str) -> pathlib.Path:
    pw = ClPwd().get_pw_by_name(user)
    directory = DOCROOTS_ISOLATED_BASE / str(pw.pw_uid)
    return Path(directory / f"{pw.pw_uid}.json")