#!/usr/bin/perl

use strict;
use warnings;
use Getopt::Long qw(:config no_ignore_case);
use Perun::Agent;
use Perun::Common qw(printMessage);

sub help {
	return qq{
	Removes user or group from SecurityTeam admins. User id or group id and SecurityTeam are required fields.
	------------------------------------
	Available options:
	--securityTeamId  | -s SecurityTeam id
	--userId          | -u user id
	--authGroupId     | -a authorized groupId
	--authGroupName   | -A authorized group Name
	--authGroupVoId   | -o authorized group VO Id
	--authGroupVoName | -O authorized group VO Name
	--batch           | -b batch
	--help            | -h prints this help
	};
}

my ($securityTeamId, $userId, $authGroupId, $authGroupName, $authGroupVoId, $authGroupVoName, $batch);
GetOptions ("help|h"     => sub {
		print help();
		exit 0;
	}, 
	"batch|b"         => \$batch,
	"securityTeamId|s=i" => \$securityTeamId,
	"userId|u=i"         => \$userId,
	"securityTeamId|s=i" => \$securityTeamId,
	"userId|u=i"         => \$userId,
	"authGroupId|a=i"  => \$authGroupId,
	"authGroupName|A=s"  => \$authGroupName,
	"authGroupVoId|o=i"  => \$authGroupVoId,
	"authGroupVoName|O=s"  => \$authGroupVoName
) || die help();

# Check options
unless (defined($securityTeamId)) {die "ERROR: securityTeamId is required\n";}

my $agent = Perun::Agent->new();
my $securityTeamsAgent = $agent->getSecurityTeamsAgent;

if (defined($userId)) {
	$securityTeamsAgent->removeAdmin( securityTeam => $securityTeamId, user => $userId );
	printMessage("User Id:$userId successfully removed as SecurityTeam $securityTeamId admin", $batch);
} else {
	unless (defined $authGroupId or defined $authGroupName) { die "ERROR: authorizedGroupId or authorizedGroupName is required \n";}
	unless (defined $authGroupId) {
		unless (defined $authGroupVoId or defined $authGroupVoName) { die "ERROR: authorizedGroupVoId or authorizedGroupVoName is required \n";}

		my $groupsAgent = $agent->getGroupsAgent;
		unless (defined $authGroupVoId) {
			my $voa = $agent->getVosAgent->getVoByShortName( shortName => $authGroupVoName );
			$authGroupVoId = $voa->getId;
		}
		my $group = $groupsAgent->getGroupByName( vo => $authGroupVoId, name => $authGroupName );
		$authGroupId = $group->getId;
	}
	$securityTeamsAgent->removeAdmin( securityTeam => $securityTeamId, group => $authGroupId );
	printMessage("Manager Group Id:$authGroupId successfully removed from SecurityTeam $securityTeamId", $batch);
}

