#!/bin/sh

OP="$1"
REQUESTOR="$2"
GROUP="$3"
MEMBER="$4"
test -z "$MEMBER" && \
  echo "Usage: checkperms operation requestor groupname member [groupfile [conffile]]" 1>&2 && exit 1

GROUPFILE="$5"
test -z "$GROUPFILE" && GROUPFILE=./test

CONFIG="$6"
test -z "$CONFIG" && CONFIG=./config.test

case "$OP" in
	create|join|part|setresp) ;;
	*) echo "Error: unknown operation: $OP" 1>&2 && exit 1
esac

grep -qx " *allow  *$OP  *by  *anyone *" "$CONFIG" && \
  echo "ACCEPT ($OP by anyone)" && exit 0

grep -qx " *allow  *$OP  *by  *$REQUESTOR *" "$CONFIG" && \
  echo "ACCEPT ($OP by $REQUESTOR)" && exit 0

test "X$REQUESTOR" = "X$MEMBER" && \
  grep -qx " *allow  *$OP  *by  *self *" "$CONFIG" && \
  echo "ACCEPT ($OP by self)" && exit 0

grep -q "^$GROUP:x:[0-9]*:$REQUESTOR\\>" "$GROUPFILE" && \
  grep -qx " *allow  *$OP  *by  *responsible *" "$CONFIG" && \
  echo "ACCEPT ($OP by responsible)" && exit 0

grep -q "^$GROUP:x:[0-9]*:.*\\<$REQUESTOR\\>" "$GROUPFILE" && \
  grep -qx " *allow  *$OP  *by  *member *" "$CONFIG" && \
  echo "ACCEPT ($OP by member)" && exit 0

echo "DENY"
exit 1