#!/usr/bin/ksh93
#  ALTRAN_PROLOG_BEGIN_TAG                                                    
#  This is an automatically generated prolog.                                  
#                                                                              
#  Copyright (C) Altran ACT S.A.S. 2019,2021.  All rights reserved.  
#                                                                              
#  ALTRAN_PROLOG_END_TAG                                                      
#                                                                              
# @(#)  7d4c34b 43haes/usr/sbin/cluster/utilities/clodmchange.sh, 726, 2147A_aha726, Feb 05 2021 09:50 PM
function usage {
	cl_dspmsg -s 2 command.cat 1413 "Usage: %1$s -o odm_class_name [-q criteria] -f input_file_name.\nThe utility reads from standard input if input_file_name is not specified.\n" $PROGNAME
}

#This utility is for internal use only, to be used by developers in 
#their code for working on PowerHA ODMs, specially in the SMIT code
#so that permissions issues are not faced for ODMs while using AIX
#ODM utilities like odmchange, odmdelete and odmadd.
 
#This is the responsibility of the developer who is using this utility
#to make sure that, this is used only for PowerHA ODMs.

PATH="$(/usr/es/sbin/cluster/utilities/cl_get_path all)"
export PATH=$PATH
PROGNAME=${0##*/}

while getopts 'o:q:f:h' option ; do
    case $option in
        o ) odm_class=$OPTARG ;; 
        q ) criteria=$OPTARG ;;
        f ) inputFile=$OPTARG  ;;
        h ) usage
            exit 0  ;;
        * ) usage 
            exit 1  ;;
    esac
done

# Check if RBAC is enabled
typeset is_rbac_enabled=""
is_rbac_enabled=$(clodmget -nq "group=LDAPClient and name=RBACConfig" -f value HACMPLDAP 2>/dev/null)

#Get the username of the user executing clodmchange command
[[ -z "$LOGIN" ]] && user_name=$(id -nu 2>/dev/null) || user_name="$LOGIN"
#In case user is not "root", then check for it's role
if [[ $user_name != "root" && $is_rbac_enabled == "YES" ]];then
	role=$(lsuser -c -a roles $user_name|grep -v name|cut -d ':' -f2)
        echo $role | grep -qw "ha_admin"
        if [[ $? != 0 ]];then
		cl_dspmsg -s 2 command.cat 1411 "\nERROR: This action can not be performed by the user with the role %1$s.\n" "$role"  1>&2
                exit 1
	fi
fi
if [[ -z $odm_class ]]
then
	usage
	exit 1
fi
if [[ $user_name != "root" ]];then
        if [[ "$odm_class" !=  HACMP* ]];then
            #This message is for internal use only, hence no translation required.
            #This is the responsibility of the developer who is using this utility
            #to make sure that, this is used only for PowerHA ODMs.
 
            echo "This utility can be used only for PowerHA ODMs, by non-root users"    
            exit 1
	fi
fi
data=""
typeset -i rc=0 
if [[ -z $inputFile ]];
then
	inputFile="/tmp/odmchange_data.txt"
	while read line
	do
  		data="$data$line\n"
	done
	echo $data > $inputFile 
fi
if [[ -n $criteria ]];then
        odmchange -o $odm_class -q "$criteria" $inputFile > /dev/null
	rc=$?
else
	odmchange -o $odm_class $inputFile > /dev/null 
	rc=$?
fi
rm -f $inputFile
exit $rc