#!/usr/bin/ksh93
#  ALTRAN_PROLOG_BEGIN_TAG                                                    
#  This is an automatically generated prolog.                                  
#                                                                              
#  Copyright (C) Altran ACT S.A.S. 2019,2021.  All rights reserved.  
#                                                                              
#  ALTRAN_PROLOG_END_TAG                                                      
#                                                                              
# @(#)  7d4c34b 43haes/usr/sbin/cluster/utilities/clodmdelete.sh, 726, 2147A_aha726, Feb 05 2021 09:50 PM
function usage {
	cl_dspmsg -s 2 command.cat 1414 "Usage: %1$s -o odm_class_name [-q criteria]\n" $PROGNAME
}

#This utility is for internal use only, to be used by developers in
#their code for working on PowerHA ODMs, specially in the SMIT code
#so that permissions issues are not faced for ODMs while using AIX
#ODM utilities like odmchange, odmdelete and odmadd.

#This is the responsibility of the developer who is using this utility
#to make sure that, this is used only for PowerHA ODMs.

#Get the username of the user executing clodmdelete command
PATH="$(/usr/es/sbin/cluster/utilities/cl_get_path all)"
export PATH=$PATH
PROGNAME=${0##*/}

while getopts 'o:q:h' option ; do
    case $option in
        o ) odm_class=$OPTARG ;; 
        q ) criteria=$OPTARG ;;
        h ) usage
	    exit 0 ;; 
        * ) usage
	    exit 1 ;; 
    esac
done

# Check if RBAC is enabled
typeset is_rbac_enabled=""
is_rbac_enabled=$(clodmget -nq "group=LDAPClient and name=RBACConfig" -f value HACMPLDAP 2>/dev/null)

[[ -z "$LOGIN" ]] && user_name=$(id -nu 2>/dev/null) || user_name="$LOGIN"
#In case user is not "root", then check for it's role
if [[ $user_name != "root" && $is_rbac_enabled == "YES" ]];then
	role=$(lsuser -c -a roles $user_name|grep -v name|cut -d ':' -f2)
        echo $role | grep -qw "ha_admin"
        if [[ $? != 0 ]];then
		cl_dspmsg -s 2 command.cat 1411 "\nERROR: This action can not be performed by the user with the role %1$s.\n" "$role"  1>&2
                exit 1
	fi
fi
if [[ -z $odm_class ]]
then
	usage
	exit 1
fi
if [[ $user_name != "root" ]];then
        if [[ "$odm_class" !=  HACMP* ]];then
                #This message is for internal use only, hence no translation required.
                #This is the responsibility of the developer who is using this utility
                #to make sure that, this is used only for PowerHA ODMs.

                echo "This utility can be used only for PowerHA ODMs, by non-root users" 
                exit 1
        fi
fi
typeset -i rc=0
if [[ -n $criteria ]];then
        odmdelete -o $odm_class -q "$criteria" > /dev/null
	rc=$? 
else
	odmdelete -o $odm_class > /dev/null
	rc=$? 
fi
exit $rc