#!/bin/sh

# shellcheck source=../lib/load-configuration
. "${0%/*}/../lib/load-configuration"

# add the gpg key given by fingerprint as parameter

if [ $# -le 2 ]; then
  >&2 echo 'usage: owner fingerprint capability capability ...'
  exit 1
fi

owner="$1"
shift

owner_id=$(
  # shellcheck disable=SC2016
  {
    printf 'SELECT `persons`.`id`'
    printf ' FROM `persons`'
    printf ' WHERE `persons`.`name`=from_base64("%s");\n' \
      "$(
        printf '%s' "${owner}" \
        | base64 -w0
      )"
  } \
  | mysql_run_query
)

if [ -z "${owner_id}" ]; then
  >&2 printf 'Cannot find person "%s".\n' "${owner}"
  exit 1
fi

key_id="$1"
key=$(
  gpg -a --export "${key_id}"
)

if [ -z "${key}" ]; then
  >&2 printf 'Cannot find key %s.\n' "${key_id}"
  exit 1
fi

key_id=$(
  printf '%s\n' "${key_id}" \
  | base64 -w0
)
key=$(
  printf '%s\n' "${key}" \
  | base64 -w0
)

shift

capabilities=$(
  # shellcheck disable=SC2016
  {
    printf 'SELECT'
    printf ' `email_actions`.`id`'
    printf ' FROM `email_actions`'
    printf ' WHERE `email_actions`.`name` IN ('
    printf '%s\n' "$@" \
    | base64_encode_each \
    | sed '
      s/^.*$/from_base64("\0"),/
      $ s/,$//
    '
    printf ');\n'
  } \
  | mysql_run_query
)

if [ -z "${capabilities}" ]; then
  >&2 echo 'No known capabilities matched any given one:'
  >&2 printf '"%s"\n' "$@"
  exit 1
fi

# shellcheck disable=SC2016
{
  printf 'INSERT IGNORE INTO `gpg_keys`(`owner`,`fingerprint`,`public_key`)'
  printf ' VALUES (%s,from_base64("%s"),from_base64("%s"));\n' \
    "${owner_id}" \
    "${key_id}" \
    "${key}"
  printf 'INSERT IGNORE INTO `allowed_email_actions`(`gpg_key`,`action`)'
  printf ' VALUES '
  printf '%s\n' "${capabilities}" \
  | sed '
    s/^.*$/(LAST_INSERT_ID(),\0),/
    $ s/,$//
  '
  printf ';\n'
} \
| mysql_run_query