#!/usr/bin/env bash
#
# Usage: perms_user_home_default_umask <a user home directory> [<keep executables: no|yes, default: yes>]
#
# Fix permissions for user:
# - align with umask 022 (755 on folders, 644 on files)
# - keep +x flag for already executable files if enabled (default, otherwise set to no)
# - set 700 (only allow owner to go into directory)

check_required() {
  type find &> /dev/null || { echo "Requiring 'find' but it's not installed"; exit 1; }
  type chmod &> /dev/null || { echo "Requiring 'chmod' but it's not installed"; exit 1; }
}

check_required

DIR="$1"
KEEP_EXECUTABLE_FILES="$2"

if [[ -z "$DIR" ]]; then
    echo "No directory given"
    exit 1;
fi

if [[ ! -d "$DIR" ]]; then
    echo "Directory $DIR does not exist"
    exit 1;
fi

if [[ -z "$KEEP_EXECUTABLE_FILES" ]]; then
    KEEP_EXECUTABLE_FILES="yes"
fi

echo "Fixing directory permissions of '$DIR'"
find "$DIR" -type d -exec chmod 755 {} \;

if [[ $KEEP_EXECUTABLE_FILES == 'yes' ]]; then
    echo "Maintaining +x flag for files in '$DIR'"
    EXECUTABLE_FILES=$(find "$DIR" -executable -type f)
else
    echo "Executable files in '$DIR' will also be reset"
fi

echo "Fixing file permissions of '$DIR'"
find "$DIR" -type f -exec chmod 644 {} \;

if [[ $KEEP_EXECUTABLE_FILES == 'yes' ]]; then
    for i in ${EXECUTABLE_FILES}; 
    do
        echo "Restoring +x flag for ${i}"
        chmod +x "${i}"
    done
fi

echo "Making '$DIR' owner only"
chmod 700 "$DIR"


SSH_DIR="$DIR/.ssh"
if [[ -d "$SSH_DIR" ]]; then
    echo "Directory $SSH_DIR exists, setting special permissions"
    find "$SSH_DIR" -type f -exec chmod 600 {} \;
    chmod 700 "$SSH_DIR"
fi

WIREGUARD_DIR="$DIR/.wireguard"
if [[ -d "$WIREGUARD_DIR" ]]; then
    echo "Directory $WIREGUARD_DIR exists, setting special permissions"
    find "$WIREGUARD_DIR" -type f -exec chmod 600 {} \;
    chmod 700 "$WIREGUARD_DIR"
fi

echo "Finished"
echo ""
echo "You might want to adapt owner with chown -R user:user $DIR"