#!/bin/bash

# clean what was left from previous tests

rm -f ./.pt.db
rm -rf ./protected
mkdir protected
touch ./protected/do-not-remove ./protected/should-be-removed ./protected/truth ./protected/perm000 ./protected/perm777 ./protected/should-be-renamed ./protected/do-not-rename
chmod 777 ./protected/perm777 ./protected/perm000
echo "Free code, free world." >./protected/motto

# set up the fake-zenity

PATH="$(realpath ./mock/):$PATH"

# mount the filesystem

echo "Run $(date -u +%Y-%m-%dT%H:%M:%S) "
if [[ $1 == "--setuid" ]]; then
  echo "Setting the setuid bit..."
  echo "root privilieges are required to create a special user and set correct ownership of the executable."
  id -u icfs &>/dev/null || sudo useradd --system --user-group icfs
  sudo chown icfs: ../build/icfs && sudo chmod 4777 ../build/icfs
  chmod g+w . # needed for icfs to be able to create the database
  echo "Valgrind will not be used due to setuid compatibility issues."
  ../build/icfs -o default_permissions ./protected &
  sleep 1
else
  echo "Database protection will not be tested due to the lack of setuid capabilites."
  echo "To test it, run this script with '--setuid'."
  valgrind -s ../build/icfs -o default_permissions ./protected &
  sleep 5
fi

#valgrind -s ../build/icfs -o default_permissions ./protected &

# WARN: please don't use `>` or `>>` operators. They force **this script** to open the file, **not the program you are trying to run**. This is probably not what you mean when you want to test a specific program's access.
# WARN: avoid using touch, since it generates errors because setting times is not implemented in icfs **yet**.

# create files

zenity --set-fake-response no
truncate -s 0 ./protected/should-exist-anyway 2>/dev/null &&
  echo "[ICFS-TEST]: OK" ||
  echo "[ICFS-TEST]: truncate cannot create protected/should-exist despite access being permitted!" # OK

zenity --set-fake-response yes_tmp
truncate -s 0 ./protected/should-exist 2>/dev/null &&
  echo "[ICFS-TEST]: OK" ||
  echo "[ICFS-TEST]: truncate cannot create protected/should-exist despite access being permitted!" # OK

# write to files

zenity --set-fake-response no
sed -e 'a\'"Linux is a cancer that attaches itself in an intellectual property sense to everything it touches." "./protected/truth" 2>/dev/null &&
  echo "[ICFS-TEST]: echo can write to protected/lie despite access being denied!" ||
  echo "[ICFS-TEST]: OK" # EACCESS

zenity --set-fake-response yes_tmp
sed -e 'a\'"Sharing knowledge is the most fundamental act of friendship. Because it is a way you can give something without loosing something." "./protected/truth" 2>/dev/null &&
  echo "[ICFS-TEST]: OK" ||
  echo "[ICFS-TEST]: echo cannot write to protected/truth despite access being permitted!" # OK

# Read files

zenity --set-fake-response no
cat ./protected/motto >/dev/null 2>/dev/null &&
  echo "[ICFS-TEST]: cat can read protected/this-only despite access being denied!" ||
  echo "[ICFS-TEST]: OK" # EACCESS

zenity --set-fake-response yes_tmp
cat ./protected/motto >/dev/null 2>/dev/null &&
  echo "[ICFS-TEST]: OK" ||
  echo "[ICFS-TEST]: echo cannot create protected/this-only despite access being permitted!" # "Free code, free world."

# remove files

zenity --set-fake-response no
rm ./protected/do-not-remove >/dev/null 2>/dev/null &&
  echo "[ICFS-TEST]: rm can unlink protected/do-not-remove despite access being denied!" ||
  echo "[ICFS-TEST]: OK" # EACCESS

zenity --set-fake-response yes_tmp
rm ./protected/should-be-removed >/dev/null 2>/dev/null &&
  echo "[ICFS-TEST]: OK" ||
  echo "[ICFS-TEST]: rm cannot unlink protected/should-be-removed despite access being permitted!" # OK

# rename files

zenity --set-fake-response no
mv ./protected/do-not-rename ./protected/terrible-name 2>/dev/null &&
  echo "[ICFS-TEST]: mv can rename protected/truth despite access being denied!" ||
  echo "[ICFS-TEST]: OK" # EACCESS
zenity --set-fake-response yes_tmp
mv ./protected/should-be-renamed ./protected/great-name 2>/dev/null &&
  echo "[ICFS-TEST]: OK" ||
  echo "[ICFS-TEST]: mv cannot rename should-be-removed to renamed-file despite access being permitted!" # OK

# change permissions

zenity --set-fake-response no
chmod 000 ./protected/perm777 2>/dev/null &&
  echo "[ICFS-TEST]: chmod can change permissions of protected/perm777 despite access being denied!" ||
  echo "[ICFS-TEST]: OK" # EACCESS
zenity --set-fake-response yes_tmp
chmod 000 ./protected/perm000 2>/dev/null &&
  echo "[ICFS-TEST]: OK" ||
  echo "[ICFS-TEST]: chmod cannot change permissions of protected/perm000 despite access being permitted!" # OK

# test permanent permissions

zenity --set-fake-response yes
cat ./protected/motto >/dev/null 2>/dev/null &&
  echo "[ICFS-TEST]: OK" ||
  echo "[ICFS-TEST]: echo cannot read protected/motto despite access being permitted!" # OK

zenity --set-fake-response no # this should be ignored
cat ./protected/motto >/dev/null 2>/dev/null &&
  echo "[ICFS-TEST]: OK" ||
  echo "[ICFS-TEST]: echo cannot read protected/motto despite access being permitted!" # OK

# test database access
if [[ -r "./.pt.db" || -w "./.pt.db" ]]; then
  echo "[ICFS-TEST]: permanent permissions is accessible!"
else
  echo "[ICFS-TEST]: OK"
fi

# unmount

sleep 0.5
#lsof +f -- $(realpath ./protected)
umount $(realpath ./protected)
sleep 0.5