#!/usr/bin/python3

import json
import os
import sys

ROLES="/etc/libvirt/privileges.d/roles"
ROLES_USER_DEFINED="/etc/libvirt/privileges.d/roles.user"
USERS="/etc/libvirt/privileges.d/users"
VMS="/etc/libvirt/privileges.d/vms"

with open(ROLES, "r") as roles_fp, open(USERS, "r") as users_fp, open(VMS, "r") as vms_fp:
    roles = json.load(roles_fp)
    users = json.load(users_fp)
    vms = json.load(vms_fp)

roles_user = {}
if os.path.exists(ROLES_USER_DEFINED):
    with open(ROLES_USER_DEFINED) as roles_user_fp:
        try:
            roles_user = json.load(roles_user_fp)
        except json.decoder.JSONDecodeError:
            pass
all_roles = roles
all_roles.update(roles_user)

def check_user_perms(user, perm, vm):
    user_roles = None
    attached_roles = []
    try:
        try:
            attached_roles = vms[vm]
            user_roles = attached_roles[user]
        except KeyError:
            res = 1
            pass
        if not user_roles:
            user_roles = users[user]
        for role in user_roles:
            if perm in all_roles[role]:
                res = 0
                break
            else:
                res = 1
    except KeyError as e:
        res = 1
    return res


if __name__ == "__main__":
    if len(sys.argv) != 4:
        print("Argc is invalid")
        exit(2)
    user = sys.argv[1]
    perm = sys.argv[2]
    vm = sys.argv[3]
    retval = check_user_perms(user, perm, vm)
    exit(retval)
