# frozen_string_literal: true

namespace :ditty do

namespace :ldap do
  desc 'Check the LDAP settings'
  task :check do
    settings = ::Ditty::Services::Settings[:authentication][:ldap][:arguments].first
    ldap = Net::LDAP.new host: settings[:host], port: settings[:port]
    ldap.authenticate settings[:bind_dn], settings[:password] if settings[:bind_dn]
    raise 'Could not bind to LDAP server' unless ldap.bind

    puts 'LDAP Binding Successful'
  end

  desc 'Add the AD / LDAP Groups to Ditty as Roles'
  task :populate_groups, [:filter] do |_task, args|
    puts 'Adding AD / LDAP Groups to Ditty as Roles'
    require 'ditty/services/settings'
    require 'ditty/models/role'

    settings = ::Ditty::Services::Settings[:authentication][:ldap][:arguments].first
    ldap = Net::LDAP.new host: settings[:host], port: settings[:port]
    ldap.authenticate settings[:bind_dn], settings[:password] if settings[:bind_dn]
    if ldap.bind
      group_filter = Net::LDAP::Filter.construct(settings[:group_filter]) unless settings[:group_filter].blank?
      group_filter ||= Net::LDAP::Filter.eq('ObjectClass', 'Group')
      if args[:filter]
        search_filter = Net::LDAP::Filter.eq(*args[:filter].split(':', 2))
        filter = Net::LDAP::Filter.join(group_filter, search_filter)
      else
        filter = group_filter
      end
      ldap.search(base: settings[:base], filter: filter).each do |group|
        Ditty::Role.find_or_create(name: group.name) do |role|
          puts "Adding #{role.name}"
        end
      end
    else
      puts 'Could not connect to LDAP Server'
    end
  end
end

end