#!perl
use Cassandane::Tiny;

#Magic word virtdomains in name sets config virtdomains = userid
sub test_imap_admins_virtdomains ($self)
{
    # test whether the imap_admins setting works correctly under virtdomains

    my $domainadmin = 'admin@uhoh.org';
    my $defaultdomain = $self->{instance}->{config}->get('defaultdomain')
                        // 'internal';
    my $defdomadmin = "admin\@$defaultdomain";

    $self->{instance}->create_user($domainadmin);
    my $imap = $self->{instance}->get_service('imap');
    my $domainadminstore = $imap->create_store(username => $domainadmin);
    my $defdomadminstore = $imap->create_store(username => $defdomadmin);

    my $admintalk = $self->{adminstore}->get_client();
    my $imapadmintalk = $self->{imapadminstore}->get_client();
    my $domainadmintalk = $domainadminstore->get_client();
    my $defdomadmintalk = $defdomadminstore->get_client();
    my $talk = $self->{store}->get_client();

    # we should be able to reconstruct as 'admin', because although
    # imap_admins overrides admins, we have 'admin' in imap_admins too
    # (it MUST be there for Cassandane itself to work)
    my $res = $admintalk->_imap_cmd("reconstruct" , 0, {}, "user.cassandane");
    $self->assert_str_equals('ok', $admintalk->get_last_completion_response());

    # we should not be able to reconstruct as 'cassandane', because
    # reconstruct is an admin-only command
    $res = $talk->_imap_cmd("reconstruct", 0, {}, "user.cassandane");
    $self->assert_str_equals('no', $talk->get_last_completion_response());
    $self->assert_matches(qr/permission denied/i, $talk->get_last_error());

    # we should be able to reconstruct as 'imapadmin', because this user
    # is in imap_admins
    $res = $imapadmintalk->_imap_cmd("reconstruct", 0, {}, "user.cassandane");
    $self->assert_str_equals('ok',
                             $imapadmintalk->get_last_completion_response());

    # we MUST NOT be able to reconstruct as 'admin@uhoh.org', because
    # this user is not in imap_admins, even though bare 'admin' is
    $res = $domainadmintalk->_imap_cmd("reconstruct", 0, {}, "user.cassandane");
    $self->assert_str_equals('no',
                             $domainadmintalk->get_last_completion_response());
    $self->assert_matches(qr/permission denied/i,
                          $domainadmintalk->get_last_error());

    # we should be able to reconstruct as admin@$defaultdomain, because
    # we treat bare username and username@defaultdomain as equivalent
    $res = $defdomadmintalk->_imap_cmd("reconstruct", 0, {}, "user.cassandane");
    $self->assert_str_equals('ok',
                             $defdomadmintalk->get_last_completion_response());
}
