#!/bin/bash
# Права на каталог магазина для пользователя systemd (www-data)
#   sudo bash "$SHOP_ROOT/scripts/fix-shop-permissions.sh"
set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
# shellcheck source=shop-root.sh
source "$SCRIPT_DIR/shop-root.sh"

SHOP_SERVICE_USER="${SHOP_SERVICE_USER:-www-data}"

if [ "$(id -u)" -ne 0 ]; then
  echo "Запустите от root: sudo bash $0"
  exit 1
fi

if ! id "$SHOP_SERVICE_USER" &>/dev/null; then
  echo "Ошибка: пользователь $SHOP_SERVICE_USER не найден"
  exit 1
fi

echo "=== Права Shop: $SHOP_ROOT → $SHOP_SERVICE_USER ==="

# CRLF из Windows → 203/EXEC в systemd
if [ -d "$SHOP_ROOT/scripts" ]; then
  find "$SHOP_ROOT/scripts" -name '*.sh' -type f -exec sed -i 's/\r$//' {} +
fi

chown -R "$SHOP_SERVICE_USER:$SHOP_SERVICE_USER" "$SHOP_ROOT"

# Исполняемые скрипты (wait-postgres.sh для ExecStartPre)
if [ -d "$SHOP_ROOT/scripts" ]; then
  chmod +x "$SHOP_ROOT"/scripts/*.sh 2>/dev/null || true
fi

# npm cache/logs для www-data
for dir in /var/www/.npm /var/www/.cache; do
  mkdir -p "$dir"
  chown -R "$SHOP_SERVICE_USER:$SHOP_SERVICE_USER" "$dir"
done

if [ -f "$SHOP_ROOT/.env" ]; then
  chmod 640 "$SHOP_ROOT/.env"
  chown "$SHOP_SERVICE_USER:$SHOP_SERVICE_USER" "$SHOP_ROOT/.env"
fi

# Родительские каталоги — traverse для www-data
chmod o+x /opt /opt/shop 2>/dev/null || true

echo "OK: владелец $SHOP_SERVICE_USER, скрипты +x"
echo "Проверка unit: grep ExecStartPre /etc/systemd/system/shop.service"
echo "  sudo systemctl daemon-reload && sudo systemctl restart shop"