#!/bin/bash

# User-specific NAS mounting helper
# This script demonstrates how user mounts work without requiring root/sudo

set -euo pipefail

log() {
    echo "[User Mount] $*"
}

check_mount_capabilities() {
    log "Checking user mount capabilities..."
    
    # Check if user namespace is available (for truly rootless mounts)
    if [[ -f /proc/sys/kernel/unprivileged_userns_clone ]]; then
        local userns_enabled=$(cat /proc/sys/kernel/unprivileged_userns_clone)
        if [[ "$userns_enabled" == "1" ]]; then
            log "User namespaces enabled - full rootless mounting possible"
            return 0
        fi
    fi
    
    # Check if we can use fusermount (for FUSE-based mounts)
    if command -v fusermount &>/dev/null; then
        log "fusermount available - FUSE-based mounting possible"
        return 0
    fi
    
    # Check if systemd-mount is available (for user mount units)
    if command -v systemd-mount &>/dev/null; then
        log "systemd-mount available - systemd-based mounting possible"
        return 0
    fi
    
    log "Warning: Limited user mount capabilities. May need sudo for some operations."
    return 1
}

setup_polkit_rules() {
    # This would need to be run once by an admin to allow user mounts
    local polkit_rule="/etc/polkit-1/rules.d/99-mount-without-password.rules"
    
    log "To enable passwordless mounting for users, an admin needs to create:"
    log "$polkit_rule"
    log "With content allowing mount operations for specific users/groups"
    
    cat << 'EOF'
Example polkit rule (requires admin to install):

polkit.addRule(function(action, subject) {
    if ((action.id == "org.freedesktop.udisks2.filesystem-mount" ||
         action.id == "org.freedesktop.udisks2.filesystem-mount-system") &&
        subject.isInGroup("users")) {
        return polkit.Result.YES;
    }
});
EOF
}

use_systemd_mount() {
    local mount_type="$1"
    local source="$2"
    local target="$3"
    local options="$4"
    
    log "Using systemd-mount for user mounting..."
    
    # systemd-mount can create transient mount units in user session
    if [[ "$mount_type" == "nfs" ]]; then
        systemd-mount --no-block --collect \
            -t nfs -o "$options" \
            "$source" "$target"
    elif [[ "$mount_type" == "cifs" ]]; then
        systemd-mount --no-block --collect \
            -t cifs -o "$options" \
            "$source" "$target"
    fi
}

use_gvfs_mount() {
    # GNOME Virtual File System - works on many desktop systems
    local mount_type="$1"
    local server="$2"
    local share="$3"
    
    if command -v gio &>/dev/null; then
        log "Using GVFS (gio) for user mounting..."
        
        if [[ "$mount_type" == "cifs" ]]; then
            gio mount "smb://${server}/${share}"
        elif [[ "$mount_type" == "nfs" ]]; then
            gio mount "nfs://${server}/${share}"
        fi
        
        # GVFS mounts appear under ~/.gvfs or /run/user/$(id -u)/gvfs
        return 0
    fi
    
    return 1
}

main() {
    log "User-specific NAS mounting capabilities check"
    
    check_mount_capabilities
    
    echo
    log "Available user mount methods:"
    log "1. Direct mount (requires sudo or polkit rules)"
    log "2. systemd-mount (if available)"
    log "3. GVFS/gio mount (for desktop environments)"
    log "4. FUSE-based mounts (requires specific FUSE filesystem)"
    
    echo
    log "The updated mount_nas.sh script uses method 1 (direct mount)"
    log "This requires either:"
    log "- Running mount commands with sudo (will prompt for password)"
    log "- Setting up polkit rules for passwordless mounting"
    log "- Using setuid mount helpers (security risk, not recommended)"
    
    echo
    setup_polkit_rules
}

main "$@"