#!/bin/bash
# Remove user (analyst or admin)
# Usage: sudo remove-analyst username [--force]

set -euo pipefail

if [[ $EUID -ne 0 ]]; then
    echo "This script must be run as root (use sudo)"
    exit 1
fi

# Parse arguments
FORCE=false
USERNAME=""

for arg in "$@"; do
    case $arg in
        --force|-f)
            FORCE=true
            ;;
        *)
            USERNAME="$arg"
            ;;
    esac
done

if [[ -z "$USERNAME" ]]; then
    echo "Usage: sudo remove-analyst username [--force]"
    echo "  --force, -f  Skip confirmation prompt"
    exit 1
fi

# Check if user exists
if ! id "$USERNAME" &>/dev/null; then
    echo "Error: User '$USERNAME' does not exist"
    exit 1
fi

# Prevent removing yourself
CURRENT_USER=$(logname 2>/dev/null || echo "$SUDO_USER")
if [[ "$USERNAME" == "$CURRENT_USER" ]]; then
    echo "Error: Cannot remove yourself"
    exit 1
fi

# Get user groups for info
GROUPS=$(groups "$USERNAME" 2>/dev/null | cut -d: -f2 || echo "")

echo "Removing user: $USERNAME"
echo "Groups: $GROUPS"

if [[ "$FORCE" != true ]]; then
    read -p "Are you sure? [y/N] " -n 1 -r
    echo ""
    if [[ ! $REPLY =~ ^[Yy]$ ]]; then
        echo "Cancelled"
        exit 0
    fi
fi

# Remove user and home directory
# userdel -r may fail if home is owned by someone else; fall back to manual cleanup
if userdel -r "$USERNAME" 2>/dev/null; then
    : # success
else
    userdel "$USERNAME"
    if [[ -d "/home/$USERNAME" ]]; then
        rm -rf "/home/$USERNAME"
        echo "Home directory removed manually"
    fi
fi

echo "User '$USERNAME' removed successfully"
