#!/bin/bash
# List all analysts and admins on the server
# Usage: list-analysts

echo "=== Data Broker Users ==="
echo ""

# Get members of dataread group (all analysts)
DATAREAD_MEMBERS=$(getent group dataread 2>/dev/null | cut -d: -f4 | tr ',' '\n' | sort -u)
PRIVATE_MEMBERS=$(getent group data-private 2>/dev/null | cut -d: -f4 | tr ',' '\n' | sort -u)
SUDO_MEMBERS=$(getent group sudo 2>/dev/null | cut -d: -f4 | tr ',' '\n' | sort -u)
DATAOPS_MEMBERS=$(getent group data-ops 2>/dev/null | cut -d: -f4 | tr ',' '\n' | sort -u)

printf "%-20s %-15s %-10s %-10s\n" "USERNAME" "ROLE" "PRIVATE" "DATA-OPS"
printf "%-20s %-15s %-10s %-10s\n" "--------" "----" "-------" "--------"

for user in $DATAREAD_MEMBERS; do
    # Skip system users
    [[ -z "$user" ]] && continue

    # Determine role
    if echo "$SUDO_MEMBERS" | grep -qw "$user"; then
        ROLE="Admin"
    elif echo "$PRIVATE_MEMBERS" | grep -qw "$user"; then
        ROLE="Privileged"
    else
        ROLE="Standard"
    fi

    # Check private access
    if echo "$PRIVATE_MEMBERS" | grep -qw "$user"; then
        PRIVATE="yes"
    else
        PRIVATE="no"
    fi

    # Check data-ops membership
    if echo "$DATAOPS_MEMBERS" | grep -qw "$user"; then
        DATAOPS="yes"
    else
        DATAOPS="no"
    fi

    printf "%-20s %-15s %-10s %-10s\n" "$user" "$ROLE" "$PRIVATE" "$DATAOPS"
done

echo ""
echo "Groups:"
echo "  dataread     - Public data access"
echo "  data-private - Private data access"
echo "  data-ops     - Application deployment"
echo "  sudo         - Server administration"
