#!/bin/bash
# Remove user (analyst or admin)
# Usage: sudo remove-analyst username [--force]
#
# Note: This script uses explicit error handling instead of set -e.
# set -e causes silent exits with command substitutions and pipefail,
# which is unacceptable for admin scripts that must always report what happened.

set -u  # Catch unset variables, but no -e (explicit error handling)

if [[ $EUID -ne 0 ]]; then
    echo "Error: This script must be run as root (use sudo)"
    exit 1
fi

# Parse arguments
FORCE=false
USERNAME=""

for arg in "$@"; do
    case $arg in
        --force|-f)
            FORCE=true
            ;;
        *)
            USERNAME="$arg"
            ;;
    esac
done

if [[ -z "$USERNAME" ]]; then
    echo "Usage: sudo remove-analyst username [--force]"
    echo "  --force, -f  Skip confirmation prompt"
    exit 1
fi

# Check if user exists
if ! id "$USERNAME" &>/dev/null; then
    echo "Error: User '$USERNAME' does not exist"
    exit 1
fi

# Prevent removing yourself
CURRENT_USER=$(logname 2>/dev/null || echo "${SUDO_USER:-unknown}")
if [[ "$USERNAME" == "$CURRENT_USER" ]]; then
    echo "Error: Cannot remove yourself"
    exit 1
fi

# Get user info (avoid using GROUPS - it's a bash special variable for current user's GIDs)
USER_GROUPS=$(id -nG "$USERNAME" 2>/dev/null) || USER_GROUPS="(unknown)"
HOME_DIR="/home/$USERNAME"
HOME_EXISTS=false
[[ -d "$HOME_DIR" ]] && HOME_EXISTS=true

echo "Removing user: $USERNAME"
echo "  Groups: $USER_GROUPS"
echo "  Home: $HOME_DIR ($([ "$HOME_EXISTS" = true ] && echo "exists" || echo "already missing"))"

if [[ "$FORCE" != true ]]; then
    read -p "Are you sure? [y/N] " -n 1 -r
    echo ""
    if [[ ! $REPLY =~ ^[Yy]$ ]]; then
        echo "Cancelled"
        exit 0
    fi
fi

# Remove user and home directory
echo "  Deleting OS user..."
USERDEL_ERR=$(userdel -r "$USERNAME" 2>&1)
USERDEL_EXIT=$?
if [[ $USERDEL_EXIT -eq 0 ]]; then
    if [[ "$HOME_EXISTS" = true ]]; then
        echo "  User and home directory removed"
    else
        echo "  User removed (home directory was already missing)"
    fi
elif userdel "$USERNAME" 2>/dev/null; then
    echo "  User removed (userdel -r failed: $USERDEL_ERR)"
    if [[ -d "$HOME_DIR" ]]; then
        rm -rf "$HOME_DIR"
        echo "  Home directory $HOME_DIR removed"
    fi
else
    echo "Error: Failed to remove user '$USERNAME'"
    echo "  userdel error: $USERDEL_ERR"
    echo "  Check if processes are running as this user: ps -u $USERNAME"
    exit 1
fi

# Verify removal
if id "$USERNAME" &>/dev/null; then
    echo "Warning: User '$USERNAME' still exists (OS login system may have re-created it)"
    exit 1
fi

echo "User '$USERNAME' removed successfully"