#!/bin/bash

# Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2019 All Rights Reserved
#
# Licensed under CLOUD LINUX LICENSE AGREEMENT
# http://cloudlinux.com/docs/LICENSE.TXT

# Create a psaadm-owned directory WITHOUT ever performing a root-privileged
# chown/chmod on a path inside the psaadm-writable /usr/local/psa/admin/.
# This script runs as root from the RPM %post; a root `chown`/`chmod` (or even
# `install -d`, which stat()s and then chown/chmods through a symlink on
# coreutils < 8.24, e.g. CL7's 8.22) on a path whose parent psaadm can write
# would follow a symlink psaadm plants and re-own/chmod an arbitrary target
# (e.g. /etc/shadow) -> psaadm->root. Doing the create+mode AS psaadm removes
# the root operation entirely: a symlink psaadm re-plants in any race window
# can then only redirect the op to a target psaadm already controls, so it
# cannot escalate. See the 2026-05 lvemanager security audit; cf. the earlier
# Rack911 fix (LVEMAN-1478) and Cursor Bugbot thread on MR !126.
ensure_psaadm_dir() {
    dir="$1"
    mode="$2"
    su -s /bin/sh psaadm -c "install -d -m $mode -- $dir" \
        || echo "install-plesk-plugin: could not set up $dir as psaadm" >&2
}

ensure_psaadm_dir /usr/local/psa/admin/.matplotlib 0755
ensure_psaadm_dir /usr/local/psa/admin/.backup_lvemanager 0775

# Improve this section by adding loop between custom plugins ["Resource Usage", "PHP Selector"]

PLUGINID=`/usr/local/psa/bin/custombutton -l | grep "Resource Usage" | cut -f1 -d' '`

if [ -n "$PLUGINID" ]; then
    /usr/local/psa/bin/custombutton --remove "$PLUGINID"
fi

PLUGINID=`/usr/local/psa/bin/custombutton -l | grep "PHP Selector" | cut -f1 -d' '`

if [ -n "$PLUGINID" ]; then
    /usr/local/psa/bin/custombutton --remove "$PLUGINID"
fi

/usr/share/l.v.e-manager/utils/dynamicui.py --sync-conf=all