use strict;
use warnings;

our @Initial = (
    sub {
        RT->Logger->debug('Removing all delegated rights');

        my $acl = RT::ACL->new(RT->SystemUser);
        my $groupjoin = $acl->Join(
            ALIAS1 => 'main',
            FIELD1 => 'PrincipalId',
            TABLE2 => 'Groups',
            FIELD2 => 'id',
        );
        $acl->Limit( ALIAS           => $groupjoin,
                     FIELD           => 'Domain',
                     OPERATOR        => '=',
                     VALUE           => 'Personal',
                     CASESENSITIVE   => 0,
                    );

        while ( my $ace = $acl->Next ) {
            my ( $ok, $msg ) = $ace->Delete();

            if ( !$ok ) {
                RT->Logger->warn( "Unable to delete ACE " . $ace->id . ": " . $msg );
            }
        }

        my $groups = RT::Groups->new(RT->SystemUser);
        $groups->Limit( FIELD    => 'Domain',
                        OPERATOR => '=',
                        VALUE    => 'Personal',
                        CASESENSITIVE   => 0,
                      );
        while ( my $group = $groups->Next ) {
            my $members = $group->MembersObj();
            while ( my $member = $members->Next ) {
                my ( $ok, $msg ) = $group->DeleteMember( $member->MemberId );
                if ( !$ok ) {
                    RT->Logger->warn(   "Unable to remove group member "
                                       . $member->id . ": "
                                       . $msg );
                }
            }
            $group->PrincipalObj->Delete;
            $group->RT::Record::Delete();
        }
    },
    sub {
        RT->Logger->debug('Removing all Delegate and PersonalGroup rights');

        # this temporarily tells the system that the rights exist so it can properly canonicalize them
        RT::System->AddRight(Admin => AdminOwnPersonalGroups  => 'Add right for 4.0.1 upgrade steps');
        RT::System->AddRight(Admin => AdminAllPersonalGroups  => 'Add right for 4.0.1 upgrade steps');
        RT::System->AddRight(Admin => DelegateRights          => 'Add right for 4.0.1 upgrade steps');

        my $acl = RT::ACL->new(RT->SystemUser);
        for my $right (qw/AdminOwnPersonalGroups AdminAllPersonalGroups DelegateRights/) {
            $acl->Limit( FIELD => 'RightName', VALUE => $right );
        }

        while ( my $ace = $acl->Next ) {
            my ( $ok, $msg ) = $ace->Delete();
            RT->Logger->debug("Removing ACE ".$ace->id." for right ".$ace->__Value('RightName'));

            if ( !$ok ) {
                RT->Logger->warn( "Unable to delete ACE " . $ace->id . ": " . $msg );
            }
        }
    },
    sub {
        RT->Logger->debug('Removing unimplemented RejectTicket and ModifyTicketStatus rights');

        my $acl = RT::ACL->new(RT->SystemUser);
        for my $right (qw/RejectTicket ModifyTicketStatus/) {
            $acl->Limit( FIELD => 'RightName', VALUE => $right );
        }

        while ( my $ace = $acl->Next ) {
            my ( $ok, $msg ) = $ace->Delete();
            RT->Logger->debug("Removing ACE ".$ace->id." for right ".$ace->__Value('RightName'));

            if ( !$ok ) {
                RT->Logger->warn( "Unable to delete ACE " . $ace->id . ": " . $msg );
            }
        }
    },
);