# Do not add your user, or any others, to this group.
GROUP_NAME="onepassword"

app_group_exists() {
    if [ $(getent group "${GROUP_NAME}") ]; then
        true
    else
        false
    fi
}

set_chromesandbox_permissions() {
    # chrome-sandbox requires the setuid bit to be specifically set.
    # See https://github.com/electron/electron/issues/17972
    chmod 4755 /opt/1Password/chrome-sandbox
}

setup_browser_helper() {
    # Setup the Core App Integration helper binary with the correct permissions and group
    HELPER_PATH="/opt/1Password/1Password-KeyringHelper"

    chgrp "${GROUP_NAME}" $HELPER_PATH
    # The binary requires setuid so it may interact with the Kernel keyring facilities
    chmod u+s $HELPER_PATH
    chmod g+s $HELPER_PATH
}

pre_install() {
    if app_group_exists; then
        : # Do nothing
    else
        groupadd "${GROUP_NAME}"
    fi
}

pre_upgrade() {
    if app_group_exists; then
        : # Do nothing
    else
        groupadd "${GROUP_NAME}"
    fi
}

post_install() {
    set_chromesandbox_permissions
    setup_browser_helper
}

post_upgrade() {
    set_chromesandbox_permissions
    setup_browser_helper
}

post_remove() {
    if app_group_exists; then
        groupdel "${GROUP_NAME}"
    fi
}