//go:build windows

package ispriv

import (
	`golang.org/x/sys/windows`
)

// IsAdmin returns true if currently running with Administrator privileges.
func IsAdmin() (admin bool, err error) {

	var sid *windows.SID
	var tok windows.Token

	if err = windows.AllocateAndInitializeSid(
		&windows.SECURITY_NT_AUTHORITY,      // identAuth
		2,                                   // subAuth
		windows.SECURITY_BUILTIN_DOMAIN_RID, // subAuth0
		windows.DOMAIN_ALIAS_RID_ADMINS,     // subAuth1
		0, 0, 0, 0, 0, 0,                    // subAuth2-10
		&sid, // sid
	); err != nil {
		return
	}
	defer windows.FreeSid(sid)

	tok = windows.Token(0)
	if admin, err = tok.IsMember(sid); err != nil {
		return
	}

	return
}

// IsElevated returns true if running in an elevated ("Run as Administrator") context.
func IsElevated() (elevated bool) {

	var tok windows.Token = windows.Token(0)

	elevated = tok.IsElevated()

	return
}

/*
	IsPrivileged indicates that the current security context is running both
	with Administrator priviliges AND is elevated.
*/
func IsPrivileged() (privileged bool, err error) {

	if privileged, err = IsAdmin(); err != nil {
		return
	}

	if privileged {
		privileged = IsElevated()
	}

	return
}