create_user = {

  label = "Create User"
  shortcut = "cu"
  parameters = {
    uname = {
      shortcut = "u"
      required = true
    }
    pass = {
      shortcut = "pw"
      required = true
    }
    roles = {
      shortcut = "r"
      required = true
    }
    profiles_allowed = {
      shortcut = "pa"
      required = false
    }
  }
  expression = `

#echo("uname=" . uname);
#echo("pass=" . pass);
#echo("roles=" . roles);

# Create a new subnode of users, named after the username
node users = 'users';
string uname_nodename = uname;
uname_nodename = replace_all(uname_nodename, '-', '_');
node user = users{uname};

# Don't allow create_user on root_admin
if (uname_nodename eq "root_admin") then (
  error("You cannot recreate the root administrator with create_user");
);

# Set the "username" subnode to the username
@user{'username'} = uname;

# Set the password checksum
@user{'password_checksum'} = md5_digest(pass);

# If the -pa option was specified, set which profiles this user can access
if (profiles_allowed ne "(unspecified)") then (

  # Build the "access.0.profiles" node from the profiles_allowed option (which is comma-separated profile names)
  split(profiles_allowed, ',', 'v.profiles_allowed_split');
  node profile;
  foreach profile 'v.profiles_allowed_split'
    @user{'access'}{'0'}{'profiles'}{@profile} = @profile;

); # if profiles_allowed

# Build the "access.0.roles" node from the roles option (which is comma-separated node names)
split(roles, ',', 'v.roles_split');
node role;
foreach role 'v.roles_split'
  @user{'access'}{'0'}{'roles'}{@role} = @role;

# Save the users.cfg file
save_node(users);

#echo("Created user " . uname);

# Generate the XML result, for use in network action
node result = new_action_result(command_line.action);
@result{"Result"} = "Success";
@result{"User"} = uname;
@result{"Roles"} = roles;
string xml_result = action_result_to_xml(result);
#echo("xml_result: " . xml_result);
xml_result;


` # expression
  
} # create_user