class Chef::Knife::OrgUserRemove

def failure_error_message(org_name, username) 

def failure_error_message(org_name, username)
  ui.error "Error removing user #{username} from organization #{org_name}."
end

def remove_user_from_admin_group(org, org_name, username, admin_group_string) 

def remove_user_from_admin_group(org, org_name, username, admin_group_string)
  org.remove_user_from_group(admin_group_string, username)
rescue Net::HTTPClientException => e
  if e.response.code == "404"
    ui.warn <<~EOF

      User #{username} is not in the #{admin_group_string} group for organization #{org_name}.
      You probably don't need to pass --force.
    EOF

  else
    raise e
  end
end

def run 

def run
  @org_name, @username = @name_args
  if !org_name || !username
    ui.fatal "You must specify an ORG_NAME and USER_NAME"
    show_usage
    exit 1
  end
  org = Chef::Org.new(@org_name)
  if config[:force_remove_from_admins]
    if org.actor_delete_would_leave_admins_empty?
      failure_error_message(org_name, username)
      ui.msg <<~EOF

        You ran with --force which force removes the user from the admins and billing-admins groups.
        However, removing #{username} from the admins group would leave it empty, which breaks the org.
        Please add another user to org #{org_name} admins group and try again.
      EOF

      exit 1
    end
    remove_user_from_admin_group(org, org_name, username, "admins")
    remove_user_from_admin_group(org, org_name, username, "billing-admins")
  end
  begin
    org.dissociate_user(@username)
  rescue Net::HTTPClientException => e
    if e.response.code == "404"
      ui.msg "User #{username} is not associated with organization #{org_name}"
      exit 1
    elsif e.response.code == "403"
      body = Chef::JSONCompat.from_json(e.response.body)
      if body.key?("error") && body["error"] == "Please remove #{username} from this organization's admins group before removing him or her from the organization."
        failure_error_message(org_name, username)
        ui.msg <<~EOF

          User #{username} is in the organization's admin group. Removing users from an organization without removing them from the admins group is not allowed.
          Re-run this command with --force to remove this user from the admins prior to removing it from the organization.
        EOF

        exit 1
      else
        raise e
      end
    else
      raise e
    end
  end
end