# frozen_string_literal: true

#   Модуль с фунциями для авторизации
module Authorization
  extend ActiveSupport::Concern

  included do
    include CanCan::ControllerAdditions
    # before_action :authorize_profile!
    cattr_accessor :authorized_permissions
    attr_reader :actual_permission_ids,
      :current_organization_id,
      :current_account_id,
      :permissions, :restrictions

    check_authorization

    def current_ability
      @current_ability ||= Ability.new(permissions, restrictions, current_organization_id, current_account_id)
    end

    def current_account_id
      access_token[:account][:id]
    end

    def current_organization_id
      @current_organization_id ||= request.headers['organization-id']
    end

    def permissions
      @permissions ||= access_token[:permissions][current_organization_id]&.map(&:to_sym) || []
    end

    def restrictions
      @restrictions ||= access_token[:permissions][current_organization_id]&.map(&:to_sym) || []
    end

    def include_permission?(permission)
      permissions.include?(permission)
    end

    def include_restriction?(restriction)
      restrictions.include?(restriction)
    end
  end
end