module Challah
  # These methods are added into ActionController::Base and are available in all
  # of your app's controllers.
  module Controller
    extend ActiveSupport::Concern

    included do
      extend ClassMethods
    end

    module ClassMethods
      # Restrict the current controller to only users that have authenticated. All actions
      # in the controller will be restricted unless otherwise stated. All normal options
      # for a before_filter are observed.
      #
      # @example
      #   class YourController < ApplicationController
      #     restrict_to_authenticated
      #
      #     # ...
      #   end
      #
      # @example Restrict only the given actions
      #   class YourOtherController < ApplicationController
      #     restrict_to_authenticated :only => [ :create, :update, :destroy ]
      #
      #     # ...
      #   end
      #
      # @see Controller::InstanceMethods#signin_required signin_required
      def restrict_to_authenticated(options = {})
        before_filter(options) do |controller|
          controller.send(:signin_required)
        end
      end

      # Alias for restrict_to_authenticated
      def signin_required(*args)
        restrict_to_authenticated(*args)
      end
      alias_method :login_required, :signin_required
    end

    protected

    # Is there currently a logged in user? Returns true if it is safe to use
    # the {#current_user current_user} method.
    #
    # @note This method is also available as a helper in your views.
    #
    # @see #current_user current_user
    #
    # @return [Boolean] Is there a user logged in?
    def current_user?
      !!current_user
    end

    # Alias for current_user?
    def signed_in?
      current_user?
    end
    alias_method :logged_in?, :signed_in?

    # The user that is currently logged into this session. If there is no
    # user logged in, nil will be returned.
    #
    # @note This method is also available as a helper in your views.
    #
    # @return [User, nil] The current authenticated user.
    def current_user
      @current_user ||= current_user_session.user
    end

    # The current authentication session, if one exists. A {Session} object will be
    # returned regardless of its valid status. If an invalid session is returned, the
    # {Session#user user} attribute will be nil.
    #
    # @return [Session] The current browser session.
    def current_user_session
      @current_user_session ||= Challah::Session.find(request, params, user_model)
    end

    # Restrict a controller to only authenticated users. If someone tries to access
    # a restricted action and is not logged in, they will be redirected to the
    # login page.
    #
    # This method is an alias for:
    #
    #   restrict_to_authenticated
    #
    # @example
    #   class YourController < ApplicationController
    #     before_filter :login_required
    #
    #     # ...
    #   end
    #
    # @example Specifing certain actions.
    #   class YourOtherController < ApplicationController
    #     before_filter :login_required, :only => [ :create, :update, :destroy ]
    #
    #     # ...
    #   end
    #
    # @see Controller::ClassMethods#restrict_to_authenticated restrict_to_authenticated
    def signin_required
      unless signed_in?
        session[:return_to] = request.url
        redirect_to signin_path and return
      end
    end
    alias_method :login_required, :signin_required

    def user_model
      @_challah_user_model ||= Challah.user
    end
  end
end