module Fiona7
  class ScrivitoUser
    def self.define(rsession_user)
      Scrivito::User.define(rsession_user.user_name) do |user_definition|
        #
        # Define how this user should be presented in the UI.
        #
        user_definition.description { "#{rsession_user.user_name}" }

        # :-)
        user_definition.can_always(:read, :workspace)

        # workspaces can only be selected
        user_definition.can_never(:create, :workspace)

        # any write operation
        user_definition.can_always(:write, :workspace)

        # only root can publish rtc
        if rsession_user.superuser?
          user_definition.can_always(:publish, :workspace) 
        else
          user_definition.can_never(:publish, :workspace) 
        end

        #
        # Below, we define the publishing restrictions related to 'Obj's for this user.
        # The restriction callbacks should either return nothing (the 'Obj' may be published),
        # or a string describing why the 'Obj' cannot be published by this user.
        #
        # Here, the '_path' attribute of a changed 'Obj' is used to determine
        # whether the user is trying to publish changes made to a particular website
        # section, here "investor relations", which requires a special permission.
        #
        user_definition.restrict_obj_publish(using: :_path) do |path|
          obj = Fiona7::WriteObj.find_by_path(path)
          if !obj || !obj.permission.release?(rsession_user.user_name)
            I18n.t(:"fiona7.publish_permission_resticted", path: path)
          elsif obj && !obj.valid?(:release)
            obj.errors.join("\n")
          end
        end
      end
    end
  end
end