module Sufia
  module TransfersControllerBehavior
    extend ActiveSupport::Concern

    included do
      before_action :authenticate_user!
      before_action :load_proxy_deposit_request, only: :create
      load_and_authorize_resource :proxy_deposit_request, parent: false, except: :index
      before_action :authorize_depositor_by_id, only: [:new, :create]
      # Catch permission errors
      # TODO: we should make this a module in Sufia
      rescue_from CanCan::AccessDenied do |exception|
        if current_user && current_user.persisted?
          redirect_to root_url, alert: exception.message
        else
          session["user_return_to"] = request.url
          redirect_to new_user_session_url, alert: exception.message
        end
      end
    end

    def new
      @work = CurationConcerns::WorkRelation.new.find(params[:id])
    end

    def create
      @proxy_deposit_request.sending_user = current_user
      if @proxy_deposit_request.save
        redirect_to sufia.transfers_path, notice: "Transfer request created"
      else
        redirect_to root_url, alert: @proxy_deposit_request.errors.full_messages.to_sentence
      end
    end

    def index
      @incoming = ProxyDepositRequest.where(receiving_user_id: current_user.id).reject(&:deleted_work?)
      @outgoing = ProxyDepositRequest.where(sending_user_id: current_user.id)
    end

    # Kicks of a job that completes the transfer. If params[:reset] is set, it will revoke
    # any existing edit permissions on the work.
    def accept
      @proxy_deposit_request.transfer!(params[:reset])
      if params[:sticky]
        current_user.can_receive_deposits_from << @proxy_deposit_request.sending_user
      end
      redirect_to sufia.transfers_path, notice: "Transfer complete"
    end

    def reject
      @proxy_deposit_request.reject!
      redirect_to sufia.transfers_path, notice: "Transfer rejected"
    end

    def destroy
      @proxy_deposit_request.cancel!
      redirect_to sufia.transfers_path, notice: "Transfer canceled"
    end

    private

      def authorize_depositor_by_id
        @id = params[:id]
        authorize! :transfer, @id
        @proxy_deposit_request.work_id = @id
      rescue CanCan::AccessDenied
        redirect_to root_url, alert: 'You are not authorized to transfer this work.'
      end

      def load_proxy_deposit_request
        @proxy_deposit_request = ProxyDepositRequest.new(proxy_deposit_request_params)
      end

      def proxy_deposit_request_params
        params.require(:proxy_deposit_request).permit(:transfer_to)
      end
  end
end