class Spud::SpudUserModel < ActiveRecord::Base
  self.table_name = 'spud_users'
  self.abstract_class = true
  
  acts_as_authentic do |c|
    c.transition_from_crypto_providers = Authlogic::CryptoProviders::Sha512
    c.crypto_provider = Authlogic::CryptoProviders::SCrypt
    c.logged_in_timeout = 24.hours
    if Spud::Core.config.use_email_as_login
      c.login_field = :email
    end
  end

  belongs_to :role, :class_name => 'SpudRole', :foreign_key => 'spud_role_id'
  has_many :spud_user_settings

  validates :first_name, :last_name, :presence => true
  before_validation :set_login_to_email, :if => ->{ Spud::Core.config.use_email_as_login }
  before_update :unset_requires_password_change

  scope :admins, ->{
    where('super_admin = 1 OR role_id IS NOT NULL')
  }

  scope :ordered, ->{ order('last_name asc, first_name asc, email asc') }

  def full_name
    if first_name.blank? && last_name.blank?
      return self.login
    end
    if self.first_name.blank?
      return self.last_name
    elsif self.last_name.blank?
      return self.first_name
    end
    return "#{self.first_name} #{self.last_name}"
  end

  def full_name_with_email
    return "#{full_name} (#{email})"
  end

  # Returns true if user can view at least one dashboard app
  def has_admin_rights?
    if self.super_admin?
      return true
    else
      return Spud::Core.admin_applications.find{ |app| self.can_view_app?(app) }.present?
    end
  end

  # Returns true if the user can view a spud app based on it's key
  def can_view_app?(admin_application)
    if self.super_admin?
      return true
    else
      key = admin_application[:key]
      return self.permissions.find{ |p| p.apps.include?(key) }.present?
    end
  end

  # Check if a user has a given list of permissions
  #
  # * if one tag is supplied, return true if the tag matches
  # * if multiple tags are supplied, return true if ALL tags match
  def has_permission?(*tags)
    if self.super_admin?
      return true
    else
      my_tags = self.permissions.collect(&:tag)
      return tags.find{ |tag| !my_tags.include?(tag) }.blank?
    end
  end

  # Check if a user has at least one out of a given list of permissions
  #
  # * if one tag is supplied, return true if the tag matches
  # * if multiple tags are supplied, return true if ANY tag matches
  def has_any_permission?(*tags)
    if self.super_admin?
      return true
    else
      return self.permissions.find{ |p| tags.include?(p.tag) }.present?
    end
  end

  # Return a list of SpudPermission objects for the user's SpudRole
  def permissions
    if !self.role
      return []
    else
      return self.role.permissions
    end
  end

  # Returns an ActiveRecord::Relation performing a LIKE query against name columns
  def self.where_name_like(string)
    like = '%' + string + '%'
    return self.where('login like ? or concat(`first_name`, " ", `last_name`) like ?', like, like)
  end

  # Return an array of users who have the requested permission
  #
  # * tag - Desired permission tag string (required)
  # * include_supers - Whether to include super user (default: true)
  def self.with_permission(tag, include_supers:true)
    role_ids = SpudRolePermission.where(:spud_permission_tag => tag).pluck(:spud_role_id).uniq()
    if include_supers
      return SpudUser.where('super_admin = 1 OR spud_role_id IN (?)', role_ids)
    else
      return SpudUser.where(:spud_role_id => role_ids)
    end
  end

private

  def set_login_to_email
    if self.email.present?
      self.login = self.email
    end
    return true
  end

  def unset_requires_password_change
    if password_changed? && !requires_password_change_changed?(:to => true)
      self.requires_password_change = false
    end
    return true
  end

end