# Authorization
require 'authoreyes/authorization/engine'
require 'authoreyes/authorization/authorization_rule_set'
require 'authoreyes/authorization/authorization_rule'
require 'authoreyes/authorization/attribute'
require 'authoreyes/authorization/attribute_with_permission'
require 'authoreyes/authorization/anonymous_user'

require 'set'
require 'forwardable'

module Authoreyes
  module Authorization
    # An exception raised if anything goes wrong in the Authorization realm
    class AuthorizationError < StandardError; end
    # NotAuthorized is raised if the current user is not allowed to perform
    # the given operation possibly on a specific object.
    class NotAuthorized < AuthorizationError; end
    # AttributeAuthorizationError is more specific than NotAuthorized, signaling
    # that the access was denied on the grounds of attribute conditions.
    class AttributeAuthorizationError < NotAuthorized; end
    # AuthorizationUsageError is used whenever a situation is encountered
    # in which the application misused the plugin.  That is, if, e.g.,
    # authorization rules may not be evaluated.
    class AuthorizationUsageError < AuthorizationError; end
    # NilAttributeValueError is raised by Attribute#validate? when it hits a nil attribute value.
    # The exception is raised to ensure that the entire rule is invalidated.
    class NilAttributeValueError < AuthorizationError; end

    AUTH_DSL_FILES = [Pathname.new(Rails.root || '').join('config', 'authorization_rules.rb').to_s].freeze unless defined? AUTH_DSL_FILES

    # Controller-independent method for retrieving the current user.
    # Needed for model security where the current controller is not available.
    def self.current_user
      # TODO: get rid of Thread usage
      Thread.current['current_user'] || AnonymousUser.new
    end

    # Controller-independent method for setting the current user.
    def self.current_user=(user)
      Thread.current['current_user'] = user
    end

    # For use in test cases only
    def self.ignore_access_control(state = nil) # :nodoc:
      Thread.current['ignore_access_control'] = state unless state.nil?
      Thread.current['ignore_access_control'] || false
    end

    def self.activate_authorization_rules_browser? # :nodoc:
      ::Rails.env.development?
    end

    @@dot_path = 'dot'
    def self.dot_path
      @@dot_path
    end

    def self.dot_path=(path)
      @@dot_path = path
    end

    @@default_role = :guest
    def self.default_role
      @@default_role
    end

    def self.default_role=(role)
      @@default_role = role.to_sym
    end

    def self.is_a_association_proxy?(object)
      if Rails.version < '3.2'
        object.respond_to?(:proxy_reflection)
      else
        object.respond_to?(:proxy_association)
      end
    end
  end
end