module Beef
  module AdminArea
    module Authorisation

      def self.included(controller)
        controller.send(:include, InstanceMethods)
        controller.extend ClassMethods

        controller.class_eval do
          helper_method :authorised?
          helper_method :not_authorised?

          hide_action :authorised?, :authorise, :not_authorised?
        end
      end

      module ClassMethods
        def authorise(options)
          raise ArgumentError, 'Roles must be suplied' if options[:roles].nil?
          before_filter :only => options[:only] do |controller|
            controller.authorise(*options[:roles])
          end
        end
      end

      module InstanceMethods
        def authorise(*roles)
          deny_access("You do not have the required access privileges to access page") unless current_user.authorised?(*roles)
        end

        def authorised?(*roles, &block)
          return unless current_user.authorised?(*roles)
          if block_given?
            yield
          else
            return true
          end
        end

        def not_authorised?(*roles, &block)
          return if current_user.authorised?(*roles)
          if block_given?
            yield
          else
            return true
          end
        end
      end

    end

    module Roles

      def self.included(base)
        base.send(:include, InstanceMethods)

        base.class_eval do
          attr_protected :role
          User::ROLES.each do |r|
            self.class_eval <<-RUBY
              def #{r}?
                authorised?(:#{r})
              end
            RUBY
          end
        end
      end

      module InstanceMethods
        def authorised?(*auth_roles)
          return false if role.blank?
          # Check the roles are real
          non_roles = auth_roles - User::ROLES
          unless non_roles.empty?
            raise ArgumentError, "No such role #{non_roles.join(', ')}"
          end
          auth_roles.include?(role.to_sym)
        end
      end

    end
  end
end