module Spotlight
  class RolesController < Spotlight::ApplicationController
    before_filter :authenticate_user!
    load_and_authorize_resource :exhibit, class: Spotlight::Exhibit
    load_and_authorize_resource through: :exhibit, except: [:update_all]

    def index
      role = @exhibit.roles.build
      authorize! :edit, role
      
      add_breadcrumb t(:'spotlight.exhibits.breadcrumb', title: @exhibit.title), @exhibit
      add_breadcrumb t(:'spotlight.administration.sidebar.header'), exhibit_dashboard_path(@exhibit)
      add_breadcrumb t(:'spotlight.administration.sidebar.users'), exhibit_roles_path(@exhibit)
    end

    def update_all
      attrs = params.require(:exhibit).permit(:roles_attributes => [:id, :user_key, :role, :_destroy])

      any_deleted = authorize_nested_attributes(attrs[:roles_attributes], Role)

      if @exhibit.update(attrs)
        notice = any_deleted > 0 ? t(:'helpers.submit.role.destroyed') : t(:'helpers.submit.role.updated')
        redirect_to exhibit_roles_path(@exhibit), notice: notice 
      else
        flash[:alert] = t(:'helpers.submit.role.batch_error')
        render action: 'index'
      end

    end

    protected


    # When nested attributes are passed in, ensure we have authorization to update each row.
    # @param attr [Hash,Array] the nested attributes
    # @param klass [Class] the class that is getting created
    # @return [Integer] a count of the number of deleted records
    def authorize_nested_attributes(attrs, klass)
      attrs = attrs.values if attrs.is_a? Hash
      delete_count = 0
      attrs.each do |item|
        if item[:id]
          if item['_destroy'].present?
            authorize! :destroy, klass.find(item[:id])
            delete_count += 1
          else
            authorize! :update, klass.find(item[:id])
          end
        else
          authorize! :create, klass
        end
      end
      delete_count
    end

  end
end