module MasterView
  module Admin
    
    # This module is mixed into the MasterView Admin Controller to provide the default
    # authorization for MasterView admin page access.
    #
    # The authorization method must be a predicate named allow_access?.
    # The mixin is included in an ApplicationController subclass
    # and thus may access all services available to controllers
    # in your application.
    #
    # To override this method, create a module with your auth_check predicate
    # and configure the load specification setting in the config.admin_auth_mixin.
    # Default if not specified is to load admin_auth_mixin.rb from the rails
    # app/masterview directory, if present, and install mixin module MasterViewAdminAuthMixin.
    #
    # example: 
    #
    ##config.admin_auth_mixin = {
    #   :file => 'admin_auth_mixin', # require file in app/masterview unless alt :file_loc context specified
    #   :file_loc => nil,
    #   :module => :MasterViewAdminAuthMixin, # module to mix in to MasterView controller
    # }
    #
    module AuthMixin

      MasterView::Log.info { 'Using default admin_auth mixin for MasterView admin (local requests only)' }

      protected

      # Check that the current user has authorization to access admin operations.
      #
      # Default implementation of authorization check
      # restricts access to requests from the local machine (developer testing).
      #
      # An application with a user authorization scheme might do something like
      # verifying that an authenticated login is available and that the current
      # user has permission to perform admin operations:
      #
      #    current_user && user_has_perm?('mv-admin')
      # 
      def allow_access?
        # default only allow for developer testing on local machine
        local_request?
      end

    end
  end
end