module Rad::Controller::Authorized
  inherited do
    helper_method :can?, :owner?
  end
  
  module ClassMethods
    def require_permission operation, *args, &object_proc
      operation = operation.must_be.a(String, Symbol).to_s
  
      options = args.extract_options!
      # object_proc = args.size > 0 ? args.first : lambda{}
      object_proc ||= lambda{|controller|}
  
      method = "require_permission_#{operation}"
      define_method method do
        require_permission operation, instance_eval(&object_proc)
      end
      before method, options
    end
  end

  protected
    def can? *args
      rad.user.can? *args
    end          

    def owner? *args
      rad.user.owner? *args
    end

    def login_required
      access_denied! unless rad.user.registered?
    end

    def login_not_required
      raise_user_error t(:login_not_required) if rad.user.registered?
    end

    def require_permission operation, object = nil
      operation = operation.must_be.a(String, Symbol).to_s

      unless rad.user.can? operation, object
        rad.logger.warn "RAD access denied, #{rad.user.name} hasn't rights to #{operation}!"
        access_denied!
      end
    end

    def access_denied!            
      raise_user_error t(:access_denied)
    end
end