Orbit/app/controllers/admin/authorizations_controller.rb

class Admin::AuthorizationsController < OrbitBackendController

  before_filter :admin_or_manager
   
  def index
    @module_apps ||= ModuleApp.where(is_authorizable: true).order_by([:title, :asc])
    if @module_apps && @module_apps.include?(@module_app)
      case @type
      when 'category'
        type = 'submit'
      when 'approval'
        type = 'fact_check'
      else
        @users = @module_app.managing_users
      end
      if type
        if @module_app.has_category
          @categories = @module_app.categories
          unless @categories.blank?
            @category ||= @categories.first
            @users = @category.get_object_auth_by_title("#{type}_#{@module_app.key}").auth_users
          else
            @error = t(:no_category)
          end
        else
          @error = t(:no_category)
        end
      end
    elsif @module_apps
      @module_app = @module_apps.first
      redirect_to admin_authorizations_url(@module_app.key)
    else
      redirect_to :root
    end
  end

  def add(users)
    unless users.blank?
      case @type
      when 'category'
        type = 'submit'
      when 'approval'
        type = 'fact_check'
      else
        add_managers(users) unless users.blank?
      end
      if type
        if @category
          object_auth = @category.get_object_auth_by_title("#{type}_#{@module_app.key}")
          add_users_to_object_auth(object_auth, users)
        else
          @error = t(:no_category)
        end
      end
    end
    @users = users 
    render 'admin/authorizations/insert_users'
  end

  def add_users
    users = User.find(params[:user_ids]) rescue []
    add(users)
  end

  def add_roles
    roles = Role.find(params[:role_ids]) rescue []
    users = roles.inject([]) do |users, role|
      users += role.users.all.entries
      users
    end
    add(users)
  end

  def modal_select
    existing_users = User.find(params[:ids]) rescue []
    roles = Role.all
    case @type
    when 'category', 'approval'
      @category_id = @category.id if @category
      @sorted_users = roles.inject({}) do |users, role|
        users[role] = role.users.where(admin: false).not_guest_user - existing_users - @module_app.managing_users
        users
      end
    else
      @sorted_users = roles.inject({}) do |users, role|
        users[role] = role.users.where(admin: false).not_guest_user - existing_users
        users
      end
    end
  end

  def remove_users
    @users = User.find(params[:ids]) rescue []
    unless @users.blank?
      case @type    
      when 'category'
        type = 'submit'
      when 'approval'
        type = 'fact_check'
      else
        remove_managers(@users)
      end
      if type
        object_auth = @category.get_object_auth_by_title("#{type}_#{@module_app.key}")
        remove_users_form_object_auth(object_auth, @users)
      end
    end
    render 'admin/authorizations/remove_users'
  end
  
  protected

  def add_managers(users)
    users.each do |user|
      @module_app.assign_manager(user, current_user)
    end
  end

  def add_users_to_object_auth(object_auth, users)
    users.each do |user|
      object_auth.add_user_to_privilege_list(user)
    end
  end

  def remove_managers(users)
    users.each do |user|
      @module_app.remove_manager(user)
    end
  end

  def remove_users_form_object_auth(object_auth, users)
    users.each do |user|
      object_auth.remove_user_from_privilege_list(user)
    end
  end

  private

  def admin_or_manager
    setup_vars   
    authenticate_user!
    user_is_manager?
  end

  def setup_vars
    @module_app = ModuleApp.first(conditions: {:key => params[:module]} ) if params[:module]
    @category = Category.find(params[:id]) rescue nil
    @type = params[:type]
  end

  def user_is_manager?
    unless is_admin?
      @module_apps = current_user.managed_module_apps
      redirect_to :root if @module_apps.blank?
    end
  end
end