orbit4-5/app/controllers/admin/authorizations_controller.rb

class Admin::AuthorizationsController < OrbitAdminController
  prepend_before_filter :admin_or_manager
  layout "back_end"

  def index
  	@module_apps ||= ModuleApp.any_of({authorizable: true}).order_by([:title, :asc])
    if @module_apps && @module_apps.include?(@module_app)
      reload_users
      if (@module_app.categorizable || @module_app.categories.present?)
        @objects = @module_app.categories.order_by(:disable.asc) rescue nil
      end
    elsif @module_apps && @module_app.key == "authorization"
        redirect_to admin_authorizations_path(@module_apps.first.key)
    else
        redirect_to  :root
    end
  end

  def add_users
    users = User.find(params[:user_ids]) rescue nil
    unless users.nil?
      authorization = users.map {|u| get_or_create_authorization(u)}.first
    end
   reload_users
    render 'admin/authorizations/reload_users'
  end

  def add_roles
    roles = Role.find(params[:role_ids]) rescue nil
    unless roles.nil?
      authorization = roles.map { |r| get_or_create_authorization_with_role(r)}.first
    end
   reload_users
    render 'admin/authorizations/reload_users'
  end

  def modal_select
    roles = Role.all
    @authorization_type = params[:authorization_type]
    if @authorization_type == "sub_managers"
      @object = Category.find(params[:category_id])
      @sub_mangers = Authorization.category_sub_managers(@object)
      @sorted_users = roles.inject({}) do |users, role|
        users_for_role = role.member_profiles.select {|m| !m.user.is_admin? if m.user}.map {|u| u.user}
        users[role] = users_for_role - @sub_mangers
        users
      end
    else
      @sorted_users = roles.inject({}) do |users, role|
        users_for_role =  role.member_profiles.select {|m| !m.user.is_admin? if m.user}.map {|u| u.user}
        users[role] = users_for_role - @module_app.module_managers
        users
      end
    end
    render :layout => false
  end

  def remove_users
    @users = User.find(params[:user_ids]) rescue []
    unless @users.blank?
      authorization = @users.map {|u| remove_authorizations(u)}.first
    end
    roles = Role.find(params[:role_ids]) rescue []
    unless roles.blank?
      roles.each{|r| remove_authorizations_with_role(r)}
    end
    reload_users
    render 'admin/authorizations/reload_users'
  end
  

  protected

  def get_or_create_authorization(user)
    case params[:authorization_type]
    when "sub_managers"
        remove_from_manager(user) if user.is_manager?(@module_app)
        @object = Category.find(params[:category_id])
       Authorization.create_category_authorization(@module_app.id, @object.id, user.id)
    when "managers"
      remove_from_sub_manager(user) if user.is_sub_manager?(@module_app)
      Authorization.create_module_authorization(@module_app.id, user.id)
    end
  end

  def remove_authorizations(user)
    case params[:authorization_type]
    when "sub_managers"
      if params[:category_id] == "all"
        remove_from_sub_manager(user)
      else
        @object = Category.find(params[:category_id])
        Authorization.remove_category_authorization(@object.id, user.id)
      end
    when "managers"
      Authorization.remove_module_authorization(@module_app.id, user.id)
    end
  end

  def remove_authorizations_with_role(role)
    case params[:authorization_type]
    when "sub_managers"
      if params[:category_id] == "all"
        remove_from_sub_manager_with_role(role)
      else
        @object = Category.find(params[:category_id])
        Authorization.remove_category_authorization_with_role(@object.id, role.id)
      end
    when "managers"
      Authorization.remove_module_authorization_with_role(@module_app.id, role.id)
    end
  end

  def remove_from_sub_manager(user)
    categories = @module_app.categories.authorized(user)
    categories.each do |c|
       Authorization.remove_category_authorization(c.id, user.id)
    end
  end

   def remove_from_sub_manager_with_role(role)
    categories = role.approved_categories_for_module(@module_app)
    categories.each do |c|
       Authorization.remove_category_authorization_with_role(c.id, role.id)
    end
  end

  def remove_from_manager(user)
     Authorization.remove_module_authorization(@module_app.id, user.id)
  end

   def remove_from_manager_with_role(role)
     Authorization.remove_module_authorization_with_role(@module_app.id, role.id)
  end

  def get_or_create_authorization_with_role(role)
    case params[:authorization_type]
    when "sub_managers"
        remove_from_manager_with_role(role) if role.is_manager_for?(@module_app)
        @object = Category.find(params[:category_id])
        Authorization.create_category_authorization_with_role(@module_app.id, @object.id, role.id)
    when "managers"
        remove_from_sub_manager_with_role(role) if role.is_sub_manager_for?(@module_app)
        Authorization.create_module_authorization_with_role(@module_app.id,role.id)
    end
  end


  def reload_users
    @managers = @module_app.managers rescue []
    @sub_managers = @module_app.sub_managers rescue []
    manager_roles = @module_app.role_managers.collect{|r| Role.find(r)} rescue []
    sub_manager_roles = @module_app.role_sub_managers rescue []
    @managers = @managers.concat(manager_roles)
    @sub_managers  = @sub_managers.concat(sub_manager_roles)
  end
  

  private

  def admin_or_manager
    @override_can_use = true
    setup_vars   
    authenticate_user
    current_user.is_manager?(@module_app) unless current_user.is_admin?
  end

  def setup_vars
    @module_app = ModuleApp.find_by(key: params[:module]) if params[:module]
  end
end