#--
# Copyright (c) 2007 Robert S. Thau, Smartleaf, Inc.
# 
# a copy of this software and associated documentation files (the
# "Software"), to deal in the Software without restriction, including
# without limitation the rights to use, copy, modify, merge, publish,
# distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so, subject to
# the following conditions:
# 
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
# 
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#++
class OrdersController < GenericRestController

  resources_controller_for :orders
  layout "admin"

  def show
    super
    set_current_order( resource )
  end

  helper_method :resource_class

  protected

  def find_resources
    Order.all_permitting :find, :order => "created_at desc"
  end

  # Here's a messy corner case:  
  #
  # Users have permission to edit only their unpaid orders.
  # When they pay, they lose that permission.  But, if they
  # thereby lose :update permission, then they can't *save*
  # the paid version of the order.  So, for orders, update
  # and edit permissions are different, and we can't automatically
  # infer one from the other in the "generic" way.  Thus...

  def can_edit?( order )
    order.permits?( :update )
  end

  # Fake out the generic UI --- even when users *can* create an
  # order, we don't want them doing it here...

  def can_create?; false; end

end