#--
# Copyright (c) 2007 Robert S. Thau, Smartleaf, Inc.
# 
# a copy of this software and associated documentation files (the
# "Software"), to deal in the Software without restriction, including
# without limitation the rights to use, copy, modify, merge, publish,
# distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so, subject to
# the following conditions:
# 
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
# 
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#++
class UsersController < GenericRestController

  layout "admin"
  include ERB::Util             # for html_escape
  resources_controller_for :users

  def acting_as_user
    User.acting_as_user_of_record do
      @users = User.all_permitting :act_as
      if !@users.include?( User.current )
        @users = [ User.current ] + @users
      end
      @users = @users.sort_by &:search_name
      if request.post?
        assume_alias( User.find( params[:user_id].to_i ))
        flash[:notice] = "Now acting as #{html_escape User.current.name}"
        redirect_to :action => 'acting_as_user'
      end
    end
  end

  # Resources_controller doesn't turn off layouts for fubar.js.erb,
  # so we have to do it here.  Grumpf.

  def show
    self.resource = find_resource

    respond_to do |format|
      format.html # show.rhtml
      format.js   { render :layout => false }
      format.xml  { render :xml => resource.to_xml }
    end
  end

  def edit
    self.resource = find_resource
    respond_to do |format|
      format.html
      format.js { render :layout => false }
    end
  end

  def update
    self.resource = find_resource

    respond_to do |format|
      if resource.update_attributes(params[resource_name])
        format.html do
          flash[:notice] = 
             "#{resource_name.humanize} was successfully updated."
          redirect_to resource_url
        end
        format.js   { render :layout => false }
        format.xml  { head :ok }
      else
        format.html { render :action => "edit" }
        format.js   { render :action => "edit", :layout => false }
        format.xml  { render :xml => resource.errors.to_xml, 
                         :status => :unprocessable_entity }
      end
    end
  end

  protected

  def find_resources
    User.all_permitting :administer
  end

  def new_resource( attributes = params[:user] )

    user = set_instance_vars_for( User.new )

    # Setting firm before other attrs gets perms right more often
    # on create... at least if there can be only one!

    if @firms.size == 1
      user.firm = @firms.first
    end

    user.attributes = attributes unless attributes.nil?
    return user

  end

  def find_resource( id = params[:id] )
    set_instance_vars_for( User.find( id ).check_permission!( :administer ))
  end

  def set_instance_vars_for( user )

    @firms = user.permitted_associates :firm
    @roles = Role.all_permitting :assign

    if @firms.size == 1
      user.firm = @firms.first
    end

    return user

  end

end