class User < ActiveRecord::Base
  include GlobalHelpers

  # Include default devise modules. Others available are:
  # :token_authenticatable, :confirmable,
  # :lockable, :timeoutable and :omniauthable
  devise :invitable, :database_authenticatable, :registerable, :recoverable, :rememberable,
         :trackable, :validatable, :confirmable, :omniauthable, :omniauth_providers => [:shibboleth]

    #associations between tables
    has_many :answers
    has_many :project_groups, :dependent => :destroy
    has_many :user_role_types, through: :user_org_roles
    belongs_to :language

    belongs_to :organisation

    has_many :projects, through: :project_groups do
      def filter(query)
        return self unless query.present?

        t = self.arel_table
        q = "%#{query}%"

        conditions = t[:title].matches(q)

        columns = %i(
          grant_number identifier description principal_investigator data_contact 
        )
        columns = ['grant_number', 'identifier', 'description', 'principal_investigator', 'data_contact']

        columns.each {|col| conditions = conditions.or(t[col].matches(q)) }

        self.where(conditions)
      end
    end

    has_and_belongs_to_many :roles, :join_table => :users_roles

    has_many :plan_sections

    accepts_nested_attributes_for :roles
    attr_accessible :password_confirmation, :encrypted_password, :remember_me, :id, :email,
                    :firstname, :last_login,:login_count, :orcid_id, :password, :shibboleth_id, 
                    :user_status_id, :surname, :user_type_id, :organisation_id, :skip_invitation, 
                    :other_organisation, :accept_terms, :role_ids, :dmponline3, :api_token,
                    :organisation, :language, :language_id

    #validates :email, email: true, allow_nil: true, uniqueness: true

    # FIXME: The duplication in the block is to set defaults. It might be better if
    #        they could be set in Settings::PlanList itself, if possible.
    has_settings :plan_list, class_name: 'Settings::PlanList' do |s|
      s.key :plan_list, defaults: { columns: Settings::PlanList::DEFAULT_COLUMNS }
    end

  ##
  # gives either the name of the user, or the email if name unspecified
  #
  # @param user_email [Boolean] defaults to true, allows the use of email if there is no firstname or surname
  # @return [String] the email or the firstname and surname of the user
  def name(use_email = true)
    if ((firstname.nil? && surname.nil?) || (firstname.strip == "" && surname.strip == "")) && use_email then
      return email
    else
      name = "#{firstname} #{surname}"
      return name.strip
    end
  end

  ##
  # sets a new organisation id for the user
  # if the user has any roles such as org_admin or admin, those are removed
  # if the user had an api_token, that is removed
  #
  # @param new_organisation_id [Integer] the id for an organisation
  # @return [String] the empty string as a causality of setting api_token
  def organisation_id=(new_organisation_id)
    unless self.can_change_org? || new_organisation_id.nil? || self.organisation.nil?
      # rip all permissions from the user
      self.roles.delete_all
    end
    # set the user's new organisation
    super(new_organisation_id)
    self.save!
    # rip api permissions from the user
    self.remove_token!
  end

  ##
  # sets a new organisation for the user
  #
  # @param new_organisation [Organisation] the new organisation for the user
  def organisation=(new_organisation)
    organisation_id = new_organisation.id unless new_organisation.nil?
  end

  ##
  # checks if the user is a super admin
  # if the user has any privelege which requires them to see the super admin page
  # then they are a super admin
  #
  # @return [Boolean] true if the user is an admin
  def can_super_admin?
    return self.can_add_orgs? || self.can_grant_api_to_orgs? || can_change_org?
  end

  ##
  # checks if the user is an organisation admin
  # if the user has any privlege which requires them to see the org-admin pages
  # then they are an org admin
  #
  # @return [Boolean] true if the user is an organisation admin
  def can_org_admin?
    return self.can_grant_permissions? || self.can_modify_guidance? || self.can_modify_templates? || self.can_modify_org_details?
  end

  ##
  # checks if the user can add new organisations
  #
  # @return [Boolean] true if the user can add new organisations
  def can_add_orgs?
    roles.include? Role.find_by(name: constant("user_role_types.add_organisations"))
  end

  ##
  # checks if the user can change their organisation affiliations
  #
  # @return [Boolean] true if the user can change their organisation affiliations
  def can_change_org?
    roles.include? Role.find_by(name: constant("user_role_types.change_org_affiliation"))
  end

  ##
  # checks if the user can grant their permissions to others
  #
  # @return [Boolean] true if the user can grant their permissions to others
  def can_grant_permissions?
    roles.include? Role.find_by(name: constant("user_role_types.grant_permissions"))
  end

  ##
  # checks if the user can modify organisation templates
  #
  # @return [Boolean] true if the user can modify organisation templates
  def can_modify_templates?
    roles.include? Role.find_by(name: constant("user_role_types.modify_templates"))
  end

  ##
  # checks if the user can modify organisation guidance
  #
  # @return [Boolean] true if the user can modify organistion guidance
  def can_modify_guidance?
    roles.include? Role.find_by(name: constant("user_role_types.modify_guidance"))
  end

  ##
  # checks if the user can use the api
  #
  # @return [Boolean] true if the user can use the api
  def can_use_api?
    roles.include? Role.find_by(name: constant("user_role_types.use_api"))
  end

  ##
  # checks if the user can modify their org's details
  #
  # @return [Boolean] true if the user can modify the org's details
  def can_modify_org_details?
    roles.include? Role.find_by(name: constant("user_role_types.change_org_details"))
  end

  ##
  # checks if the user can grant the api to organisations
  #
  # @return [Boolean] true if the user can grant api permissions to organisations
  def can_grant_api_to_orgs?
    roles.include? Role.find_by(name: constant('user_role_types.grant_api_to_orgs'))
  end


  ##
  # checks if the user can grant the api to organisations
  #
  # @return [Boolean] true if the user can grant api permissions to organisations
  def can_grant_api_to_orgs?
    roles.include? Role.find_by(name: constant('user_role_types.grant_api_to_orgs'))
  end

  ##
  # checks what type the user's organisation is
  #
  # @return [String] the organisation type
  def org_type
    org_type = organisation.organisation_type.name
    return org_type
  end

  ##
  # removes the api_token from the user
  # modifies the user model
  def remove_token!
    unless api_token.blank?
      self.api_token = ""
      self.save!
    end
  end

  ##
  # generates a new token for the user unless the user already has a token.
  # modifies the user's model.
  def keep_or_generate_token!
    if api_token.nil? || api_token.empty?
      self.api_token = loop do
        random_token = SecureRandom.urlsafe_base64(nil, false)
        break random_token unless User.exists?(api_token: random_token)
      end
      self.save!
      # send an email to the user to notify them of their new api token
      UserMailer.api_token_granted_notification(self)
    end
  end

  ##
  # updates the user permissions to the new system.
  # the old system only had admin and org-admin roles, which loosely map to the
  # new permissions system.
  def self.update_user_permissions
    admin                   = Role.find_by(name: 'admin')
    org_admin               = Role.find_by(name: 'org_admin')
    add_orgs                = Role.find_by(name: 'add_organisations')
    change_org_affiliation  = Role.find_by(name: 'change_org_affiliation')
    grant_api_to_orgs       = Role.find_by(name: 'grant_api_to_orgs')
    grant_permissions       = Role.find_by(name: 'grant_permissions')
    modify_templates        = Role.find_by(name: 'modify_templates')
    modify_guidance         = Role.find_by(name: 'modify_guidance')
    change_org_details      = Role.find_by(name: 'change_org_details')
    User.includes(:roles).all.each do |user|
      if user.roles.include? admin
        #add admin roles
        user.roles << add_orgs unless user.roles.include? add_orgs
        user.roles << change_org_affiliation unless user.roles.include? change_org_affiliation
        user.roles << grant_api_to_orgs unless user.roles.include? grant_api_to_orgs
        user.roles << grant_permissions unless user.roles.include? grant_permissions
        user.roles.delete(admin)
        user.save!
      end
      if user.roles.include? org_admin
        #add org-admin roles
        user.roles << grant_permissions unless user.roles.include? grant_permissions
        user.roles << modify_templates unless user.roles.include? modify_templates
        user.roles << modify_guidance unless user.roles.include? modify_guidance
        user.roles << change_org_details unless user.roles.include? change_org_details
        user.roles.delete(org_admin)
        # save the user
        user.save!
      end
    end
  end
end