class BulletTrain::Platform::ConnectionWorkflow

def to_proc

def to_proc
  proc do
    # Load the platform application in question.
    # TODO Do we need to check the client secret or does Doorkeeper do that for us?
    @application = Platform::Application.find_by(uid: params[:client_id])
    # If the user is current signed in.
    if current_user
      # If the client application is opting into a team-level connection instead of a user-level connection, they have
      # to select a team.
      if params[:new_installation]
        # If they selected a team on the team selection page.
        if params[:team_id]
          # Load the selected team.
          team = Team.find(params[:team_id])
          # Throw an error if they aren't allowed to create connections on this team.
          authorize! :connect, team
          # Create a faux membership and user that represent this connection.
          # We have to do this because all our permissions are based on users, so team-level connections need a user.
          faux_password = SecureRandom.hex
          faux_user = User.create(
            email: "noreply+#{SecureRandom.hex}@bullettrain.co",
            password: faux_password,
            password_confirmation: faux_password,
            platform_agent_of: @application,
            first_name: @application.name
          )
          faux_membership = team.memberships.create(
            user: faux_user,
            platform_agent: true,
            platform_agent_of: @application,
            added_by: team.memberships.find_by(user: current_user)
          )
          faux_membership.roles << Role.admin
          # We're done! Return the user, it'll be associated with the access grant and subsequent access token.
          faux_user
        else
          # Show them a list of all their teams.
          # We'll disable the teams they can't create connections for in the view.
          @teams = current_user.teams
          render "account/platform/connections/new"
        end
      else
        # If the client application isn't specifically opting into a team-level installation, just connect on behalf of the user.
        current_user
      end
    else
      # If they're not signed in, redirect them to the sign in page and set a return URL via params.
      # This is a crazy workaround for the fact that Safari doesn't let us create a session at the same time we redirect.
      redirect_to new_user_session_path(return_url: request.url)
    end
  end
end