module LoginSystem

def self.included(base) 

def self.included(base)
  base.extend ClassMethods
  base.class_eval do
      prepend_before_action :authenticate
      prepend_before_action :authorize
    helper_method :current_user
  end
end

def authenticate 

def authenticate
  #puts _process_action_callbacks.map(&:filter)
  if current_user
    session['user_id'] = current_user.id
    true
  else
    session[:return_to] = request.original_url
    respond_to do |format|
      format.html { redirect_to login_url }
      format.any(:xml,:json) { request_http_basic_authentication }
    end
    false
  end
end

def authorize 

def authorize
  #puts _process_action_callbacks.map(&:filter)
  action = action_name.to_s.intern
  if user_has_access_to_action?(action)
    true
  else
    permissions = self.class.controller_permissions[action]
    flash[:error] = permissions[:denied_message] || 'Access denied.'
    respond_to do |format|
      format.html { redirect_to(permissions[:denied_url] || { :action => :index }) }
      format.any(:xml, :json) { head :forbidden }
    end
    false
  end
end

def current_user 

def current_user
  @current_user ||= (login_from_session || login_from_cookie || login_from_http)
end

def current_user=(value=nil) 

def current_user=(value=nil)
  if value && value.is_a?(User)
    @current_user = value
    session['user_id'] = value.id
  else
    @current_user = nil
    session['user_id'] = nil
  end
  @current_user
end

def login_from_cookie 

def login_from_cookie
  if !cookies[:session_token].blank? && user = User.find_by_session_token(cookies[:session_token]) # don't find by empty value
    user.remember_me
    set_session_cookie(user)
    user
  end
end

def login_from_http 

def login_from_http
  if [Mime[:xml], Mime[:json]].include?(request.format)
    authenticate_with_http_basic do |user_name, password|
      User.authenticate(user_name, password)
    end
  end
end

def login_from_session 

def login_from_session
  User.unscoped.find(session['user_id']) rescue nil
end

def set_session_cookie(user = current_user) 

def set_session_cookie(user = current_user)
  cookies[:session_token] = { :value => user.session_token , :expires => (Time.now + ((TrustyCms::Config['session_timeout'].to_i)/86400).days).utc }
end

def user_has_access_to_action?(action) 

def user_has_access_to_action?(action)
  self.class.user_has_access_to_action?(current_user, action, self)
end