module LoginSystem

def self.included(base)
  base.extend ClassMethods
  base.class_eval do
    #prepend_before_action :authenticate
    #prepend_before_action :authorize
    #helper_method :current_user
  end
end

def authenticate
  #puts _process_action_callbacks.map(&:filter)
  # if current_user
  #   session['user_id'] = current_user.id
  #   true
  # else
  #   session[:return_to] = request.original_url
  #   respond_to do |format|
  #     format.html { redirect_to login_url }
  #     format.any(:xml,:json) { request_http_basic_authentication }
  #   end
  #   false
  # end
  true
end

def authorize
  #puts _process_action_callbacks.map(&:filter)
  # action = action_name.to_s.intern
  # if user_has_access_to_action?(action)
  #   true
  # else
  #   permissions = self.class.controller_permissions[action]
  #   flash[:error] = permissions[:denied_message] || 'Access denied.'
  #   respond_to do |format|
  #     format.html { redirect_to(permissions[:denied_url] || { :action => :index }) }
  #     format.any(:xml, :json) { head :forbidden }
  #   end
  #   false
  # end
  true
end

def login_from_cookie
  if !cookies[:session_token].blank? && user = User.find_by_session_token(cookies[:session_token]) # don't find by empty value
    user.remember_me
    set_session_cookie(user)
    user
  end
end

def login_from_http
  if [Mime[:xml], Mime[:json]].include?(request.format)
    authenticate_with_http_basic do |user_name, password|
      User.authenticate(user_name, password)
    end
  end
end

def login_from_session
  User.unscoped.find(session['user_id']) rescue nil
end

def set_session_cookie(user = current_user)
  cookies[:session_token] = { :value => user.session_token , :expires => (Time.now + ((TrustyCms::Config['session_timeout'].to_i)/86400).days).utc }
end

def user_has_access_to_action?(action)
  self.class.user_has_access_to_action?(current_user, action, self)
end