# -*- coding: utf-8 -*-
class AccessController < ApplicationController

  # Авторизация (файл: controllers/application.rb)
  before_filter :isAuthorization

  # Права доступа (файл: controllers/application.rb)
  around_filter :isAccessSuper

  # Конструктор
  before_filter :construct

  def construct
     # класс UserAccessWork находится в controlles/aplications.rb

    # Определяется при авторизации
    @isAdmin = session[:isAdmin].to_s
    @isRead = session[:isRead].to_s
    @isWrite = session[:isWrite].to_s
    @isDelete = session[:isDelete].to_s
    @isSuperUser = session[:isSuperUser].to_s

    # Checking ....
    # параметр d отвечает за название отдела, например 'private', если его нет выводить ошибку
    # if(params[:d]===nil) then @searchDepartment = '' else @searchDepartment = params[:d].gsub(/[^a-z]/, '') end
    if(@isAdmin=='true')
      if(params[:d]===nil) then $department = '' else $department = params[:d].gsub(/[^a-z_]/, '') end
    else
      if(cookies[:sys_dep]===nil) then $department = '' else $department = cookies[:sys_dep].gsub(/[^a-z_]/, '') end
    end
    @employeesAll = EmployeesDB.getEmployees("*", 'true')
    @employeesGroup = EmployeesDB.getEmployees(session[:user_department])
  end



  def index
    @error = ""
    # OLD
    if(@isAdmin!='true')
      if(@isSuperUser=='true')
        if($department!='')
   
          checkDeparment = UserAccessWork.isSetDepAccess($department)
          if(checkDeparment == false)
            redirect_to :action => "error", :code=>2
          else
            redirect_to :action => "edit", :d => $department, :id => $department
          end

        else
          redirect_to :action => "error", :code=>1
        end
      else
        redirect_to :action => "error", :code=>0
      end
    end

  end

  def edit
    Employee.current_user = Employee.find(session[:user_id]) unless session[:user_id].nil?
    @employee = Employee.current_user
    accesses=@employee.accesses.select{|i| i.department == $department}
    if accesses.size > 0 && accesses[0].access_admin != 1 && accesses[0].access_superuser != 1
      redirect_to :action => "error", :code=>2
    else
      @accesses = Access.find(:all, :conditions =>"department = '#{$department}'", :order =>"empl_name")
    end
  end
  
  def save
    $department = params[:department]
    params[:accesses].each do |acc_id, accs|
      access = Access.find acc_id
      access.update_attributes(:access_read => accs[:access_read], :access_write =>  accs[:access_write], :access_delete =>  accs[:access_delete], :access_superuser => accs[:access_superuser])
    end
    #Новый сотрудник
    if params[:new_employee] && params[:new_employee][:empl_id].to_i != 0
      accs = params[:new_employee]
      @new_access=Access.new(:empl_id => accs[:empl_id], :department => $department, :access_read => accs[:access_read], :access_write =>  accs[:access_write], :access_delete =>  accs[:access_delete], :access_superuser => accs[:access_superuser])
      if Access.find(:all, :conditions=>"empl_id = #{@new_access.empl_id} AND department = '#{$department}'").size == 0
        @new_access.save
      else
        flash[:error] = "У нового сотрудника уже есть права"
    end
    end
    
    redirect_to :action => "edit", :d => $department, :id => $department
  end







  def error
    code = params[:code].gsub(/[^0-9]/, '')

    # Ошибки
    @error = 'Ошибка код: 111.'
    if(code.to_s == '0') then @error = "У вас недостаточно прав для просмотра этой страницы!" end
    if(code.to_s == '1') then @error = "Ошибка код: 112." end
    if(code.to_s == '2') then @error = "Ошибка код: 114." end
    
  end







end