sanger/sequencescape

# frozen_string_literal: true
class Admin::UsersController < ApplicationController
  # WARNING! This filter bypasses security mechanisms in rails 4 and mimics rails 2 behviour.
  # It should be removed wherever possible and the correct Strong  Parameter options applied in its place.
  before_action :evil_parameter_hack!
  before_action :setup_user, only: %i[edit show grant_user_role remove_user_role]
  authorize_resource

  def index
    @users = User.order(:login)
  end

  def show; end
  def edit
    @all_roles = Role.keys
    @users_roles = @user.study_and_project_roles.order(name: :asc)
    @studies = Study.order(:id)
    @projects = Project.order(:id)

    respond_to do |format|
      format.js
      format.html
    end
  end

  def switch
    session[:user] = params[:id]
    redirect_to studies_url
  end

  def update # rubocop:todo Metrics/AbcSize, Metrics/MethodLength
    @user = User.find(params[:id])
    Role.general_roles.each do |role|
      params[:role] && params[:role][role.name] ? @user.grant_role(role.name) : @user.remove_role(role.name)
    end

    @user.update(params[:user]) if @user.id == params[:id].to_i
    if @user.save
      flash[:notice] = 'Profile updated'
    else
      flash[:error] = 'Problem updating profile'
    end
    redirect_to profile_path(@user)
  end

  def grant_user_role # rubocop:todo Metrics/AbcSize, Metrics/MethodLength
    if request.xhr?
      if params[:role]
        authorizable_object =
          if params[:role][:authorizable_type] == 'Project'
            Project.find(params[:role][:authorizable_id])
          else
            Study.find(params[:role][:authorizable_id])
          end
        @user.grant_role(params[:role][:authorizable_name].to_s, authorizable_object)
        @users_roles = @user.study_and_project_roles.order(name: :asc)

        flash[:notice] = 'Role added' # rubocop:disable Rails/ActionControllerFlashBeforeRender
        render partial: 'roles', status: 200
      else
        @users_roles = @user.study_and_project_roles.order(name: :asc)
        flash[:error] = 'A problem occurred while adding the role' # rubocop:disable Rails/ActionControllerFlashBeforeRender
        render partial: 'roles', status: 500
      end
    else
      @users_roles = @user.study_and_project_roles.sort_by(&:name)
      flash[:error] = 'A problem occurred while adding the role'
      render partial: 'roles', status: 401
    end
  end

  def remove_user_role # rubocop:todo Metrics/AbcSize, Metrics/MethodLength
    if request.xhr?
      if params[:role]
        authorizable_object =
          if params[:role][:authorizable_type] == 'project'
            Project.find(params[:role][:authorizable_id])
          else
            Study.find(params[:role][:authorizable_id])
          end
        @user.remove_role(params[:role][:authorizable_name].to_s, authorizable_object)
        @users_roles = @user.study_and_project_roles.order(name: :asc)

        flash[:error] = 'Role was removed' # rubocop:disable Rails/ActionControllerFlashBeforeRender
        render partial: 'roles', status: 200
      else
        @users_roles = @user.study_and_project_roles.order(name: :asc)
        flash[:error] = 'A problem occurred while removing the role' # rubocop:disable Rails/ActionControllerFlashBeforeRender
        render partial: 'roles', status: 500
      end
    else
      @users_roles = @user.study_and_project_roles.order(name: :asc)
      flash[:error] = 'A problem occurred while removing the role'
      render partial: 'roles', status: 401
    end
  end

  def filter
    if params[:q]
      @users =
        User
          .order(:login)
          .where(
            'first_name LIKE :query OR last_name LIKE :query OR login LIKE :query',
            query: "%#{params[:q].downcase}%"
          )
    end

    render partial: 'users', locals: { users: @users }
  end

  private

  def setup_user
    @user = User.includes(:roles).find(params[:id])
  end
end