# frozen_string_literal: true

# License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later
class Role < ApplicationRecord
  Names = [
    :super_admin, # global access
    :super_associate,      # global access to everything except bank acct info
    :nonprofit_admin,      # npo scoped access to everything
    :nonprofit_associate,  # npo scoped access to everything except bank acct info
    :campaign_editor,      # fundraising tools, without dashboard access
    :event_editor          # //
  ].freeze

  # TODO:
  # attr_accessible \
  #   :name,
  #   :user_id, :user,
  #   :host, :host_id, :host_type # nil, "Nonprofit", "Campaign", "Event"

  belongs_to :user
  belongs_to :host, polymorphic: true

  scope :super_admins, -> { where(name: :super_admin) }
  scope :super_associate, -> { where(name: :super_associate) }
  scope :nonprofit_admins, -> { where(name: :nonprofit_admin) }
  scope :nonprofit_personnel, -> { where(name: %i[nonprofit_associate nonprofit_admin]) }
  scope :campaign_editors, -> { where(name: :campaign_editor) }
  scope :event_editors, -> { where(name: :event_editor) }

  validates :user, presence: true
  validates :name, inclusion: { in: Names }
  validates :host, presence: true, unless: %i[super_admin? super_associate?]

  def name
    super.to_sym
end

  def super_admin?
    name == :super_admin
end

  def super_associate?
    name == :super_associate
end

  def self.create_for_nonprofit(role_name, email, nonprofit)
    user = User.find_or_create_with_email(email)
    role = Role.create(user: user, name: role_name, host: nonprofit)
    return role unless role.valid?

    if user.confirmed?
      NonprofitAdminMailer.delay.existing_invite(role)
    else
      NonprofitAdminMailer.delay.new_invite(role, user.make_confirmation_token!)
    end
    role
  end
end