require 'digest/sha1'
class User < ActiveRecord::Base
  
  acts_as_authorized_user
  
  has_many :ratings
  has_many :rating_comments
  
  # Virtual attribute for the unencrypted password
  attr_accessor :password
  
  validates_presence_of     :login, :email, :fullname
  validates_presence_of     :password,                   :if => :password_required?
  validates_presence_of     :password_confirmation,      :if => :password_required?
  validates_length_of       :password, :within => 5..40, :if => :password_required?
  validates_confirmation_of :password,                   :if => :password_required?
  validates_length_of       :login,    :within => 3..40
  validates_length_of       :email,    :within => 3..100
  validates_uniqueness_of   :login, :email
  before_save :encrypt_password


  before_create :make_activation_code


  # Authenticates a user by their login name and unencrypted password.  Returns the user or nil.
  def self.authenticate(login, password)    
    # hide records with a nil activated_at
    u = find :first, :conditions => ['login = ? and activated_at IS NOT NULL', login]    
    u && u.authenticated?(password) ? u : nil    
  end

  # Encrypts some data with the salt.
  def self.encrypt(password, salt)
    Digest::SHA1.hexdigest("--#{salt}--#{password}--")
  end

  # Encrypts the password with the user salt
  def encrypt(password)
    self.class.encrypt(password, salt)
  end

  def authenticated?(password)
    crypted_password == encrypt(password)
  end


  # Activates the user in the database.
  def activate
    @activated = true
    update_attributes(:activated_at => Time.now.utc, :activation_code => nil)
  end
  
  # Returns true if the user has just been activated.
  def recently_activated?
    @activated
  end

#   def set_updated
#     @updated = true
#   end
# 
#   def recently_updated?
#     @updated
#   end
#   
  def make_new_password!
    self.password = Digest::SHA1.hexdigest( Time.now.to_s.split('//').sort_by {rand}.join )[0..5]
    self.password_confirmation = self.password
    self.save
  end

  # Handle authorization of user
  def has_role? ( role, authorizable_object = nil )
    return true if role == 'authenticated'  # By default, all instantiated User objects are authenticated
    super
  end
  
protected
  # If you're going to use activation, uncomment this too
  def make_activation_code
    self.activation_code = Digest::SHA1.hexdigest( Time.now.to_s.split('//').sort_by {rand}.join )
  end

  # users are sortable by alpha name ...
  def <=>(other_resource)
    # all refs say $= depricated, but no explanation of what to do instead FIX
    fullname.downcase <=> other_resource.fullname.downcase
  end


  # before filter 
  def encrypt_password
    return if password.blank?
    self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--") if new_record?
    self.crypted_password = encrypt(password)
  end

  def password_required?
    crypted_password.blank? or not password.blank?
  end
end