module Authz

module SeedAdmin

  # Creates the Controller Action Records needed to authorize the use of the admin
  # @return Collection of the created controller actions
  def self.create_controller_actions!
    Authz::ControllerAction.engine_reachable_controller_actions.each do |controller, actions|
      actions.each do |action|
        Authz::ControllerAction.create!(
          controller: controller,
          action: action)
      end
    end
    Authz::ControllerAction.where('controller LIKE ?', 'authz/%')
  end

  # Creates the business process that will group all the authz controller
  # actions
  # @return the created business process
  def self.create_manage_auth_business_process!
    name = 'Manage Authorization'
    desc = 'A role that is granted this business process will have full access to the Authorization Admin'
    Authz::BusinessProcess.create!(name: name, description: desc)
  end

  # Grants the given controller actions to the given business process
  def self.grant_controller_actions_to_business_process!(business_process, controller_actions)
    business_process.controller_actions << controller_actions
  end

  # Runs the seed process as a DB transaction
  # @ return: the business process
  def self.run!
    ActiveRecord::Base.transaction do
      cas = create_controller_actions!
      bp = create_manage_auth_business_process!
      grant_controller_actions_to_business_process!(bp, cas)
      bp
    end
  end

end

end

namespace :authz do

desc 'Seeds the database with the business processes and controller action records required to authorize the Authz Admin'
task seed_admin: :environment do
  puts 'Creating everything you need to control access to the Authorization Admin...'
  bp = Authz::SeedAdmin.run!
  puts 'Done!'
  puts "Grant the '#{bp.name}' business process to any roles that should have full access to the Authorization Admin."
  puts 'If you have not created a role yet, check the documentation to learn how to do it.'
end

end