class UsersController < AdminBaseController
  before_action :set_user, only: [:show, :edit, :update, :destroy, :reset_password, :toggle_enable]

  # GET /users
  # GET /users.json
  def index
    if not current_user.allowed?(:view_users)
      redirect_to "/admin", alert: "你没有权限进入此页面!" and return
    end

    @q = User.ransack(params[:q])
    @q.sorts = "id DESC" if @q.sorts.empty?
    @users = @q.result.page(params[:page])
  end

  # GET /users/1
  # GET /users/1.json
  def show
  end

  # GET /users/new
  def new
    @user = User.new
  end

  # GET /users/1/edit
  def edit
  end

  # POST /users
  # POST /users.json
  def create
    @user = User.new(user_params)

    respond_to do |format|
      if @user.save
        format.html { redirect_to @user, notice: 'user was successfully created.' }
        format.json { render :show, status: :created, location: @user }
      else
        format.html { render :new }
        format.json { render json: @user.errors, status: :unprocessable_entity }
      end
    end
  end

  # PATCH/PUT /users/1
  # PATCH/PUT /users/1.json
  def update
    respond_to do |format|
      if @user.update(user_params)
        format.html do
          if params[:from] == "account_edit"
            redirect_to "/account" and return
          else
            redirect_to @user, notice: 'user was successfully updated.'
          end
        end
        format.json { render :show, status: :ok, location: @user }
      else
        format.html { render :edit }
        format.json { render json: @user.errors, status: :unprocessable_entity }
      end
    end
  end

  def reset_password
    if current_user&.is_admin? && @user.username != 'admin'
      @user.reset_password!
    else
      redirect_to '/admin', warning: "Not allowed!"
    end
  end

  def toggle_enable
    if current_user&.is_admin? && @user.username != 'admin'
      @user.is_enabled = !@user.is_enabled
      @user.save
      redirect_to '/users', warning: I18n.t("back")
    else
      redirect_to '/admin', warning: "Not allowed!"
    end
  end

  # DELETE /users/1
  # DELETE /users/1.json
  def destroy
    if current_user&.is_admin? && @user.username != 'admin'
      @user.destroy
    end
    respond_to do |format|
      format.html { redirect_to users_url, notice: 'user was successfully destroyed.' }
      format.json { head :no_content }
    end
  end

  private
    # Use callbacks to share common setup or constraints between actions.
    def set_user
      @user = User.find(params[:id])
    end

    # Never trust parameters from the scary internet, only allow the white list through.
    def user_params
      params.require(:user).permit(:username, :email, :avatar, :true_name, :client_id, :role_id, :company)
    end
end