# -*- coding: utf-8 -*-
""" authentication

    user identification and role

"""
from gluon.tools import Auth


#
# User logging
# Approval is required for newly registered users
#
auth = Auth(db, hmac_key=Auth.get_or_create_key())

auth.define_tables(migrate=MIGRATE_USER)
auth.settings.create_user_groups = False
auth.settings.mailer = None
auth.settings.registration_requires_approval = True
auth.settings.registration_requires_verification = False
auth.settings.remember_me_form = False
auth.settings.reset_password_requires_verification = True

# go to the login page after change password, logout and registration
auth.settings.change_password_next = URL('user', args='login')
auth.settings.logout_next = URL('user', args='login')
auth.settings.register_next = URL('user', args='login')

# create user and admin groups
if not db(db.auth_group.id).count():
    db.auth_group.insert(id=ID_ADMIN, role=ADMIN, description=T(DEF_ADMIN))
    db.auth_group.insert(id=ID_USER, role=USER, description=T(DEF_USER))

# Newly registered users go in the user group
auth.settings.everybody_group_id = ID_USER

# The first user is auto approved and get all privilege (admin)
if not db(db.auth_user.id).count():
    auth.settings.everybody_group_id = ID_ADMIN
    auth.settings.registration_requires_approval = False

# tune authentication fields for the extJS interface
db.auth_user.registration_key.readable = True
db.auth_user.registration_key.writable = True

db.auth_membership.user_id.label = 'User'
db.auth_membership.group_id.label = 'Group'

db.auth_membership.user_id.requires = \
IS_IN_DB(db, 'auth_user.last_name')

# HACK
# JSON conversion of datetime failed in the action plugin_dbui.dbui_conf
# Convert the date in advance help
# TODO: implement a proper datetime conversion when running json.dumps()
db.auth_event.time_stamp.default = db.auth_event.time_stamp.default.isoformat()
db.auth_cas.created_on.default = db.auth_cas.created_on.default.isoformat()