class Ability
  include CanCan::Ability
  D_ENUM =  []

  def initialize(user)
    # Define abilities for the passed in user here. For example:
    #
    #   user ||= User.new # guest user (not logged in)
    #   if user.admin?
    #     can :manage, :all
    #   else
    #     can :read, :all
    #   end
    if user

      can :dashboard # allow access to dashboard
      can :access, :rails_admin # only allow admin users to access Rails Admin
      cannot :history, :all
      cannot :import, :all
      cannot :export, :all
      cannot :destroy, :all
      if user.email == AdminUser::SUPER_ADMIN
        can :manage, :all
        can :import, :all
        # can :export, :all
        # can :read, :all
        # can :destroy, :all
        # can :create, :all
        # can :update, :all
      else
        D_ENUM.clear
        departs = AdminDepart.find_by_sql("select depart_record_id from admin_departs where admin_user_id = #{user.id}")
        departs.each do |dep|
          D_ENUM.push(dep.depart_record_id)
        end
        user.permissions.each do |permission|
          if ['Order', 'WxUser','ShopApplication','BalanceOrder','OrderDetail'].include?(permission.model)
            if D_ENUM.length==0
              eval "can :#{permission.can}, #{permission.model}"
            else
               eval "can :#{permission.can}, #{permission.model},:depart => #{D_ENUM}"
            end
          else
            eval "can :#{permission.can}, #{permission.model}"
           end
        end 
                     
        can :update, AdminUser, :id => user.id
        can :read, AdminUser, :id => user.id

        cannot :history, :all
        # cannot :destroy, ChannelQrcode        
        # cannot :refund_at_once, Project
        # cannot :destroy, ["ProductAttr", "ProductAttrKey", "ProductAttrValue"]
        # cannot :delete, ["ProductAttr", "ProductAttrKey", "ProductAttrValue"]
        # cannot :export, ["ProductAttr", "ProductAttrKey", "ProductAttrValue"]
      end
      #cannot :destroy, DianshiOrder
      # cannot :new, DianbiOrder
      # cannot :new, VipOrder
      # cannot :new, DianshiOrder
      # cannot :update, User
      # cannot :generate_analyze_report_record, AnalyzeReport
      # can :generate_analyze_report_record, AnalyzeReport, :remark => "当前汇总"
    end
    #
    # The first argument to `can` is the action you are giving the user
    # permission to do.
    # If you pass :manage it will apply to every action. Other common actions
    # here are :read, :create, :update and :destroy.
    #
    # The second argument is the resource the user can perform the action on.
    # If you pass :all it will apply to every resource. Otherwise pass a Ruby
    # class of the resource.
    #
    # The third argument is an optional hash of conditions to further filter the
    # objects.
    # For example, here the user can only update published articles.
    #
    #   can :update, Article, :published => true
    #
    # See the wiki for details:
    # https://github.com/CanCanCommunity/cancancan/wiki/Defining-Abilities
  end
end