class User < ApplicationRecord
  include AccessControlValidations
  rolify
  devise :database_authenticatable, :registerable, :recoverable, :rememberable, :validatable
  has_many :access_periods, dependent: :destroy
  accepts_nested_attributes_for :access_periods, allow_destroy: true
  after_create :assign_default_role
  before_update :handle_access_revocation

  validate :password_complexity

  # Callback to update the admin attribute based on Rolify role
  before_save :update_admin_attribute

  # Override Devise method to consider access_revoked
  def active_for_authentication?
    super && !access_revoked && allowed_to_login?
  end

  def admin?
    has_role?(:admin)
  end

  private

  def assign_default_role
    self.add_role(:user) unless self.has_any_role?
  end

  def password_complexity
    return if password.blank? || password =~ /(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9]).{8,}/
    errors.add :password, 'Complexity requirement not met. Length should be 8 characters and include: 1 uppercase, 1 lowercase, and 1 digit'
  end

  def update_admin_attribute
    self.admin = has_role?(:admin)
  end

  def allowed_to_login?
    # Assuming 'suspended' is a role that should not log in
    !has_role?(:suspended)
  end

  def handle_access_revocation
    if access_revoked_changed? && access_revoked
      access_periods.find_or_initialize_by(end_date: nil).update(end_date: Date.today)
    elsif access_revoked_changed? && !access_revoked
      access_periods.create(start_date: Date.today)
    end
  end

end