the_auctionhouse/src/lib/db_models.rb

# User model
class User < EntityModel 
	attr_reader :email, :name, :bio_text, :balance, :avatar_url, :pw_hash, :reputation

	def initialize(data)
		super data
		@email = data["email"]
		@name = data["name"]
		@bio_text = data["bio_text"]
		@balance = data["balance"].to_f
		@avatar_url = data["avatar_url"]
		@reputation = data["reputation"].to_i
		@pw_hash = data["pw_hash"]
	end

	def avatar
		return @avatar_url
	end

	def role
		return Role.find_by_id( ROLES[:admin][:id] ).name if self.admin?

		user_roles = self.roles
		if user_roles.length > 0 then
			role = user_roles.max_by { |role| role.flags }
			return role.name 
		end
		return ""
	end

	def role_ids
		User_Role_relation.get_user_roles_ids @id
	end

	def roles
		User_Role_relation.get_user_roles @id
	end

	def rep_score
		return BAD_REP if @reputation < 0
		return GOOD_REP if @reputation > 0
		return NEUTRAL_REP 
	end

	def bio_html
		md_parser = Redcarpet::Markdown.new(Redcarpet::Render::HTML)
		md_parser.render @bio_text
	end

	def reputation_text
		sign = @reputation > 0 ? "+" : ""	
		return "#{sign}#{@reputation}"
	end

	def reputation=(val)
		val = val.clamp MIN_REP, MAX_REP
		@reputation = val
		User.update({reputation: val}, "id = ?", @id)
	end

	def balance=(val)
		val = val >= 0 ? val : 0
		@balance = val
		User.update({balance: val}, "id = ?", @id)
	end

	def update_creds(data)
		# Validate input
		return false, SETTINGS_ERRORS[:name_len] unless data[:name].length.between?(MIN_NAME_LEN, MAX_NAME_LEN)
		return false, SETTINGS_ERRORS[:bio_len] unless data[:bio_text].length.between?(MIN_BIO_LEN, MAX_BIO_LEN)

		# Filter unchanged data
		data.keys.each do |k|
			data.delete(k) if @data[k.to_s] == data[k]
		end
		User.update(data, "id = ?", @id) unless data.length < 1
		return true, nil
	end

	# Find user by email, same as above but for emails.
	def self.find_by_email(email)
		data = self.get("*", "email = ?", email).first
		data && User.new(data)
	end

	def self.validate_register_creds(email, name, password, password_confirm)
		# Field check
		check_all_fields = email != "" && name != "" && password != "" && password_confirm != ""

		# Check email
		check_email_dupe = self.find_by_email(email) == nil
		check_email_valid = email.match(EMAIL_REGEX) != nil 

		# Name
		check_name_len = name.length.between?(MIN_NAME_LEN, MAX_NAME_LEN)

		# Password
		check_pass_equals = password == password_confirm
		check_pass_len = password.length >= MIN_PASSWORD_LEN 

		# This code is really ugly
		return false, REGISTER_ERRORS[:fields] unless check_all_fields
		return false, REGISTER_ERRORS[:email_dupe] unless check_email_dupe
		return false, REGISTER_ERRORS[:email_fake] unless check_email_valid
		return false, REGISTER_ERRORS[:name_len] unless check_name_len
		return false, REGISTER_ERRORS[:pass_notequals] unless check_pass_equals
		return false, REGISTER_ERRORS[:pass_len] unless check_pass_len
		return true, ""
	end

	def self.validate_password(pw_hash, password)
		BCrypt::Password.new(pw_hash) == password
	end

	# Register a new user
	# Returns: success?, data
	def self.register(email, name, password, password_confirm)
		check, errorstr = self.validate_register_creds(email, name, password, password_confirm)

		if check then
			pw_hash = BCrypt::Password.create password
			data = { # payload
				name: name,
				email: email,
				pw_hash: pw_hash
			}

			resp = self.insert data # insert into the db
			return check, resp
		else
			return check, errorstr
		end
	end

	# Log in user
	# Returns: success?, user id 
	def self.login(email, password)
		user = self.find_by_email email # get the user info

		return false, LOGIN_ERRORS[:fail] unless user # Verify that the user exists 

		pw_check = self.validate_password(user.pw_hash, password)
		return false, LOGIN_ERRORS[:fail] unless pw_check # Verify password

		return true, user.id
	end

	# Get a users flags
	# Returns: bitmap int thingie
	def flags
		flags = 0
		self.roles.each do |role|
			if role.is_a? Role then
				flags |= role.flags
			end
		end
		return flags
	end

	def admin?
		return self.flags[1] == 1
	end

	# Check if user has flags
	# Returns: true or false depending whether the user has those flags
	def permitted?(flag, *other_flags)
		return true if self.admin?

		flag_mask = PERM_LEVELS[flag]
		if other_flags then
			other_flags.each {|f| flag_mask |= PERM_LEVELS[f]}
		end

		return self.flags & flag_mask == flag_mask
	end

	def banned?
		return self.flags[ PERM_LEVELS.keys.index(:banned) ] == 1
	end

	def banned=(b)
		if b then
			# Add the "banned" role
			resp = User_Role_relation.give_role(@id, ROLES[:banned][:id])
		else
			# Remove the "banned" role
			resp = User_Role_relation.revoke_role(@id, ROLES[:banned][:id])
		end
	end
end

# Role model
class Role < EntityModel
	attr_reader :name, :color, :flags
	def initialize(data)
		super data
		@name = data["name"]
		@color = data["color"]
		@flags = data["flags"]
	end

	def has_flag?(flag, *other_flags)
		flag_mask = PERM_LEVELS[flag]

		# Add other flags
		if other_flags then
			other_flags.each do |f|
				flag_mask += PERM_LEVELS[f]
			end
		end

		return @flags & flag_mask == flag_mask # f AND m = m => flags exists
	end

	def self.find_by_name(name)
		data = self.get("*", "name = ?", name).first
		data && Role.new(data)
	end

	def self.create(name, color="#ffffff", flags=0)
		return false, REGISTER_ERRORS[:name_len] unless name.length.between?(MIN_NAME_LEN, MAX_NAME_LEN)

		data = {
			name: name,
			color: color,
			flags: flags
		}
		self.insert data
	end
end


class User_Role_relation < EntityModel
	def self.init_table
		super
		
		# Add the "first user" to the admin role
		search = self.get("role_id", "user_id=1") or []
		if search.length <= 0 then
			q = "INSERT INTO #{self.name} (user_id, role_id) VALUES (?, ?)"
			self.query(q, 1, 1)
		end
	end

	def self.give_role(user_id, role_id)
		user = User.find_by_id user_id

		if not user.role_ids.include?(role_id) then
			data = {
				role_id: role_id,
				user_id: user_id
			}
			self.insert data
		end
	end

	def self.revoke_role(user_id, role_id)
		user = User.find_by_id user_id

		if user.role_ids.include?(role_id) then
			self.delete "role_id = ? AND user_id = ?", role_id, user_id
		end
	end

	def self.get_user_roles_ids(user_id)
		ids = self.get "role_id", "user_id = ?", user_id
		ids.map! do |ent|
			ent["role_id"].to_i
		end
	end
	
	def self.get_user_roles(user_id)
		roleids = self.get_user_roles_ids user_id
		roles = roleids.map do |id| 
			Role.find_by_id(id)
		end
	end
end


# Auction model
class Auction < EntityModel
	attr_reader :user_id, :title, :description, :init_price, :start_time, :end_time
	def initialize(data)
		super data
		@user_id = data["user_id"]
		@title = data["title"]
		@description = data["description"]
		@init_price = data["init_price"]
		@start_time = data["start_time"]
		@end_time = data["end_time"]
	end

	def self.validate_ah(title, description, init_price, delta_time)
		return false, AUCTION_ERRORS[:titlelen] unless title.length.between?(MIN_TITLE_LEN, MAX_TITLE_LEN)
		return false, AUCTION_ERRORS[:initprice] unless init_price >= MIN_INIT_PRICE
		return false, AUCTION_ERRORS[:deltatime] unless delta_time >= MIN_DELTA_TIME
		return true, ""
	end

	def self.create(user_id, title, description, init_price, delta_time) 
		# Validate the input
		check, errorstr = self.validate_ah(title, description, init_price, delta_time)
		return check, errorstr unless check

		# Get current UNIX time
		start_time = Time.now.to_i 
		end_time = start_time + delta_time 

		# Prep the payload
		data = {
			user_id: user_id,
			title: title,
			description: description,
			price: init_price,
			start_time: start_time,
			end_time: end_time
		}

		self.insert data
	end

	def self.compose_query_filters(title=nil, categories=nil, price_rng=nil, isopen=nil)
		querystr = "SELECT * FROM Auction "
		querystr += "WHERE " if title or categories or price_rng or isopen

		filters = []
		filters << "LIKE '%#{title}%'" if title
		filters << "price BETWEEN #{price_rng[0]} AND #{price_rng[1]}" if price_rng && price_rng.length == 2
		filters << "end_time > #{Time.now.to_i}" if !isopen.nil?

		querystr += filters.join " AND "
		return querystr
	end

	def self.search(title=nil, categories=nil, price_rng=nil, isopen=nil)
		q = self.compose_query_filters title, categories, price_rng, isopen	
		self.query q
	end

	def images
		Image.get_relation @id
	end

	def categories
		data = Auction_Category_relation.get "category_id", "auction_id = ?", @id
		data && data.map! { |category| Category.find_by_id category["category_id"]}
	end

	def bids
		return []
	end
end


class Category < EntityModel
	attr_reader :name, :color
	def initialize(data)
		super data
		@name = data["name"]
		@color = data["color"]
	end

	def self.create(name, color)
		data = {
			name: name,
			color: color
		}
		self.insert(data)
	end
end

class Auction_Category_relation < EntityModel
	attr_reader :auction_id, :category_id
	def initialize(data)
		super data
		@auction_id = data["auction_id"]
		@category_id = data["category_id"]
	end
end


class Image < EntityModel
	attr_reader :auction_id, :image_order, :url
	def initialize(data)
		super data
		@auction_id = data["auction_id"]
		@image_order = data["image_order"].to_i
		@url = data["url"]
	end

	def self.save(imgdata, ah_id, order)
		FileUtils.mkdir_p "./public/auctions/#{ah_id}"

		data = {
			auction_id: ah_id,
			image_order: order,
			url: "/auctions/#{ah_id}/#{order}.png"
		}
		newid, resp = self.insert data	

		if newid then
			image = Magick::Image.from_blob(imgdata).first
			image.format = "PNG"
			path = "./public/auctions/#{ah_id}/#{order}.png"
			File.open(path, 'wb') do |f|
				image.write(f) { self.quality = 50 }
			end
		end
	end

	def self.get_relation(ah_id)
		imgs = self.get "*", "auction_id = ?", ah_id
		imgs.map! do |img|
			self.new(img)
		end
		return imgs
	end
end