class Admin::UsersController < ApplicationController
  before_filter :authenticate_admin
  filter_parameter_logging :password, :password_confirmation   # do not log passwort parameters
  
  def index
    if (params[:per_page] && params[:per_page].to_i > 0 && params[:per_page].to_i <= 100)
      @per_page = params[:per_page].to_i
    else
      @per_page = 20
    end
    # if the search field is used
    conditions = "first_name LIKE '%#{params[:query]}%' OR last_name LIKE '%#{params[:query]}%'" unless params[:query].nil?

    @total = User.count(:conditions => conditions)
    @users = User.paginate :page => params[:page], :conditions => conditions, :per_page => @per_page, :order => 'nick'

    respond_to do |format|
      format.html # listUsers.haml
      format.js do
        render :update do |page|
          page.replace_html 'table', :partial => "users"
        end
      end
    end
  end

  def show
    @user = User.find(params[:id])
  end

  def new
    @user = User.new
  end

  def create
    @user = User.new(params[:user])
    if @user.save
      flash[:notice] = 'Benutzerin wurde erfolgreich angelegt.'
      redirect_to admin_users_path
    else
      render :action => 'new'
    end
  end

  def edit
    @user = User.find(params[:id])
  end

  def update
    @user = User.find(params[:id])
    if @user.update_attributes(params[:user])
      flash[:notice] = 'Änderungen wurden gespeichert.'
      redirect_to [:admin, @user]
    else
      render :action => 'edit'
    end
  end

  def destroy
    user = User.find(params[:id])
    if user.nick == @current_user.nick
      # deny destroying logged-in-user
      flash[:error] = 'Du darfst Dich nicht selbst löschen.'
    else
      user.destroy
      flash[:notice] = 'Benutzer_in wurde gelöscht.'
    end
    redirect_to admin_users_path
  end

end