# User model for authentication and user management
# Handles user accounts, authentication, and authorization using Devise
class User < ApplicationRecord
  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
  #
  # Include default devise modules for authentication
  # :database_authenticatable - encrypts and stores password in database
  # :registerable - allows users to sign up and edit their accounts
  # :recoverable - handles password reset functionality
  # :rememberable - manages token-based user remembering
  # :validatable - provides email and password validation
  # Other available modules are:
  # :confirmable - requires email confirmation
  # :lockable - locks account after failed login attempts
  # :timeoutable - expires sessions after inactivity
  # :trackable - tracks sign-in count, timestamps, and IP
  # :omniauthable - allows authentication via OAuth providers
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :validatable

  # Relationships
  has_many :events, dependent: :destroy
  has_many :tickets, dependent: :destroy
  has_many :orders, dependent: :destroy

  # Validations - allow reasonable name lengths
  validates :last_name,   length: { minimum: 2, maximum: 50, allow_blank: true }
  validates :first_name,  length: { minimum: 2, maximum: 50, allow_blank: true }
  validates :company_name, length: { minimum: 2, maximum: 100, allow_blank: true }

  # Authorization methods
  def can_manage_events?
    # For now, all authenticated users can manage events
    # This can be extended later with role-based permissions
    true
  end

  def promoter?
    # Alias for can_manage_events? to make views more semantic
    can_manage_events?
  end
end