class Spud::ApplicationController < ActionController::Base

  protect_from_forgery
  helper_method :current_user_session, :current_user, :current_user_id, :back_or_default
  before_action :check_requires_password_change
  around_action :set_time_zone

  include TbCore::ApplicationHelper
  before_action :set_mailer_default_url

  self.responder = TbCore::Responder

  rescue_from Spud::RequestError, :with => :handle_request_error
  rescue_from ActiveRecord::RecordNotFound, :with => :handle_record_not_found
  rescue_from ActionController::UnknownFormat, :with => :handle_unknown_format_error

  def not_found
    raise Spud::NotFoundError
  end

private

  def set_mailer_default_url
    ActionMailer::Base.default_url_options = {:host => request.host_with_port}
  end

  def current_user_session
    return @current_user_session if defined?(@current_user_session)
    @current_user_session = SpudUserSession.find
  end

  def current_user
    return @current_user if defined?(@current_user)
    @current_user = current_user_session && current_user_session.spud_user
  end

  def current_user_id
    if @current_user
      return @current_user.id
    else
      0
    end
  end

  def require_user
    unless current_user
      raise Spud::UnauthorizedError.new()
    end
    return true
  end

  # Override this in a controller to redifine where the login form is
  #
  def login_path_for_require_user
    login_path(:return_to => request.path)
  end

  def require_admin_user
    if current_user.blank?
      raise Spud::UnauthorizedError.new()
    elsif !current_user.has_admin_rights?
      raise Spud::AccessDeniedError.new()
    end
  end

  def redirect_back_or_default(default)
    redirect_to(back_or_default(default))
  end

  def back_or_default(default='/')
    if params[:return_to]
      uri = URI.parse(params[:return_to].to_s)
      return uri.path
    else
      return default
    end
  end

  def check_requires_password_change
    if current_user.present? && current_user.requires_password_change?
      redirect_to(login_change_password_path(:return_to => request.path))
      return false
    end
  end

  def set_time_zone
    old_time_zone = Time.zone
    Time.zone = current_user.time_zone if current_user and current_user.time_zone.blank? == false
    yield
  ensure
    Time.zone = old_time_zone
  end

  def handle_request_error(error)
    error.request_url = request.original_url
    error.template = template_for_request_error() if respond_to?(:template_for_request_error, true)

    if error.is_a?(Spud::UnauthorizedError)
      if should_present_basic_auth?
        headers["WWW-Authenticate"] = "Basic realm=\"#{Spud::Core.config.site_name}\""
      elsif request.format.html?
        redirect_to(login_path_for_require_user)
        return false
      end
    end

    respond_to do |format|
      format.json{ render :json => {:errors => error.message}, :status => error.code }
      format.xml{ render :xml => {:errors => error.message}, :status => error.code }
      format.all{
        @error = error
        render :template => error.template, :layout => nil, :formats => [:html], :status => error.code, :content_type => 'text/html'
      }
    end
  end

  def should_present_basic_auth?
    return request.headers['X-TWICE-BAKED-BASIC-AUTH'].present?
  end

  def handle_record_not_found(error)
    error = Spud::NotFoundError.new('record')
    handle_request_error(error)
  end

  def handle_unknown_format_error(error)
    error = Spud::NotFoundError.new()
    handle_request_error(error)
  end

  ActiveSupport.run_load_hooks(:spud_application_controller, self)

end