module Scrivito

class WebserviceController < ActionController::Base
  rescue_from ClientError do |exception|
    render json: {error: exception.message}, status: exception.http_code
  end

  before_filter :merge_correctly_parsed_json_params
  before_filter :authorize

  private

  def authorize
    unless allow_access?
      render text: 'Forbidden', status: 403
    end
  end

  def editing_context
    request.env[EditingContextMiddleware::ENVKEY] || EditingContext.new
  end

  def scrivito_user
    editing_context.editor
  end

  # If +true+, allow access to ObjsController, else deny access.
  # See {Scrivito::Configuration.editing_auth} for details.
  # @return [Bool]
  def allow_access?
    !!scrivito_user
  end

  def able_to?(ability)
    scrivito_user && scrivito_user.able_to?(ability)
  end

  # Workaround for https://github.com/rails/rails/issues/8832
  def merge_correctly_parsed_json_params
    if request.format.json?
      body = request.body.read
      request.body.rewind
      params.merge!(ActiveSupport::JSON.decode(body)) if body.present?
    end
  end
end

end