module RailsConnector

  class ObjsController < ActionController::Base

    before_filter :restrict_non_allow_access
    before_filter :load_object

    respond_to :json

    def update
      raise "Required parameter 'obj' is missing." unless params[:obj].present?
      raise "Parameter 'obj' is not a hash." unless params[:obj].is_a?(Hash)

      convert_html_keys = params[:obj].keys.select do |key|
        @obj.type_of_attribute(key.to_s) == 'html'
      end

      convert_html_keys.each do |key|
        params[:obj][key] = ContentConversion.convert_html_links(
            params[:obj][key], request.host, request.port)
      end

      begin
        changed_obj = CmsRestApi.put(
          "revisions/#{Workspace.current.revision_id}/objs/#{params[:id]}",
          { :obj => params[:obj] }
        )
        render :json => changed_obj
      rescue ClientError => e
        render :json => {:error => e.message}, :status => e.http_code
      end
    end

    private

    def load_object
      @obj = Obj.find(params[:id])
    end

    def restrict_non_allow_access
      unless allow_access?
        render(:text => 'Forbidden', :status => 403)
      end
    end

    # If +true+, allow access to ObjsController, else deny access.
    # See {RailsConnector::Configuration.editing_auth} for details.
    # @return [Bool]
    def allow_access?
      Configuration.editing_auth_callback.call(request.env)
    end

  end

end