module RailsConnector

  class ObjsController < ActionController::Base
    rescue_from ClientError do |exception|
      render json: {error: exception.message}, status: exception.http_code
    end

    before_filter :merge_correctly_parsed_json_params
    before_filter :restrict_non_allow_access
    before_filter :load_object, only: [:update, :destroy, :create_widget]

    respond_to :json

    def update
      raise "Required parameter 'obj' is missing." unless params[:obj].present?
      raise "Parameter 'obj' is not a hash." unless params[:obj].is_a?(Hash)

      convert_html_keys = params[:obj].keys.select do |key|
        @obj.type_of_attribute(key.to_s) == 'html'
      end

      convert_html_keys.each do |key|
        params[:obj][key] = ContentConversion.convert_html_links(
            params[:obj][key], request.host, request.port)
      end

      changed_obj = CmsRestApi.put(
        "revisions/#{Workspace.current.revision_id}/objs/#{params[:id]}",
        { :obj => params[:obj] }
      )
      render :json => changed_obj
    end

    def destroy
      CmsRestApi.delete("revisions/#{Workspace.current.revision_id}/objs/#{params[:id]}")
      render json: {}
    end

    def widget_class_selection
      widgets = {}
      Dir[Rails.root + 'app/widgets/*'].each do |widget_path|
        widget_dir = File.basename(widget_path)
        widget_class_name = widget_dir.camelize
        widgets[widget_class_name] = WidgetRenderer.new(request).process('thumbnail', widget_dir)
      end
      render json: widgets
    end

    def create_widget
      widget = CmsRestApi.post("revisions/#{Workspace.current.revision_id}/objs", {obj: {
        _path: "/_widgets/#{@obj.id}/#{SecureRandom.hex}",
        _obj_class: params[:obj_class],
      }})

      @widget = Obj.find(widget['id'])
      @container = Obj.find(params[:container_id]) if params[:container_id].present?

      render json: {markup: render_to_string(layout: false)}
    end

    private

    def load_object
      @obj = Obj.find(params[:id])
    end

    def restrict_non_allow_access
      unless allow_access?
        render(:text => 'Forbidden', :status => 403)
      end
    end

    # If +true+, allow access to ObjsController, else deny access.
    # See {RailsConnector::Configuration.editing_auth} for details.
    # @return [Bool]
    def allow_access?
      Configuration.editing_auth_callback.call(request.env)
    end

    # Workaround for https://github.com/rails/rails/issues/8832
    def merge_correctly_parsed_json_params
      if request.format.json?
        body = request.body.read
        request.body.rewind
        params.merge!(ActiveSupport::JSON.decode(body)) if body.present?
      end
    end
  end

end